Olimpo Informatico

[tunia]

ciao a tutti sono antonella,mi sono appena iscritta ho seri problemi con il pc...e non vorrei formattare(premetto che non sono pratica)e spero potiate aiutarmi passo passo... Norton parte con la scansione di un'infinità di e-mail in invio a indirizzi sconosciuti con conseguenti messaggi di errore di e-mail non inviati perchè il servere rifiuta il messaggio...e questo succede come accendo il modem ADSL ,e il norton non rileva problemi..perdonatemi l'ignoranza..spero in un vostro aiuto.grazie

[Sante62]

Ciao Antonella e benvenuta...
Hai preso questa infezione utilizzando Messenger per caso?
Intanto guarda questa discussione
relativa a Combofix, e fai la scansione del PC postando il risultato come indicato;
Segui poi queste indicazioni
per postare un log di Hijackthis.

[tunia]

grazie mille,ora provo a fare ciò che mi hai detto...spero di esserne in grado...

[tunia]

per ora ecco i risultati di Combofix..per quelli di Hijackthis il tempo di utilizzare il programma e posto anche quelli!grazieee
ComboFix 08-02-19.2 - Administrator 2008-02-19 13.55.47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.242 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmi\iMeshBar
C:\Programmi\iMeshBar\bar\History\search

.
((((((((((((((((((((((((( Files Creati Da 2008-01-19 al 2008-02-19 )))))))))))))))))))))))))))))))))))
.

2008-02-18 16:51 . 2008-02-18 16:51 <DIR> d-------- C:\Programmi\Lavasoft
2008-02-18 15:49 . 2008-02-18 15:48 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-18 15:49 . 2008-02-18 15:49 3,461 --a------ C:\WINDOWS\unins000.dat
2008-02-15 18:01 . 2008-02-18 12:11 <DIR> d-------- C:\Programmi\Kyodai
2008-02-15 18:01 . 2008-02-15 18:47 74 --a------ C:\WINDOWS\Kyor.ini
2008-02-10 14:22 . 2008-02-10 14:22 <DIR> dr------- C:\Documents and Settings\Administrator\Dati applicazioni\Brother
2008-02-09 13:24 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-02-09 13:21 . 2008-02-09 13:21 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2008-02-09 13:06 . 2008-02-09 13:10 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-02-09 13:05 . 2008-02-18 12:33 <DIR> d-------- C:\Programmi\Windows Live
2008-02-09 13:05 . 2008-02-09 13:05 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 12:45 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-02-19 12:45 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-02-19 12:42 --------- d-----w C:\Programmi\Symantec
2008-02-18 19:12 --------- d-----w C:\Programmi\eMule
2008-02-18 15:51 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Lavasoft
2008-02-18 15:01 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-02-18 14:54 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-02-18 11:31 --------- d-----w C:\Programmi\Burraconline
2008-01-20 19:01 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Trymedia
2008-01-12 17:29 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\AdobeUM
2008-01-05 14:32 --------- d-----w C:\Programmi\ScannerU
2008-01-03 17:03 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Apple Computer
2008-01-02 10:47 --------- d-----w C:\Programmi\EPSON
2008-01-02 10:41 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-12-31 14:44 --------- d-----w C:\Programmi\Zylom Games
2007-12-30 10:23 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Zylom
2007-12-29 21:41 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\GanymedeNet
2007-12-29 21:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Fugazo
2007-12-29 21:13 --------- d-----w C:\Programmi\Fashion Fits
2007-12-28 16:41 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Zylom
2007-12-28 14:40 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2007-12-28 14:39 --------- d-----w C:\Programmi\QuickTime
2007-12-28 14:38 --------- d-----w C:\Programmi\File comuni\Apple
2007-12-28 14:38 --------- d-----w C:\Programmi\Apple Software Update
2007-12-28 14:38 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
2007-02-19 13:02 87,608 ----a-w C:\Documents and Settings\Administrator\Dati applicazioni\ezpinst.exe
2007-02-19 13:02 47,360 ----a-w C:\Documents and Settings\Administrator\Dati applicazioni\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-30 21:00 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"gStart"="C:\Garmin\gStart.exe" [2005-07-25 08:05 1896448]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 12:25 68856]
"LogitechSoftwareUpdate"="C:\Programmi\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-11-19 14:01 46592 C:\WINDOWS\SOUNDMAN.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2002-10-15 22:18 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2002-10-15 22:05 114688]
"StorageGuard"="C:\Programmi\VERITAS Software\Update Manager\sgtray.exe" [2002-06-17 23:01 155648]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-03-12 00:03 114741]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"ABBYY Community Agent"="C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe" [2001-01-31 15:32 241664]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Programmi\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Programmi\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-02-10 16:46 185896]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"PCTVRemote"="C:\Programmi\Pinnacle\PCTV Stereo\Remote\Remoterm.exe" [2002-10-11 13:40 61699]
"SSBkgdUpdate"="C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-11 01:01 57393]
"IndexSearch"="C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-11 01:28 40960]
"SetDefPrt"="C:\Programmi\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter2.0"="C:\Programmi\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42 933888]
"Symantec PIF AlertEng"="C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"isDeleteMe"="C:\WINDOWS\system32\cmd.exe" [2004-08-30 21:00 397824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-30 21:00 15360]

C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
Registration-PCTV.lnk - C:\Programmi\Pinnacle\PCTV Stereo\ERegister\RegTool.exe [2007-09-18 23:59:23 246019]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Microsoft Office OneNote 2003.lnk - C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 20:23:32 51776]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-01-21 16:43:27 450560]
LUMIX Simple Viewer.lnk - C:\Programmi\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-10-13 13:32:52 57344]
NkbMonitor.exe.lnk - C:\Programmi\Nikon\PictureProject\NkbMonitor.exe [2005-11-19 14:42:53 118784]
Pinnacle Scheduler.lnk - C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2005-09-09 15:05:34 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\eqnclass32]
eqnclass32.dll 2004-04-10 11:37 8704 C:\WINDOWS\system32\eqnclass32.dll

R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:45]
R3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;C:\WINDOWS\system32\drivers\wA301b.sys [2002-10-25 08:02]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 18:52]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S3 3xHybrid;Pinnacle PCTV Stereo service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2003-09-11 08:43]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 usbaucmd;usbaucmd;C:\WINDOWS\system32\drivers\usbaucmd.sys []
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4393a758-5903-11da-ad71-00e04c7c40f2}]
\Shell\Auto\command - E:\bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 13:57:50
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-02-19 13.58.43
ComboFix-quarantined-files.txt 2008-02-19 12:58:23
.
2008-02-13 22:51:50 --- E O F ---

[tunia]

per ora ecco i risultati di Combofix..per quelli di Hijackthis il tempo di utilizzare il programma e posto anche quelli!grazieee
ComboFix 08-02-19.2 - Administrator 2008-02-19 13.55.47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.242 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmi\iMeshBar
C:\Programmi\iMeshBar\bar\History\search

.
((((((((((((((((((((((((( Files Creati Da 2008-01-19 al 2008-02-19 )))))))))))))))))))))))))))))))))))
.

2008-02-18 16:51 . 2008-02-18 16:51 <DIR> d-------- C:\Programmi\Lavasoft
2008-02-18 15:49 . 2008-02-18 15:48 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-18 15:49 . 2008-02-18 15:49 3,461 --a------ C:\WINDOWS\unins000.dat
2008-02-15 18:01 . 2008-02-18 12:11 <DIR> d-------- C:\Programmi\Kyodai
2008-02-15 18:01 . 2008-02-15 18:47 74 --a------ C:\WINDOWS\Kyor.ini
2008-02-10 14:22 . 2008-02-10 14:22 <DIR> dr------- C:\Documents and Settings\Administrator\Dati applicazioni\Brother
2008-02-09 13:24 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-02-09 13:21 . 2008-02-09 13:21 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2008-02-09 13:06 . 2008-02-09 13:10 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-02-09 13:05 . 2008-02-18 12:33 <DIR> d-------- C:\Programmi\Windows Live
2008-02-09 13:05 . 2008-02-09 13:05 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 12:45 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-02-19 12:45 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-02-19 12:42 --------- d-----w C:\Programmi\Symantec
2008-02-18 19:12 --------- d-----w C:\Programmi\eMule
2008-02-18 15:51 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Lavasoft
2008-02-18 15:01 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-02-18 14:54 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-02-18 11:31 --------- d-----w C:\Programmi\Burraconline
2008-01-20 19:01 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Trymedia
2008-01-12 17:29 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\AdobeUM
2008-01-05 14:32 --------- d-----w C:\Programmi\ScannerU
2008-01-03 17:03 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Apple Computer
2008-01-02 10:47 --------- d-----w C:\Programmi\EPSON
2008-01-02 10:41 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-12-31 14:44 --------- d-----w C:\Programmi\Zylom Games
2007-12-30 10:23 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Zylom
2007-12-29 21:41 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\GanymedeNet
2007-12-29 21:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Fugazo
2007-12-29 21:13 --------- d-----w C:\Programmi\Fashion Fits
2007-12-28 16:41 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Zylom
2007-12-28 14:40 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2007-12-28 14:39 --------- d-----w C:\Programmi\QuickTime
2007-12-28 14:38 --------- d-----w C:\Programmi\File comuni\Apple
2007-12-28 14:38 --------- d-----w C:\Programmi\Apple Software Update
2007-12-28 14:38 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
2007-02-19 13:02 87,608 ----a-w C:\Documents and Settings\Administrator\Dati applicazioni\ezpinst.exe
2007-02-19 13:02 47,360 ----a-w C:\Documents and Settings\Administrator\Dati applicazioni\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-30 21:00 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"gStart"="C:\Garmin\gStart.exe" [2005-07-25 08:05 1896448]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 12:25 68856]
"LogitechSoftwareUpdate"="C:\Programmi\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-11-19 14:01 46592 C:\WINDOWS\SOUNDMAN.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2002-10-15 22:18 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2002-10-15 22:05 114688]
"StorageGuard"="C:\Programmi\VERITAS Software\Update Manager\sgtray.exe" [2002-06-17 23:01 155648]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-03-12 00:03 114741]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"ABBYY Community Agent"="C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe" [2001-01-31 15:32 241664]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Programmi\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Programmi\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-02-10 16:46 185896]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"PCTVRemote"="C:\Programmi\Pinnacle\PCTV Stereo\Remote\Remoterm.exe" [2002-10-11 13:40 61699]
"SSBkgdUpdate"="C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-11 01:01 57393]
"IndexSearch"="C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-11 01:28 40960]
"SetDefPrt"="C:\Programmi\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter2.0"="C:\Programmi\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42 933888]
"Symantec PIF AlertEng"="C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"isDeleteMe"="C:\WINDOWS\system32\cmd.exe" [2004-08-30 21:00 397824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-30 21:00 15360]

C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
Registration-PCTV.lnk - C:\Programmi\Pinnacle\PCTV Stereo\ERegister\RegTool.exe [2007-09-18 23:59:23 246019]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Microsoft Office OneNote 2003.lnk - C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 20:23:32 51776]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-01-21 16:43:27 450560]
LUMIX Simple Viewer.lnk - C:\Programmi\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-10-13 13:32:52 57344]
NkbMonitor.exe.lnk - C:\Programmi\Nikon\PictureProject\NkbMonitor.exe [2005-11-19 14:42:53 118784]
Pinnacle Scheduler.lnk - C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2005-09-09 15:05:34 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\eqnclass32]
eqnclass32.dll 2004-04-10 11:37 8704 C:\WINDOWS\system32\eqnclass32.dll

R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:45]
R3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;C:\WINDOWS\system32\drivers\wA301b.sys [2002-10-25 08:02]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 18:52]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S3 3xHybrid;Pinnacle PCTV Stereo service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2003-09-11 08:43]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 usbaucmd;usbaucmd;C:\WINDOWS\system32\drivers\usbaucmd.sys []
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4393a758-5903-11da-ad71-00e04c7c40f2}]
\Shell\Auto\command - E:\bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 13:57:50
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-02-19 13.58.43
ComboFix-quarantined-files.txt 2008-02-19 12:58:23
.
2008-02-13 22:51:50 --- E O F ---

[tunia]

questo è l'altro log che mi avevi richiesto:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.39.04, on 19/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmi\Brother\ControlCenter2\brctrcen.exe
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Garmin\gStart.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Programmi\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Java\jre1.5.0_10\bin\jucheck.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\USLC90P5\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Programmi\SYSTRAN\5.0\Personal\IEPlugIn.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCTVRemote] C:\Programmi\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmi\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINDOWS\system32\cmd.exe" /c "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\isDel.bat"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration-PCTV.lnk = C:\Programmi\Pinnacle\PCTV Stereo\ERegister\RegTool.exe
O4 - Global Startup: Avvio veloce di Microsoft Office OneNote 2003.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?c8c30fa415c44623904a4b2180f2f1cd
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?c8c30fa415c44623904a4b2180f2f1cd
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://194.244.16.123/g_bin/eng/marbles_2_0_0_32.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A90C6500-4178-45C7-A98D-8073D9ECDD57}: NameServer = 85.37.17.9 85.38.28.75
O20 - Winlogon Notify: eqnclass32 - C:\WINDOWS\SYSTEM32\eqnclass32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O24 - Desktop Component 0: (no name) - http://www.ordinesantosepolcro.org/immagini/varie/croce2.gif

--
End of file - 10920 bytes

cmq ho disistallato il norton perchè ho intenzione di comprarne un altro,anche perchè mi è scaduto..non so se ho contratto il virus su msn...ma è probabile!che antivirus mi consiglieresti alla luce della mia situazione?grazie siete tutti gentilissimi

[Sante62]

Avvia HJT, seleziona questa riga e clicca poi su fix cheched se non la conosci:

[tunia]

ciao allora io aspettando una tua risposta l'altro giorno ho provato a fare una scansione con Kasperky,e mi ha individuato 9 virus....e li ha debbellati,ma il computer è abbastanza lento,alla luce di qst faccio ugualmente quello che m i hai detto?

[tunia]

allora nonostante la scansione con il nuovo antivirus ho comunque fatto ciò che mi hai detto ora ti posto quello che mi hai richiesto:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.31.10, on 21/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmi\Brother\ControlCenter2\brctrcen.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Garmin\gStart.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Programmi\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Java\jre1.5.0_10\bin\jucheck.exe
C:\Programmi\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\USLC90P5\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Programmi\SYSTRAN\5.0\Personal\IEPlugIn.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCTVRemote] C:\Programmi\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmi\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration-PCTV.lnk = C:\Programmi\Pinnacle\PCTV Stereo\ERegister\RegTool.exe
O4 - Global Startup: Avvio veloce di Microsoft Office OneNote 2003.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?c8c30fa415c44623904a4b2180f2f1cd
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?c8c30fa415c44623904a4b2180f2f1cd
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A90C6500-4178-45C7-A98D-8073D9ECDD57}: NameServer = 85.37.17.9 85.38.28.75
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.ordinesantosepolcro.org/immagini/varie/croce2.gif

--
End of file - 10406 bytes
poi ho completato la disinstallazione come mi hai detto,poi ho avviato il file MSNFix.bat ma mi dice che non ci sono virus ti posto anche questo log:
MSNFix 1.667

C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\6BUHW1C9\MSNFix[1]\MSNFix
Fix effettuato il 21/02/2008 - 15.06.28,35 By Administrator
modalità normale

************************ Cercare i files presenti

Nessun files trovato

************************ Ricerca le cartelle presenti

Nessuna cartella trovata


************************ Files sospetti

Nessun files trovato
per quanto riguarda "Avvia HJT, seleziona questa riga e clicca poi su fix cheched se non la conosci:
Citazione:
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://194.244.16.123/g_bin/eng/marbles_2_0_0_32.cab "
ho eliminato tutto ora devo solo fare la scansione con GMER.
grazie davvero tante,pensavo che non sarei riuscita a fare nulla!!grazie siete gentilissimi e chiarissimi!!!

[tunia]

[URL="http://www.freefilehosting.net/files/3cba9"]gmer 22.txt[/URL]
[URL="http://www.freefilehosting.net/files/3cbac"]gmer39.txt[/URL]

ora ho fatto tutto quello che mi hai detto...speriamo bene!!!grazieee

[Sante62]

OK, i log di GMER sembrano puliti...
Puoi postare il log di Kaspersky? Così vediamo che cosa ha trovato....
Riscontri altri problemi?

[tunia]

diciamo che l'unico problema che riscontro è la lentezza del pc...cmq questi sono i file che Kaspersky ha trovato:

eliminato: virus Heur.Invader (modifica) File: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe
eliminato: Trojan program Trojan.Win32.Agent.dwg File: C:\WINDOWS\system32\eqnclass32.dll
eliminato: adware not-a-virus:AdWare.Win32.Trymedia.d File: C:\System Volume Information\_restore{1081F6DF-ECB0-4E45-8D6B-456C1728F36A}\RP406\A0096421.exe//UPX
eliminato: Trojan program Trojan.Win32.Agent.dwg File: C:\System Volume Information\_restore{1081F6DF-ECB0-4E45-8D6B-456C1728F36A}\RP430\A0100990.dll
eliminato: virus Heur.Trojan.Generic File: C:\Documents and Settings\Administrator\Desktop\file\Mahjongg Fortuna Deluxe v1.0\Mahjongg.exe
eliminato: virus Worm.Win32.RJump.c File: C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\2629234A.exe//CryptFF//Py2Exe
eliminato: Trojan program Trojan-Downloader.Win32.VB.bqh File: C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\3C9921FE.exe//CryptFF//PE_Patch.UPX//UPX
eliminato: virus Worm.Win32.RJump.c File: C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\40F30F34.exe//CryptFF//Py2Exe
eliminato: malware Exploit.Multi.Qtp.b File: C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\6F854700.qtl//CryptFF
eliminato: virus Worm.Win32.RJump.c File: C:\System Volume Information\_restore{1081F6DF-ECB0-4E45-8D6B-456C1728F36A}\RP430\A0101012.exe//CryptFF//Py2Exe
grazie mille per la disponibilità!!!!!

[Sante62]

Fai la scansione con Systemscan e posta il log generato come
indicato quì