Compare come pagina iniziale di Internet una diversa da quella preimpostata. Mi potete dire anche se ci sono problemi con la protezione antivirus di Norton? Mi pare che non ci siano aggiornamenti da dicembre 2004, grazie.
Logfile of HijackThis v1.99.1
Scan saved at 21.45.50, on 18/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\CRW\shwicon.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\d3td32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {794F43DD-B7AC-6EC0-A5F6-521F6ED11C88} - C:\WINDOWS\system32\apprn32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [d3td32.exe] C:\WINDOWS\system32\d3td32.exe
O4 - HKLM\..\RunOnce: [msei.exe] C:\WINDOWS\msei.exe
O4 - HKLM\..\RunOnce: [ieio32.exe] C:\WINDOWS\ieio32.exe
O4 - HKLM\..\RunOnce: [appki32.exe] C:\WINDOWS\appki32.exe
O4 - HKLM\..\RunOnce: [d3am32.exe] C:\WINDOWS\d3am32.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\system32\atlin.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\system32\atldy.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [atlzj32.exe] C:\WINDOWS\atlzj32.exe
O4 - HKLM\..\RunOnce: [ipgm32.exe] C:\WINDOWS\ipgm32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [crrv.exe] C:\WINDOWS\system32\crrv.exe
O4 - HKLM\..\RunOnce: [ieid.exe] C:\WINDOWS\ieid.exe
O4 - HKLM\..\RunOnce: [addad.exe] C:\WINDOWS\addad.exe
O4 - HKLM\..\RunOnce: [crsl32.exe] C:\WINDOWS\crsl32.exe
O4 - HKLM\..\RunOnce: [appga32.exe] C:\WINDOWS\appga32.exe
O4 - HKLM\..\RunOnce: [javaga.exe] C:\WINDOWS\system32\javaga.exe
O4 - HKLM\..\RunOnce: [ipkm.exe] C:\WINDOWS\ipkm.exe
O4 - HKLM\..\RunOnce: [ipfd32.exe] C:\WINDOWS\ipfd32.exe
O4 - HKLM\..\RunOnce: [appja32.exe] C:\WINDOWS\appja32.exe
O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [atlsn.exe] C:\WINDOWS\atlsn.exe
O4 - HKLM\..\RunOnce: [iele32.exe] C:\WINDOWS\system32\iele32.exe
O4 - HKLM\..\RunOnce: [apirv.exe] C:\WINDOWS\system32\apirv.exe
O4 - HKLM\..\RunOnce: [ntbo32.exe] C:\WINDOWS\ntbo32.exe
O4 - HKLM\..\RunOnce: [d3ad.exe] C:\WINDOWS\system32\d3ad.exe
O4 - HKLM\..\RunOnce: [winvz.exe] C:\WINDOWS\system32\winvz.exe
O4 - HKLM\..\RunOnce: [ietd.exe] C:\WINDOWS\system32\ietd.exe
O4 - HKLM\..\RunOnce: [ieno32.exe] C:\WINDOWS\ieno32.exe
O4 - HKLM\..\RunOnce: [sdksk32.exe] C:\WINDOWS\system32\sdksk32.exe
O4 - HKLM\..\RunOnce: [sysne.exe] C:\WINDOWS\sysne.exe
O4 - HKLM\..\RunOnce: [d3ri32.exe] C:\WINDOWS\d3ri32.exe
O4 - HKLM\..\RunOnce: [ntpx.exe] C:\WINDOWS\system32\ntpx.exe
O4 - HKLM\..\RunOnce: [netlz.exe] C:\WINDOWS\system32\netlz.exe
O4 - HKLM\..\RunOnce: [ipye.exe] C:\WINDOWS\system32\ipye.exe
O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe
O4 - HKLM\..\RunOnce: [iptx32.exe] C:\WINDOWS\system32\iptx32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\system32\ietr32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) -
http://www.20x2p.com/5de42e78/enter.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} -
http://deposito.hostance.net/dialer/1058972.exeO16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} -
http://download.energyfactor.com/dialer/it/activex_451_it.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{4611CDD1-FD38-47E5-8244-CEB539499E17}: NameServer = 62.94.0.1 62.94.0.2
