Olimpo Informatico

[bdoriano]

ciao miaka8620, una domanda:
perchè, quando posti i logs di hijackthis tagli la testa del log?
queste righe, per intenderci:

[miaka8620]

Scusami sono inesperta e nn sapevo che fossero utili.. scusatemi

[miaka8620]

ecco il risultato della scansione online : [URL="http://www.freefilehosting.net/files/MTk3MjA="]p.txt[/URL]

[Sante62]

Disattiva il ripristino configurazione di Sistema:
http://forum.zeusnews.com/viewtopic.php?t=22084
Ripulisci la quarantena di Virit;
Utilizza l'opzione pulitura disco oppure usa CCleaner http://www.pc-facile.com/download/pulizia/ccleaner/ e ATF Cleaner http://www.atribune.org/ccount/click.php?id=1 e deframmenta il disco.

Scarica Avenger e mettilo in una sua cartella in C:\
http://swandog46.geekstogo.com/avenger.zip
Avvialo
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

Files to delete:
C:\Documents and Settings\Utente\Impostazioni locali\Temp\cd4F.tmp.exe/data0013/data0005
C:\Documents and Settings\Utente\Impostazioni locali\Temp\cd4F.tmp.exe/data0013
C:\Documents and Settings\Utente\Impostazioni locali\Temp\cd4F.tmp.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\Installer.exe/data0005
C:\Documents and Settings\Utente\Impostazioni locali\Temp\Installer.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\MediaBar.exe/stream/data0005
C:\Documents and Settings\Utente\Impostazioni locali\Temp\MediaBar.exe/stream
C:\Documents and Settings\Utente\Impostazioni locali\Temp\MediaBar.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\~wa6psetup.exe/file011
C:\Documents and Settings\Utente\Impostazioni locali\Temp\~wa6psetup.exe/file016
C:\Documents and Settings\Utente\Impostazioni locali\Temp\~wa6psetup.exe
C:\Programmi\HbTools\Bin\4.8.4.0\Cml.exe
C:\Programmi\HbTools\Bin\4.8.4.0\HbtCoreSrv.dll
C:\Programmi\HbTools\Bin\4.8.4.0\HbtHostOE.dll
C:\Programmi\HbTools\Bin\4.8.4.0\HbtHostOL.dll
C:\Programmi\HbTools\Bin\4.8.4.0\HbtSrv.exe
C:\Programmi\HbTools\Bin\4.8.4.0\HbtToolbar.dll
C:\Programmi\HbTools\Bin\4.8.4.0\HbtWallpaper.dll
C:\Programmi\HbTools\HBTV\uninstaller.exe/data0002
C:\Programmi\HbTools\HBTV\uninstaller.exe
C:\Programmi\Internet Explorer\msimg32.dll
C:\Programmi\Mozilla Firefox\plugins\NPMyWebS.dll
C:\Programmi\MSN Messenger\msimg32.dll
C:\Programmi\MSN Messenger\riched20.dll
C:\Programmi\MyWebSearch\bar\6.bin\F3HTMLMU.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3BROVLY.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3DTACTL.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3HTMLMU.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3HTTPCT.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3IMSTUB.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3POPSWT.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3PSSAVR.SCR
C:\Programmi\MyWebSearch\bar\7.bin\F3REPROX.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3RESTUB.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3SCRCTR.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3SHLLVW.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3WPHOOK.DLL
C:\Programmi\MyWebSearch\bar\7.bin\M3HTML.DLL
C:\Programmi\MyWebSearch\bar\7.bin\M3IDLE.DLL
C:\Programmi\MyWebSearch\bar\7.bin\M3MSG.DLL
C:\Programmi\MyWebSearch\bar\7.bin\M3OUTLCN.DLL
C:\Programmi\MyWebSearch\bar\7.bin\M3PLUGIN.DLL
C:\Programmi\MyWebSearch\bar\7.bin\M3SKIN.DLL
C:\Programmi\MyWebSearch\bar\7.bin\MWSOEPLG.DLL
C:\Programmi\MyWebSearch\bar\7.bin\MWSOESTB.DLL
C:\Programmi\MyWebSearch\bar\7.bin\NPMYWEBS.DLL
C:\Programmi\Network\ipnetwork.exe
C:\Programmi\NewDotNet\uninstall6_38.exe
C:\Programmi\NewDotNet\uninstall7_48.exe
C:\Programmi\Skakkinostri\Skakkiskript_v5\SkakkiSkript_v5.exe
C:\sh.exe/rpc.bat
C:\sh.exe/radmin/svchost.exe
C:\sh.exe/radmin/radmin.reg
C:\sh.exe/radmin/AdmDll.dll
C:\sh.exe
C:\WINDOWS\Downloaded Installations\{AC474BE1-E38F-4018-AF43-58D51310A3CF}\IpNetInfo.msi/Data1.cab/vcu32.exe
C:\WINDOWS\Downloaded Installations\{AC474BE1-E38F-4018-AF43-58D51310A3CF}\IpNetInfo.msi/Data1.cab
C:\WINDOWS\Downloaded Installations\{AC474BE1-E38F-4018-AF43-58D51310A3CF}\IpNetInfo.msi
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\NDNuninstall7_48.exe
C:\WINDOWS\radmin\radmin.reg
C:\WINDOWS\radmin\svchost.exe
C:\WINDOWS\system\down32.cmd
C:\WINDOWS\system\msnmsgr.cmd
