ecco il log di HijackThis:
Logfile of HijackThis v1.97.7
Scan saved at 10.06.12, on 18/04/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT1\System32\smss.exe
C:\WINNT1\system32\winlogon.exe
C:\WINNT1\system32\services.exe
C:\WINNT1\system32\lsass.exe
C:\WINNT1\system32\svchost.exe
C:\WINNT1\system32\spoolsv.exe
C:\WINNT1\System32\svchost.exe
C:\Programmi\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Programmi\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Programmi\Panda Software\Panda Antivirus Platinum\pavsrv50.exe
C:\WINNT1\system32\regsvc.exe
C:\WINNT1\system32\MSTask.exe
C:\Programmi\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINNT1\system32\slserv.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT1\System32\WBEM\WinMgmt.exe
C:\WINNT1\Explorer.EXE
C:\WINNT1\System32\inetsrv\inetinfo.exe
C:\Programmi\File comuni\Symantec Shared\SymTray.exe
C:\WINNT1\System32\RunDll32.exe
C:\Programmi\Winamp3\winampa.exe
C:\Programmi\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINNT1\System32\internat.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe
C:\Programmi\CountDown\CountDown.exe
C:\Programmi\Microsoft Office\Office\1040\msoffice.exe
C:\Programmi\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\sal\IMPOST~1\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINNT1\system32\searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.libero.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINNT1\system32\searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://crhmuv.t.muxa.cc/h.php?aid=227 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://crhmuv.t.muxa.cc/s.php?aid=227 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://crhmuv.t.muxa.cc/s.php?aid=227 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINNT1\system32\searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://crhmuv.t.muxa.cc/s.php?aid=227 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about
:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINNT1\system32\searchbar.html
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Elitum EliteBar - {FA6548E9-78F5-4025-9D7B-FC1367789C38} - C:\WINNT1\EliteBar\EliteBar.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT1\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmi\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Programmi\File comuni\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT1\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - HKCU\..\Run: [aimboot] %SystemRoot%\awinrar.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Programmi\File comuni\Symantec Shared\Symtrdr.exe
O4 - Startup: CountDown.lnk = C:\Programmi\CountDown\CountDown.exe
O4 - Global Startup: Barra degli strumenti Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: DSLMON.lnk = C:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe
O9 - Extra button: Ricerche (HKLM)
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) -
http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/0...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.co...l.CAB?37924.47
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D58684F-AE5C-4492-B400-0171E87C8E03}: NameServer = 80.21.163.20 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D58684F-AE5C-4492-B400-0171E87C8E03}: NameServer = 80.21.163.20 151.99.125.1
Permessi di invio
Rispondi quotando