ciao sono nuovo e non so bene come muovermi nei forum
ho un problema grosso col mio pc, sistema windows xp sp1, ho preso un virus win32 dialer gen, associato ad un file xrdfh.exe, che non riesco a debellare, ho provato con antivirus, antimalware, in modalità provvisoria, a cancellare il file in questione sempre in modalità provvisoria, ma nulla da fare... se entro in internet con explorer vengo reindirizzato sulla pagina
www.hotinfolink.com, nonostante io imposti altro come pagina iniziale, il mio programma antivirus è avast, e non appena apro il browser di navigazione mi individua questo file xrdfh.exe in c:/...
con firefox va un po' meglio nel senso che non mi cambia la pagina iniziale, ma con entrambi i browser non riesco assolutamente a fare aggiornamenti di windows; uso anche un programma, malware sweeper, che mi individua ogni volta dei virus nelle chiavi di registro, che io cancello, fatto anche in modalità provvisoria, ma nulla da fare, si ripropongono regolarmente; ho fatto un file log con highjack che riporto qui sotto:
Logfile of HijackThis v1.99.1
Scan saved at 20.12.12, on 23/05/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system\usnsvc.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmi\Brother\ControlCenter2\brctrcen.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\livecal.exe
C:\WINDOWS\System32\agsqml1.exe
C:\WINDOWS\System32\alggg.exe
C:\WINDOWS\System32\NSecurity.exe
C:\WINDOWS\System32\wimnini.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\MalwareSweeper.com\MalwareSweeper\MalSwep.exe
C:\WINDOWS\System32\hp-1003.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\carli\Impostazioni locali\Temp\Directory temporanea 2 per hijackthis_199.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.hotinfolink.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmi\Brother\Brmfl05b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Service Agents] agsqml1.exe
O4 - HKLM\..\Run: [Windows Service Update] C:\WINDOWS\System32\livecal.exe
O4 - HKLM\..\Run: [File Mapping Services] hp-1003.exe
O4 - HKLM\..\Run: [Service Update] C:\WINDOWS\System32\alggg.exe
O4 - HKLM\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe
O4 - HKLM\..\Run: [Windows Security Centers] C:\WINDOWS\System32\wimnini.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunServices: [Windows Service Agents] agsqml1.exe
O4 - HKLM\..\RunServices: [File Mapping Services] hp-1003.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Service Agents] agsqml1.exe
O4 - HKCU\..\Run: [Windows Service Update] C:\WINDOWS\System32\livecal.exe
O4 - HKCU\..\Run: [File Mapping Services] hp-1003.exe
O4 - HKCU\..\Run: [Service Update] C:\WINDOWS\System32\alggg.exe
O4 - HKCU\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe
O4 - HKCU\..\Run: [Windows Security Centers] C:\WINDOWS\System32\wimnini.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Malware Sweeper] C:\Programmi\MalwareSweeper.com\MalwareSweeper\MalSwep.exe
O4 - HKCU\..\RunServices: [File Mapping Services] hp-1003.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179423703187O17 - HKLM\System\CCS\Services\Tcpip\..\{B3F815C1-3456-4796-82EF-706B899F552F}: NameServer = 208.67.222.222,208.67.220.200
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWSO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Scheduler (prtsch) - Unknown owner - C:\WINDOWS\system\usnsvc.exe
scusate ancora ma non so che fare....
grazie grazie
Alex