Buongiorno a tutti.
Da un paio di giorni a questa parte, facendo la scansione con hijack continuo ad ottenere un risultato curioso: una lunghissima serie di hosts file (01) che non riesco ad eliminare.
Ecco il log:
Logfile of HijackThis v1.99.1
Scan saved at 10.30.45, on 06/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Eset\nod32krn.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Eset\nod32kui.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 128.250.24.84 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 128.250.24.84 www3.aibgbonline.co.uk
O1 - Hosts: 128.250.24.84 www.bank.alliance-leicester.co.uk
O1 - Hosts: 128.250.24.84 login.iblogin.com
O1 - Hosts: 128.250.24.84 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 128.250.24.84 inet.barclays.co.uk
O1 - Hosts: 128.250.24.84 iibank.barclays.co.uk
O1 - Hosts: 128.250.24.84 iibank.cahoot.com
O1 - Hosts: 128.250.24.84 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 128.250.24.84 ww.hsbc.co.uk
O1 - Hosts: 128.250.24.84 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 128.250.24.84 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 128.250.24.84 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ww3.online.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ww3.online.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ob2.nationet.com
O1 - Hosts: 128.250.24.84 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 128.250.24.84 ww1.nwolb.com
O1 - Hosts: 128.250.24.84 ww1.onlinebanking.iombank.com
O1 - Hosts: 128.250.24.84 ww1.www.rbsdigital.com
O1 - Hosts: 128.250.24.84 welcome.smile.co.uk
O1 - Hosts: 128.250.24.84 login.365online.com
O1 - Hosts: 128.250.24.84 wvw.citizensbankonline.com
O1 - Hosts: 128.250.24.84 esecure.regionsnet.com
O1 - Hosts: 128.250.24.84 rollb.associatedbank.com
O1 - Hosts: 128.250.24.84 upb.unionplanters.com
O1 - Hosts: 128.250.24.84 www.onlinebanking.huntington.com
O1 - Hosts: 128.250.24.84 inet.southtrustonlinebanking.com
O1 - Hosts: 128.250.24.84 logon.personal.wamu.com
O1 - Hosts: 128.250.24.84 login.compassweb.com
O1 - Hosts: 128.250.24.84 logon.firstmeritib.com
O1 - Hosts: 128.250.24.84 login.ccfcuonline.org
O1 - Hosts: 128.250.24.84 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 128.250.24.84 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 128.250.24.84 wvw.totallyfreebanking.com
O1 - Hosts: 128.250.24.84 www.online.wellsfargo.com
O1 - Hosts: 128.250.24.84 www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 128.250.24.84 accounts4.keybank.com
O1 - Hosts: 128.250.24.84 logon.bankone.com
O1 - Hosts: 128.250.24.84 www.secure.tdbanknorth.com
O1 - Hosts: 128.250.24.84 www.secure.mvnt4.com
O1 - Hosts: 128.250.24.84 ww.mynfbonline.com
O1 - Hosts: 128.250.24.84 login.forumcuonline.com
O1 - Hosts: 128.250.24.84 www.eds.usersonlnet.com
O1 - Hosts: 128.250.24.84 www.onlineid.bankofamerica.com
O1 - Hosts: 128.250.24.84 wvw.e-gold.com
O1 - Hosts: 128.250.24.84 pcbs.peoples.com
O1 - Hosts: 128.250.24.84 www.global1.onlinebank.com
O1 - Hosts: 128.250.24.84 ww2.mybranch.lafcu.com
O1 - Hosts: 128.250.24.84 login.webbanking.comerica.com
O1 - Hosts: 128.250.24.84 web.banking.firsttennessee.com
