ciao a tutti )))) mi kiamo Francesco. E mi sn iscritto poki minuti fa. Ho un problema cn il pc Avast! mi segnala questo virus : Win32:obfuscated-EER [trj]. E a volte segnala anke un virus nella cartella temp e in Content.IE5. Scusate se nn riporto il nome di qusto virus. Sn abbastanz aimbranato cn il pc )))). Cmq nel nome del virus c' era Hijack. E da questo ho fatto alcune ricerke e sn arrivato ad Hijack this. Ivece per l' altro virus nn ho trovato molto e cmq nn italiano. E sperando ke io cia bbia capito qualkosa )))) vi riporto qui il log. Se qualcuno volesse aiutare me ke sn uno sventurato del web )))).


Scan saved at 20.04.32, on 29/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\FRANCESCO\Desktop\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Programmi\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll (file missing)
O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Programmi\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll (file missing)
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll",AppEntry -REG "Pirelli\Access Gateway USB"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: KeyText.lnk = C:\Programmi\KeyText\KeyText.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://fran-db.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156347761635
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://fran-db.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D86348C8-CA5D-4708-BF48-AA6CBDFC7ACF}: NameServer = 85.37.17.49 85.38.28.91
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Gestione applicazione (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Audio Windows (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Servizio trasferimento intelligente in background (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Browser di computer (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Servizi di crittografia (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Utilità di avvio processo server DCOM (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Gestione dischi logici (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Servizio di segnalazione errori (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Sistema di eventi COM+ (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Compatibilità di Cambio rapido utente (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Guida in linea e supporto tecnico (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: SSL HTTP (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: MS Internet Countermeasures Framework (ICF) - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Helper NetBIOS di TCP/IP (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Connessioni di rete (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: NLA (Network Location Awareness) (Nla) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Archivi rimovibili (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: Auto Connection Manager di Accesso remoto (RasAuto) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Connection Manager di Accesso remoto (RasMan) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Registro di sistema remoto (RemoteRegistry) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: RPC (Remote Procedure Call) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Utilità di pianificazione (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Accesso secondario (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Notifica eventi di sistema (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Firewall / Condivisione connessione Internet (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Rilevamento hardware shell (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Servizio Ripristino configurazione di sistema (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Servizio di rilevamento SSDP (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Acquisizione di immagini di Windows (WIA) (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Telefonia (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Servizi terminal (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Temi (Themes) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Manutenzione collegamenti distribuiti client (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Host di periferiche Plug and Play universali (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Ora di Windows (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Strumentazione gestione Windows (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Servizio Numero di serie per dispositivi multimediali portatili (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Estensioni driver di Strumentazione gestione Windows (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Centro sicurezza PC (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Aggiornamenti automatici (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Zero Configuration reti senza fili (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Servizio Provisioning di rete (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe