Olimpo Informatico

[Rico]

anche io penso di avere lo stesso problema,ho provato infiniti antivirus,ma niente..... posto il log di hijack se potete consigliarmi...Grazie !!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.10.52, on 21/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Prevx2\PXAgent.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\VIAudioi\SBADeck\ADeck.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://207.44.208.177/enter.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.186.1.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [b8647935] rundll32.exe "C:\WINDOWS\system32\tnmacutl.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196287478093
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: PREVXAgent - Prevx - C:\Programmi\Prevx2\PXAgent.exe

--
End of file - 4337 bytes

[Sante62]

Ciao Rico e benvenuto...
Per l'avvenire, apri nuova discussione e non accodarti agli altri thread;
Per adesso ho provveduto io a sportarti...
Adesso veniamo al tuo problema:
disattiva il ripristino di sistema e avvia il PC in modalità provvisoria;
avvia HJT, seleziona queste righe e clicca fix checked:

[Rico]

Ciao,scusami per il topic pensavo fosse più pratico cosi...cmq di seguito ti posto i log che mi hai richiesto intanto posso dirti che bitdefender mi trova un virus di nome "vundo",che il pc va veloce come un commodore 64 ,che ho la cartella documenti e C: piena di file pos***.tmp,e che al posto dell'hardisk come icona ho una X rossa ed ogn tanto mi appare una finestra con su scritto "Critical Error occurred...." e che ci sono due icone di windows update e help and support center che appena provo a cancellare si ricreano magicamente...

[Rico]

Log Hikack:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.28.27, on 22/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Prevx2\PXAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
C:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
C:\Programmi\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\BitDefender\BitDefender 2008\bdagent.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.186.1.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programmi\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programmi\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Programmi\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196287478093
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: PREVXAgent - Prevx - C:\Programmi\Prevx2\PXAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 4990 bytes

[Sante62]

Fai la scansione con Combofix;
scarica e fai la scansione con Vundofix
- Esegui VundoFix.exe
- Clicca Scan for Vundo.
- al termine della scansione, clicca Remove Vundo.
- ti chiede se vuoi eliminare i files infetti, clicca YES
- il tuo video diventerà nero durante la rimozione di Vundo.
- al termine ti chiederà di riavviare il pc, clicca OK.
- Copia qui il contenuto del log C:\vundofix.txt e un nuovo log di hijackthis.

Nota: VundoFix potrebbe non riuscire ad eliminare qualche file. In questo caso, VundoFix si avvierà automaticamente al riavvio del pc, ripeti le operazioni indicate sopra partendo da "Clicca Scan for Vundo" quando VundoFix apparirà al riavvio.

[Rico]

Ciao!scusami per il ritardo della risposta ma non sono stato molto a casa e quel poco tempo che ho avuto non sono riuscito a fare tutto causa la lentezza dovuta al malware e ad alcuni improvvisi arresti...di seguito ti riporto i log:

COMBOFIX

ComboFix 08-02-22.2 - User 2008-02-26 15:20:07.1 - NTFSx86
Eseguito da: C:\Documents and Settings\User\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User\Dati applicazioni\inst.exe
C:\Programmi\windows
C:\Programmi\windows\bckg.dll
C:\Programmi\windows\bckgres.dll
C:\Programmi\windows\bckgzm.exe
C:\Programmi\windows\chkr.dll
C:\Programmi\windows\chkrres.dll
C:\Programmi\windows\chkrzm.exe
C:\Programmi\windows\Cmnclim.dll
C:\Programmi\windows\Cmnresm.dll
C:\Programmi\windows\hrtz.dll
C:\Programmi\windows\Hrtzres.dll
C:\Programmi\windows\hrtzzm.exe
C:\Programmi\windows\rvse.dll
C:\Programmi\windows\Rvseres.dll
C:\Programmi\windows\Rvsezm.exe
C:\Programmi\windows\shvl.dll
C:\Programmi\windows\Shvlres.dll
C:\Programmi\windows\shvlzm.exe
C:\Programmi\windows\UniAnsi.dll
C:\Programmi\windows\zClientm.exe
C:\Programmi\windows\ZCorem.dll
C:\Programmi\windows\zeeverm.dll
C:\Programmi\windows\ZNetM.dll
C:\Programmi\windows\zoneclim.dll
C:\Programmi\windows\zonelibM.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\recover.reg
C:\WINDOWS\system32\axgtexpk.ini
C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\edeeg.ini2
C:\WINDOWS\system32\esjrfltt.ini
C:\WINDOWS\system32\gpcimtau.ini
C:\WINDOWS\system32\ltucamnt.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pdxywqoy.dllbox
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.ini2
C:\WINDOWS\system32\windows
C:\WINDOWS\Tasks.\At22.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


((((((((((((((((((((((((( Files Creati Da 2008-01-26 al 2008-02-26 )))))))))))))))))))))))))))))))))))
.

2008-02-26 13:59 . 2008-02-26 13:59 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-26 13:15 . 2008-02-26 13:58 <DIR> d-------- C:\VundoFix Backups
2008-02-21 14:39 . 2008-02-21 14:39 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\BitDefender
2008-02-21 14:38 . 2005-04-28 18:26 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-02-21 14:38 . 2005-04-28 18:26 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-02-21 14:38 . 2005-04-28 18:26 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-02-21 14:38 . 2007-11-27 18:39 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-02-21 14:38 . 2005-04-28 18:26 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-02-21 14:38 . 2005-04-28 18:26 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-02-21 14:38 . 2008-02-26 15:39 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-02-21 14:38 . 2008-02-21 14:44 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-02-21 13:41 . 2008-02-21 14:47 121 --a------ C:\WINDOWS\bdagent.INI
2008-02-21 11:41 . 2008-02-21 11:41 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Avvio
2008-02-21 11:28 . 2008-02-21 11:28 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\BitDefender
2008-02-21 11:18 . 2008-02-21 11:20 <DIR> d-------- C:\Programmi\BitDefender
2008-02-21 11:18 . 2008-02-21 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\BitDefender
2008-02-21 10:55 . 2008-02-21 11:19 <DIR> d-------- C:\Programmi\File comuni\BitDefender
2008-02-21 00:47 . 2008-02-21 00:47 <DIR> d-------- C:\Programmi\Trend Micro
2008-02-20 21:39 . 2008-02-20 21:39 320,000 --a------ C:\WINDOWS\system32\geede.dll
2008-02-18 22:36 . 2008-02-18 22:37 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-02-18 22:36 . 2008-02-18 23:18 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-02-14 10:37 . 2008-02-14 10:57 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\Prevx
2008-02-14 10:34 . 2008-02-26 16:24 <DIR> d-------- C:\Programmi\Prevx2
2008-02-14 10:32 . 2008-02-14 10:37 <DIR> d-------- C:\WINDOWS\3DEBCFB2389E419C842E15501ACC8C93.TMP
2008-02-14 10:03 . 2007-11-29 00:13 58,952 --a------ C:\WINDOWS\system32\MsgPlusLoader.dll
2008-02-14 09:24 . 2008-02-14 09:24 50,688 --a------ C:\Documents and Settings\User\957123845.exe
2008-02-14 09:24 . 2008-02-14 09:24 50,688 --a------ C:\Documents and Settings\User\957123844.exe
2008-02-14 09:23 . 2008-02-14 09:23 50,688 --a------ C:\Documents and Settings\User\166.exe
2008-02-12 19:43 . 2008-02-14 11:22 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\Vso
2008-02-12 19:43 . 2008-02-12 19:43 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-12 19:43 . 2008-02-14 11:21 47,360 --a------ C:\Documents and Settings\User\Dati applicazioni\pcouffin.sys
2008-02-04 21:28 . 2008-02-21 14:42 <DIR> d-------- C:\Programmi\DivX
2008-01-31 13:15 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-01-31 13:15 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-01-31 13:15 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-01-31 13:15 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-01-31 13:15 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-01-31 13:15 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-01-31 13:15 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2008-01-31 13:15 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-01-31 13:15 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 13:20 --------- d-----w C:\Programmi\firefox
2008-02-21 15:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Prevx
2008-02-21 11:37 --------- d-----w C:\Programmi\ESET
2008-02-21 10:35 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-02-14 10:16 --------- d-----w C:\Programmi\Yahoo!
2008-02-14 09:28 --------- d-----w C:\Programmi\Programmi exe
2008-02-12 08:44 --------- d-----w C:\Programmi\eMule
2008-02-01 19:54 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\BVRP Software
2008-01-12 11:49 --------- d-----w C:\Programmi\Direct WAV MP3 Splitter
2008-01-11 22:55 --------- d-----w C:\Programmi\icons
2008-01-11 22:50 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-11 10:21 --------- d-----w C:\Programmi\mIRC6.21-Italiano-TuttoIRC
2008-01-07 16:41 196,368 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
2007-12-28 18:21 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-28 18:21 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-12-28 18:14 --------- d-----w C:\Programmi\Motorola Phone Tools
2007-12-28 18:11 --------- d-----w C:\Programmi\File comuni\Motorola Shared
2007-12-28 14:34 92,064 ----a-w C:\Documents and Settings\User\mqdmmdm.sys
2007-12-28 14:34 9,232 ----a-w C:\Documents and Settings\User\mqdmmdfl.sys
2007-12-28 14:34 79,328 ----a-w C:\Documents and Settings\User\mqdmserd.sys
2007-12-28 14:34 66,656 ----a-w C:\Documents and Settings\User\mqdmbus.sys
2007-12-28 14:34 6,208 ----a-w C:\Documents and Settings\User\mqdmcmnt.sys
2007-12-28 14:34 5,936 ----a-w C:\Documents and Settings\User\mqdmwhnt.sys
2007-12-28 14:34 4,048 ----a-w C:\Documents and Settings\User\mqdmcr.sys
2007-12-28 14:34 25,600 ----a-w C:\Documents and Settings\User\usbsermptxp.sys
2007-12-28 14:34 22,768 ----a-w C:\Documents and Settings\User\usbsermpt.sys
2007-12-18 21:43 234 ----a-w C:\Programmi\dizio.ini
2007-11-27 15:46 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{297CBB7D-59D7-4853-B892-32818E6A1B46}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CE5D890-1519-42C3-A3A0-AFC3307F2680}]
2008-02-20 21:39 320000 --a------ C:\WINDOWS\system32\geede.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6296a8b2-739d-48fd-a143-f9af12639031}]
C:\WINDOWS\system32\tpaqfvho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84A2B948-7321-4AEC-A5F9-7E40610BDE97}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9a34b016-4d61-4bf3-a0e4-bbd093c9ba67}]
C:\WINDOWS\system32\ibighcvj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
C:\WINDOWS\system32\pdxywqoy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC4CDD41-27D4-44DD-B303-D8EE85A05BAD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5F42965-53DA-489E-9EBF-4BDFC8E6BE0C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8805F76-0707-447E-B106-0302B29ADEAD}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

