Logfile of HijackThis v1.99.1
Scan saved at 8.28.07, on 05/11/2004
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\WINNT\downlo~1\osz8p9\xoz5cv3.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\atiptaxx.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINNT\System32\Inst.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\Programmi\Plaxo\2.1.0.80\InstallStub.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Cerberus\Cerberus.exe
c:\programmi\ibm\client access\emulator\PCSCM.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {48A5462F-8061-435A-ACDB-E2302CA58E82} - C:\WINNT\System32\igfb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ILInstallPkgEngine.exeD] D:\Bin\ILInstallPkgEngine.exe
O4 - HKLM\..\Run: [ILInstallPkgEngine.exeE] E:\Bin\ILInstallPkgEngine.exe
O4 - HKLM\..\Run: [ILInstallPkgEngine.exeF] F:\Bin\ILInstallPkgEngine.exe
O4 - HKLM\..\Run: [ILInstallPkgEngine.exeG] G:\Bin\ILInstallPkgEngine.exe
O4 - HKLM\..\Run: [ILInstallPkgEngine.exeH] H:\Bin\ILInstallPkgEngine.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\CwbSvStr.Exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Programmi\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Programmi\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [_Hazafibb] C:\WINNT\System32\mcgooelw.exe
O4 - HKLM\..\Run: [Inst] C:\WINNT\System32\Inst.exe install
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programmi\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Programmi\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - Startup: Cerberus FTP Server.lnk = C:\Programmi\Cerberus\Cerberus.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://www.pgsconnect.com/access/pgs0235.exe
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://64.156.188.99/iwasher/pptproactauth/internetwasherpro.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9780F5E-D828-4D66-8555-A0F995111B8D}: NameServer = 151.99.125.2,151.99.125.3
O18 - Protocol: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - C:\Programmi\File comuni\Stibo\RS_ProtocolHandler.dll
O18 - Filter: text/html - {0CC68985-5352-4D12-9D3B-9CB925974F92} - C:\WINNT\System32\igfb.dll
O18 - Filter: text/plain - {0CC68985-5352-4D12-9D3B-9CB925974F92} - C:\WINNT\System32\igfb.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: Comando remoto di Client Access Express (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXE
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

Ciao ,
esegui queste operazioni

riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
-
O2 - BHO: (no name) - {48A5462F-8061-435A-ACDB-E2302CA58E82} - C:\WINNT\System32\igfb.dll
-
O4 - HKLM\..\Run: [ILInstallPkgEngine.exeD] D:\Bin\ILInstallPkgEngine.exe
O4 - HKLM\..\Run: [ILInstallPkgEngine.exeE] E:\Bin\ILInstallPkgEngine.exe
O4 - HKLM\..\Run: [ILInstallPkgEngine.exeF] F:\Bin\ILInstallPkgEngine.exe
O4 - HKLM\..\Run: [ILInstallPkgEngine.exeG] G:\Bin\ILInstallPkgEngine.exe
O4 - HKLM\..\Run: [ILInstallPkgEngine.exeH] H:\Bin\ILInstallPkgEngine.exe
-
O4 - HKLM\..\Run: [_Hazafibb] C:\WINNT\System32\mcgooelw.exe
O4 - HKLM\..\Run: [Inst] C:\WINNT\System32\Inst.exe install
-
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://www.pgsconnect.com/access/pgs0235.exe
-
O18 - Filter: text/html - {0CC68985-5352-4D12-9D3B-9CB925974F92} - C:\WINNT\System32\igfb.dll
O18 - Filter: text/plain - {0CC68985-5352-4D12-9D3B-9CB925974F92} - C:\WINNT\System32\igfb.dll
-
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
se.dll
spage.html
igfb.dll
ILInstallPkgEngine.exe
mcgooelw.exe
Inst.exe
==================================

SVUOTA LA CARTELLA C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp

ELIMINA LE CARTELLE IN ROSSO
D:\<font color=red><b>Bin</font id=red></b>
E:\<font color=red><b>Bin</font id=red></b>
F:\<font color=red><b>Bin</font id=red></b>
G:\<font color=red><b>Bin</font id=red></b>
H:\<font color=red><b>Bin</font id=red></b>


Vai a Pannello di Controllo e clicca su OPZIONI INTERNET, qui clicca sui tre pulsanti
ELIMINA COOKIE - ELIMINA FILE - CANCELLA CRONOLOGIA
poi clicca su PAGINA PREDEFINITA e su OK

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus.

---

Collaboratore Aiutamici

Vai in modalità provvisoria, entra nelle partizioni D E F G H ed elimina la cartella BIN con tutto il contenuto, se sono presenti.

---

Collaboratore Aiutamici