C:\WINDOWS\system\taskmam.exe
C:\WINDOWS\system\xsmith.scr
C:\WINDOWS\system32\cipqslnr.exe/data0018/data0002
C:\WINDOWS\system32\cipqslnr.exe/data0018/data0003
C:\WINDOWS\system32\cipqslnr.exe/data0018/data0004
C:\WINDOWS\system32\cipqslnr.exe/data0018
C:\WINDOWS\system32\cipqslnr.exe
C:\WINDOWS\system32\f3PSSavr.scr
F:\Documents and Settings\Utente\Documenti\documenti inportanti\CursorManiaSetup2.0.4.0.exe
F:\Documents and Settings\Utente\Documenti\documenti inportanti\fddli_1200_Aq_s_Inst-74.exe
F:\Documents and Settings\Utente\Documenti\File ricevuti\vnc-4_1_1-x86_win32.exe/file1
F:\Documents and Settings\Utente\Documenti\File ricevuti\vnc-4_1_1-x86_win32.exe/file3
F:\Documents and Settings\Utente\Documenti\File ricevuti\vnc-4_1_1-x86_win32.exe
F:\Documents and Settings\Utente\Documenti\file vari\BSINSTALL.exe/WISE0023.BIN/clientax.dll
F:\Documents and Settings\Utente\Documenti\file vari\BSINSTALL.exe/WISE0023.BIN
F:\Documents and Settings\Utente\Documenti\file vari\BSINSTALL.exe
F:\Documents and Settings\Utente\Documenti\file vari\BSINSTALL.exe
F:\Documents and Settings\Utente\Documenti\file vari\dolphinfree.exe/WISE0046.BIN
F:\Documents and Settings\Utente\Documenti\file vari\dolphinfree.exe/WISE0047.BIN
F:\Documents and Settings\Utente\Documenti\file vari\dolphinfree.exe/WISE0048.BIN/data.rar/whAgent.exe
F:\Documents and Settings\Utente\Documenti\file vari\dolphinfree.exe/WISE0048.BIN/data.rar/whInstaller.exe
F:\Documents and Settings\Utente\Documenti\file vari\dolphinfree.exe/WISE0048.BIN/data.rar/whSurvey.exe
F:\Documents and Settings\Utente\Documenti\file vari\dolphinfree.exe/WISE0048.BIN/data.rar/webhdll.dll
F:\Documents and Settings\Utente\Documenti\file vari\dolphinfree.exe/WISE0048.BIN/data.rar/whiehlpr.dll
F:\Documents and Settings\Utente\Documenti\file vari\dolphinfree.exe/WISE0048.BIN/data.rar skipped
F:\Documents and Settings\Utente\Documenti\file vari\dolphinfree.exe/WISE0048.BIN
F:\Documents and Settings\Utente\Documenti\file vari\dolphinfree.exe/WISE0049.BIN
F:\Documents and Settings\Utente\Documenti\file vari\dolphinfree.exe
F:\Documents and Settings\Utente\Documenti\file vari\dolphinfree.exe
F:\Documents and Settings\Utente\Documenti\file vari\hbtools.exe/data0019/HbTools.mlp
F:\Documents and Settings\Utente\Documenti\file vari\hbtools.exe/data0019
F:\Documents and Settings\Utente\Documenti\file vari\hbtools.exe/data0023/data0004
F:\Documents and Settings\Utente\Documenti\file vari\hbtools.exe/data0023
F:\Documents and Settings\Utente\Documenti\file vari\hbtools.exe F:\Documents and Settings\Utente\Documenti\giochi e programmi vari\hbtools.exe/data0018/data0002
F:\Documents and Settings\Utente\Documenti\giochi e programmi vari\hbtools.exe/data0018/data0003
F:\Documents and Settings\Utente\Documenti\giochi e programmi vari\hbtools.exe/data0018/data0004
F:\Documents and Settings\Utente\Documenti\giochi e programmi vari\hbtools.exe/data0018
F:\Documents and Settings\Utente\Documenti\giochi e programmi vari\hbtools.exe
F:\Documents and Settings\Utente\Documenti\Immagini\sims\hbtools.exe/data0019/HbTools.mlp
F:\Documents and Settings\Utente\Documenti\Immagini\sims\hbtools.exe/data0019
F:\Documents and Settings\Utente\Documenti\Immagini\sims\hbtools.exe/data0023/data0004
F:\Documents and Settings\Utente\Documenti\Immagini\sims\hbtools.exe/data0023
F:\Documents and Settings\Utente\Documenti\Immagini\sims\hbtools.exe
F:\Documents and Settings\Utente\Documenti\My Music\BearShareV6it.exe/WISE0044.BIN/stream/data0005
F:\Documents and Settings\Utente\Documenti\My Music\BearShareV6it.exe/WISE0044.BIN/stream
F:\Documents and Settings\Utente\Documenti\My Music\BearShareV6it.exe/WISE0044.BIN
F:\Documents and Settings\Utente\Documenti\My Music\BearShareV6it.exe
F:\Documents and Settings\Utente\Documenti\My Music\BearShareV6it.exe
F:\Documents and Settings\Utente\Documenti\Nuova cartella\Sims2 University.exe/username.exe
F:\Documents and Settings\Utente\Documenti\Nuova cartella\Sims2 University.exe/shell32.exe
F:\Documents and Settings\Utente\Documenti\Nuova cartella\Sims2 University.exe
F:\Documents and Settings\Utente\Documenti\Varie ogni genere\setup Skakkiskript v5_03.exe/file001
F:\Documents and Settings\Utente\Documenti\Varie ogni genere\setup Skakkiskript v5_03.exe

