ciao ho eseguiite le operazioni da te elendùcate e la scansione online ha evidenziato l'assenza di virus ma il sistema è infetto da diversi cavalli di troia tra i quali dropper, horse, lowzones. ByteVerify, addicker oltre che alcuni dialer...come faccio non vorrei formattare in quanto perderei programmi che non posso recuperare....grazie dell'aiuto che mi darete... allego il log da avvio normale...
Logfile of HijackThis v1.99.1
Scan saved at 2.02.12, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\Java\j2re1.4.2_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cbsi7msqlc.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [fix] C:\WINDOWS\system32\thecat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ScaricaMP3] C:\Documents and Settings\Administrator\Dati applicazioni\ScaricaMP3[1].exe t
O4 - HKCU\..\Run: [Microsoft Security] C:\WINDOWS\system32\msantivir.exe
O4 - HKCU\..\Run: [idrocefalo.exe] C:\WINDOWS\system32\idrocefalo.exe
O4 - HKCU\..\Run: [wke.exe] C:\WINDOWS\system32\wke.exe
O4 - Startup: Posta elettronica.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone:
www.acquadirose.bizO15 - Trusted Zone:
www.acquadirose.comO15 - Trusted Zone:
www.analcord.comO15 - Trusted Zone:
www.cisiamodibrutto.comO15 - Trusted Zone:
www.coppiastrana.comO15 - Trusted Zone:
www.cywanstorage.bizO15 - Trusted Zone:
www.forteforte.comO15 - Trusted Zone:
www.gooogle.bzO15 - Trusted Zone:
www.nanobyte.bizO15 - Trusted Zone:
www.phishingfix.bizO15 - Trusted Zone:
www.playmore.bizO15 - Trusted Zone:
www.preferiti-windows.comO15 - Trusted Zone:
www.ricercadoppia.comO15 - Trusted Zone:
www.scalalap.comO15 - Trusted Zone:
www.sextriere.comO15 - Trusted Zone:
www.supermonica.bizO15 - Trusted Zone:
www.tuttaqualita.comO15 - Trusted Zone:
www.vispateresa.bizO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabO16 - DPF: {381E86E3-E7CE-46FC-BA2C-E83D3B6E4309} -
http://www.cywanstorage.biz/WWE/Catto.exeO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {64F2AAC0-5677-4B53-99D0-E0CB73E7C95C} (SmartCardReader.UCSmartCardReader) -
https://reseller.indexpoint.it/DWL/SmartCardReader.cabO16 - DPF: {84F7129F-9451-4202-B2F9-929F047FC126} -
http://www.what-you-want.biz/idro.exeO16 - DPF: {8838BDA8-9C2E-480C-8926-3104C642D7E4} -
http://www.gooogle.bz/cywtr.exeO16 - DPF: {8D7D6D73-8BC2-488A-A035-64D708FC038F} -
http://www.cywanstorage.biz/LNKSHR/Checkout.exeO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {96966B7C-CA72-4928-895B-1C2F0E5302A9} -
http://www.cywanstorage.biz/CXDF2/pialla.exeO16 - DPF: {9F5BB9E1-31AE-4A13-8734-15CED0F60A3D} -
http://www.gooogle.bz/lateshow.cabO16 - DPF: {C470A05D-3001-4836-9E5E-ACBD12159691} (SmartCardReader.UCSmartCardReader) -
https://reseller.indexpoint.it/dwl/SmartCardReader.cabO16 - DPF: {EC52F7A4-27A7-4319-9BA1-E7FE5C90D3AC} -
http://td8eau9td.com/ab98ec65/50310/1/xp/FreeAccess.ocxO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
