Con programma myunist non ho trovato niente di sospetto da disistallare.
Per il resto ho usato Virit senza problemi.
Vorrei sapere a che punto sono. Non ho usato avenger perché non so che script usare.
Adesso posto i log autostart di gmer e quello di hijackThis.
Grazie x l'aiuto
POST HIJACK:
Logfile of HijackThis v1.99.1
Scan saved at 20.59.34, on 15/08/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
E:\Programmi\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\svchost.exe
E:\Programmi\HP\HP Software Update\HPWuSchd2.exe
E:\WINDOWS\System32\RunDll32.exe
E:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Programmi\File comuni\Real\Update_OB\realsched.exe
E:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
E:\Programmi\Messenger\msmsgs.exe
E:\Programmi\MSN Messenger\msnmsgr.exe
E:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
E:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
E:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
E:\Programmi\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\System32\HPZipm12.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Programmi\Java\jre1.5.0_11\bin\jucheck.exe
E:\VEXPLITE\viritsvc.exe
E:\Programmi\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Giulia Tovani\Desktop\Kit Rimozione\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Class - {AC37A624-BEE5-88EF-2776-4DFE74AEB9CC} - E:\WINDOWS\xprrv1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HP Software Update] "E:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] E:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CloneCDTray] "E:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "E:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] E:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [MSMSGS] "E:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "E:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = E:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lamejo-91.spaces.live.com/PhotoU ... nPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B02F471E-2DB3-4EFA-99F9-89A586C3C503}: NameServer = 212.216.172.62,212.216.172.162
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\
O20 - Winlogon Notify: winzsr32 - winzsr32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - E:\VEXPLITE\viritsvc.exe
O23 - Service: WebGpu - Unknown owner - E:\Programmi\File comuni\System\bTF.exe (file missing)
POST AUTOSTART GMER:
MER 1.0.13.12551 - http://www.gmer.net
Autostart scan 2007-08-15 20:53:18
Windows 5.1.2600
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = E:\WINDOWS\System32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
winzsr32@DLLName = winzsr32.dll /*file not found*/
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "E:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
Ati HotKey Poller@ = %SystemRoot%\System32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = E:\WINDOWS\system32\ati2sgag.exe
avast! Antivirus /*avast! Antivirus*/@ = "E:\Programmi\Alwil Software\Avast4\ashServ.exe"
Pml Driver HPZ12 /*Pml Driver HPZ12*/@ = E:\WINDOWS\System32\HPZipm12.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = E:\WINDOWS\System32\wdfmgr.exe
viritsvclite /*Virit eXplorer Lite*/@ = E:\VEXPLITE\viritsvc.exe
WebGpu /*WebGpu*/@ = "E:\Programmi\File comuni\System\bTF.exe" /*file not found*/
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@HP Software Update"E:\Programmi\HP\HP Software Update\HPWuSchd2.exe" = "E:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
@CmaudioRunDll32 cmicnfg.cpl,CMICtrlWnd = RunDll32 cmicnfg.cpl,CMICtrlWnd
@ATIPTAE:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe = E:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
@NeroFilterCheckE:\WINDOWS\system32\NeroCheck.exe = E:\WINDOWS\system32\NeroCheck.exe
@avast!E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@CloneCDTray"E:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s = "E:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
@TkBellExe"E:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "E:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@SunJavaUpdateSched"E:\Programmi\Java\jre1.5.0_11\bin\jusched.exe" = "E:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
@VIRIT LITE MONITORE:\VEXPLITE\MONLITE.EXE = E:\VEXPLITE\MONLITE.EXE
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@MSMSGS"E:\Programmi\Messenger\msmsgs.exe" /background = "E:\Programmi\Messenger\msmsgs.exe" /background
@msnmsgr"E:\Programmi\MSN Messenger\msnmsgr.exe" /background = "E:\Programmi\MSN Messenger\msnmsgr.exe" /background
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/E:\Programmi\WinRAR\rarext.dll = E:\Programmi\WinRAR\rarext.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/E:\Programmi\Alwil Software\Avast4\ashShell.dll = E:\Programmi\Alwil Software\Avast4\ashShell.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/E:\Programmi\Real\RealPlayer\rpshell.dll = E:\Programmi\Real\RealPlayer\rpshell.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/(null) =
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/E:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll = E:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = E:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = E:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Programmi\WinRAR\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}E:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = E:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}E:\Programmi\Java\jre1.5.0_11\bin\ssv.dll = E:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
@{AC37A624-BEE5-88EF-2776-4DFE74AEB9CC}E:\WINDOWS\xprrv1.dll /*file not found*/ = E:\WINDOWS\xprrv1.dll /*file not found*/
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = E:\WINDOWS\System32\ssmyst.scr
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLabout:blank = about:blank
@Start Pageabout:blank = about:blank
@Local Pageabout:blank = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLabout:blank = about:blank
@Start Pageabout:blank = about:blank
@Local Pageabout:blank = about:blank
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = E:\WINDOWS\System32\msvidctl.dll
its@CLSID = E:\WINDOWS\System32\itss.dll
lid@CLSID = E:\WINDOWS\System32\msvidctl.dll
livecall@CLSID = E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = E:\WINDOWS\System32\itss.dll
msnim@CLSID = E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
tv@CLSID = E:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = E:\WINDOWS\System32\msdxm.ocx
wia@CLSID = E:\WINDOWS\System32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B02F471E-2DB3-4EFA-99F9-89A586C3C503} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.1.2 = 192.168.1.2
@NameServer212.216.172.62,212.216.172.162 = 212.216.172.62,212.216.172.162
@DefaultGateway192.168.1.254 = 192.168.1.254
@Domain =
E:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Avvio rapido di HP Image Zone.lnk = Avvio rapido di HP Image Zone.lnk
HP Digital Imaging Monitor.lnk = HP Digital Imaging Monitor.lnk
---- EOF - GMER 1.0.13 ----
grazie ancora