Folders to delete:
C:\Programmi\MyWebSearch


Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, si aprirà il blocco note con il risultato di Avenger. Altrimenti lo trovi su C:\Avenger.txt, con un log aggiornato di hijackthis.

[bdoriano]

Piccola correzione, queste sono le righe da usare con avenger:

Files to delete:
C:\Documents and Settings\Utente\Impostazioni locali\Temp\cd4F.tmp.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\Installer.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\MediaBar.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\~wa6psetup.exe
C:\Programmi\HbTools\Bin\4.8.4.0\Cml.exe
C:\Programmi\HbTools\Bin\4.8.4.0\HbtCoreSrv.dll
C:\Programmi\HbTools\Bin\4.8.4.0\HbtHostOE.dll
C:\Programmi\HbTools\Bin\4.8.4.0\HbtHostOL.dll
C:\Programmi\HbTools\Bin\4.8.4.0\HbtSrv.exe
C:\Programmi\HbTools\Bin\4.8.4.0\HbtToolbar.dll
C:\Programmi\HbTools\Bin\4.8.4.0\HbtWallpaper.dll
C:\Programmi\HbTools\HBTV\uninstaller.exe
C:\Programmi\Internet Explorer\msimg32.dll
C:\Programmi\Mozilla Firefox\plugins\NPMyWebS.dll
C:\Programmi\MSN Messenger\msimg32.dll
C:\Programmi\MSN Messenger\riched20.dll
C:\Programmi\MyWebSearch\bar\6.bin\F3HTMLMU.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3BROVLY.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3DTACTL.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3HTMLMU.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3HTTPCT.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3IMSTUB.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3POPSWT.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3PSSAVR.SCR
C:\Programmi\MyWebSearch\bar\7.bin\F3REPROX.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3RESTUB.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3SCRCTR.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3SHLLVW.DLL
C:\Programmi\MyWebSearch\bar\7.bin\F3WPHOOK.DLL
C:\Programmi\MyWebSearch\bar\7.bin\M3HTML.DLL
C:\Programmi\MyWebSearch\bar\7.bin\M3IDLE.DLL
C:\Programmi\MyWebSearch\bar\7.bin\M3MSG.DLL
C:\Programmi\MyWebSearch\bar\7.bin\M3OUTLCN.DLL
C:\Programmi\MyWebSearch\bar\7.bin\M3PLUGIN.DLL
C:\Programmi\MyWebSearch\bar\7.bin\M3SKIN.DLL
C:\Programmi\MyWebSearch\bar\7.bin\MWSOEPLG.DLL
C:\Programmi\MyWebSearch\bar\7.bin\MWSOESTB.DLL
C:\Programmi\MyWebSearch\bar\7.bin\NPMYWEBS.DLL
C:\Programmi\Network\ipnetwork.exe
C:\Programmi\NewDotNet\uninstall6_38.exe
C:\Programmi\NewDotNet\uninstall7_48.exe
C:\Programmi\Skakkinostri\Skakkiskript_v5\SkakkiSkript_v5.exe
C:\sh.exe
C:\WINDOWS\Downloaded Installations\{AC474BE1-E38F-4018-AF43-58D51310A3CF}\IpNetInfo.msi
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\NDNuninstall7_48.exe
C:\WINDOWS\radmin\radmin.reg
C:\WINDOWS\radmin\svchost.exe
C:\WINDOWS\system\down32.cmd
C:\WINDOWS\system\msnmsgr.cmd
C:\WINDOWS\system\taskmam.exe
C:\WINDOWS\system\xsmith.scr
C:\WINDOWS\system32\cipqslnr.exe
C:\WINDOWS\system32\f3PSSavr.scr
F:\Documents and Settings\Utente\Documenti\documenti inportanti\CursorManiaSetup2.0.4.0.exe
F:\Documents and Settings\Utente\Documenti\documenti inportanti\fddli_1200_Aq_s_Inst-74.exe
F:\Documents and Settings\Utente\Documenti\File ricevuti\vnc-4_1_1-x86_win32.exe
F:\Documents and Settings\Utente\Documenti\file vari\BSINSTALL.exe
F:\Documents and Settings\Utente\Documenti\file vari\dolphinfree.exe
F:\Documents and Settings\Utente\Documenti\file vari\hbtools.exe
F:\Documents and Settings\Utente\Documenti\giochi e programmi vari\hbtools.exe
F:\Documents and Settings\Utente\Documenti\Immagini\sims\hbtools.exe
F:\Documents and Settings\Utente\Documenti\My Music\BearShareV6it.exe
F:\Documents and Settings\Utente\Documenti\Nuova cartella\Sims2 University.exe
F:\Documents and Settings\Utente\Documenti\Varie ogni genere\setup Skakkiskript v5_03.exe

Folders to delete:
C:\Programmi\MyWebSearch

[Sante62]

Oh, pardon

[miaka8620]

Questo è il log di avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\prjxftpo