[Rico]

VundoFix V6.7.9

Checking Java version...

Sun Java not detected
Scan started at 13:15:24 2008-02-26

Listing files found while scanning....

C:\WINDOWS\system32\adfhmwdk.dll
C:\windows\system32\adfhmwdk.dllbox
C:\WINDOWS\system32\efcbbxx.dll
C:\WINDOWS\system32\ibighcvj.dll
C:\WINDOWS\system32\pvkdiyyd.dll

Beginning removal...

Attempting to delete C:\windows\system32\adfhmwdk.dllbox
C:\windows\system32\adfhmwdk.dllbox Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcbbxx.dll
C:\WINDOWS\system32\efcbbxx.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ibighcvj.dll
C:\WINDOWS\system32\ibighcvj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pvkdiyyd.dll
C:\WINDOWS\system32\pvkdiyyd.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\efcbbxx.dll
C:\WINDOWS\system32\efcbbxx.dll Has been deleted!

Performing Repairs to the registry.
Done!

[Rico]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15, on 2008-02-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Prevx2\PXAgent.exe
C:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
C:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\VIAudioi\SBADeck\ADeck.exe
C:\Programmi\BitDefender\BitDefender 2008\bdagent.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.186.1.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programmi\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programmi\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Programmi\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196287478093
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: PREVXAgent - Prevx - C:\Programmi\Prevx2\PXAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 5041 bytes

[Sante62]

Bene, scarica The Avenger
Scompattalo in una sua cartella in c:\
Avvialo
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[Rico]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Documents and Settings\User\957123845.exe" deleted successfully.
File "C:\Documents and Settings\User\957123844.exe" deleted successfully.
File "C:\Documents and Settings\User\166.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[Rico]

Penso che il mio pc sia pieno di programmi e cose inutili ti sarei grato se mi aiutassi ad eliminarle! ecco i link:
GMER AUTOSCAN:
-http://www.freefilehosting.net/download/3d1j7
-[URL="http://www.freefilehosting.net/files/3d1j7"]GMER AUTOSCAN.txt[/URL]
-<a href="http://www.freefilehosting.net/files/3d1j7">GMER AUTOSCAN.txt</a>

GMER ROOTKIT:
-http://www.freefilehosting.net/download/3d1jb
-<a href="http://www.freefilehosting.net/files/3d1jb">GMER ROOTKIT.txt</a>
-[URL="http://www.freefilehosting.net/files/3d1jb"]GMER ROOTKIT.txt[/URL]

[Sante62]

OK, adesso vai su start->esegui e digita regedit;
si aprirà il registro di sistema;
Aiutandoti con i + naviga attraverso queste chiave:

[Rico]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\ntos.exe" deleted successfully.

Error: file "C:\WINDOWS\system32\drivers\qqjgblvp.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\qqjgblvp.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\wsnpoem\audio.dll" deleted successfully.
File "C:\WINDOWS\system32\wsnpoem\video.dll" deleted successfully.

Error: "C:\WINDOWS\system32\wsnpoem" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\wsnpoem" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Completed script processing.

*******************

Finished! Terminate.

[Rico]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40, on 2008-03-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\VIAudioi\SBADeck\ADeck.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\BitDefender\BitDefender 2008\bdagent.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Prevx2\PXAgent.exe
C:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
C:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.186.1.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 65.54.239.80 messenger.hotmail.com
O1 - Hosts: 65.54.239.80 dp.msnmessenger.skadns.net
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {297CBB7D-59D7-4853-B892-32818E6A1B46} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: URLDetector Class - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O2 - BHO: (no name) - {6296a8b2-739d-48fd-a143-f9af12639031} - C:\WINDOWS\system32\tpaqfvho.dll (file missing)
O2 - BHO: (no name) - {645DF18D-0418-429A-8346-9150649F3AC1} - C:\WINDOWS\system32\geede.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {84A2B948-7321-4AEC-A5F9-7E40610BDE97} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {76ab9c39-0dbb-4e0a-3fb4-16d4610b43a9} - {9a34b016-4d61-4bf3-a0e4-bbd093c9ba67} - C:\WINDOWS\system32\ibighcvj.dll (file missing)
O2 - BHO: (no name) - {BC4CDD41-27D4-44DD-B303-D8EE85A05BAD} - (no file)
O2 - BHO: (no name) - {D5F42965-53DA-489E-9EBF-4BDFC8E6BE0C} - (no file)
O2 - BHO: (no name) - {F8805F76-0707-447E-B106-0302B29ADEAD} - (no file)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programmi\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programmi\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Programmi\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196287478093
O20 - Winlogon Notify: pdxywqoy - pdxywqoy.dll (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: PREVXAgent - Prevx - C:\Programmi\Prevx2\PXAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6524 bytes

[Sante62]

Dopo aver fatto la scansione online con Kaspersky, avvia Hijackthis e fixa queste righe se presenti:

[Rico]

[URL="http://www.freefilehosting.net/files/3d456"]kaspersky33.html[/URL]

[Rico]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49, on 2008-03-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\VIAudioi\SBADeck\ADeck.exe
C:\Programmi\Prevx2\PXAgent.exe
C:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
C:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\firefox\firefox.exe
C:\Programmi\BitDefender\BitDefender 2008\bdagent.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.186.1.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: URLDetector Class - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programmi\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programmi\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Programmi\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196287478093
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: PREVXAgent - Prevx - C:\Programmi\Prevx2\PXAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 5548 bytes

[Rico]

BitDefender Log File !!!!!
Product : BitDefender Total Security 2008
Version : BitDefender UIScanner v.11
Log date : 17:35:20 04/03/2008
Log path : C:\Documents and Settings\All Users\Dati applicazioni\BitDefender\Desktop\Profiles\Logs\full_scan\1204648520_1_02.xml

Scan Paths:Path0000: C:\


Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes


Target selection options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : No
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :


Target ProcessingDefault action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None


Scan engines summaryNumber of virus signatures : 985172
Archive plugins : 41
Email plugins : 6
Scan plugins : 12
Archive plugins : 41
System plugins : 4
Unpack plugins : 7


Overall scan summaryScanned items : 39727
Infected items : 0
Suspicious items : 1
Resolved items : 1
Individual viruses found : 0
Scanned directories : 3265
Scanned boot sectors : 2
Scanned archives : 134
Input-output errors : 27
Scan time : 00:00:33:06
Files per second : 19


Scanned processes summaryScanned : 25
Infected : 0


Scanned registry keys summaryScanned : 291
Infected : 0


Scanned cookies summaryScanned : 0
Infected : 0


Remaining issues:Object Name Threat Name Final Status


Resolved issues:Object Name Threat Name Final Status
C:\Documents and Settings\User\Impostazioni locali\Temp\x6XO64Y0.exe BehavesLike:Trojan.HangUp Deleted


Objects that were not scanned:Object Name Reason Final Status
C:\Avenger\backup.zip=]avenger/avenger.exe Password-Protected No action was possible
C:\Avenger\backup.zip=]avenger/avenger.txt Password-Protected No action was possible
C:\Avenger\backup.zip=]avenger/avenger.zip Password-Protected No action was possible
C:\Avenger\backup.zip=]avenger/ntos.exe Password-Protected No action was possible
C:\Avenger\backup.zip=]avenger/video.dll Password-Protected No action was possible
C:\Avenger1\backup.zip=]avenger/166.exe Password-Protected No action was possible
C:\Avenger1\backup.zip=]avenger/957123844.exe Password-Protected No action was possible
C:\Avenger1\backup.zip=]avenger/957123845.exe Password-Protected No action was possible
C:\Avenger1\backup.zip=]avenger/avenger.exe Password-Protected No action was possible
C:\Avenger1\backup.zip=]avenger/avenger.txt Password-Protected No action was possible
C:\Avenger1\backup.zip=]avenger/avenger.zip Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=]related.htm Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\BSoftwareRegistryRepair.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\BSoftwareRegistryRepair.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cassava.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cassava.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cassava1.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cassava1.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cassava2.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cassava2.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Citofarera.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Citofarera.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Sfonditalia.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Sfonditalia.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Sfonditalia1.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Sfonditalia1.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Sfonditalia2.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Sfonditalia2.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumonde.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumonde.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumonde1.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumonde1.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumonde2.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumonde2.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumonde3.zip=]removalfile.bat Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumonde3.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\VirtumondeDll.zip=]awvtu.dll Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\VirtumondeDll.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumondegeneric.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumondegeneric.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumondegeneric1.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumondegeneric1.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumondegeneric2.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumondegeneric2.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz1.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz10.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz10.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz11.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz12.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz2.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz3.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz4.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz4.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz5.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz5.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz6.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz6.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz7.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz7.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz8.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz8.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz9.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz9.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinBHOje.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinBHOje.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinBHOje1.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinBHOje1.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinTinyabk.zip=]AE8AB41F91F72503.tmp Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinTinyabk.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinTinyabk1.zip=]7CF28762C38CA0D4.tmp Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinTinyabk1.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinTinyabk2.zip=]8AF12AB59DCE7145.tmp Password-Protected No action was possible
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinTinyabk2.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\La struttura a termine dei tassi di interesse.zip=]La struttura a termine dei tassi di interesse.ppt Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/CVS/Entries Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/CVS/Entries.Extra Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/CVS/Entries.Extra.Old Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/CVS/Entries.Old Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/CVS/Repository Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/CVS/Root Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/images/CVS/Entries Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/images/CVS/Entries.Extra Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/images/CVS/Entries.Extra.Old Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/images/CVS/Entries.Old Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/images/CVS/Repository Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/images/CVS/Root Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/images/formula0.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/images/Thumbs.db Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.1.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.10.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.11.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.12.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.13.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.14.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.15.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.16.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.17.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.18.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.19.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.2.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.20.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.21.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.22.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.23.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.24.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.25.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.26.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.27.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.28.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.29.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.3.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.4.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.5.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.6.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.7.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.8.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.9.gif Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.htm Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/Thumbs.db Password-Protected No action was possible
C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\Piazzoni\La struttura a termine dei tassi di interesse.zip=]La struttura a termine dei tassi di interesse.ppt Password-Protected No action was possible
C:\Programmi\EdimaxWi-Fi\Autorun.apm=]ams_xml_pl.xml Password-Protected No action was possible
C:\Programmi\EdimaxWi-Fi\Autorun.apm=]ams_xml_temp.xml Password-Protected No action was possible

[Sante62]

fixa questa voce con Hijackthis

[Riverside]