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipgm32.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 21.45.50, on 18/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\CRW\shwicon.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\d3td32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {794F43DD-B7AC-6EC0-A5F6-521F6ED11C88} - C:\WINDOWS\system32\apprn32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [d3td32.exe] C:\WINDOWS\system32\d3td32.exe
O4 - HKLM\..\RunOnce: [msei.exe] C:\WINDOWS\msei.exe
O4 - HKLM\..\RunOnce: [ieio32.exe] C:\WINDOWS\ieio32.exe
O4 - HKLM\..\RunOnce: [appki32.exe] C:\WINDOWS\appki32.exe
O4 - HKLM\..\RunOnce: [d3am32.exe] C:\WINDOWS\d3am32.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\system32\atlin.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\system32\atldy.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [atlzj32.exe] C:\WINDOWS\atlzj32.exe
O4 - HKLM\..\RunOnce: [ipgm32.exe] C:\WINDOWS\ipgm32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [crrv.exe] C:\WINDOWS\system32\crrv.exe
O4 - HKLM\..\RunOnce: [ieid.exe] C:\WINDOWS\ieid.exe
O4 - HKLM\..\RunOnce: [addad.exe] C:\WINDOWS\addad.exe
O4 - HKLM\..\RunOnce: [crsl32.exe] C:\WINDOWS\crsl32.exe
O4 - HKLM\..\RunOnce: [appga32.exe] C:\WINDOWS\appga32.exe
O4 - HKLM\..\RunOnce: [javaga.exe] C:\WINDOWS\system32\javaga.exe
O4 - HKLM\..\RunOnce: [ipkm.exe] C:\WINDOWS\ipkm.exe
O4 - HKLM\..\RunOnce: [ipfd32.exe] C:\WINDOWS\ipfd32.exe
O4 - HKLM\..\RunOnce: [appja32.exe] C:\WINDOWS\appja32.exe
O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [atlsn.exe] C:\WINDOWS\atlsn.exe
O4 - HKLM\..\RunOnce: [iele32.exe] C:\WINDOWS\system32\iele32.exe
O4 - HKLM\..\RunOnce: [apirv.exe] C:\WINDOWS\system32\apirv.exe
O4 - HKLM\..\RunOnce: [ntbo32.exe] C:\WINDOWS\ntbo32.exe
O4 - HKLM\..\RunOnce: [d3ad.exe] C:\WINDOWS\system32\d3ad.exe
O4 - HKLM\..\RunOnce: [winvz.exe] C:\WINDOWS\system32\winvz.exe
O4 - HKLM\..\RunOnce: [ietd.exe] C:\WINDOWS\system32\ietd.exe
O4 - HKLM\..\RunOnce: [ieno32.exe] C:\WINDOWS\ieno32.exe
O4 - HKLM\..\RunOnce: [sdksk32.exe] C:\WINDOWS\system32\sdksk32.exe
O4 - HKLM\..\RunOnce: [sysne.exe] C:\WINDOWS\sysne.exe
O4 - HKLM\..\RunOnce: [d3ri32.exe] C:\WINDOWS\d3ri32.exe
O4 - HKLM\..\RunOnce: [ntpx.exe] C:\WINDOWS\system32\ntpx.exe
O4 - HKLM\..\RunOnce: [netlz.exe] C:\WINDOWS\system32\netlz.exe
O4 - HKLM\..\RunOnce: [ipye.exe] C:\WINDOWS\system32\ipye.exe
O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe
O4 - HKLM\..\RunOnce: [iptx32.exe] C:\WINDOWS\system32\iptx32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\system32\ietr32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) -
http://www.20x2p.com/5de42e78/enter.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} -
http://deposito.hostance.net/dialer/1058972.exeO16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} -
http://download.energyfactor.com/dialer/it/activex_451_it.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{4611CDD1-FD38-47E5-8244-CEB539499E17}: NameServer = 62.94.0.1 62.94.0.2
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipgm32.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 21.45.50, on 18/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\CRW\shwicon.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\d3td32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {794F43DD-B7AC-6EC0-A5F6-521F6ED11C88} - C:\WINDOWS\system32\apprn32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [d3td32.exe] C:\WINDOWS\system32\d3td32.exe
O4 - HKLM\..\RunOnce: [msei.exe] C:\WINDOWS\msei.exe
O4 - HKLM\..\RunOnce: [ieio32.exe] C:\WINDOWS\ieio32.exe
O4 - HKLM\..\RunOnce: [appki32.exe] C:\WINDOWS\appki32.exe
O4 - HKLM\..\RunOnce: [d3am32.exe] C:\WINDOWS\d3am32.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\system32\atlin.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\system32\atldy.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [atlzj32.exe] C:\WINDOWS\atlzj32.exe
O4 - HKLM\..\RunOnce: [ipgm32.exe] C:\WINDOWS\ipgm32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [crrv.exe] C:\WINDOWS\system32\crrv.exe
O4 - HKLM\..\RunOnce: [ieid.exe] C:\WINDOWS\ieid.exe
O4 - HKLM\..\RunOnce: [addad.exe] C:\WINDOWS\addad.exe
O4 - HKLM\..\RunOnce: [crsl32.exe] C:\WINDOWS\crsl32.exe
O4 - HKLM\..\RunOnce: [appga32.exe] C:\WINDOWS\appga32.exe
O4 - HKLM\..\RunOnce: [javaga.exe] C:\WINDOWS\system32\javaga.exe
O4 - HKLM\..\RunOnce: [ipkm.exe] C:\WINDOWS\ipkm.exe
O4 - HKLM\..\RunOnce: [ipfd32.exe] C:\WINDOWS\ipfd32.exe
O4 - HKLM\..\RunOnce: [appja32.exe] C:\WINDOWS\appja32.exe
O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [atlsn.exe] C:\WINDOWS\atlsn.exe
O4 - HKLM\..\RunOnce: [iele32.exe] C:\WINDOWS\system32\iele32.exe
O4 - HKLM\..\RunOnce: [apirv.exe] C:\WINDOWS\system32\apirv.exe
O4 - HKLM\..\RunOnce: [ntbo32.exe] C:\WINDOWS\ntbo32.exe
O4 - HKLM\..\RunOnce: [d3ad.exe] C:\WINDOWS\system32\d3ad.exe
O4 - HKLM\..\RunOnce: [winvz.exe] C:\WINDOWS\system32\winvz.exe
O4 - HKLM\..\RunOnce: [ietd.exe] C:\WINDOWS\system32\ietd.exe
O4 - HKLM\..\RunOnce: [ieno32.exe] C:\WINDOWS\ieno32.exe
O4 - HKLM\..\RunOnce: [sdksk32.exe] C:\WINDOWS\system32\sdksk32.exe
O4 - HKLM\..\RunOnce: [sysne.exe] C:\WINDOWS\sysne.exe
O4 - HKLM\..\RunOnce: [d3ri32.exe] C:\WINDOWS\d3ri32.exe
O4 - HKLM\..\RunOnce: [ntpx.exe] C:\WINDOWS\system32\ntpx.exe
O4 - HKLM\..\RunOnce: [netlz.exe] C:\WINDOWS\system32\netlz.exe
O4 - HKLM\..\RunOnce: [ipye.exe] C:\WINDOWS\system32\ipye.exe
O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe
O4 - HKLM\..\RunOnce: [iptx32.exe] C:\WINDOWS\system32\iptx32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\system32\ietr32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) -
http://www.20x2p.com/5de42e78/enter.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} -
http://deposito.hostance.net/dialer/1058972.exeO16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} -
http://download.energyfactor.com/dialer/it/activex_451_it.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{4611CDD1-FD38-47E5-8244-CEB539499E17}: NameServer = 62.94.0.1 62.94.0.2
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipgm32.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 21.45.50, on 18/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\CRW\shwicon.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\d3td32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {794F43DD-B7AC-6EC0-A5F6-521F6ED11C88} - C:\WINDOWS\system32\apprn32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [d3td32.exe] C:\WINDOWS\system32\d3td32.exe
O4 - HKLM\..\RunOnce: [msei.exe] C:\WINDOWS\msei.exe
O4 - HKLM\..\RunOnce: [ieio32.exe] C:\WINDOWS\ieio32.exe
O4 - HKLM\..\RunOnce: [appki32.exe] C:\WINDOWS\appki32.exe
O4 - HKLM\..\RunOnce: [d3am32.exe] C:\WINDOWS\d3am32.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\system32\atlin.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\system32\atldy.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [atlzj32.exe] C:\WINDOWS\atlzj32.exe
