menzano
02-02-2005, 00.49.54
Salve, sono tempestato da una finestra popup di una pagina internet (blank) che appare ogni minuto. Ecco il file log
Logfile of HijackThis v1.98.2
Scan saved at 0.41.42, on 02/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\System32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
G:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
G:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
G:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
G:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
G:\Programmi\Creative\ShareDLL\CtNotify.exe
G:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
G:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
G:\Programmi\File comuni\Symantec Shared\ccApp.exe
G:\WINDOWS\System32\MSOffice\services.exe
G:\Programmi\Creative\ShareDLL\MediaDet.Exe
G:\Programmi\File comuni\Symantec Shared\ccProxy.exe
G:\PROGRA~1\Tastiera\Keyboard\Ikeymain.exe
G:\Programmi\ATI Multimedia\main\ATIDtct.EXE
G:\Programmi\Creative\SBAudigy\Taskbar\CTLTray.exe
G:\Programmi\Creative\SBAudigy\Taskbar\CTLTask.exe
G:\WINDOWS\System32\ctfmon.exe
G:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
G:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
G:\Programmi\Folder Shield\FSService.exe
G:\Programmi\Folder Shield\fsp.exe
G:\Programmi\Norton AntiVirus\navapsvc.exe
G:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
G:\WINDOWS\System32\svchost.exe
G:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\WINDOWS\System32\MsPMSPSv.exe
G:\Programmi\Avant Browser\avant.exe
G:\PROGRA~1\DAP\DAP.EXE
D:\Utility\MemoRex\MemoRex.exe
D:\Internet\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wintricks.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Internet\Spybot\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - G:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - G:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: (no name) - -{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: (no name) - -{62999427-33FC-4BAF-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] G:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIPTA] G:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [fspr] "G:\Programmi\Folder Shield\FolderShield.exe" CR
O4 - HKLM\..\Run: [Jet Detection] G:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Disc Detector] G:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "G:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ccApp] "G:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CTStartup] G:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [MSOffice] G:\WINDOWS\System32\MSOffice\services.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] G:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] G:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iKeyWorks] G:\PROGRA~1\Tastiera\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [MemoREX] "D:\Utility\MemoRex\MemoRexStart.exe"
O4 - HKLM\..\RunServices: [Security Patches] msndr.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] G:\Programmi\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [TaskTray] G:\Programmi\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] G:\Programmi\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\ctfmon.exe
O4 - Startup: DSLMON.lnk = G:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: DSLMON.lnk = G:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - G:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Aggiungi l'indirizzo alla Lista Nera della pubblicità - G:\Programmi\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Apri tutti i collegamenti nella pagina in linguette diverse - G:\Programmi\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Blocca tutte le immagini provenienti dal server di questa - G:\Programmi\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cerca con Google - G:\Programmi\Avant Browser\Search.htm
O8 - Extra context menu item: Download &all with DAP - G:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Evidenzia in questa pagina - G:\Programmi\Avant Browser\Highlight.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - G:\Programmi\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c284.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDCFC2D2-A49E-4280-946F-283756586612}: NameServer = 217.141.249.205 151.99.125.1
O18 - Filter: text/html - {B549D553-DEAE-4A32-B5CB-564E35BCCD3A} - G:\Documents and Settings\FABIO\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\V0.26.dat
Logfile of HijackThis v1.98.2
Scan saved at 0.41.42, on 02/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\System32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
G:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
G:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
G:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
G:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
G:\Programmi\Creative\ShareDLL\CtNotify.exe
G:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
G:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
G:\Programmi\File comuni\Symantec Shared\ccApp.exe
G:\WINDOWS\System32\MSOffice\services.exe
G:\Programmi\Creative\ShareDLL\MediaDet.Exe
G:\Programmi\File comuni\Symantec Shared\ccProxy.exe
G:\PROGRA~1\Tastiera\Keyboard\Ikeymain.exe
G:\Programmi\ATI Multimedia\main\ATIDtct.EXE
G:\Programmi\Creative\SBAudigy\Taskbar\CTLTray.exe
G:\Programmi\Creative\SBAudigy\Taskbar\CTLTask.exe
G:\WINDOWS\System32\ctfmon.exe
G:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
G:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
G:\Programmi\Folder Shield\FSService.exe
G:\Programmi\Folder Shield\fsp.exe
G:\Programmi\Norton AntiVirus\navapsvc.exe
G:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
G:\WINDOWS\System32\svchost.exe
G:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\WINDOWS\System32\MsPMSPSv.exe
G:\Programmi\Avant Browser\avant.exe
G:\PROGRA~1\DAP\DAP.EXE
D:\Utility\MemoRex\MemoRex.exe
D:\Internet\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wintricks.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Internet\Spybot\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - G:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - G:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: (no name) - -{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: (no name) - -{62999427-33FC-4BAF-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] G:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIPTA] G:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [fspr] "G:\Programmi\Folder Shield\FolderShield.exe" CR
O4 - HKLM\..\Run: [Jet Detection] G:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Disc Detector] G:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "G:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ccApp] "G:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CTStartup] G:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [MSOffice] G:\WINDOWS\System32\MSOffice\services.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] G:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] G:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iKeyWorks] G:\PROGRA~1\Tastiera\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [MemoREX] "D:\Utility\MemoRex\MemoRexStart.exe"
O4 - HKLM\..\RunServices: [Security Patches] msndr.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] G:\Programmi\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [TaskTray] G:\Programmi\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] G:\Programmi\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\ctfmon.exe
O4 - Startup: DSLMON.lnk = G:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: DSLMON.lnk = G:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - G:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Aggiungi l'indirizzo alla Lista Nera della pubblicità - G:\Programmi\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Apri tutti i collegamenti nella pagina in linguette diverse - G:\Programmi\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Blocca tutte le immagini provenienti dal server di questa - G:\Programmi\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cerca con Google - G:\Programmi\Avant Browser\Search.htm
O8 - Extra context menu item: Download &all with DAP - G:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Evidenzia in questa pagina - G:\Programmi\Avant Browser\Highlight.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINDOWS\System32\msjava.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - G:\Programmi\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c284.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDCFC2D2-A49E-4280-946F-283756586612}: NameServer = 217.141.249.205 151.99.125.1
O18 - Filter: text/html - {B549D553-DEAE-4A32-B5CB-564E35BCCD3A} - G:\Documents and Settings\FABIO\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\V0.26.dat