AIUTOOOOO PERFAVOREEEE:(

[Salentino76]

ciao a tutti, ragazzi credo di avere dei virus, e nello specifico degli spyware, ho fatto tutto quello che c'è da fare scansione virus, con nod 32, scansione con search e destroy, e ccleaner, ma il pc, quandpo navigo si blocca, le pagine internet sono lente, e spesso si bloccano, così' ho fatto il test con hijackthis, adesso vi posto il log, aspetto con ansia vostri suggerimenti, grazie a tutti!!!!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14.52.33, on 05/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\Roper\AirBlue Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\Eset\nod32krn.exe
C:\BITWARE\NT\bwprnmon.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\windows\system32\svchost.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Roper\AirBlue Bluetooth Software\BTTray.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Roper\AIRBLU~1\BTSTAC~1.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\GIANFRANCO\Desktop\HiJackThis_v2.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {23906530-CA42-4A78-BAB5-8D29A8BD61C0} - C:\WINDOWS\system32\sstuu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll (file missing)
O2 - BHO: {09f56611-5a17-e988-6b14-833fb1ebe60f} - {f06ebe1b-f338-41b6-889e-71a511665f90} - C:\WINDOWS\system32\yeitbdjv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [svcbqhte] "c:\windows\system32\svcbqhte.exe"
O4 - HKLM\..\Run: [ztktda.exe] C:\DOCUME~1\GIANFR~1\IMPOST~1\Temp\ztktda.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [a4638241] rundll32.exe "C:\WINDOWS\system32\kesxweca.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24E17EE2-1056-414F-BB5B-33547465EB1C}: NameServer = 193.12.150.2 212.247.152.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{24E17EE2-1056-414F-BB5B-33547465EB1C}: NameServer = 193.12.150.2 212.247.152.2
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c006C192.dat
O20 - Winlogon Notify: yzpsyixd - yzpsyixd.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\Roper\AirBlue Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

--
End of file - 8966 bytes

[Luke57]

Ciao, non lanciare urla di dolore, è sufficiente descrivere il problema
scarica avenger sul desktop http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:

Files to delete:
C:\WINDOWS\system32\sstuu.dll
C:\WINDOWS\system32\yeitbdjv.dll
c:\windows\system32\svcbqhte.exe
C:\WINDOWS\system32\kesxweca.dll
C:\WINDOWS\system32\__c006C192.dat
C:\WINDOWS\system32\yzpsyixd.dll


registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | a4638241
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | ztktda.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | svcbqhte

registry keys to delete;
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23906530-CA42-4A78-BAB5-8D29A8BD61C0}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09f56611-5a17-e988-6b14-833fb1ebe60f}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f06ebe1b-f338-41b6-889e-71a511665f90}
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yzpsyixd

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo, se così non fosse riavvialo manualmente.
Posta anche il log generato da avenger, lo trovi in C:\ è un file di testo

Poi scarica VundoFix da qui http://www.atribune.org/content/view/24/2/
Avvia vundofix, seleziona "Scan for Vundo" e poi alla fine clicca su "Remove Vundo".
Alla fine di tutto posta anche il log generato da Vundofix

[Salentino76]

ti ringrazio per i suggerimenti, ma quando inserisco le scritte in neretto nello spazio bianco mi da errore!!!

[Salentino76]

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16.37.27, on 05/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\Roper\AirBlue Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\Eset\nod32krn.exe
C:\BITWARE\NT\bwprnmon.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\windows\system32\svchost.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Roper\AirBlue Bluetooth Software\BTTray.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Roper\AIRBLU~1\BTSTAC~1.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\GIANFRANCO\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {23906530-CA42-4A78-BAB5-8D29A8BD61C0} - C:\WINDOWS\system32\sstuu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll (file missing)
O2 - BHO: {09f56611-5a17-e988-6b14-833fb1ebe60f} - {f06ebe1b-f338-41b6-889e-71a511665f90} - C:\WINDOWS\system32\yeitbdjv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [svcbqhte] "c:\windows\system32\svcbqhte.exe"
O4 - HKLM\..\Run: [ztktda.exe] C:\DOCUME~1\GIANFR~1\IMPOST~1\Temp\ztktda.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [a4638241] rundll32.exe "C:\WINDOWS\system32\kesxweca.dll",b
O4 - HKLM\..\Run: [qmwaggnq] C:\^pqkierm.bat
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c006C192.dat
O20 - Winlogon Notify: yzpsyixd - yzpsyixd.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\Roper\AirBlue Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

--
End of file - 8997 bytes


ho rifatto il log, con tutte le applicazioni chiude, perchè prima di ricevere la tua risposta di testa mia ho spuntato i no name e ho cliccato su fixed, ppoi ho chiuso tutto, ma no credo sia la soluzione giusta!!!
ma fammi capire, quindi secondo te il mio pc è ancora infetto???è per questo che a volte le pagine web si bloccano?e ho notato che quando inserisco la parola da ricercare nel quadratino bianco di google nel toolbar si blocca per un attimo scompare anche il puntatore, a volte la fa la ricerca, altre si blocca!!!,mah!!!
cmq prima ho fatto coke dici tu solo che mi da errore, alla fine di tutto, quando clicco su yes la prima volta poi dopo mi dice script non validi o raba del genere!!!

[SkunkWorks 68]

liccato su fixed, ppoi ho chiuso tutto, ma no credo sia la soluzione giusta!!!
ma fammi capire, quindi secondo te il mio pc è ancora infetto???!!

Purtroppo sì(e non sarà facile "pulirlo").
Hai riavviato il PC dopo aver fixato(fix checked) le stringhe suggerite da Luke?.
Come stai messo con gli aggiornamenti di Windows?
Al 90 % scommetto che utilizzi IE 6 per navigare...,è vero?
Ciao

[SkunkWorks 68]

Errore mio,chiedo scusa,mi sono confuso con un altro topic...
Restano valide le altre considerazioni(IE 6 ed aggiornamenti)...
Ciao

[Luke57]

Ciao, è vero, lo script riporta un punto e virgola invece dei due punti: copia e incolla questo:

Files to delete:
C:\WINDOWS\system32\sstuu.dll
C:\WINDOWS\system32\yeitbdjv.dll
c:\windows\system32\svcbqhte.exe
C:\WINDOWS\system32\kesxweca.dll
C:\WINDOWS\system32\__c006C192.dat
C:\WINDOWS\system32\yzpsyixd.dll


registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | a4638241
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | ztktda.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | svcbqhte

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23906530-CA42-4A78-BAB5-8D29A8BD61C0}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09f56611-5a17-e988-6b14-833fb1ebe60f}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f06ebe1b-f338-41b6-889e-71a511665f90}
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yzpsyixd

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


Poi esegui anche lo scan con vundofix. se non l'hai già fatto.

[Salentino76]

Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|svcbqhte
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|svcbqhte failed!
Status: 0xc0000034



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23906530-CA42-4A78-BAB5-8D29A8BD61C0} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23906530-CA42-4A78-BAB5-8D29A8BD61C0} failed!
Status: 0xc0000034



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09f56611-5a17-e988-6b14-833fb1ebe60f} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09f56611-5a17-e988-6b14-833fb1ebe60f} failed!
Status: 0xc0000034



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f06ebe1b-f338-41b6-889e-71a511665f90} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f06ebe1b-f338-41b6-889e-71a511665f90} failed!
Status: 0xc0000034



Registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yzpsyixd not found!
Deletion of registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yzpsyixd failed!
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate. log:


aspetto una vostra risposta, questo è il log di avenger, quello di vunfix non c'è perchè non ha trovato infezioni, ma acosa serve vundofix?

è possibile che ora il pc sia pulito, avendo eliminato i file direttamente daHiJackThis????? ciao a tutti

[Luke57]

Ciao, non è visibile nel log di avenger la parte riferita ai files.
Per quanto riguarda la tua domanda, sì, con hijackthis elimini le voci di registro, però di solito restano i file da eliminare.
Posta un nuovo log di hijackthis.

[Salentino76]

ciao ecco il nuovo log che ho eseguito proprio poco fa, spero che riusciate ad aiutarmi grazie!!!!!


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 0.03.28, on 06/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\BITWARE\NT\bwprnmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programmi\Roper\AirBlue Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Programmi\Eset\nod32krn.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Roper\AirBlue Bluetooth Software\BTTray.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Roper\AIRBLU~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Documents and Settings\GIANFRANCO\Desktop\programmi antivirus\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\Roper\AirBlue Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

--
End of file - 7876 bytes

[Luke57]

Ciao, nettamente migliorato, non appaiono minacce nel log.
Fai anche una scansione con questo:
http://info.prevx.com/download.asp?grab=prevxcsi
lo scarichi e lo esegui (è molto veloce)

[Salentino76]

ti ringrazio dell'aiuto luke, sei un grande!!!!semti mi piacerebbe scambiarci l'indirizzo msn, che ne dici, un saluto e a ptesto!!!

[Salentino76]

ah, ho fatto la scansione anche con il programmino che mi hai detto, mi dice che il mio pc è clean, pulito da minacce!!!sono troppo felice, grazie davvero!!!!!

quindi se magari mi entra un virus no, parlo in generale, la prima cosa che devo fare è lanciare hiacstick, e poi fare la scansione con gli altri due programmini???insomma se voglio vedere il mio pc come è messo, faccio cosi!!!!!

ovviamente devo avere un buon antivirus, io adesso ho il nod332 prima avira, che si è rivelato un bidone!!!!!!!


ancora grazieeeeeeeeee!!!!!!:)

[SkunkWorks 68]

prima avira, che si è rivelato un bidone!!!!!!!

Utilizzo Antivir gratuito da 3 anni quasi su 3 PC,scansioni incrociate con Kaspersky,mai trovato nulla.
L'Antivirus deve essere un "aiuto",il resto del lavoro lo deve fare l'utente...
Ma se ti trovi bene con il Nod...
Ciao

[Salentino76]

avira, e buono, l'ho usato per un anno, fino all'altro giorno, quando mi sono entrati i virus, e lui non ha fatto nulla, quando poi l'ho disintallato, e messo invece il nod32 ho capito che fino a oggi ho avuto un bidone di antivirus, confermo!!!!!!!priva a installare un altro antivirus, e vedi che qualcosa te la trova, avira, non trova nulla, !!!

[SkunkWorks 68]

Non credo proprio,Kaspersky mi troverebbe qualcosa(eseguo scansioni di controllo settimanali)...Il Nod all'inizio veniva visto come il superantivirus,ma qualche "cantonata" ultimamamente l'ha presa...
Del resto mi controllo spesso i PC con Hijackthis,Sophos Antirootkit:se ci fosse qualcosa che non va qualche sospetto ti assicuro che ce l'avrei...
Ripeto,poi se ti trovi meglio,bene per te.
Ciao