Olimpo Informatico

[xam]

Un bel giorno mentre girovagavo su internet, mi sono beccato un trojan, XPpopup (o qualcosa di simile) che mi faceva comparire un popup sulla barra strumenti, con dentro scritto che il pc era stato infettato da uno spyware!
Preso dal panico ho fatto una scansione con l'antivirus zone alarm, che non mi ha trovato niente.
Così ho scaricato Spyware terminator e ho fatto subito una scansione, rilevandomi la presenza del trojan, e nello stesso istante in cui l'ha rilevato è partito zone alarm, cancellando il virus, inoltre dalla scansione di Spyware Terminator sono stati rilevati, degli Spyware.
Alla fine della scansione ho lasciato risolvere il problema al programma, che oltre a cancellare gli Spyware ha riscontrato problemi con Sysres32, da quel momento ogni volta che tento di spegnere il pc, al posto di spegnersi si riavvia!!
Ho tentato di ripristinare la configurazione di sistema, ma nn potendosi spegnere è impossibile.
HELP please!!!
P.S.potreste darmi dritte su cm postare i rapporti di HJT grazie in anticipo!

[Orange]

Benvenuto xam

[xam]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.57.27, on 30/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\Java\j2re1.4.2_16\bin\jusched.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\System32\svchost.exe
D:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
D:\Programmi\procexp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://svcs.microsoft.com/svcs/mms/serverstatus.asp?Plcid=0410&Version=4.7&CLCID=0410&BrandID=WindowsMessenger&Country=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\j2re1.4.2_16\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-776561741-1450960922-839522115-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_16\bin\npjpi142_16.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_16\bin\npjpi142_16.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xan-ut.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5333 bytes

Va bn così?

[Orange]

Si, va bene...
Ma il log è pulito. che strano...

potresti riportare il messaggio di Spyware Terminator, che riguardava i problemi con Sysres32.exe?

Fai anche queste due scansioni con Gmer: Autostart e Rootkit.

[xam]

Ecco il log di Spyware terminator per l' altro dammi il tmp di insatllarlo e te lo posto al più presto:

Logfile of Spyware Terminator v2.0.1.224 (db:1.0.944.704)
Scan Time: 30/12/2007 0.21.32 length: 3408 s
Platform: Windows XP Service Pack 2 (WINNT 5.1.2600)
User: Admin
Boot Mode: Normal
Scan type: Full_Spyware_Scan
Scanned Objects: 110935 (Critical:16)
Filter: No System items, No Safe items

Running Processes
Ati2evxx.exe [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
vsmon.exe [Zone Labs, LLC] : C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Ati2evxx.exe [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
ScanningProcess.exe : C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
AirGCFG.exe [D-Link] : C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
WZCSLDR2.exe [Alpha Networks Inc.] : C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
NMBgMonitor.exe [Nero AG] : C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
raid_tool.exe [VIA Technologies] : C:\Programmi\VIA\RAID\raid_tool.exe
ScanningProcess.exe : C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
Monitor.exe : C:\WINDOWS\system32\ZoneLabs\avsys\Monitor.exe
procexp.exe [Sysinternals] : D:\Programmi\procexp.exe

Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO
02 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - : C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
02 - BHO: - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - File not found
02 - BHO: - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} : [Nero AG] : C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Windows update loader : : C:\WINDOWS\xpupdate.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cmaudio : [C-Media Corporation] : C:\WINDOWS\system\CMICNFG.CPL
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, D-Link AirPlus G : [D-Link] : C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ANIWZCS2Service : [Alpha Networks Inc.] : C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
04 - Startup: %START_PROGRAMSALL%\Esecuzione automatica\VIA RAID TOOL.lnk [VIA Technologies] : C:\Programmi\VIA\RAID\raid_tool.exe

Shell Extensions
Estensione panoramica video del Pannello di controllo - {42071714-76d4-11d1-8b24-00a0c9068ff3} - : deskpan.dll
- {764BF0E1-F219-11ce-972D-00AA00A14F56} - File not found
- {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - File not found
Barra delle applicazioni e menu di avvio - {0DF44EAA-FF21-4412-828E-260A8728E7F1} - File not found
Account utente - {7A9D77BD-5403-11d2-8785-2E0420524153} - File not found
SimpleShlExt Class - {5E2121EE-0300-11D4-8D3B-444553540000} - : C:\Programmi\ATI Technologies\ATI.ACE\atiacmxx.dll
ZLAVShExt Class - {D9872D13-7651-4471-9EEE-F0A00218BEBB} - [Zone Labs, LLC] : C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll
Outlook File Icon Extension - {0006F045-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Programmi\Microsoft Office\Office\OLKFSTUB.DLL
WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Programmi\WinRAR\rarext.dll
NeroDigitalIconHandler Class - {B327765E-D724-4347-8B16-78AE18552FC3} - [Nero AG] : C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
NeroDigitalPropSheetHandler Class - {7F1CF152-04F8-453A-B34C-E609530A9DC8} - [Nero AG] : C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
AlcoholShellEx - {32020A01-506E-484D-A2A8-BE3CF17601C3} - [Alcohol Soft Development Team] : D:\Programmi\alcohol\Alcohol 120\AXShlEx.dll

Services
23 - : C:\WINDOWS\system32\DRIVERS\a347bus.sys
23 - : C:\WINDOWS\system32\Drivers\a347scsi.sys
23 - [Alpha Networks Inc.] : C:\WINDOWS\system32\ANIO.SYS
23 - [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
23 - [C-Media Inc] : C:\WINDOWS\system32\drivers\cmuda.sys
23 - [Hauppauge Computer Works, Inc.] : C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
23 - [Kaspersky Lab] : C:\WINDOWS\system32\ZONELABS\AVSYS\KLIF.SYS
23 - [Padus, Inc.] : C:\WINDOWS\system32\drivers\pfc.sys
23 - [Realtek Semiconductor Corporation] : C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
23 - : C:\WINDOWS\system32\SetupNT.sys
23 - [STMicroelectronics] : C:\WINDOWS\system32\DRIVERS\stmatm.sys
23 - : C:\WINDOWS\system32\sysrest.sys
23 - [VIA Technologies, Inc.] : C:\WINDOWS\system32\DRIVERS\viaagp1.sys
23 - [VIA Technologies inc,.ltd] : C:\WINDOWS\system32\DRIVERS\viamraid.sys
23 - [Zone Labs, LLC] : C:\WINDOWS\system32\vsdatant.sys
23 - [Zone Labs, LLC] : C:\WINDOWS\system32\ZoneLabs\vsmon.exe
23 - [VIA Technologies, Inc.] : C:\WINDOWS\system32\Drivers\vulfnth.sys
23 - [VIA Technologies, Inc.] : C:\WINDOWS\system32\Drivers\vulfntr.sys
23 - [VM] : C:\WINDOWS\system32\Drivers\usbVM31b.sys

Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent, DLLName : [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.dll

Threat Files
<Trojan/XPupd> : C:\WINDOWS\xpupdate.exe
<Unreadable Binary Files> : C:\WINDOWS\system32\sysrest.sys
<PC James Bond 007> : C:\WINDOWS\system32\jmail.dll
<Unreadable Binary Files> : C:\Programmi\ATI Technologies\ATI.ACE\AEM.Foundation.dll

Advanced Files Report
%SYSDIR%\Ati2evxx.dll [ATI Technologies Inc.] [ATI External Event Utility for NT, W2K and W9X] MD5=0DC29A1FA52D445DB14DDF16E272E6D1 SIZE=61440
%SYSDIR%\Ati2evxx.exe [ATI Technologies Inc.] [ATI External Event Utility for WindowsNT and Windows9X] MD5=A2EAEB497CA29ECAEAF0DF66AD85C57D SIZE=413696
%SYSDIR%\Ati2edxx.dll [ATI Technologies, Inc.] [ATI External Device Utility] MD5=3B5286E4AE1B4A17F5FCCEC23C240F02 SIZE=41984
%SYSDIR%\ZoneLabs\vsmon.exe [Zone Labs, LLC] [TrueVector Service] MD5=DE71661665A86A2305918E8B91ACEDB9 SIZE=75568
%SYSDIR%\VSUTIL.dll [Zone Labs, LLC] [TrueVector Service] MD5=F31BD71FBBD58AE015782BA367F4536E SIZE=472816
%SYSDIR%\VSINIT.dll [Zone Labs, LLC] [TrueVector Service] MD5=AF0B19DAB50D23C47205FC64BDBEDE14 SIZE=157424
%SYSDIR%\zpeng24.dll [Python Software Foundation] [Python] MD5=E01847E538AFF537F8E4C0FAA84EE497 SIZE=1087216
%SYSDIR%\VSUTIL_Loc0410.dll [Zone Labs Inc.] [TrueVector Service] MD5=6DE46BFF0C2649029DBF611C515771B1 SIZE=54936
%SYSDIR%\zonelabs\lib\pyd\signedDll.pyd [] MD5=3B4F8EAE808BAC3C019176021F767CBA SIZE=26360
%SYSDIR%\zonelabs\lib\pyd\pyvsinit.pyd [] MD5=FA1D09441AA2EF71F09DD60F578E9819 SIZE=26360
%SYSDIR%\zonelabs\lib\pyd\pyexpat.pyd [] MD5=E45D5ECE12EC00A87B3D6DCE9CBDD0F7 SIZE=145144
%SYSDIR%\zonelabs\lib\pyd\_socket.pyd [] MD5=B48132374F0EB1FE034C3B845FAAF89E SIZE=46840
%SYSDIR%\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll [Zone Labs, LLC] [vsmon plug-in] MD5=247B9C88C2BAB781922399EE8CBCAC72 SIZE=30480
%SYSDIR%\ZoneLabs\plugins\rpc_server\rpc_server.dll [Zone Labs, LLC] [RPC Server plug-in] MD5=D39D9A4A6D3863094523C939491A060F SIZE=30448
%SYSDIR%\ZoneLabs\vsmondll.dll [Zone Labs, LLC] [TrueVector Service] MD5=5585749C1AD4FF250C053EDD6D811EED SIZE=2025200
%SYSDIR%\VSDATA.dll [Zone Labs, LLC] [TrueVector Service DLL] MD5=ABE917099E2F8CCC5F2F26AEB4AB11AA SIZE=83696
%SYSDIR%\ZoneLabs\ssleay32.dll [Zone Labs, LLC] [TrueVector Service] MD5=6359A713B375B554DD60648CE7E9C67C SIZE=456432
%SYSDIR%\vsxml.dll [Zone Labs, LLC] [TrueVector Service] MD5=3696D705E5C29BB3DC19036C4DD7EB49 SIZE=100080
%SYSDIR%\ZoneLabs\fbl.dll [Zone Labs, LLC] [Feature based licensing library] MD5=6E6CC264843F5BCE678678692C115138 SIZE=128744
%SYSDIR%\zlcomm.dll [Zone Labs, LLC] [ZLComm] MD5=49C0C3EAC691B6D5EE5A6EC2CDD5CEA8 SIZE=83696
%SYSDIR%\ZLCommDB.dll [Zone Labs, LLC] [ZLCommDB] MD5=6363568275CFB0E3CB962A8AE74BACA3 SIZE=71408
%SYSDIR%\ZoneLabs\vsdb.dll [Zone Labs, LLC] [TrueVector Service] MD5=D37147C0D24CD811A66B786F0F644D59 SIZE=79600
%SYSDIR%\ZoneLabs\VSRULEDB.DLL [Zone Labs, LLC] [TrueVector Service] MD5=A3634FF1B6DB9243E79CC071C937FE04 SIZE=1345264
%SYSDIR%\ZoneLabs\VSRULEDB_Loc0410.dll [Zone Labs Inc.] [TrueVector Service] MD5=B869C275D3B61F341585AEAE4C037AE9 SIZE=198296
%SYSDIR%\ZoneLabs\vsvault.dll [Zone Labs, LLC] [TrueVector Service] MD5=7904B9FFBCF4C3F0C486032A20E4C328 SIZE=243440
%SYSDIR%\vswmi.dll [Zone Labs, LLC] [vsmon component] MD5=F4EABC6823AE6E9C5DE69894267AFAFC SIZE=46832
%SYSDIR%\ZoneLabs\av.dll [Zone Labs, LLC] [av feature plug-in] MD5=B3931A3B2C34775E96BBA486308E1C8E SIZE=362280
%SYSDIR%\ZoneLabs\av_Loc0410.dll [Zone Labs Inc.] [av feature plug-in] MD5=0451E05C78348CF656649EA243639581 SIZE=22168
%SYSDIR%\ZoneLabs\avsys\kave.dll [Kaspersky Lab.] [Kaspersky Lab. kave] MD5=A59C4EEA90FCF37A1071228478DD8166 SIZE=274514
%SYSDIR%\ZoneLabs\avsys\inv.dll [] MD5=6B2BCB1A6AC5BB1E1AFF39C59A9FC3AD SIZE=208960
%SYSDIR%\ZoneLabs\zlquarantine.dll [Zone Labs, LLC] [zlquarantine] MD5=72F81DAE1CC6393F1B3BE176787F88F0 SIZE=79608
%SYSDIR%\ZoneLabs\zlquarantine_Loc0410.dll [Zone Labs Inc.] [zlquarantine] MD5=565D22E21AB9A6F616214D5F340F0C5E SIZE=18072
