Mi cambia sempre la home page in automatico e in più l'antivirus mi rileva un virus "win32/swizzor" che però non riescie a eliminare!
Logfile of HijackThis v1.99.1
Scan saved at 17.46.53, on 03/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programmi\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Common files\SearchUpgrader\SearchUpgrader.exe
C:\Programmi\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\PestPatrol\PPControl.exe
C:\Programmi\PestPatrol\PPMemCheck.exe
C:\Programmi\PestPatrol\CookiePatrol.exe
C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
C:\Programmi\File comuni\Nokia\Tools\NclTray.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\USER\Documenti\Unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.ozoiywysptfnmzlfh.com/4TTbn9S6_C9k8qJhJRfJKVM168BD_nKh_im_sByY4gomQ2U2V5HpB0xpbJwHrGMj.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://windowsupdate.microsoft.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 66.98.226.177 auto.search.msn.com
O1 - Hosts: 66.98.226.177 auto.search.msn.com
O1 - Hosts: 66.98.226.177 auto.search.msn.com
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\system32\bridge.dll (file missing)
O2 - BHO: (no name) - {B0F0503E-78EA-F5D7-E47C-B357E069F70B} - C:\DOCUME~1\USER\DATIAP~1\MPEGGP~1\AUDIO MEMO.exe (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll (file missing)
O2 - BHO: (no name) - {EB33A598-E534-F18F-B245-A8B124BC6FC7} - C:\DOCUME~1\USER\DATIAP~1\MPEGGP~1\AUDIO MEMO.exe (file missing)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SplashDisplayer] C:\WINDOWS\System32\ISTHTB.EXE
O4 - HKLM\..\Run: [SearchUpgrader] C:\Programmi\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [CORNCAKELOGODRAW] C:\Documents and Settings\All Users\Dati applicazioni\Defaultbalmcorncake\BeepLoad.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programmi\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\Programmi\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programmi\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [Uninstall_TBPS] C:\WINDOWS\Temp\TBuninst.exe /remove
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Gianmarco\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programmi\File comuni\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [BearShare] "C:\Programmi\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Programmi\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Programmi\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Send Build Frag Warn] C:\Documents and Settings\All Users\Dati applicazioni\move defy send build\ERRORCITY.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [obj plus] C:\DOCUME~1\USER\DATIAP~1\FORAXI~1\CITY TEST MOVE.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - Global Startup: DataWay USB ADSL Modem.lnk = ?
O8 - Extra context menu item: Save with Download Manager... - file://C:\Programmi\J River\Media Center 11\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096593617203O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} -
http://1108765582000.kit.sexequalite.com/26653/CD/UltraSESSO.exeO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} -
http://www.sgrunt.biz/closer/close.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{21DB781A-8EBE-4D5F-AF66-5540AA932FBB}: NameServer = 212.216.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{C368B228-7435-4D09-9B8A-0310F41EE541}: NameServer = 85.37.17.57 85.38.28.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{21DB781A-8EBE-4D5F-AF66-5540AA932FBB}: NameServer = 212.216.112.112
O17 - HKLM\System\CS2\Services\Tcpip\..\{21DB781A-8EBE-4D5F-AF66-5540AA932FBB}: NameServer = 212.216.112.112
O17 - HKLM\System\CS3\Services\Tcpip\..\{21DB781A-8EBE-4D5F-AF66-5540AA932FBB}: NameServer = 212.216.112.112
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe