prima di tutto grazie per l'interessamento, da solo nn saprei cosa fare...
ho provato ad usare, in modalità provvisoria, il vx2 cleaner ma continuano i fastidiosi e arbitrari collegamenti a siti web sconosciuti mentre navigo.
nn so se può essere utile ma mi sono annotato i tre siti che si aprono più spesso:
http://www.realarcade.com/realarcade?tp ... arket_gifs
http://cache.trafficmp.com/tmpad/conten ... tlpop.html
http://www10.hooowah.com/search.php?query=tools
inoltre il mio pc (è la mia postazione di lavoro in ufficio) è collegato ad una rete LAN locale.
ecco di seguito il file LOG che mi hai chiesto:
Logfile of HijackThis v1.99.1
Scan saved at 11.31.10, on 13/09/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\NETSUP~1\client32.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINNT\system32\wuauclt.exe
C:\Programmi\File comuni\Pumatech Shared\5.3\LiveUpdate Client\PtLUWorker.exe
C:\WINNT\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\office 97\Office\OSA.EXE
C:\Programmi\PDF-XChangeSDKEU\PDFSaver.exe
C:\office 97\Office\FINDFAST.EXE
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINNT\system32\notepad.exe
C:\Programmi\Switch Off\swoff.exe
C:\Documents and Settings\aa.mastrorillo\Desktop\hijackthis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.conservatoriopiccinni.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.libero.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Libero
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINNT\system32\pkshqijf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:\WINNT\system32\mbqlmwue.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programmi\File comuni\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [PtLiveUpdate] C:\Programmi\File comuni\Pumatech Shared\5.3\LiveUpdate Client\PtLUWorker.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\aa.mastrorillo\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [discdata] C:\WINNT\system32\disclog.exe
O4 - HKCU\..\Run: [expolerx] C:\WINNT\system32\dir32disccrypt.exe %srun%
O4 - HKCU\..\Run: [datadir] C:\WINNT\system32\disccrypt.exe
O4 - HKCU\..\Run: [hostrunx] C:\WINNT\system32\datadir.exe %srun%
O4 - HKCU\..\Run: [pshower] C:\WINNT\system32\pshwr.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Avvio Office.lnk = C:\office 97\Office\OSA.EXE
O4 - Global Startup: PDF-Capture.lnk = C:\Programmi\PDF-XChangeSDKEU\PDFSaver.exe
O4 - Global Startup: Ricerca rapida.lnk = C:\office 97\Office\FINDFAST.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search -
res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso -
res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili -
res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina -
res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O15 - Trusted Zone:
www.archiviosex.net
O15 - Trusted Zone:
www.redfunny.com
O15 - Trusted Zone:
www.skymasters.biz
O15 - Trusted Zone:
www.xbeta69.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = conservatorio.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BF10D7D-24B2-450C-BCB1-0885B79A29EC}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = conservatorio.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BF10D7D-24B2-450C-BCB1-0885B79A29EC}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = conservatorio.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{1BF10D7D-24B2-450C-BCB1-0885B79A29EC}: NameServer = 192.168.0.1
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Client32 - Productive Computer Insight Ltd - C:\PROGRA~1\NETSUP~1\client32.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
ti invio inoltre l'esito dell'ultima
scansione online fatta con l'antivirus PANDA:
incidente stato
Spyware:Spyware/SafeSurf Non Disinfettato
C:\WINNT\SYSTEM32\PSHWR.EXE Spyware:Spyware/SafeSurf Non Disinfettato
C:\WINNT\system32\mbqlmwue.dll Spyware:Spyware/SafeSurf Non Disinfettato C:\WINNT\system32\pkshqijf.dll Dialer:dialer.akd Non Disinfettato C:\WINNT\DOWNLOADED PROGRAM FILES\new.exe Adware:adware/kingporn Non Disinfettato
C:\DOCUMENTS AND SETTINGS\AA.MASTRORILLO\IMPOSTAZIONI LOCALI\TEMP\ExtractDLL.dll Adware:adware/p2pnetworking Non Disinfettato C:\DOCUMENTS AND SETTINGS\AA.MASTRORILLO\IMPOSTAZIONI LOCALI\TEMP\p2psetup.exe Spyware:spyware/safesurf Non Disinfettato C:\WINNT\SYSTEM32\pkshqijf.dll Adware:adware/twain-tech Non Disinfettato C:\WINNT\smdat32m.sys Adware:adware program Non Disinfettato C:\WINNT\SYSTEM32\cache32dsrf4535dfs Dialer:dialer.chh Non Disinfettato C:\WINNT\_DlrApps Spyware:spyware/betterinet Non Disinfettato
Registro di sistema di Windows
Virus:Exploit/ByteVerify Disinfettato
C:\Documents and Settings\aa.mastrorillo\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-b5886b1-575b3fed.zip[Gummy.class]
Spyware:Spyware/SafeSurf Non Disinfettato
C:\Documents and Settings\aa.mastrorillo\Impostazioni locali\Temp\ExtractDLL.dll
Spyware:Spyware/SafeSurf Non Disinfettato
C:\Documents and Settings\aa.mastrorillo\Impostazioni locali\Temp\labpengs.tmp Adware:Adware/P2PNetworking Non Disinfettato
C:\Documents and Settings\aa.mastrorillo\Impostazioni locali\Temp\p2psetup.exe Spyware:Spyware/SafeSurf Non Disinfettato
C:\Documents and Settings\aa.mastrorillo\Impostazioni locali\Temp\sntaudio.tmp
Adware:Adware/Aurora Non Disinfettato
C:\RECYCLER\S-1-5-21-1417001333-706699826-1708537768-1005\Dc11.exe [/color]
Adware:Adware/Aurora Non Disinfettato
C:\RECYCLER\S-1-5-21-1417001333-706699826-1708537768-1005\Dc12.exe
Adware:Adware/Aurora Non Disinfettato
C:\RECYCLER\S-1-5-21-1417001333-706699826-1708537768-1005\Dc13.exe
Spyware:Spyware/SafeSurf Non Disinfettato C:\WINNT\system32\lanbrup.exe Spyware:Spyware/SafeSurf Non Disinfettato C:\WINNT\system32\mbqlmwue.dll Adware:Adware/BigTrafficNet Non Disinfettato C:\WINNT\system32\nsg2D.dll Spyware:Spyware/SafeSurf Non Disinfettato C:\WINNT\system32\pkshqijf.dll Spyware:Spyware/SafeSurf Non Disinfettato C:\WINNT\system32\pshwr.exe Dialer:Dialer.Gen Non Disinfettato C:\WINNT\vatattoo4.exe Dialer:Dialer.BKZ Non Disinfettato C:\WINNT\_DlrApps\wlasms50x.exe
spero tu ci capisca qualcosa e ancora grazie.