Ciao luke grazie tantissimo per le info; mi sono state molto utili e mi sembra che il log vada un po meglio! Purtroppo, però, ho fatto una scansione con kaspersky e mi ha trovato qualche schifezza...ti posto anche il suo report. Potresti darmi ancora una mano?? Grazie mille ciao!
Logfile of HIJACKTHIS v1.99.1
Scan saved at 22.08.03, on 07/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bruss\Documenti\Marco\Software\Virus&spy\hijackthis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.fastweb.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NI.UWFX5T_0001_N57M1412] "C:\Documents and Settings\Bruss\Impostazioni locali\Temporary Internet Files\Content.IE5\RRXJ7X8W\WinFixer2005ScannerInstallITA[1].exe" -nag
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.it/kos/kavwebscan_unicode.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
-----------------------------------------
KASPERSKY
Analizza statistiche:
Numero totale di oggetti analizzati: 25064
Numero di virus trovati: 9
Numero di oggetti infetti: 45
Numero di oggetti sospetti: 0
Durata del processo di analisi: 00:25:22
Nome dell'oggetto infetto / Nome del virus / Ultima azione
C:\WINDOWS\SYSTEM32\winfifggf.exe Infetto: Backdoor.Win32.Rbot.ayr ignorato
C:\WINDOWS\SYSTEM32\winksas.exe Infetto: Backdoor.Win32.Rbot.atj ignorato
C:\WINDOWS\SYSTEM32\plasdll.exe Infetto: Backdoor.Win32.IRCBot.az ignorato
C:\WINDOWS\SYSTEM32\dcomcfg.exe Infetto: Packed.Win32.Tibs ignorato
C:\WINDOWS\SYSTEM32\sysmon.exe Infetto: Packed.Win32.Tibs ignorato
C:\WINDOWS\TEMP\apihelp.chm Infetto: Packed.Win32.Tibs ignorato
C:\WINDOWS\TEMP\apihelp2.chm Infetto: Packed.Win32.Tibs ignorato
C:\WINDOWS\Downloaded Program Files\AUTO_299_N.exe Infetto: Trojan.Win32.Dialer.hh ignorato
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\AUTO_299_N.exe Infetto: Trojan.Win32.Dialer.hh ignorato
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\AUTO_299_N.exe Infetto: Trojan.Win32.Dialer.hh ignorato
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\AUTO_299_N.exe Infetto: Trojan.Win32.Dialer.hh ignorato
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\CYK0GBCY\zhcoa[1].txt Infetto: Trojan-Clicker.Win32.Small.kr ignorato
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\Q9ABUVWF\sqlkw[1].txt Infetto: Trojan-Clicker.Win32.Small.kr ignorato
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\Q9ABUVWF\ypktedcase[1].txt Infetto: Packed.Win32.Tibs ignorato
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\GZIJ2L4N\sjrkhe[1].txt Infetto: Packed.Win32.Tibs ignorato
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\OP8RATCD\ygfrpon[1].htm Infetto: Trojan.Win32.Harnig.a ignorato
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\OP8RATCD\qyxwe[1].htm Infetto: Trojan.Win32.Harnig.a ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP26\A0007998.exe Infetto: Backdoor.Win32.Rbot.ayr ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP26\A0008026.exe Infetto: Backdoor.Win32.Rbot.ayr ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP27\A0008062.exe Infetto: Backdoor.Win32.Rbot.ayr ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP27\A0008096.exe Infetto: Backdoor.Win32.Rbot.ayr ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP31\A0009988.exe Infetto: Backdoor.Win32.Rbot.ayr ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP34\A0012883.exe Infetto: Backdoor.Win32.Rbot.ayr ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP34\A0012891.exe Infetto: Backdoor.Win32.Rbot.ayr ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP34\A0015984.exe Infetto: Backdoor.Win32.Rbot.ayr ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP53\A0018378.exe Infetto: Trojan-Downloader.Win32.Harnig.bg ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP53\A0018381.exe Infetto: Packed.Win32.Tibs ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP53\A0018382.exe Infetto: Trojan-Clicker.Win32.Small.kr ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP53\A0018451.exe Infetto: Backdoor.Win32.Rbot.atj ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP53\A0018492.exe Infetto: Trojan-Downloader.Win32.Harnig.bg ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP53\A0018495.exe Infetto: Packed.Win32.Tibs ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP53\A0018496.exe Infetto: Trojan-Clicker.Win32.Small.kr ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP53\A0018512.exe Infetto: Backdoor.Win32.Wootbot.ct ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP53\A0018513.exe Infetto: Packed.Win32.Tibs ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP53\A0018672.exe Infetto: Trojan-Downloader.Win32.Harnig.bg ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP53\A0018673.exe Infetto: Packed.Win32.Tibs ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP53\A0018676.exe Infetto: Trojan-Clicker.Win32.Small.kr ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP53\A0018698.exe Infetto: Backdoor.Win32.Wootbot.ct ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP53\A0018699.exe Infetto: Packed.Win32.Tibs ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP53\A0018727.exe Infetto: Backdoor.Win32.Rbot.ayr ignorato
C:\System Volume Information\_restore{22C335F3-2D82-482B-9140-85C98FA51074}\RP53\A0018728.exe Infetto: Backdoor.Win32.Rbot.atj ignorato
C:\Program Files\secure32.html Infetto: Trojan.Win32.Harnig.a ignorato
C:\loadadv650.exe Infetto: Trojan-Downloader.Win32.Harnig.bg ignorato
C:\countrydial.exe Infetto: Packed.Win32.Tibs ignorato
C:\tool5.exe Infetto: Trojan-Clicker.Win32.Small.kr ignorato
Processo di analisi completato.