Olimpo Informatico

[angeluzzo1]

Buongiorno. sono un neofita del web, perciò sono a digiuno di pratiche tecniche legate all'uso del pc, ai suoi termini specifici, ecc. Scrivo in questo furum per avere conferma o smentita sul mio sospetto di avere nel sistema qualche virus. In particolare, il mio sospetto è quello che qualcun altro stia spiando le mie connessioni e le mie discussioni in messenger. Ho letto alcuni topic e so che devo incollare un rapporto di Hijackthis. Premetto che ho XP Home edition Service Pack3. L'antivirus è Avast + Ad Aware (ambedue free). In questi giorni ho anche provato a disinstallare Avast, sostituendolo con Kaspersky, ma quest'ultimo mi inondava di finestrine che mi dicevano di sbloccare i programmi (anche Internet Explo e altri innocui). Con Kaspersky, nonappena aprivo messenger, mi apparivano finestre con scritto "IP remote (seguito dal numero dell'IP)" oppure "IP remote+Mask (e relativi numeri)". Sono ritornato ad Avast.
Un giorno, durante una discussione in chat con messenger, si è aperta una finestra (sempre di messenger) che diceva: "Sei stato invitato da (nome della persona che ometto) a connetterti al suo computer tramite Assistenza remota. Scegli Accetta (Alt+C) per accettare l'invito o Rifiuta (Alt+D) per rifiutarlo." Ma sùbito dopo il messaggio è stato annullato (non da me) e la persona con cui parlavo non ne sapeva niente.
Per non parlare di quando cerco di scrivere un messaggio (sempre con messenger) e appare scritto "impossibile inoltrare a tutti il tuo messaggio". Mi dico: a tutti??? Ma se mi collego a una sola persona?Credo sia legittimo il mio sospetto di qualche spia.
Inoltre il ripristino della configurazione di sistema non funziona più e in modalità provvisoria Avast non si apre e neppure Kaspersky. In una delle tante scansioni che ho fatto in modalità normale (mi pare con Avast) è venuto fuori un file incancellabile nel disco "D" System Volume Information, restore... che risulta uno zip protetto da password. HO anche provato a fare una scansione on-line con Panda... nada! Oggi, però, il pc mi sembra decisamente più veloce (chissà perchè: la spia se n'è andata?)
Voi cosa ne pensate? Vi copio il rapporto di Hijackthis. Grazie


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.20.55, on 06/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Lexmark 5200 series\lxbtbmgr.exe
C:\Programmi\Lexmark 5200 series\lxbtbmon.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Sun\StarOffice 8\program\soffice.exe
C:\Programmi\Sun\StarOffice 8\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.alice.it/search/home/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Programmi\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmi\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StarOffice 8.lnk = C:\Programmi\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://avucciria.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 9071 bytes

[Sante62]

Ciao angeluzzo1 e benvenuto...
disattiva il ripristino di sistema

Avvia Hijackthis, seleziona queste righe e clicca su fix Cheched:

[angeluzzo1]

Buongiorno, Sante62. Nell'attesa della tua risposta, ho provveduto a sostituire Ad Aware con Spybot S&D (preso da questo forum) che mi ha trovato qualcosa e che ho già corretto (ma correggere vuol dire eliminare?). Mi confermi la stessa procedura che mi hai suggerito prima?
Ecco il rapporto Hijackthis (con ripristino ancora attivato)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.06.51, on 06/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Lexmark 5200 series\lxbtbmgr.exe
C:\Programmi\Lexmark 5200 series\lxbtbmon.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Sun\StarOffice 8\program\soffice.exe
C:\Programmi\Sun\StarOffice 8\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
D:\GreatNews\GreatNews.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.alice.it/search/home/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Programmi\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmi\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StarOffice 8.lnk = C:\Programmi\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://avucciria.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 9446 bytes

[Sante62]

[angeluzzo1]

OK. Avvierò la procedura verso sera, ora devo andare a lavorare. Ciao

[angeluzzo1]

Ciao, Sante62, sono di ritorno. Mentre svolgo tutte le operazioni richieste, vorrei che tu mi dicessi perchè questo link http://avucciria.spaces.live.com/PhotoUpload/MsnPUpld.cab ,trovato nel report, sta tra i programmi in esecuzione. Mi sembra strano, dato che si tratta di un blog. Altrimenti, che cos'è? Grazie.

[Sante62]

[angeluzzo1]

Poichè tra i miei sospetti di spionaggio ricade anche quel blog, che ne dici se lo fixo comunque, anche se, come dici tu, dovrebbe stare lì?

Ti mando il log di Hijackthis dopo aver fatto tutte le operazioni. Ma vuoi anche i log di Ccleaner, di Combofix e di Virit?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.18.36, on 06/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Lexmark 5200 series\lxbtbmgr.exe
C:\Programmi\Lexmark 5200 series\lxbtbmon.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Sun\StarOffice 8\program\soffice.exe
C:\Programmi\Sun\StarOffice 8\program\soffice.BIN
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Programmi\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmi\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StarOffice 8.lnk = C:\Programmi\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://avucciria.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 8570 bytes

[Sante62]

[angeluzzo1]

LOG COMBOFIX:

ComboFix 08-06-05.3 - LYS 2008-06-06 18.39.18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.161 [GMT 2:00]
Eseguito da: C:\Documents and Settings\LYS\Desktop\Combo-Fix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Creati Da 2008-05-06 al 2008-06-06 )))))))))))))))))))))))))))))))))))
.

2008-06-06 11:59 . 2008-06-06 11:59 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-06-06 11:59 . 2008-06-06 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-06-05 20:22 . 2008-06-05 20:22 <DIR> d-------- C:\WINDOWS\Profiles
2008-06-05 20:22 . 2008-06-05 20:22 <DIR> dr------- C:\Documents and Settings\Administrator\Preferiti
2008-06-05 20:22 . 2008-06-05 20:22 <DIR> d-------- C:\Documents and Settings\Administrator\Impostazioni locali
2008-06-05 20:21 . 2008-06-05 20:21 <DIR> d-------- C:\Documents and Settings\Administrator\Menu Avvio
2008-06-05 20:21 . 2008-06-05 20:22 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-05 02:29 . 2008-06-05 02:29 <DIR> d-------- C:\Programmi\Trend Micro
2008-06-04 19:56 . 2008-06-04 19:56 <DIR> d-------- C:\kav
2008-06-04 12:10 . 2008-06-04 12:10 244 --ah----- C:\sqmnoopt07.sqm
2008-06-04 12:10 . 2008-06-04 12:10 232 --ah----- C:\sqmdata07.sqm
2008-06-04 12:09 . 2008-06-04 12:09 244 --ah----- C:\sqmnoopt06.sqm
2008-06-04 12:09 . 2008-06-04 12:09 232 --ah----- C:\sqmdata06.sqm
2008-06-04 12:06 . 2008-06-04 12:06 244 --ah----- C:\sqmnoopt05.sqm
2008-06-04 12:06 . 2008-06-04 12:06 244 --ah----- C:\sqmnoopt04.sqm
2008-06-04 12:06 . 2008-06-04 12:06 232 --ah----- C:\sqmdata05.sqm
2008-06-04 12:06 . 2008-06-04 12:06 232 --ah----- C:\sqmdata04.sqm
2008-06-03 23:16 . 2008-06-03 23:16 244 --ah----- C:\sqmnoopt03.sqm
2008-06-03 23:16 . 2008-06-03 23:16 244 --ah----- C:\sqmnoopt02.sqm
2008-06-03 23:16 . 2008-06-03 23:16 232 --ah----- C:\sqmdata03.sqm
2008-06-03 23:16 . 2008-06-03 23:16 232 --ah----- C:\sqmdata02.sqm
2008-06-03 23:13 . 2008-06-03 23:13 244 --ah----- C:\sqmnoopt01.sqm
2008-06-03 23:13 . 2008-06-03 23:13 232 --ah----- C:\sqmdata01.sqm
2008-06-03 23:12 . 2008-06-03 23:12 244 --ah----- C:\sqmnoopt00.sqm
2008-06-03 23:12 . 2008-06-03 23:12 232 --ah----- C:\sqmdata00.sqm
2008-06-02 17:41 . 2008-06-05 20:06 <DIR> d-------- C:\Programmi\Alwil Software
2008-06-01 20:30 . 2008-06-01 20:30 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-30 17:31 . 2008-06-02 23:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-30 17:31 . 2008-05-30 17:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-27 16:00 . 2008-05-27 16:00 16,826 --ah----- C:\WINDOWS\system32\TWEAKUI.GID
2008-05-21 20:51 . 2001-09-19 15:47 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2008-05-21 20:51 . 2005-08-11 15:49 393,088 -ra------ C:\WINDOWS\system32\drivers\senfilt.sys
2008-05-21 20:51 . 2005-10-05 19:21 141,312 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2008-05-21 20:51 . 2005-03-04 22:53 127,872 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys
2008-05-21 20:51 . 2005-06-22 12:11 23,552 -ra------ C:\WINDOWS\system32\PostProc.dll
2008-05-21 11:15 . 2008-05-21 11:15 <DIR> d-------- C:\Programmi\icons
2008-05-19 13:14 . 2008-05-19 19:20 <DIR> d-------- C:\Documents and Settings\LYS\Dati applicazioni\skypePM
2008-05-19 13:09 . 2008-05-19 19:33 <DIR> d-------- C:\Documents and Settings\LYS\Dati applicazioni\Skype
2008-05-18 14:52 . 2008-05-18 14:52 <DIR> d-------- C:\Programmi\Skype
2008-05-18 14:52 . 2008-05-18 14:52 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-05-18 14:51 . 2008-05-18 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-05-17 16:52 . 2008-05-22 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-05-11 15:06 . 2008-05-11 15:07 <DIR> d-------- C:\Programmi\Vstplugins
2008-05-10 16:47 . 2008-04-13 19:13 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-10 16:28 . 2008-04-13 19:14 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe
2008-05-10 16:26 . 2008-04-13 11:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-05-10 16:24 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\003123_.tmp
2008-05-09 12:44 . 2008-05-10 15:36 8 --a------ C:\WINDOWS\arte2006.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 16:13 --------- d-----w C:\Documents and Settings\LYS\Dati applicazioni\StarOffice8
2008-06-06 09:57 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-06-05 19:29 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-06-05 11:05 --------- d-----w C:\Programmi\GreatNews
2008-06-04 17:59 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-06-02 12:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2008-05-21 09:24 --------- d-----w C:\Programmi\Analog Devices
2008-05-19 12:31 155,072 ----a-w C:\Documents and Settings\LYS\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-05-17 15:05 --------- d-----w C:\Programmi\Windows Live
2008-05-05 18:32 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-05 18:32 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-05-05 16:53 --------- d-----w C:\Programmi\Google
2008-05-02 17:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Sony
2008-05-02 17:25 --------- d-----w C:\Documents and Settings\LYS\Dati applicazioni\Sony
2008-05-02 09:04 --------- d-----w C:\Programmi\Lx_cats
2008-05-01 08:28 --------- d-----w C:\Programmi\radio
2008-05-01 08:28 --------- d-----w C:\Programmi\microsoft frontpage
2008-05-01 08:21 --------- d-----w C:\Programmi\Java
2008-04-29 18:30 --------- d-----w C:\Programmi\Sun
2008-04-28 21:37 --------- d-----w C:\Programmi\Panda Security
2008-04-22 07:05 --------- d-----w C:\Programmi\File comuni\Nero
2008-04-22 07:03 --------- d-----w C:\Programmi\File comuni\Ahead
2008-04-22 07:03 --------- d-----w C:\Programmi\Ahead
2008-04-19 17:27 --------- d-----w C:\Documents and Settings\LYS\Dati applicazioni\Template
2008-04-18 14:24 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\Acronis
2008-04-18 10:26 441,760 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2008-04-18 10:26 44,384 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-04-18 10:26 129,248 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-04-18 10:25 368,480 ----a-w C:\WINDOWS\system32\drivers\tdrpman.sys
2008-04-15 10:25 --------- d-----w C:\Programmi\Nortek
2008-04-15 10:25 --------- d-----w C:\Programmi\File comuni\PCCamera
2008-04-13 17:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-13 17:16 331,776 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-13 17:13 99,840 ----a-w C:\WINDOWS\system32\loadperf.dll
2008-04-13 17:12 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-13 17:11 539,648 ----a-w C:\WINDOWS\system32\comuid.dll
2008-04-13 17:11 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-13 17:11 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-13 16:56 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-13 16:56 68,736 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-13 16:56 120,448 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-13 16:55 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-13 16:55 46,720 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-13 16:55 2,192,768 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 16:55 2,069,632 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 16:54 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 16:54 154,240 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 16:53 92,672 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 16:53 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 16:53 25,088 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-13 16:52 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 16:52 40,704 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-13 16:52 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-13 16:52 37,504 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-13 16:52 2,973,696 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-13 16:51 65,792 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 16:51 566,272 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:51 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 16:51 51,200 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 16:51 186,880 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-13 16:50 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 16:50 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 16:49 68,608 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 16:49 58,368 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-13 16:49 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 16:49 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 16:49 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-13 16:48 8,704 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-13 16:48 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-13 16:48 41,728 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-13 16:48 41,344 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-13 16:48 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-13 16:47 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 16:47 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-13 16:47 188,416 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 16:47 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 10:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 10:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 10:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 10:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 10:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 10:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 10:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 10:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 10:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 10:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 10:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 10:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 10:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 10:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 10:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 10:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 10:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 10:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 10:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 10:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 10:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 10:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 09:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 09:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:14 15360]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 16:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2005-10-10 23:49 1519616 C:\WINDOWS\system32\nwiz.exe]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 06:49 106544 C:\WINDOWS\system32\tweakui.cpl]
"Corel Reminder"="" []
"Lexmark 5200 series"="C:\Programmi\Lexmark 5200 series\lxbtbmgr.exe" [2004-06-04 12:01 57344]
"FaxCenterServer"="C:\Programmi\Lexmark Fax Solutions\fm3032.exe" [2004-03-23 15:07 294912]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe" [2005-05-20 11:11 925696]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 23:49 7286784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:14 15360]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264]

C:\Documents and Settings\LYS\Menu Avvio\Programmi\Esecuzione automatica\
StarOffice 8.lnk - C:\Programmi\Sun\StarOffice 8\program\quickstart.exe [2007-08-17 21:58:18 122880]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2008-02-21 15:49:36 125624]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2008-02-21 17:24:14 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"MIDI1"= vpnt.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 10:22]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 ADM851X;IDF Alice Gate 2 plus USB;C:\WINDOWS\system32\DRIVERS\ADM851X.SYS [2004-10-27 17:05]
R3 msloop;Driver Scheda Microsoft Loopback;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 22:53]
R3 PAC207;NX-Vega;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-01-25 15:20]
R3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 11:45]
R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 11:45]

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-06 16:03:39 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
"2008-06-06 16:40:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{16837304-432F-4799-9E6E-2F87818B5AED}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 18:41:08
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-06-06 18.43.44
ComboFix-quarantined-files.txt 2008-06-06 16:43:34

8 Directory 71,586,996,224 byte disponibili
10 Directory 71,573,561,344 byte disponibili

241 --- E O F --- 2008-06-06 08:21:12



LOG VirIT:

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
06/06/2008 - 18:58:31

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Documents and Settings\LYS\Preferiti\Generale.url Infetto da HTML.LinkShare.A
* * * RIMOSSO * * *

Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 42927.
Files Totali: 42927.
Chiavi Registro rimosse: 0.
Virus Rimossi: 1.


Il virus che ha rimosso stava in un collegamento dei "preferiti"

[Sante62]

Si, ho visto...

Fai la scansione con Systemscan e posta il log generato come
indicato quì

[angeluzzo1]

Ecco il file, ma devo pigiare su URL per inserirlo? Io lo metto così com'è

report suspectfile.txt

gentile Sante62, per questa sera non posso più stare in linea. Vista l'ora ti auguro una buona serata. Ci sentiamo domani. Grazie. Ciao

[Sante62]

C'è ancora qualcosina;

scarica Norman Malware Cleaner
disattiva il ripristino di sistema e avvia il PC in modalità provvisoria
Avvia Norman Malware Cleaner.
Viene generato un log sul desktop chiamandolo NFix_2008-01-gg_hh-mm-ss.log, alla fine della scansione postalo qui.

Buona serata...

[angeluzzo1]

Buongiorno, Sante62. Non so se anche di sabato sei in linea. Ho fatto lo scan che mi hai richiesto e ti ho incollato il report. Volevo chiederti del destino di quel file nel disco "D" (dove ho solo dati) che risultava uno zip protetto da password. Lo hai incontrato nei vari log?

