Logfile of HijackThis v1.98.2
Scan saved at 19.03.54, on 04/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\Roxio\GoBack\GBPoll.exe
C:\Programmi\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\fxssvc.exe
C:\WINNT\system32\carpserv.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\vpc32.exe
C:\Programmi\Roxio\GoBack\GBTray.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\drwtsn32.exe
C:\WINNT\system32\drwtsn32.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = 69.61.38.52
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 69.50.136.245 www.madthumbs.com madthumbs.com www.sexocean.com sexocean.com www.cowlist.com cowlist.com www.easygals.com easygals.com www.muyzorras.com muyzorras.com www.xnxx.com xnxx.com
O1 - Hosts: 69.50.136.245 www.bunnyteens.com bunnyteens.com www.amateurcurves.com amateurcurves.com www.pichunter.com pichunter.com www.88by88.com 88by88.com www.rubias19.com rubias19.com
O1 - Hosts: 69.50.136.245 sexape.com www.sexape.com picwarehouse.com www.picwarehouse.com sublimedirectory.com www.sublimedirectory.com fuckk.com www.fuckk.com youngerbabes.com www.youngerbabes.com 1storgasm.com www.1storgasm.com slickgalleries.com
O1 - Hosts: 69.50.136.245 www.slickgalleries.com 10fuck.com www.10fuck.com smashingthumbs.com puppykibble.com www.puppykibble.com www.thumbnailseries.com thumbnailseries.com goatlist.com www.goatlist.com
O1 - Hosts: 69.50.136.245 www.worldsex.com worldsex.com www.al4a.com al4a.com www.89.com 89.com www.thumberland.com thumberland.com www.freeheaven.com freeheaven.com www.spyass.com spyass.com www.ampland.com ampland.com secretarygalleries.com
O1 - Hosts: 69.50.136.245 amandalist.com www.amandalist.com www.absolut-series.com absolut-series.com lloronas.com www.lloronas.com p0rno.org www.p0rno.org www.starslist.com starslist.com gigagalleries.com
O1 - Hosts: 69.50.136.245 dianapost.com www.dianapost.com www.zadina.com zadina.com www.frogsex.com frogsex.com teenagesecrets.biz www.teenagesecrets.biz ratemycameltoe.com www.mature-post.com mature-post.com www.call-kelly.com
O1 - Hosts: 69.50.136.245 elreyano.com www.elreyano.com purextc.com www.purextc.com officespy.com www.officespy.com www.secretarygalleries.com www.gigagalleries.com
O1 - Hosts: 69.50.136.245 pussy.org www.pussy.org freesmutseries.net www.freesmutseries.net porno-pics-free.com www.porno-pics-free.com catlist.com www.smashingthumbs.com call-kelly.com www.boneme.com boneme.com
O1 - Hosts: 69.50.136.245 teeniefiles.com www.teeniefiles.com jpeg4free.com www.jpeg4free.com www.catlist.com www.ratemycameltoe.com sleazydream.com www.sleazydream.com
O1 - Hosts: 69.50.136.245 sexyfotky.cz www.sexyfotky.cz hammervideo.com www.hammervideo.com rawpussy.com www.rawpussy.com teeniesxxx.com www.teeniesxxx.com porn-view.com www.porn-view.com
O1 - Hosts: 69.50.136.245 pornstarfinder.net www.pornstarfinder.net jennysbookmarks.com www.jennysbookmarks.com babes4free.com www.babes4free.com 3pic.com www.3pic.com
O1 - Hosts: 69.50.136.245 searchgals.com www.searchgals.com picsmonster.com www.picsmonster.com sublimepie.com www.sublimepie.com pornhelious.com www.pornhelious.com
O2 - BHO: (no name) - {4124755D-7D93-70E8-D4A8-C946665BFE42} - C:\WINNT\System32\cecenix.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {94FE1F77-E6FA-438C-B3D5-A34DA1921493} - C:\WINNT\system32\licc.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F2A4407B-FFBC-4A1F-A18A-0F68C3E0FC9E} - C:\WINNT\system32\viuaboqi.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] C:\Programmi\File comuni\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Microsoft Update] vpc32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe
O4 - Global Startup: GoBack.lnk = C:\Programmi\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {63BAECA2-9E3C-45DE-B2B1-BBC5FA99958E} - http://81.74.238.7/aliceadsl/aliceadsl/registration/entry.do
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/506774.exe
O16 - DPF: {FE4BBEA8-1EFD-4B8A-BD1B-341CCDBEEAA6} (Dhsigned Control) - http://ads.dealhelper.com/updates/DealHelperNew.cab
O18 - Filter: text/html - {01CCAC60-17FB-4387-A851-C10B5694CD0C} - C:\WINNT\system32\licc.dll
O18 - Filter: text/plain - {01CCAC60-17FB-4387-A851-C10B5694CD0C} - C:\WINNT\system32\licc.dll

