mi date un'occhiata al log...please

[?ucleare]

Logfile of HijackThis v1.99.1
Scan saved at 14.11.46, on 13/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\Programmi\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\System32\drivers\CDAC11BA.EXE
D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
D:\WINDOWS\system32\sstray.exe
D:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Programmi\ISTsvc\istsvc.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
E:\PROGRAMMI\SPYBOT\Spybot - Search & Destroy\TeaTimer.exe
D:\Programmi\Alwil Software\Avast4\ashWebSv.exe
E:\ALTRO\UTILE-DRIVER\DRIVER\DRIVER FOTOCAMERA\QuickDCF.exe
D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Directory temporanea 3 per hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goole.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\PROGRAMMI\ACROBAT\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRAMMI\SPYBOT\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [REGSHAVE] D:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] D:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Siwix] C:\Program Files\Yuhqg\Bccit.exe
O4 - HKLM\..\Run: [JBdfSE] D:\WINDOWS\dcaijs.exe
O4 - HKLM\..\Run: [IST Service] D:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [ccApp] "D:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "D:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\PROGRAMMI\SPYBOT\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = D:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://E:\PROGRA~1\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {E61135DF-716D-49A7-B29B-8287A1CD072C} (WidelookX Control) - http://81.208.113.59/it/widelook/WidelookX.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

COSA NE PENSATE?
C'è ANCORA QUALCOSA CHE NON VA?
GRAZIE

N.B. fixare significa selezionare i file e poi cliccare su Fix cheched (è la prima volta che lo faccio, portate pazienza)?

[andorra24]

Fixa:
D:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Siwix] C:\Program Files\Yuhqg\Bccit.exe
O4 - HKLM\..\Run: [JBdfSE] D:\WINDOWS\dcaijs.exe
O4 - HKLM\..\Run: [IST Service] D:\Programmi\ISTsvc\istsvc.exe
O16 - DPF: {E61135DF-716D-49A7-B29B-8287A1CD072C} (WidelookX Control) - http://81.208.113.59/it/widelook/WidelookX.cab
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Fixa cioe' spunta la casellina accanto alle voci da togliere e poi premi ''fix checked''

[?ucleare]

Quote:

Originariamente inviato da andorra24

Fixa:
D:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Siwix] C:\Program Files\Yuhqg\Bccit.exe
O4 - HKLM\..\Run: [JBdfSE] D:\WINDOWS\dcaijs.exe
O4 - HKLM\..\Run: [IST Service] D:\Programmi\ISTsvc\istsvc.exe
O16 - DPF: {E61135DF-716D-49A7-B29B-8287A1CD072C} (WidelookX Control) - http://81.208.113.59/it/widelook/WidelookX.cab
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Fixa cioe' spunta la casellina accanto alle voci da togliere e poi premi ''fix checked''

Per cortesia mi spiegheresti come fai a capire quali sono i file infetti( se si tratta di infetti)?
Ciò che mi hai consilgliato di fare è stato alla fin fine di cancellarli?

[andorra24]

Riconosco i processi di sistema e quelli che riguardano i programmi noti. Le cose strane che mi insospettiscono le cerco in rete per avere certezza se sono da cancellare oppure no.

[?ucleare]

Quote:

Originariamente inviato da andorra24

Riconosco i processi di sistema e quelli che riguardano i programmi noti. Le cose strane che mi insospettiscono le cerco in rete per avere certezza se sono da cancellare oppure no.

Complimenti dei davvero Brava!!!
Penso che arrivare al tuo livello occorra molta dimestichezza con il PC

[andorra24]

Grazie sei molto gentile.

[?ucleare]

Quote:

Originariamente inviato da andorra24

Grazie sei molto gentile.

Prego!