*******************

Script file located at: \??\C:\WINDOWS\woaergna.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\Utente\Impostazioni locali\Temp\cd4F.tmp.exe deleted successfully.
File C:\Documents and Settings\Utente\Impostazioni locali\Temp\Installer.exe deleted successfully.
File C:\Documents and Settings\Utente\Impostazioni locali\Temp\MediaBar.exe deleted successfully.
File C:\Documents and Settings\Utente\Impostazioni locali\Temp\~wa6psetup.exe deleted successfully.
File C:\Programmi\HbTools\Bin\4.8.4.0\Cml.exe deleted successfully.
File C:\Programmi\HbTools\Bin\4.8.4.0\HbtCoreSrv.dll deleted successfully.
File C:\Programmi\HbTools\Bin\4.8.4.0\HbtHostOE.dll deleted successfully.
File C:\Programmi\HbTools\Bin\4.8.4.0\HbtHostOL.dll deleted successfully.
File C:\Programmi\HbTools\Bin\4.8.4.0\HbtSrv.exe deleted successfully.
File C:\Programmi\HbTools\Bin\4.8.4.0\HbtToolbar.dll deleted successfully.
File C:\Programmi\HbTools\Bin\4.8.4.0\HbtWallpaper.dll deleted successfully.
File C:\Programmi\HbTools\HBTV\uninstaller.exe deleted successfully.
File C:\Programmi\Internet Explorer\msimg32.dll deleted successfully.
File C:\Programmi\Mozilla Firefox\plugins\NPMyWebS.dll deleted successfully.
File C:\Programmi\MSN Messenger\msimg32.dll deleted successfully.
File C:\Programmi\MSN Messenger\riched20.dll deleted successfully.
File C:\Programmi\MyWebSearch\bar\6.bin\F3HTMLMU.DLL deleted successfully.
File C:\Programmi\MyWebSearch\bar\7.bin\F3BROVLY.DLL deleted successfully.
File C:\Programmi\MyWebSearch\bar\7.bin\F3DTACTL.DLL deleted successfully.
File C:\Programmi\MyWebSearch\bar\7.bin\F3HTMLMU.DLL deleted successfully.
File C:\Programmi\MyWebSearch\bar\7.bin\F3HTTPCT.DLL deleted successfully.
File C:\Programmi\MyWebSearch\bar\7.bin\F3IMSTUB.DLL deleted successfully.
File C:\Programmi\MyWebSearch\bar\7.bin\F3POPSWT.DLL deleted successfully.
File C:\Programmi\MyWebSearch\bar\7.bin\F3PSSAVR.SCR deleted successfully.
File C:\Programmi\MyWebSearch\bar\7.bin\F3REPROX.DLL deleted successfully.
File C:\Programmi\MyWebSearch\bar\7.bin\F3RESTUB.DLL deleted successfully.
File C:\Programmi\MyWebSearch\bar\7.bin\F3SCRCTR.DLL deleted successfully.
File C:\Programmi\MyWebSearch\bar\7.bin\F3SHLLVW.DLL deleted successfully.
File C:\Programmi\MyWebSearch\bar\7.bin\F3WPHOOK.DLL deleted successfully.
File C:\Programmi\MyWebSearch\bar\7.bin\M3HTML.DLL deleted successfully.
File C:\Programmi\MyWebSearch\bar\7.bin\M3IDLE.DLL deleted successfully.
File C:\Programmi\MyWebSearch\bar\7.bin\M3MSG.DLL deleted successfully.
File C:\Programmi\MyWebSearch\bar\7.bin\M3OUTLCN.DLL deleted successfully.
