Logfile of HijackThis v1.99.1
Scan saved at 2.11.05, on 27/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
E:\Programmi\Hand-Crafted Software\FreeProxy\FreeProxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Daily Weather Forecast\weather.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Programmi\Bluetack\Blocklist Manager\BlockMgr.exe
E:\Programmi\ISS\BlackICE\blackice.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Utente Windows\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?4289
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~2\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [AVGCtrl] d:\PROGRA~1\AVPERS~1\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM32\WUCRTUPD.EXE -startup
O4 - HKLM\..\Run: [ScanRegistry] D:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] D:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] D:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vet Alert] D:\WINDOWS\System\VetMsg9x.exe
O4 - HKLM\..\Run: [VetTray] D:\PROGRA~1\INOCUL~1\VETTRAY.EXE
O4 - HKLM\..\Run: [Vet Start Up] D:\PROGRA~1\INOCUL~1\VET98.EXE /PROGRESSIVE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Programmi\Daily Weather Forecast\weather.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ProtoWall] c:\Programmi\Dudez\ProtoWall\ProtoWall.exe
O4 - HKCU\..\Run: [ProxyWay] E:\Programmi\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] e:\Programmi\Spybot - Search & Destroy2\TeaTimer.exe
O4 - Startup: BlackICE PC Protection.lnk = E:\Programmi\ISS\BlackICE\blackice.exe
O4 - Global Startup: Collegamento a BlockMgr.lnk = E:\Programmi\Bluetack\Blocklist Manager\BlockMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Scarica con Download &Express - e:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123983646836
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{905CD4BB-F7F9-4D60-B70F-8E359D05FE72}: NameServer = 193.70.152.25 193.70.192.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{905CD4BB-F7F9-4D60-B70F-8E359D05FE72}: NameServer = 193.70.152.25 193.70.192.25
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FILECO~1\Stardock\mcpstub.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - d:\Programmi\AVPersonal\AVWUPSRV.EXE (file missing)
O23 - Service: BlackICE - Internet Security Systems, Inc. - e:\Programmi\ISS\BlackICE\blackd.exe
O23 - Service: Free Proxy Service (FreeProxy) - Hand-Crafted Software - E:\Programmi\Hand-Crafted Software\FreeProxy\FreeProxy.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - e:\Programmi\ISS\BlackICE\rapapp.exe
O23 - Service: ZorroPCProtector - Unknown owner - e:\Program Files\PCProtector\zorlanc.exe (file missing)

HO TOLTO 015 PRIMA ERA
Logfile of HijackThis v1.99.1
Scan saved at 1.01.55, on 27/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
E:\Programmi\Hand-Crafted Software\FreeProxy\FreeProxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Daily Weather Forecast\weather.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Programmi\Bluetack\Blocklist Manager\BlockMgr.exe
E:\Programmi\ISS\BlackICE\blackice.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Utente Windows\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?4289
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~2\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [AVGCtrl] d:\PROGRA~1\AVPERS~1\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM32\WUCRTUPD.EXE -startup
O4 - HKLM\..\Run: [ScanRegistry] D:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] D:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] D:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vet Alert] D:\WINDOWS\System\VetMsg9x.exe
O4 - HKLM\..\Run: [VetTray] D:\PROGRA~1\INOCUL~1\VETTRAY.EXE
O4 - HKLM\..\Run: [Vet Start Up] D:\PROGRA~1\INOCUL~1\VET98.EXE /PROGRESSIVE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Programmi\Daily Weather Forecast\weather.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ProtoWall] c:\Programmi\Dudez\ProtoWall\ProtoWall.exe
O4 - HKCU\..\Run: [ProxyWay] E:\Programmi\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] e:\Programmi\Spybot - Search & Destroy2\TeaTimer.exe
O4 - Startup: BlackICE PC Protection.lnk = E:\Programmi\ISS\BlackICE\blackice.exe
O4 - Global Startup: Collegamento a BlockMgr.lnk = E:\Programmi\Bluetack\Blocklist Manager\BlockMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Scarica con Download &Express - e:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123983646836
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{905CD4BB-F7F9-4D60-B70F-8E359D05FE72}: NameServer = 193.70.152.25 193.70.192.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{905CD4BB-F7F9-4D60-B70F-8E359D05FE72}: NameServer = 193.70.152.25 193.70.192.25
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FILECO~1\Stardock\mcpstub.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - d:\Programmi\AVPersonal\AVWUPSRV.EXE (file missing)
O23 - Service: BlackICE - Internet Security Systems, Inc. - e:\Programmi\ISS\BlackICE\blackd.exe
O23 - Service: Free Proxy Service (FreeProxy) - Hand-Crafted Software - E:\Programmi\Hand-Crafted Software\FreeProxy\FreeProxy.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - e:\Programmi\ISS\BlackICE\rapapp.exe
O23 - Service: ZorroPCProtector - Unknown owner - e:\Program Files\PCProtector\zorlanc.exe (file missing)

MA NON è CAMBIATO NULLA

AUGURI DI BUON ANNO
PER RINGRAZIARE TROVATE UTILI INFO QUI
http://www.internetmonitor.it/forum/topic.asp?TOPIC_ID=594&whichpage=4

Ciao ,
esegui queste operazioni

Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

Riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?4289
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
-
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
-
O23 - Service: ZorroPCProtector - Unknown owner - e:\Program Files\PCProtector\zorlanc.exe (file missing)
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,
==================================
zorlanc.exe
==================================

Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA
poi clicca il pulsante PAGINA PREDEFINITA e su OK

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

Fai una scansione con questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1286

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.

---

Collaboratore Aiutamici