Caro Alfonso ti invio il log ottenuto con HiJack del computer di un mio amico che ha navigato per qualche mese senza nessun antivirus!!!!!!! e utilizzando solo adaware (non aggiornato).
Ho scaricato dal vostro sito l'antivirus avast 4 e almeno quello è riuscito a sbloccare il funzionamento di HiJack altrimenti bloccato.
Penso sia inutile dire che su quel computer accade di tutto, si aprono pagine, la clessidra ruota in continuazione , msg in inglese di ogni genere che si aprono ecc ecc
Se puoi darci una guardata ti ringrazio sin da adesso...
Logfile of HijackThis v1.99.1
Scan saved at 16.16.16, on 02/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\wuapi.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\THVjYQ\command.exe
C:\WINDOWS\dlhost.exe
C:\WINDOWS\system32\netdrvr.exe
C:\Programmi\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\System32\pnpmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sndmen.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\PestPatrol\PPControl.exe
C:\Programmi\PestPatrol\PPMemCheck.exe
C:\Programmi\PestPatrol\CookiePatrol.exe
C:\picso.exe
C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe
C:\prz.exe
C:\WINDOWS\timed.exe
C:\mplay.exe
C:\WINDOWS\timed.exe
C:\WINDOWS\System32\notes.exe
C:\WINDOWS\System32\Drivxp.exe
C:\WINDOWS\System32\MSWSA32.exe
C:\Programmi\Trend Micro\OfficeScan Client\pccntupd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\System32\r?ndll.exe
C:\WINDOWS\System32\MSWSA32.exe
C:\Programmi\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\TEMP\UAA4E0.EXE
E:\Antivirus_Nuovo\HIJACK\HijackThis.exe
C:\WINDOWS\System32\driveinfo.exe
C:\WINDOWS\System32\driveinfo.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.superwebsearch.com/ie/R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.superwebsearch.com/ie/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 216.69.164.89 auto.search.msn.com #NETVISION
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\awvts.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0F51A684-1868-069E-69E0-3206D495CD99} - C:\WINDOWS\System32\clvnb.dll (file missing)
O2 - BHO: (no name) - {123E99C0-2809-30D8-79C2-0995BCD5D9E9} - C:\WINDOWS\System32\hliv.dll
O2 - BHO: (no name) - {123E99C5-2875-36DC-79B1-0795BED0D99A} - C:\WINDOWS\System32\hliv.dll
O2 - BHO: (no name) - {463FC29F-2E28-308C-2CB1-0795BD84899D} - C:\WINDOWS\System32\igdebzts.dll (file missing)
O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\System32\geebc.dll
O2 - BHO: (no name) - {8ECF9C69-25DB-3D7B-8866-0AC548091091} - C:\WINDOWS\System32\igdh.dll (file missing)
O2 - BHO: (no name) - {90403F09-D2ED-9911-E56A-FA7A939409CA} - C:\WINDOWS\System32\vibtce.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] C:\WINDOWS\sndmen.exe -i
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Internet Explorer Updater] C:\WINDOWS\system32\lexbac.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programmi\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\Programmi\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programmi\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [Windows Media Updater] crease.exe
O4 - HKLM\..\Run: [eciv] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [elos] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] amsn.exe
O4 - HKLM\..\Run: [NI.UWAS5_0001_LP51] "C:\WINDOWS\Downloaded Program Files\UWAS5_0001_LP51NetInstaller.exe" -nag
O4 - HKLM\..\Run: [REGMSYS] C:\picso.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Windows Automatic Updates] C:\prz.exe
O4 - HKLM\..\Run: [Timer] C:\WINDOWS\timed.exe /i
O4 - HKLM\..\Run: [Drive Info] driveinfo.exe
O4 - HKLM\..\Run: [sqlREG] C:\mplay.exe
O4 - HKLM\..\Run: [MSN Checker] msnchecker.exe
O4 - HKLM\..\Run: [notes] notes.exe
O4 - HKLM\..\Run: [Alive SYstem] C:\WINDOWS\System32\scchost.exe
O4 - HKLM\..\Run: [Winxp update] Drivxp.exe
O4 - HKLM\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006a.exe
O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\wkayyp.exe reg_run
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Windows Media Updater] crease.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] amsn.exe
O4 - HKLM\..\RunServices: [Drive Info] driveinfo.exe
O4 - HKLM\..\RunServices: [MSN Checker] msnchecker.exe
O4 - HKLM\..\RunServices: [notes] notes.exe
O4 - HKLM\..\RunServices: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Media Updater] crease.exe
O4 - HKCU\..\Run: [Jgua] C:\WINDOWS\System32\r?ndll.exe
O4 - HKCU\..\Run: [Compaq Service Drivers] amsn.exe
O4 - HKCU\..\Run: [Drive Info] driveinfo.exe
O4 - HKCU\..\Run: [MSN Checker] msnchecker.exe
O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\..\Run: [CU1] C:\Programmi\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Programmi\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [owqw] C:\PROGRA~1\FILECO~1\owqw\owqwm.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers] amsn.exe
O4 - HKCU\..\RunServices: [Drive Info] driveinfo.exe
O4 - HKCU\..\RunServices: [MSN Checker] msnchecker.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone:
www.archiviosex.netO15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone:
www.redfunny.comO15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone:
www.skymasters.bizO15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 69.50.161.82
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O20 - Winlogon Notify: awvts - awvts.dll (file missing)
O20 - Winlogon Notify: geebc - C:\WINDOWS\System32\geebc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\THVjYQ\command.exe
O23 - Service: DynamicHost (DLHOST) - Unknown owner - C:\WINDOWS\dlhost.exe
O23 - Service: Enables Java Support (Java) - Unknown owner - C:\WINDOWS\System32\winjava.exe (file missing)
O23 - Service: Microsoft Path Finder Service (MSpath) - Unknown owner - C:\WINDOWS\mspath.exe (file missing)
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Universal Plug and Play Manager (PnP Manager) - Unknown owner - C:\WINDOWS\System32\pnpmgr.exe
O23 - Service: System Manager Service (SMSC) - Unknown owner - C:\WINDOWS\smsc.exe (file missing)
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe