Caro Alfonso ti invio il log del cmputer che usa mio figlio e che da qualche giorno non riesce più ad indirizzarsi sulla pagina iniziale che dovrebbe essere
www.msn.it. Continuamente la pagina iniziale viene dirottata su about. blank ed appare una pagina commerciale. Contemporaneamente ci appare anche questo segnale di allarme che più o meno dice così: Attenzione il computer è infetto da SSP Mydoom.cih ver. 2.018. Subito dopo siamo invitati a visitare una pagina dove poter scaricare, credo a pagamento, un programma disinfettatore. Ho provato ad usare Spybot - Search & Destroy e Ad-aware 6.0 anche in modalità provvisoria ma non ho ottenuto risultati.
Vi sono poi alcuni virus e qualche troiano ma l’antivirus Avast pare che li tenga a bada!
Puoi darmi qualche consiglio?
Grato per quanto vorrai fare, invio cordiali saluti jjmmy
Logfile of HijackThis v1.99.0
Scan saved at 13.55.40, on 06/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashserv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\crcl.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\soundman.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\Garzanti Linguistica\Italiano Clic\vb\ItaTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmi\Messenger\msmsgs.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\apirh.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Administrator\Documenti\Utilità\Eseguibili per installazione e loro estrazioni\Nuova cartella\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fawuy.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fawuy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\fawuy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fawuy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fawuy.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fawuy.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fawuy.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AF17418B-9E15-BD6D-BB30-CC73A1BC7CDD} - C:\WINDOWS\system32\sysaq.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [avast!] C:\Programmi\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Italiano clic] C:\PROGRA~1\Garzanti Linguistica\Italiano Clic\vb\ItaTray.exe /w
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [apirh.exe] C:\WINDOWS\system32\apirh.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Download &Express - C:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone:
www.master69.bizO15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone:
www.sgrunt.bizO15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone:
www.yeak.netO15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100330325547O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) -
http://download.rfwnad.com/cab/crack.CABO23 - Service: avast! iAVS4 Control Service - Unknown - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Programmi\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\system32\crcl.exe
