Ho reistallato il S.O. XP e ho beccato fra glia altri un virus "rdriv".
Fra i tanti tentativi ho provato il programma ewindo che però rimuove il virus in mod.provvisoria ma quando riavvio in normale ricompare nella cartella Windows/System32
Grazie
Logfile of HijackThis v1.99.1
Scan saved at 16.09.50, on 22/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\WINDOWS\winsmc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\System32\IEXPL0RE.EXE
C:\Programmi\AVPersonal\AVGNT.EXE
C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\System32\n?lookup.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\salvatore\Impostazioni locali\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://gw.aliceadsl.it/minisearchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.libero.it/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://gw.aliceadsl.it/homeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {18A8E2F6-2861-04ED-42C3-52A028FFAEC2} - C:\WINDOWS\System32\bxc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {C492A257-62CD-1949-B019-4F0142E97FCE} - C:\WINDOWS\System32\hoopre.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Programmi\DNS\Catcher.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Windows System Security] sys32.pif
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\etb\pokapoka69.exe
O4 - HKLM\..\Run: [Micrsoft Internet Explorer] IEXPL0RE.EXE
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Compaq Service Drivers] amsn.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
O4 - HKLM\..\Run: [SoloSysCheck] C:\PROGRA~1\SRNMIC~1\SYSCHECK.COM
O4 - HKLM\..\RunServices: [Compaq Service Drivers] amsn.exe
O4 - HKLM\..\RunServices: [Windows System Security] sys32.pif
O4 - HKLM\..\RunServices: [Micrsoft Internet Explorer] IEXPL0RE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Compaq Service Drivers] amsn.exe
O4 - HKCU\..\Run: [Windows System Security] sys32.pif
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Wjee] C:\WINDOWS\System32\n?lookup.exe
O4 - HKCU\..\Run: [Micrsoft Internet Explorer] IEXPL0RE.EXE
O4 - HKCU\..\RunServices: [Compaq Service Drivers] amsn.exe
O4 - HKCU\..\RunServices: [Windows System Security] sys32.pif
O4 - HKCU\..\RunServices: [Micrsoft Internet Explorer] IEXPL0RE.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Alice - {E23A537D-6140-44BD-BB9A-EE3F83C93804} -
http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O15 - Trusted Zone:
www.archiviosex.netO15 - Trusted Zone:
www.redfunny.comO15 - Trusted Zone:
www.skymasters.bizO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -
http://static.zangocash.com/cab/Zango/ie/bridge-c18.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{99DD3268-AB55-4888-8E18-8182EDFE779D}: NameServer = 85.37.17.11 151.99.125.1
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: MS Smc Service (MSsmc) - Unknown owner - C:\WINDOWS\winsmc.exe
O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe (file missing)
O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\microsoft.exe (file missing)