%SYSDIR%\ZoneLabs\qrbase.dll [Zone Labs, LLC] [qrbase] MD5=CFF850D406963AECB8E935C63FB06EAA SIZE=714472
%SYSDIR%\ZoneLabs\scheduler.dll [Zone Labs, LLC] [scheduler feature plug-in] MD5=87D6BE91C9E81ED27B5BB3690FC44C62 SIZE=173808
%SYSDIR%\ZoneLabs\zlupdate.dll [Zone Labs, LLC] [ZLUpdate feature plug-in] MD5=AF34C3870D4874A8070CC723A0ED7DD4 SIZE=120560
%SYSDIR%\ZoneLabs\camupd.dll [Zone Labs, LLC] [camupd feature plug-in] MD5=E1D094CD48875B19672CC9420D82E516 SIZE=100080
%SYSDIR%\ZoneLabs\vsavpro.dll [Zone Labs, LLC] [TrueVector Service] MD5=3916C318162D5362E596F03CC4DF681E SIZE=108272
D:\Nuova cartella\Nero BackItUp\NBShell.dll [Nero AG] [Nero BackItUp] MD5=D51B90E25CD1DF753A1DD1C98513C9DC SIZE=73728
%PROGRAMFILES%\Zone Labs\ZoneAlarm\zlavscan.dll [Zone Labs, LLC] [zlavscan shell extension] MD5=4271572B4CEE5D674E704F127130AECF SIZE=50928
%PROGRAMFILES%\Zone Labs\ZoneAlarm\zlavscan_Loc0410.dll [Zone Labs Inc.] [zlavscan shell extension] MD5=B221EB7745E8B359517EC1ED22D8C843 SIZE=18072
%PROGRAMFILES%\WinRAR\rarext.dll [] MD5=1E63285EC759FAB089B234FD6217EAE9 SIZE=125952
%COMMONFILES%\Ahead\Lib\NeroDigitalExt.dll [Nero AG] [Nero Digital Tools] MD5=26DBA338263661FE10808A749E3AC90B SIZE=1802240
%SYSDIR%\ZoneLabs\avsys\ScanningProcess.exe [] MD5=81CDF1AAB2ED1D5DDAFEF8D1F1368782 SIZE=94313
%SYSDIR%\ZoneLabs\avsys\prloader.dll [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=FE45D41D903B0959DC5B611A17D10115 SIZE=184445
%SYSDIR%\ZoneLabs\avsys\prkernel.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=40D6271CD1E5A2C843649C036A716F0B SIZE=155773
%SYSDIR%\zonelabs\avsys\prefetch.ppl [Kaspersky Labs] [Kaspersky Labs Prefetch] MD5=881217659021D89957F827E73A1EBF73 SIZE=36972
%SYSDIR%\zonelabs\avsys\avpmgr.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=6014A593CA15D38CEA2AB01623D11381 SIZE=53371
%SYSDIR%\zonelabs\avsys\wdiskio.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=CE966D39A4AE4236F5AE0D004298BAF0 SIZE=41084
%SYSDIR%\zonelabs\avsys\nfio.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=3A93DC940DC0FC22B5999A52202EDD58 SIZE=77945
%SYSDIR%\zonelabs\avsys\avlib.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=334940976AAAC1E4BB74CF9C8EB54E74 SIZE=28794
%SYSDIR%\zonelabs\avsys\dtreg.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=A0DDD79CCC2318036BCC79F67334B46E SIZE=61562
%SYSDIR%\zonelabs\avsys\prutil.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=0E6E6A74896533082C6E1182CA44623E SIZE=36987
%SYSDIR%\zonelabs\avsys\avp1.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=7309614A3EA45CF8FAC222E7D85626CC SIZE=127097
%SYSDIR%\zonelabs\avsys\l_llio.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=C17EE9FF25FA8873D40A300CBBE80964 SIZE=24699
%SYSDIR%\zonelabs\avsys\ichk2.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=308E818CEB6876EE866B0E17318864ED SIZE=32890
%SYSDIR%\zonelabs\avsys\sfdb.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=1F5CC19BAD8CF6ABC5FC45018F3F7431 SIZE=41081
%SYSDIR%\zonelabs\avsys\icheckersa.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=44AF91480A909BF1B74FE293E62D9988 SIZE=32895
%SYSDIR%\zonelabs\avsys\hashmd5.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=C22FD74CEDE97801AB8F3FBC1BC3E4A5 SIZE=24700
%SYSDIR%\zonelabs\avsys\hashcont.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=25D54194A2CCDD06079C2D1D5A00D6F8 SIZE=24701
%SYSDIR%\zonelabs\avsys\hccmp.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=5CA62BBBC0B002E5AA91FF01821A39CC SIZE=24698
%SYSDIR%\zonelabs\avsys\iwgen.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=E5547783433E627111B3441931C0E2A3 SIZE=24698
%SYSDIR%\zonelabs\avsys\dmap.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=A65EF77FF7D5269763026740BF54549D SIZE=24697
%SYSDIR%\zonelabs\avsys\uniarc.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=9CEBEC5734EBB95F770C2734232348AA SIZE=32891
%SYSDIR%\zonelabs\avsys\minizip.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=A3F5B82A61BE80EC9A05F50B83705E30 SIZE=32892
%SYSDIR%\zonelabs\avsys\cab.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=8777B0441DE562FB3E938B88B472AD20 SIZE=32888
%SYSDIR%\zonelabs\avsys\arj.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=664A49BC85B01791E1B5B69E188331E7 SIZE=32888
%SYSDIR%\zonelabs\avsys\rar.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=24BA08F5AF28443B3C08C99175B3B887 SIZE=94328
%SYSDIR%\zonelabs\avsys\mdb.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=9D16DF168080D8428AD09E8234847C0A SIZE=49272
%SYSDIR%\zonelabs\avsys\msoe.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=1AFA7B6726819513C3334D3D0C8D249C SIZE=53369
%SYSDIR%\zonelabs\avsys\farbuffer.ppl [] MD5=3332BC1B4FD028B8919DE866AF690601 SIZE=28736
%SYSDIR%\zonelabs\avsys\tempfile.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=E4FA0743417D9E519E88ED57CFCCDFBE SIZE=28797
%SYSDIR%\zonelabs\avsys\prseqio.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=CC838D61DFCBC90E43A38676919B26A4 SIZE=28796
%SYSDIR%\zonelabs\avsys\unstored.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=9AF9CB59743588C37E633F1C94EE0307 SIZE=24701
%SYSDIR%\zonelabs\avsys\inflate.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=3801EF82DB05DB50AFDA3B165C592DF0 SIZE=32892
%SYSDIR%\zonelabs\avsys\mdmap.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=299DFF2CDD3C85691D333395608C27C1 SIZE=24698
%SYSDIR%\CNMLM7W.DLL [CANON INC.] [Canon IJ Printer Driver] MD5=60EA723C7AFBB3D8911E2F99EB800156 SIZE=161792
%SYSDIR%\spool\PRTPROCS\W32X86\CNMPD7W.DLL [CANON INC.] [Canon IJ Printer Driver] MD5=0529116E0ACC384456710C53CBE4925B SIZE=22528
%PROGRAMFILES%\CyberLink\Shared Files\CLRCEngine2.dll [CyberLink Corp.] [Cyberlink PowerCinema 3.0] MD5=DAE211D3393343B2FAD71C65B20EC562 SIZE=36864
%SYSDIR%\hcwECP.ax [Hauppauge Computer Works, Inc.] [Hauppauge WinTV] MD5=FBEB20D66CF0B17E46DCD62D1BD28EC4 SIZE=319488
%SYSDIR%\VM31bPrp.Ax [Vimicro] MD5=713F2E7CD977056CCFD62C4132834227 SIZE=245820
%SYSDIR%\VSPUBAPI.dll [Zone Labs, LLC] [TrueVector Service] MD5=A7EF14F9BB2C920220CD495691CA6ADB SIZE=276208
%PROGRAMFILES%\Zone Labs\ZoneAlarm\framewrk.dll [Zone Labs, LLC] [ZoneAlarm Framework Module] MD5=57134C92571A91B27A1F164B8495BBF2 SIZE=1210096
%PROGRAMFILES%\Zone Labs\ZoneAlarm\framewrk_Loc0410.dll [Zone Labs Inc.] [ZoneAlarm Framework Module] MD5=178D082DEBECE3FB59961800B67437AB SIZE=554648
%SYSDIR%\ZoneLabs\lib\pyd\zpui.pyd [] [zpui Library] MD5=0EFF97646A14DC79C9E734A693E2AB93 SIZE=194296
%PROGRAMFILES%\Zone Labs\ZoneAlarm\zlclient_Loc0410.dll [Zone Labs Inc.] [ZoneAlarm] MD5=703A763D5A17A91B85B8C2E9B171358C SIZE=698008
%SYSDIR%\vsmonapi.dll [Zone Labs, LLC] [TrueVector Client Interface] MD5=82F7399B065552A1401F50F3C2A4AB97 SIZE=104176
%PROGRAMFILES%\Zone Labs\ZoneAlarm\alert.zap [Zone Labs, LLC] [Alerts Plugin Module] MD5=660B10E52DA808FEB06FDA4206ECC0C7 SIZE=222960
%PROGRAMFILES%\Zone Labs\ZoneAlarm\alert_Loc0410.zap [Zone Labs Inc.] [Alerts Plugin Module] MD5=A92342F85C9FD7C498F36A338719304C SIZE=71320
%PROGRAMFILES%\Zone Labs\ZoneAlarm\email.zap [Zone Labs, LLC] [Email Plugin Module] MD5=8A322D7FD3879B4E20AE31BC4F5E345C SIZE=104176
%PROGRAMFILES%\Zone Labs\ZoneAlarm\email_Loc0410.zap [Zone Labs Inc.] [Email Plugin Module] MD5=6EA2B29F31E34381A74EC63536999949 SIZE=38552