O4 - HKLM\..\RunOnce: [ipgm32.exe] C:\WINDOWS\ipgm32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [crrv.exe] C:\WINDOWS\system32\crrv.exe
O4 - HKLM\..\RunOnce: [ieid.exe] C:\WINDOWS\ieid.exe
O4 - HKLM\..\RunOnce: [addad.exe] C:\WINDOWS\addad.exe
O4 - HKLM\..\RunOnce: [crsl32.exe] C:\WINDOWS\crsl32.exe
O4 - HKLM\..\RunOnce: [appga32.exe] C:\WINDOWS\appga32.exe
O4 - HKLM\..\RunOnce: [javaga.exe] C:\WINDOWS\system32\javaga.exe
O4 - HKLM\..\RunOnce: [ipkm.exe] C:\WINDOWS\ipkm.exe
O4 - HKLM\..\RunOnce: [ipfd32.exe] C:\WINDOWS\ipfd32.exe
O4 - HKLM\..\RunOnce: [appja32.exe] C:\WINDOWS\appja32.exe
O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [atlsn.exe] C:\WINDOWS\atlsn.exe
O4 - HKLM\..\RunOnce: [iele32.exe] C:\WINDOWS\system32\iele32.exe
O4 - HKLM\..\RunOnce: [apirv.exe] C:\WINDOWS\system32\apirv.exe
O4 - HKLM\..\RunOnce: [ntbo32.exe] C:\WINDOWS\ntbo32.exe
O4 - HKLM\..\RunOnce: [d3ad.exe] C:\WINDOWS\system32\d3ad.exe
O4 - HKLM\..\RunOnce: [winvz.exe] C:\WINDOWS\system32\winvz.exe
O4 - HKLM\..\RunOnce: [ietd.exe] C:\WINDOWS\system32\ietd.exe
O4 - HKLM\..\RunOnce: [ieno32.exe] C:\WINDOWS\ieno32.exe
O4 - HKLM\..\RunOnce: [sdksk32.exe] C:\WINDOWS\system32\sdksk32.exe
O4 - HKLM\..\RunOnce: [sysne.exe] C:\WINDOWS\sysne.exe
O4 - HKLM\..\RunOnce: [d3ri32.exe] C:\WINDOWS\d3ri32.exe
O4 - HKLM\..\RunOnce: [ntpx.exe] C:\WINDOWS\system32\ntpx.exe
O4 - HKLM\..\RunOnce: [netlz.exe] C:\WINDOWS\system32\netlz.exe
O4 - HKLM\..\RunOnce: [ipye.exe] C:\WINDOWS\system32\ipye.exe
O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe
O4 - HKLM\..\RunOnce: [iptx32.exe] C:\WINDOWS\system32\iptx32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\system32\ietr32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) -
http://www.20x2p.com/5de42e78/enter.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} -
http://deposito.hostance.net/dialer/1058972.exeO16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} -
http://download.energyfactor.com/dialer/it/activex_451_it.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{4611CDD1-FD38-47E5-8244-CEB539499E17}: NameServer = 62.94.0.1 62.94.0.2
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipgm32.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 21.45.50, on 18/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\CRW\shwicon.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\d3td32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {794F43DD-B7AC-6EC0-A5F6-521F6ED11C88} - C:\WINDOWS\system32\apprn32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [d3td32.exe] C:\WINDOWS\system32\d3td32.exe
O4 - HKLM\..\RunOnce: [msei.exe] C:\WINDOWS\msei.exe
O4 - HKLM\..\RunOnce: [ieio32.exe] C:\WINDOWS\ieio32.exe
O4 - HKLM\..\RunOnce: [appki32.exe] C:\WINDOWS\appki32.exe
O4 - HKLM\..\RunOnce: [d3am32.exe] C:\WINDOWS\d3am32.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\system32\atlin.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\system32\atldy.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [atlzj32.exe] C:\WINDOWS\atlzj32.exe
O4 - HKLM\..\RunOnce: [ipgm32.exe] C:\WINDOWS\ipgm32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [crrv.exe] C:\WINDOWS\system32\crrv.exe
O4 - HKLM\..\RunOnce: [ieid.exe] C:\WINDOWS\ieid.exe
O4 - HKLM\..\RunOnce: [addad.exe] C:\WINDOWS\addad.exe