Ciao ,
esegui queste operazioni

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = 69.61.38.52
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
-
O1 - Hosts: 69.50.136.245 www.madthumbs.com madthumbs.com www.sexocean.com sexocean.com www.cowlist.com cowlist.com www.easygals.com easygals.com www.muyzorras.com muyzorras.com www.xnxx.com xnxx.com
O1 - Hosts: 69.50.136.245 www.bunnyteens.com bunnyteens.com www.amateurcurves.com amateurcurves.com www.pichunter.com pichunter.com www.88by88.com 88by88.com www.rubias19.com rubias19.com
O1 - Hosts: 69.50.136.245 sexape.com www.sexape.com picwarehouse.com www.picwarehouse.com sublimedirectory.com www.sublimedirectory.com fuckk.com www.fuckk.com youngerbabes.com www.youngerbabes.com 1storgasm.com www.1storgasm.com slickgalleries.com
O1 - Hosts: 69.50.136.245 www.slickgalleries.com 10fuck.com www.10fuck.com smashingthumbs.com puppykibble.com www.puppykibble.com www.thumbnailseries.com thumbnailseries.com goatlist.com www.goatlist.com
O1 - Hosts: 69.50.136.245 www.worldsex.com worldsex.com www.al4a.com al4a.com www.89.com 89.com www.thumberland.com thumberland.com www.freeheaven.com freeheaven.com www.spyass.com spyass.com www.ampland.com ampland.com secretarygalleries.com
O1 - Hosts: 69.50.136.245 amandalist.com www.amandalist.com www.absolut-series.com absolut-series.com lloronas.com www.lloronas.com p0rno.org www.p0rno.org www.starslist.com starslist.com gigagalleries.com
O1 - Hosts: 69.50.136.245 dianapost.com www.dianapost.com www.zadina.com zadina.com www.frogsex.com frogsex.com teenagesecrets.biz www.teenagesecrets.biz ratemycameltoe.com www.mature-post.com mature-post.com www.call-kelly.com
O1 - Hosts: 69.50.136.245 elreyano.com www.elreyano.com purextc.com www.purextc.com officespy.com www.officespy.com www.secretarygalleries.com www.gigagalleries.com
O1 - Hosts: 69.50.136.245 pussy.org www.pussy.org freesmutseries.net www.freesmutseries.net porno-pics-free.com www.porno-pics-free.com catlist.com www.smashingthumbs.com call-kelly.com www.boneme.com boneme.com
O1 - Hosts: 69.50.136.245 teeniefiles.com www.teeniefiles.com jpeg4free.com www.jpeg4free.com www.catlist.com www.ratemycameltoe.com sleazydream.com www.sleazydream.com
O1 - Hosts: 69.50.136.245 sexyfotky.cz www.sexyfotky.cz hammervideo.com www.hammervideo.com rawpussy.com www.rawpussy.com teeniesxxx.com www.teeniesxxx.com porn-view.com www.porn-view.com
O1 - Hosts: 69.50.136.245 pornstarfinder.net www.pornstarfinder.net jennysbookmarks.com www.jennysbookmarks.com babes4free.com www.babes4free.com 3pic.com www.3pic.com
O1 - Hosts: 69.50.136.245 searchgals.com www.searchgals.com picsmonster.com www.picsmonster.com sublimepie.com www.sublimepie.com pornhelious.com www.pornhelious.com
O2 - BHO: (no name) - {4124755D-7D93-70E8-D4A8-C946665BFE42} - C:\WINNT\System32\cecenix.dll
-
O2 - BHO: (no name) - {94FE1F77-E6FA-438C-B3D5-A34DA1921493} - C:\WINNT\system32\licc.dll
-
O2 - BHO: (no name) - {F2A4407B-FFBC-4A1F-A18A-0F68C3E0FC9E} - C:\WINNT\system32\viuaboqi.dll
-
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/506774.exe
O16 - DPF: {FE4BBEA8-1EFD-4B8A-BD1B-341CCDBEEAA6} (Dhsigned Control) - http://ads.dealhelper.com/updates/DealHelperNew.cab
O18 - Filter: text/html - {01CCAC60-17FB-4387-A851-C10B5694CD0C} - C:\WINNT\system32\licc.dll
O18 - Filter: text/plain - {01CCAC60-17FB-4387-A851-C10B5694CD0C} - C:\WINNT\system32\licc.dll
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
sp.dll
cecenix.dll
licc.dll
viuaboqi.dll
==================================

al termine utilizza i programma AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.

---

Collaboratore Aiutamici

Ciao amvinfe,
ti ringrazio per l'aiuto...

ho letto la tua risposta solo dopo avere eseguito quanto scritto da alfonso: comunque sembra che il problema sia stato eliminato, anche se non sono riuscito a trovare ed eliminare i files: cecenix.dll e viuaboqi.dll (il "trova" di windows ha dato esito negativo!).

Pensi che sia il caso di eseguire anche la procedura che mi suggerisci?
(in effetti quanto scritto da te è ancora presente nel sistema).

Ciao amvinfe,
ti ringrazio per l'aiuto...

ho letto la tua risposta solo dopo avere eseguito quanto scritto da alfonso: comunque sembra che il problema sia stato eliminato, anche se non sono riuscito a trovare ed eliminare i files: cecenix.dll e viuaboqi.dll (il "trova" di windows ha dato esito negativo!).

Pensi che sia il caso di eseguire anche la procedura che mi suggerisci?
(in effetti quanto scritto da te è ancora presente nel sistema).

Un GRAZIE ENORME per Alfonso

Ciao amvinfe,
ti ringrazio per l'aiuto...

ho letto la tua risposta solo dopo avere eseguito quanto scritto da alfonso: comunque sembra che il problema sia stato eliminato, anche se non sono riuscito a trovare ed eliminare i files: cecenix.dll e viuaboqi.dll (il "trova" di windows ha dato esito negativo!).

Pensi che sia il caso di eseguire anche la procedura che mi suggerisci?
(in effetti quanto scritto da te è ancora presente nel sistema).

Un GRAZIE ENORME per Alfonso