O1 - Hosts: 128.250.24.84 logon.members1st.org
O1 - Hosts: 128.250.24.84 www.cib.ibanking-services.com
O1 - Hosts: 128.250.24.84 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 128.250.24.84 wvw.paypal.com
O1 - Hosts: 128.250.24.84 www.signin.ebay.com
O1 - Hosts: 128.250.24.84 wvw.etrade.com
O1 - Hosts: 128.250.24.84 ww4.fleethomelink.fleet.com
O1 - Hosts: 128.250.24.84 ww3.connect.skyfi.com
O1 - Hosts: 128.250.24.84 www6.usbank.com
O1 - Hosts: 128.250.24.84 www.bvi.bancodevalencia.es
O1 - Hosts: 128.250.24.84 extrant.banesto.es
O1 - Hosts: 128.250.24.84 banesnt.banesto.es
O1 - Hosts: 128.250.24.84 activia.caixagalicia.es
O1 - Hosts: 128.250.24.84 www.bancae.caixapenedes.com
O1 - Hosts: 128.250.24.84 login.caixasabadell.net
O1 - Hosts: 128.250.24.84 oii.cajamadrid.es
O1 - Hosts: 128.250.24.84 login.cajamar.es
O1 - Hosts: 128.250.24.84 login.ccm.es
O1 - Hosts: 128.250.24.84 ww.unicaja.es
O1 - Hosts: 128.250.24.84 www5.bancopopular.es
O1 - Hosts: 128.250.24.84 ww3.bbvanet.com
O1 - Hosts: 128.250.24.84 ww.bayernlb.de
O1 - Hosts: 128.250.24.84 ww2.berliner-volksbank.de
O1 - Hosts: 128.250.24.84 ww7.homebanking-berlin.de
O1 - Hosts: 128.250.24.84 portal09.commerzbanking.de
O1 - Hosts: 128.250.24.84 www.meine.deutsche-bank.de
O1 - Hosts: 128.250.24.84 ww2.dresdner-privat.de
O1 - Hosts: 128.250.24.84 ww.e-banking.helaba.de
O1 - Hosts: 128.250.24.84 ww.hsh-nordbank.de
O1 - Hosts: 128.250.24.84 www.my.hypovereinsbank.de
O1 - Hosts: 128.250.24.84 ww3.homebanking-berlin.de
O1 - Hosts: 128.250.24.84 ww3.homebanking-berlin.de
O1 - Hosts: 128.250.24.84 www.banking.lbbw.de
O1 - Hosts: 128.250.24.84 lrp.sparkasse-banking.de
O1 - Hosts: 128.250.24.84 ww3.homebanking-niedersachsen.de
O1 - Hosts: 128.250.24.84 www.onlinebanking.norisbank.de
O1 - Hosts: 128.250.24.84 www.banking.postbank.de
O1 - Hosts: 128.250.24.84 wvw.internetbanking.gad.de
O1 - Hosts: 128.250.24.84 ww1.portal.izb.de
O1 - Hosts: 128.250.24.84 wvw.kunden-service.lbs.de
O1 - Hosts: 128.250.24.84 ibanking.seb.de
O1 - Hosts: 128.250.24.84 bw7.sparkasse-banking.de
O1 - Hosts: 128.250.24.84 ww2.homebanking-sparkasse.de
O1 - Hosts: 128.250.24.84 ww2.vr-networld-ebanking.de
O1 - Hosts: 128.250.24.84 ww.bics.fr
O1 - Hosts: 128.250.24.84 www.co.caixabank.fr
O1 - Hosts: 128.250.24.84 ww.creditmutuel.fr
O1 - Hosts: 128.250.24.84 internetbank.intesabci.it
O1 - Hosts: 128.250.24.84 ww.extensive.bancalombarda.it
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Microsoft Java Class - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - C:\WINNT\system32\dllcache\java.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Alice - {42F5B0CF-CD8B-474D-AF11-5BBE76AF486E} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125587466207
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: Print Spool Handler (Print Spooler) - Unknown owner - C:\WINNT\system32\spooler.exe (file missing)
O23 - Service: SCSMS32 (SCSMS) - Unknown owner - C:\WINNT\scmsm32.exe (file missing)
O23 - Service: Windows Update 32 (Win32) - Unknown owner - C:\WINNT\system32\C:\WINNT\system32\slsys.exe" -netsvcs (file missing)
Chi mi dà una mano?
Thanks to Ya all!