File C:\Programmi\MyWebSearch\bar\7.bin\M3PLUGIN.DLL deleted successfully.
File C:\Programmi\MyWebSearch\bar\7.bin\M3SKIN.DLL deleted successfully.
File C:\Programmi\MyWebSearch\bar\7.bin\MWSOEPLG.DLL deleted successfully.
File C:\Programmi\MyWebSearch\bar\7.bin\MWSOESTB.DLL deleted successfully.
File C:\Programmi\MyWebSearch\bar\7.bin\NPMYWEBS.DLL deleted successfully.
File C:\Programmi\Network\ipnetwork.exe deleted successfully.
File C:\Programmi\NewDotNet\uninstall6_38.exe deleted successfully.
File C:\Programmi\NewDotNet\uninstall7_48.exe deleted successfully.
File C:\Programmi\Skakkinostri\Skakkiskript_v5\SkakkiSkript_v5.exe deleted successfully.
File C:\sh.exe deleted successfully.
File C:\WINDOWS\Downloaded Installations\{AC474BE1-E38F-4018-AF43-58D51310A3CF}\IpNetInfo.msi deleted successfully.
File C:\WINDOWS\NDNuninstall6_38.exe deleted successfully.
File C:\WINDOWS\NDNuninstall7_22.exe deleted successfully.
File C:\WINDOWS\NDNuninstall7_48.exe deleted successfully.
File C:\WINDOWS\radmin\radmin.reg deleted successfully.
File C:\WINDOWS\radmin\svchost.exe deleted successfully.
File C:\WINDOWS\system\down32.cmd deleted successfully.
File C:\WINDOWS\system\msnmsgr.cmd deleted successfully.
File C:\WINDOWS\system\taskmam.exe deleted successfully.
File C:\WINDOWS\system\xsmith.scr deleted successfully.
File C:\WINDOWS\system32\cipqslnr.exe deleted successfully.
File C:\WINDOWS\system32\f3PSSavr.scr deleted successfully.
File F:\Documents and Settings\Utente\Documenti\documenti inportanti\CursorManiaSetup2.0.4.0.exe deleted successfully.
File F:\Documents and Settings\Utente\Documenti\documenti inportanti\fddli_1200_Aq_s_Inst-74.exe deleted successfully.
File F:\Documents and Settings\Utente\Documenti\File ricevuti\vnc-4_1_1-x86_win32.exe deleted successfully.
File F:\Documents and Settings\Utente\Documenti\file vari\BSINSTALL.exe deleted successfully.
File F:\Documents and Settings\Utente\Documenti\file vari\dolphinfree.exe deleted successfully.
File F:\Documents and Settings\Utente\Documenti\file vari\hbtools.exe deleted successfully.
File F:\Documents and Settings\Utente\Documenti\giochi e programmi vari\hbtools.exe deleted successfully.
File F:\Documents and Settings\Utente\Documenti\Immagini\sims\hbtools.exe deleted successfully.
File F:\Documents and Settings\Utente\Documenti\My Music\BearShareV6it.exe deleted successfully.
File F:\Documents and Settings\Utente\Documenti\Nuova cartella\Sims2 University.exe deleted successfully.
File F:\Documents and Settings\Utente\Documenti\Varie ogni genere\setup Skakkiskript v5_03.exe deleted successfully.
Folder C:\Programmi\MyWebSearch deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