O4 - HKLM\..\RunOnce: [crsl32.exe] C:\WINDOWS\crsl32.exe
O4 - HKLM\..\RunOnce: [appga32.exe] C:\WINDOWS\appga32.exe
O4 - HKLM\..\RunOnce: [javaga.exe] C:\WINDOWS\system32\javaga.exe
O4 - HKLM\..\RunOnce: [ipkm.exe] C:\WINDOWS\ipkm.exe
O4 - HKLM\..\RunOnce: [ipfd32.exe] C:\WINDOWS\ipfd32.exe
O4 - HKLM\..\RunOnce: [appja32.exe] C:\WINDOWS\appja32.exe
O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [atlsn.exe] C:\WINDOWS\atlsn.exe
O4 - HKLM\..\RunOnce: [iele32.exe] C:\WINDOWS\system32\iele32.exe
O4 - HKLM\..\RunOnce: [apirv.exe] C:\WINDOWS\system32\apirv.exe
O4 - HKLM\..\RunOnce: [ntbo32.exe] C:\WINDOWS\ntbo32.exe
O4 - HKLM\..\RunOnce: [d3ad.exe] C:\WINDOWS\system32\d3ad.exe
O4 - HKLM\..\RunOnce: [winvz.exe] C:\WINDOWS\system32\winvz.exe
O4 - HKLM\..\RunOnce: [ietd.exe] C:\WINDOWS\system32\ietd.exe
O4 - HKLM\..\RunOnce: [ieno32.exe] C:\WINDOWS\ieno32.exe
O4 - HKLM\..\RunOnce: [sdksk32.exe] C:\WINDOWS\system32\sdksk32.exe
O4 - HKLM\..\RunOnce: [sysne.exe] C:\WINDOWS\sysne.exe
O4 - HKLM\..\RunOnce: [d3ri32.exe] C:\WINDOWS\d3ri32.exe
O4 - HKLM\..\RunOnce: [ntpx.exe] C:\WINDOWS\system32\ntpx.exe
O4 - HKLM\..\RunOnce: [netlz.exe] C:\WINDOWS\system32\netlz.exe
O4 - HKLM\..\RunOnce: [ipye.exe] C:\WINDOWS\system32\ipye.exe
O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe
O4 - HKLM\..\RunOnce: [iptx32.exe] C:\WINDOWS\system32\iptx32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\system32\ietr32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) -
http://www.20x2p.com/5de42e78/enter.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} -
http://deposito.hostance.net/dialer/1058972.exeO16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} -
http://download.energyfactor.com/dialer/it/activex_451_it.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{4611CDD1-FD38-47E5-8244-CEB539499E17}: NameServer = 62.94.0.1 62.94.0.2
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipgm32.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 21.45.50, on 18/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\CRW\shwicon.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\d3td32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {794F43DD-B7AC-6EC0-A5F6-521F6ED11C88} - C:\WINDOWS\system32\apprn32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [d3td32.exe] C:\WINDOWS\system32\d3td32.exe
O4 - HKLM\..\RunOnce: [msei.exe] C:\WINDOWS\msei.exe
O4 - HKLM\..\RunOnce: [ieio32.exe] C:\WINDOWS\ieio32.exe
O4 - HKLM\..\RunOnce: [appki32.exe] C:\WINDOWS\appki32.exe
O4 - HKLM\..\RunOnce: [d3am32.exe] C:\WINDOWS\d3am32.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\system32\atlin.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\system32\atldy.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [atlzj32.exe] C:\WINDOWS\atlzj32.exe
O4 - HKLM\..\RunOnce: [ipgm32.exe] C:\WINDOWS\ipgm32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [crrv.exe] C:\WINDOWS\system32\crrv.exe
O4 - HKLM\..\RunOnce: [ieid.exe] C:\WINDOWS\ieid.exe
O4 - HKLM\..\RunOnce: [addad.exe] C:\WINDOWS\addad.exe
O4 - HKLM\..\RunOnce: [crsl32.exe] C:\WINDOWS\crsl32.exe
O4 - HKLM\..\RunOnce: [appga32.exe] C:\WINDOWS\appga32.exe
O4 - HKLM\..\RunOnce: [javaga.exe] C:\WINDOWS\system32\javaga.exe
O4 - HKLM\..\RunOnce: [ipkm.exe] C:\WINDOWS\ipkm.exe
O4 - HKLM\..\RunOnce: [ipfd32.exe] C:\WINDOWS\ipfd32.exe
O4 - HKLM\..\RunOnce: [appja32.exe] C:\WINDOWS\appja32.exe