%PROGRAMFILES%\Zone Labs\ZoneAlarm\filter.zap [Zone Labs, LLC] [Filter Plugin Module] MD5=2A8A452D16402A94EE52413F753D0823 SIZE=67312
%PROGRAMFILES%\Zone Labs\ZoneAlarm\filter_Loc0410.zap [Zone Labs Inc.] [Filter Plugin Module] MD5=2412C2B5F4B52C71143D480E91ACC57C SIZE=34456
%PROGRAMFILES%\Zone Labs\ZoneAlarm\firewall.zap [Zone Labs, LLC] [Firewall Plugin Module] MD5=027E58A6768D2ADFC165379855D90BE2 SIZE=141040
%PROGRAMFILES%\Zone Labs\ZoneAlarm\firewall_Loc0410.zap [Zone Labs Inc.] [Firewall Plugin Module] MD5=3BF05ABD7C9FB560E17AE6AADE0F0BFD SIZE=54936
%PROGRAMFILES%\Zone Labs\ZoneAlarm\idlock.zap [Zone Labs, LLC] [ZoneAlarmPro] MD5=8A8FF6B3E09CC2E8B1AC3AF1D55D2ECF SIZE=259824
%PROGRAMFILES%\Zone Labs\ZoneAlarm\idlock_Loc0410.zap [Zone Labs Inc.] [ZoneAlarmPro] MD5=6D0F1895BDDA8CF9C1070EB8A7364B24 SIZE=83608
%PROGRAMFILES%\Zone Labs\ZoneAlarm\privacy.zap [Zone Labs, LLC] [Privacy Plugin Module] MD5=766F0CB2858C92C77410699E08590C96 SIZE=145136
%PROGRAMFILES%\Zone Labs\ZoneAlarm\privacy_Loc0410.zap [Zone Labs Inc.] [Privacy Plugin Module] MD5=D9699AD7E34D7E345DA502C9AD480142 SIZE=54936
%PROGRAMFILES%\Zone Labs\ZoneAlarm\programs.zap [Zone Labs, LLC] [Programs Plugin Module] MD5=F2CA496B4A2CF6C0B2279E4008F7B1E5 SIZE=308976
%PROGRAMFILES%\Zone Labs\ZoneAlarm\programs_Loc0410.zap [Zone Labs Inc.] [Programs Plugin Module] MD5=4A60A53C7759D466E4CC935196FC4184 SIZE=161432
%PROGRAMFILES%\Zone Labs\ZoneAlarm\scan.zap [Zone Labs, LLC] [Scan Plugin Module] MD5=62DD628835B8A587815F5ABB4C609210 SIZE=567024
%PROGRAMFILES%\Zone Labs\ZoneAlarm\scan_Loc0410.zap [Zone Labs Inc.] [Modulo plugin scansione] MD5=26BC63C6381E90C8A70478E747A337F3 SIZE=67224
%PROGRAMFILES%\Zone Labs\ZoneAlarm\security.zap [Zone Labs, LLC] [Overview Plugin Module] MD5=8CB1B23281EB62E6CAA11501532A5D88 SIZE=399088
%PROGRAMFILES%\Zone Labs\ZoneAlarm\security_Loc0410.zap [Zone Labs Inc.] [Overview Plugin Module] MD5=0A8EEB227F63B40FE2C83F88CF7A779F SIZE=276120
%SYSDIR%\hcwXDS.dll [] [hcwxds Module] MD5=D2FBC74144EB74D3C87385B70D8299FF SIZE=102400
%SYSDIR%\hcwCCnv2.ax [Hauppauge Computer Works, Inc.] [Hauppauge WinTV Color Format Converter 2] MD5=05E44012A70EE016945E5D6F118E4E78 SIZE=253952
%PROGRAMFILES%\CyberLink DVD Solution\Power2Go\P2GMP3Wrap.ax [CyberLink Corp.] [CyberLink PowerTheater] MD5=E3E95AC07E6B98CDDB23178EF198000B SIZE=61440
%PROGRAMFILES%\CyberLink DVD Solution\PowerDirector\PDMP3Wrap.ax [CyberLink Corp.] [CyberLink PowerTheater] MD5=C5CDEB316C7DB2A8F0CF1A2D378806F5 SIZE=61440
%SYSDIR%\ANIOApi.dll [Alpha Networks Inc.] [ANIO Helper DLL API library] MD5=08B3F6C32C9659352E63C618E40750DF SIZE=36864
%SYSDIR%\AQCKGen.dll [Alpha Networks Inc.] [AQuickKey Generator] MD5=D4B4F17632230555719E13302BBF2B4D SIZE=49152
%SYSDIR%\WlanApp.dll [Alpha Networks Inc.] [WlanApp Dynamic Link Library] MD5=E5A3CFAE5B2BBE1A34CD23F873F4EC18 SIZE=143360
%PROGRAMFILES%\D-Link\AirPlus G\WlanMon.dll [D-Link] [Wireless LAN Monitor] MD5=44B79F9B59707B7A5630A03DEAB0D018 SIZE=98304
%SYSDIR%\ANIWZCS2.DLL [Alpha Networks Inc.] [ANIWZCS Dynamic Link Library] MD5=5BBCC7EF51A65D4C80793FEE8A7C2D35 SIZE=372736
%PROGRAMFILES%\VIA\RAID\raid_tool.exe [VIA Technologies] [VIA RAID Tool] MD5=A4B1E950403DB9C3CBC9D951112A26C7 SIZE=565248
%PROGRAMFILES%\VIA\RAID\drvInterface.dll [VIA] [drvInterface] MD5=66486E5334FAE276C0D5C773035A158B SIZE=65536
%SYSDIR%\zonelabs\avsys\memscan.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=A64C6C6EC10E3EAF6FCDCE39437BC19F SIZE=28796
%SYSDIR%\zonelabs\avsys\memmodsc.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=8A4C06ECCB0B40F57707848A2E7905A2 SIZE=32893
%SYSDIR%\zonelabs\avsys\unlzx.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=0DEE7A53668BD6C5D911A63FF132FC3B SIZE=28794