questo è il log agiornatodi HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.32.24, on 08/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\Programmi\Belkin\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Spyware Doctor\svcntaux.exe
C:\Programmi\Spyware Doctor\swdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Spyware Doctor\SDTrayApp.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Belkin\Software Bluetooth\BTTray.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Windows Live Toolbar\msn_sl.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: C6 Messenger.lnk = C:\Programmi\C6 Messenger\c6Messenger.exe
O4 - Startup: IMVU.lnk = C:\Programmi\IMVU\IMVUClient.exe
O4 - Startup: PopTray.lnk = C:\Programmi\PopTray\PopTray.exe
O4 - Startup: Utilità controllo supporti di Picture Motion Browser.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Album Fast Start.lnk = C:\Programmi\ABMTSR.EXE
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?6c03903813c3453da27821d1284155a
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?6c03903813c3453da27821d1284155a
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Belkin\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Programmi\ShoppingReport\Bin\2.0.21\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Programmi\ShoppingReport\Bin\2.0.21\ShoppingReport.dll (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Belkin\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Belkin\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Utente\Menu Avvio\Programmi\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {F77CF537-2D54-4054-AB13-6C46B96D5E36} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://beautifulspaceitaly.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137177993844
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184166701640
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\Belkin\Software Bluetooth\bin\btwdins.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 11987 bytes

[miaka8620]

ragazzi...grazie mille!! davvero; nn sò cosa farei senza di voi!!

[Sante62]

Avvia HJT e togli queste altre righe:

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Programmi\ShoppingReport\Bin\2.0.21\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Programmi\ShoppingReport\Bin\2.0.21\ShoppingReport.dll (file missing)

Controlla poi che effettivamente siano andate via senza postare nuovamente il log quì.

Dai una bella deframmentata al disco e ripulisci spesso la cache di internet. Non dimenticare di installarti un firewall.

Ciao.

[miaka8620]

Ragazzi ho fatto tutto quello che mi avete chiesto, ma il pc continua a spegnersi da solo! Posso fare qualcosaltro oppure mi consigliate di andare direttamente da un tecnico? Scusate il disturbo!

[Orange]

proviamo con quest'ultimo controllo:

[bdoriano]

[Orange]

[miaka8620]

non mi permette di fare la scansione perchè mi appare la scritta: Please run systemscan again after the reebot... il punto è che il mio pc dice che gli antivirus sono disattivati!!

[Orange]

in pratica ti avvisa di lanciare nuovamente SystemScan dopo il riavvio.

è giusto disattivare l'antivirus prima della scansione, per evitare blocchi del PC.