Ti invio il log (spero fatto bene) della scansione con HijackThis!!
Salvami non ne posso più!!![nomi][nomi][nomi]
Logfile of HijackThis v1.97.7
Scan saved at 12.35.49, on 30/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:ProgrammiFile comuniSymantec SharedccEvtMgr.exe
C:WINDOWSSystem32CTHELPER.EXE
C:ProgrammiFile comuniSymantec SharedccApp.exe
C:ProgrammiCreativeShareDLLCtNotify.exe
C:ProgrammiAheadInCDInCD.exe
C:WINDOWSSystem32ctfmon.exe
C:windows
undll32.exe
C:ProgrammiMessengermsmsgs.exe
C:ProgrammiTextBridge Classic 2.0EregREMIND32.EXE
C:ProgrammiCreativeShareDLLMediadet.exe
C:WINDOWSSystem32CTsvcCDA.exe
C:ProgrammiAheadInCDInCDsrv.exe
C:ProgrammiNorton AntiVirus
avapsvc.exe
C:WINDOWSSystem32svchost.exe
C:ProgrammiInternet ExplorerIEXPLORE.EXE
C:WINDOWSSystem32 askmgr.exe
C:Documents and SettingsMauroDocumentiUtilitàHijackThis scansione antivirus.exe
C:ProgrammiInternet Exploreriexplore.exe
C:ProgrammiOutlook Expressmsimn.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
res://C:WINDOWSSystem32ejpoh.dll/sp.html (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
res://C:WINDOWSSystem32ejpoh.dll/sp.html (obfuscated)
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
res://C:WINDOWSSystem32ejpoh.dll/sp.html (obfuscated)
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar =
res://C:WINDOWSSystem32ejpoh.dll/sp.html (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
res://C:WINDOWSSystem32ejpoh.dll/sp.html (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
res://C:WINDOWSSystem32ejpoh.dll/sp.html (obfuscated)
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSSystemlank.htm
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Collegamenti
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = ,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammiAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programmigooglegoogletoolbar2.dll
O2 - BHO: (no name) - {B7F751FE-0B97-4A37-9507-585D41AA0218} - C:WINDOWSSystem32ejpoh.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:ProgrammiNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:ProgrammiNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programmigooglegoogletoolbar2.dll
O4 - HKLM..Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM..Run: [Jet Detection] C:ProgrammiCreativeSBLivePROGRAMADGJDet.exe
O4 - HKLM..Run: [ccApp] "C:ProgrammiFile comuniSymantec SharedccApp.exe"
O4 - HKLM..Run: [ccRegVfy] "C:ProgrammiFile comuniSymantec SharedccRegVfy.exe"
O4 - HKLM..Run: [Disc Detector] C:ProgrammiCreativeShareDLLCtNotify.exe
O4 - HKLM..Run: [InCD] C:ProgrammiAheadInCDInCD.exe
O4 - HKLM..Run: [PinnacleDriverCheck] C:WINDOWSSystem32PSDrvCheck.exe -CheckReg
O4 - HKLM..RunServices: [RegisterDropHandler] C:PROGRA~1TEXTBR~1.0BinREGIST~1.EXE
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [rundll32] C:windows
undll32.exe
O4 - HKCU..Run: [MSMSGS] "C:ProgrammiMessengermsmsgs.exe" /background
O4 - Startup: reminder-Registrazione del prodotto Scansoft.lnk = C:ProgrammiTextBridge Classic 2.0EregREMIND32.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:ProgrammiFile comuniAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:ProgrammiMicrosoft OfficeOffice10OSA.EXE
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 - Extra context menu item: &Google Search -
res://c:programmigoogleGoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links -
res://c:programmigoogleGoogleToolbar2.d ... links.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://c:programmigoogleGoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages -
res://c:programmigoogleGoogleToolbar2.d ... milar.html
O12 - Plugin for .mov: C:ProgrammiInternet ExplorerPLUGINS
pqtplugin.dll
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} -
http://63.219.181.7/cax.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:MAIN.MHT!http://d.dialer2004.com//promax1/main.chm::/load.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
O16 - DPF: {11512201-1001-1111-1000-134611006731} - ms-its:mhtml:file://c:
osuch.mht!http://online.e-open.net/pop/chm/vitek2.chm::/d_vitek2.exe
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/C ... .535162037
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) -
http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) -
http://www.stopzilla.com/_download/Auto ... dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shoc ... wflash.cab
O17 - HKLMSystemCCSServicesTcpip..{FAC2CF71-363D-4C5D-B3C5-D0D40717E259}: NameServer = 212.245.255.2