%SYSDIR%\ZoneLabs\avsys\Monitor.exe [] MD5=23846D4EBF6D6665FFB19AA6C61EA830 SIZE=69785
%SYSDIR%\zonelabs\avsys\avpgs.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=8121CAD8E298129CD4F22B16AC9BBCA1 SIZE=94330
%SYSDIR%\zonelabs\avsys\thpimpl.ppl [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=192208B519EB2D7F12D0369019428D5D SIZE=32892
%SYSDIR%\ZoneLabs\avsys\FSSync.dll [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=23A86A319D56E9E28EEC6B538FC40C22 SIZE=36923
D:\Programmi\procexp.exe [Sysinternals] [Process Explorer] MD5=404D96CD068CC1D945D409CB7DAD4B38 SIZE=1238544
%PROGRAMFILES%\MSN Messenger\MSIMG32.dll [Patchou] [Messenger Plus! Live] MD5=ACD754914BBA14AC7BDA1E93C54B5786 SIZE=71256
%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLive.dll [Patchou] [Messenger Plus! Live] MD5=46916FEC5C849BDE5C80A813F5E73DAD SIZE=2614872
%PROGRAMFILES%\Messenger Plus! Live\Detoured.dll [] MD5=6256684495C499B22DCDBA266E4F2494 SIZE=4096
%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLiveRes.dll [Patchou] [Messenger Plus! Live] MD5=464B511C90898B20D5117F530133A436 SIZE=1427032
%PROGRAMFILES%\Messenger Plus! Live\libsndfile.dll [] MD5=4D317140C3EAA32B8871731495E81C05 SIZE=385024
%PROGRAMFILES%\Messenger Plus! Live\lame_enc.dll [] MD5=869B190E16CAFD9446B4A2114E601FA6 SIZE=401408
deskpan.dll []
%PROGRAMFILES%\ATI Technologies\ATI.ACE\atiacmxx.dll [] [ACE Context Menu] MD5=649E3AB705EB0F3AF213DCD4378515CF SIZE=73728
%PROGRAMFILES%\Microsoft Office\Office\OLKFSTUB.DLL [Microsoft Corporation] [Microsoft Outlook] MD5=EF74B00E03C17C4F349EDA4865672EFA SIZE=53298
D:\Programmi\alcohol\Alcohol 120\AXShlEx.dll [Alcohol Soft Development Team] [Alcohol ShellEx] MD5=B14C019D1AB227D7C1334B176E623024 SIZE=387072
%SYSDIR%\DRIVERS\a347bus.sys [] MD5=61C7FAA37417CA5BAFA0490A49CC84D6 SIZE=158720
%SYSDIR%\Drivers\a347scsi.sys [] MD5=113E4B318BBAA7483CA4E582A4D63F49 SIZE=5248
%SYSDIR%\ANIO.SYS [Alpha Networks Inc.] [ANIO (NT5) Driver] MD5=4A5C7EAEFA4C43D139C402C6DA5BFD2C SIZE=28205
%SYSDIR%\drivers\cmuda.sys [C-Media Inc] [C-Media Audio Driver (WDM)] MD5=5A2004F687D4E55914E6E8898FB51C9D SIZE=818496
%SYSDIR%\DRIVERS\hcwPP2.sys [Hauppauge Computer Works, Inc.] [WinTV] MD5=55E4DA7C8CBBA1F2D71720FCA7A5C086 SIZE=168064
%SYSDIR%\ZONELABS\AVSYS\KLIF.SYS [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=F0653E5E164123CAD51EDDA22418C2A3 SIZE=174864
%SYSDIR%\drivers\pfc.sys [Padus, Inc.] [Padus(R) ASPI Shell] MD5=444F122E68DB44C0589227781F3C8B3F SIZE=10368
%SYSDIR%\DRIVERS\R8139n51.SYS [Realtek Semiconductor Corporation] [Realtek RTL8139/810x Family Fast Ethernet NIC] MD5=D4453C6B7F627786BAFC5AC5149B3A39 SIZE=45568
%SYSDIR%\SetupNT.sys [] MD5=549EA830A5D9EDD9CD14311126C2849B SIZE=3000
%SYSDIR%\DRIVERS\stmatm.sys [STMicroelectronics] [Unicorn ADSL] MD5=F68B11780123ECFB7CEA9649FFA61B00 SIZE=59338
%SYSDIR%\DRIVERS\viaagp1.sys [VIA Technologies, Inc.] [VIA CPU to AGP2.0/AGP3.0 Controller] MD5=4B039BBD037B01F5DB5A144C837F283A SIZE=27904
%SYSDIR%\DRIVERS\viamraid.sys [VIA Technologies inc,.ltd] [VIA RAID driver] MD5=65864ABA65EEE06EA586009301834E43 SIZE=73600
%SYSDIR%\vsdatant.sys [Zone Labs, LLC] [TrueVector Device Driver] MD5=270986575CEB1F8EA48E7545D55FF810 SIZE=394192
%SYSDIR%\Drivers\vulfnth.sys [VIA Technologies, Inc.] [VIA USB Host Controller Lower Filter Driver] MD5=C9A8BA443F809B70BCCCCD60CC73FA5C SIZE=6912
%SYSDIR%\Drivers\vulfntr.sys [VIA Technologies, Inc.] [VIA USB Roothub Lower Filter Driver] MD5=2D8C55889616F7767E9FB8ADEE37A02A SIZE=11392
%SYSDIR%\Drivers\usbVM31b.sys [VM] MD5=7481637A50A0468CF46C719672BC7EAA SIZE=91527
%SYSDIR%\systray.exe []

End of Report

[xam]

Sorry il file riportato da Spyware terminator è: Sisrest.sys
Però ad ogni riavvio, windows mi dice ke il file ke mi crea problemi è Sysres32.exe

[Orange]

[xam]

Edit by bdoriano: log rimosso perché incompleto.
I logs vanno caricati su FreeFileHosting come indicato qui.

[xam]

edit by bdoriano:
I logs vanno caricati su FreeFileHosting come indicato qui.

[xam]

Ecco il log del rootkit:
rootkit6.txt
Ecco il log dell'autostart:
autostart6.txt
Ultimamente spengo il pc, tenendo premuto il tasto di accensione, subito dopo che si riavvia, però in un paio di occasioni si è spento normalmente e non riesco a capire xk
E a volte quando accendo il pc, si blocca poco prima di scegliere gli account di windows e ho notato che qst lo fa in particolare, quelle rarissime volte che si spegne normalmente.
Quindi se lo spengo male si riavvia bene, ma se si spegne normalmente si riavvia male
Ho già incominciato a masterizzare dvd con i dati più importanti, in previsione di una formattazione

[xam]

Aiuto!!!

[bdoriano]

Ciao xam,
scusa, ero convinto che fossi già a posto.

Prima di tutto, un consiglio: salva gmer in una sua cartella non temporanea e non sul desktop.

Adesso, scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[xam]

ciao scusate per l'assenza, cmq ho risolto proprio ieri il problema, utilizzando i backup dei registri ke avevo ftt qlke tempo fà e ora il pc mi si spegne e accende normalmente, grazie di tutto ciauuuuuu

[bdoriano]

Contento che hai risolto.
Per sicurezza, però, ti suggerisco di fare questi passaggi:

• Fai una scansione online con Bitdefender.
  
• Fai una scansione online con Panda Active Scan.
  
• Fai una scansione online con Eset.