Sai una cosa? Anche questa notte la mia connessione messenger è stata sabotata fortemente da un intruso (la finestra si chiudeva da sola, gli stessi messaggi che dicevano "impossibile recapitare a tutti...", fino alla comparsa di un'altra finestra di sistema (quella dello stato di connessione alla rete Lan), i cui dettagli dichiaravano il mio numero IP e un "Subnet Mask" 255.255.0.0). Ho avviato la risoluzione problemi di collegamento, ma il check si bloccava sulla voce "porte" (ho fatto uno screenshot jpg della finestra, se vuoi faccio un upload e te l'invio).
Sante62, io non sono un esperto, mi occupo solo di computer-grafica, ma mi sembra che qui siamo di fronte a qualcosa di molto sofisticato e forse è il caso che io mi rivolga alla polizia. Tu cosa mi dici?
Inoltre, ti ricordi quel link del blog che ho fixato? Non capisco perchè c'era solo quello, dal momento che visito molti blog a anche io ne posseggo uno. Cosa ne pensi? Grazie.

Qui il report:

Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/06/02 19:05:48

Norman Scanner Engine Version: 5.92.08
Nvcbin.def Version: 5.92.00, Date: 2008/06/02 19:05:48, Variants: 1705334

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600(Safe mode) Service Pack 3
Logged on user: IO\LYS

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Scan started: 07/06/2008 13:36:30


Scanning running processes and process memory...

Number of processes/threads found: 622
Number of processes/threads scanned: 622
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 21s


Scanning file system...

Scanning: C:\*.*

Scanning: D:\*.*


Running post-scan cleanup routine:

Number of files found: 105503
Number of archives unpacked: 1473
Number of files scanned: 105483
Number of files not scanned: 20
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 36m 22s

[Sante62]

[angeluzzo1]

OK, Sante62. Procedo con ordine. Quel file in "D", dopo un'altra scansione con Avast non si vede più, ma se vuoi vedere dov'era ti mando il link dell'immagine jpg. In particolare, era il penultimo in basso quello protetto da password. http://i268.photobucket.com/albums/jj11/angeluzzo1/virusD.jpg

In compenso, sono comparsi altri file protetti da password in "C", ma che ho cancellato (appartenevano alla cartella "recovery" di Spybot S&D). Ecco l'immagine:
http://i268.photobucket.com/albums/jj11/angeluzzo1/virusC.jpg

A parte questo, ora mi sono accorto che in C/Documents and Setting è apparsa una cartella "Administrator" che non c'era, oltre alle solite due. All'interno ci sono le seguenti cartelle: Desktop (vuota), Documenti recenti (vuota), Menù avvio (programmi->esecuzione automatica), Preferiti (vuota), Impostazioni locali (Dati applicazioni->Microsoft+file nascosto IconCache->masterizzazione cd)


Qui ti scrivo i link delle finestre relative agli IP mask e al check di rete:
http://i268.photobucket.com/albums/jj11/angeluzzo1/immagineIPmask.jpg
http://i268.photobucket.com/albums/jj11/angeluzzo1/nuovo-1.jpg


Per quanto riguarda l'apertura del file hosts... non ho ben capito. Ti dico cosa sono riuscito a fare fin ora: ho trovato il percorso C:\WINDOWS\system32\drivers\etc
all'interno di "etc" ci sono 7 file, nell'ordine: hosts, hosts.bak, hosts.msn, Imhosts, networks, protocol, services.
Ho aperto il file hosts con il block note, ma all'interno non c'è solo quel numero, bensì un sacco di altra roba (1.235 Kb), tante righe che dicono così: Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 quickbanner.com e che riguardano siti che non ho mai visitato.
Ma con questo block note cosa devo fare di preciso? Non ho capito quando dici "una volta cancellati, fai su File->Salva e ti consiglierei di metterlo in sola lettura"
Forse devo aprire tutti i 7 file col block note, salvarli in sola lettura (dove salvarli?) e poi cancellare gli originali?
Grazie

[Sante62]

[angeluzzo1]

Il link che mi hai dato non permette l'apertura della pagina, se non per un secondo, poi appare la schermata bianca "HTTP 400 -richiesta non valida- In quel secondo riesco a cliccare su "download" ma viene fuori la pagina di Registry Mechanic

[Sante62]

[angeluzzo1]

Fatto. Ora il file presenta solo 127.0.0.1 localhost e pesa 1Kb. Vedo che negli altri file hosts (almeno in due) ci sono le stesse cose che c'erano in hosts. Li butto nel cestino?