O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [atlsn.exe] C:\WINDOWS\atlsn.exe
O4 - HKLM\..\RunOnce: [iele32.exe] C:\WINDOWS\system32\iele32.exe
O4 - HKLM\..\RunOnce: [apirv.exe] C:\WINDOWS\system32\apirv.exe
O4 - HKLM\..\RunOnce: [ntbo32.exe] C:\WINDOWS\ntbo32.exe
O4 - HKLM\..\RunOnce: [d3ad.exe] C:\WINDOWS\system32\d3ad.exe
O4 - HKLM\..\RunOnce: [winvz.exe] C:\WINDOWS\system32\winvz.exe
O4 - HKLM\..\RunOnce: [ietd.exe] C:\WINDOWS\system32\ietd.exe
O4 - HKLM\..\RunOnce: [ieno32.exe] C:\WINDOWS\ieno32.exe
O4 - HKLM\..\RunOnce: [sdksk32.exe] C:\WINDOWS\system32\sdksk32.exe
O4 - HKLM\..\RunOnce: [sysne.exe] C:\WINDOWS\sysne.exe
O4 - HKLM\..\RunOnce: [d3ri32.exe] C:\WINDOWS\d3ri32.exe
O4 - HKLM\..\RunOnce: [ntpx.exe] C:\WINDOWS\system32\ntpx.exe
O4 - HKLM\..\RunOnce: [netlz.exe] C:\WINDOWS\system32\netlz.exe
O4 - HKLM\..\RunOnce: [ipye.exe] C:\WINDOWS\system32\ipye.exe
O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe
O4 - HKLM\..\RunOnce: [iptx32.exe] C:\WINDOWS\system32\iptx32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\system32\ietr32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) -
http://www.20x2p.com/5de42e78/enter.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} -
http://deposito.hostance.net/dialer/1058972.exeO16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} -
http://download.energyfactor.com/dialer/it/activex_451_it.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{4611CDD1-FD38-47E5-8244-CEB539499E17}: NameServer = 62.94.0.1 62.94.0.2
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipgm32.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 21.45.50, on 18/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\CRW\shwicon.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\d3td32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {794F43DD-B7AC-6EC0-A5F6-521F6ED11C88} - C:\WINDOWS\system32\apprn32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [d3td32.exe] C:\WINDOWS\system32\d3td32.exe
O4 - HKLM\..\RunOnce: [msei.exe] C:\WINDOWS\msei.exe
O4 - HKLM\..\RunOnce: [ieio32.exe] C:\WINDOWS\ieio32.exe
O4 - HKLM\..\RunOnce: [appki32.exe] C:\WINDOWS\appki32.exe
O4 - HKLM\..\RunOnce: [d3am32.exe] C:\WINDOWS\d3am32.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\system32\atlin.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\system32\atldy.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [atlzj32.exe] C:\WINDOWS\atlzj32.exe
O4 - HKLM\..\RunOnce: [ipgm32.exe] C:\WINDOWS\ipgm32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [crrv.exe] C:\WINDOWS\system32\crrv.exe
O4 - HKLM\..\RunOnce: [ieid.exe] C:\WINDOWS\ieid.exe
O4 - HKLM\..\RunOnce: [addad.exe] C:\WINDOWS\addad.exe
O4 - HKLM\..\RunOnce: [crsl32.exe] C:\WINDOWS\crsl32.exe
O4 - HKLM\..\RunOnce: [appga32.exe] C:\WINDOWS\appga32.exe
O4 - HKLM\..\RunOnce: [javaga.exe] C:\WINDOWS\system32\javaga.exe
O4 - HKLM\..\RunOnce: [ipkm.exe] C:\WINDOWS\ipkm.exe
O4 - HKLM\..\RunOnce: [ipfd32.exe] C:\WINDOWS\ipfd32.exe
O4 - HKLM\..\RunOnce: [appja32.exe] C:\WINDOWS\appja32.exe
O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [atlsn.exe] C:\WINDOWS\atlsn.exe
O4 - HKLM\..\RunOnce: [iele32.exe] C:\WINDOWS\system32\iele32.exe
O4 - HKLM\..\RunOnce: [apirv.exe] C:\WINDOWS\system32\apirv.exe
O4 - HKLM\..\RunOnce: [ntbo32.exe] C:\WINDOWS\ntbo32.exe
O4 - HKLM\..\RunOnce: [d3ad.exe] C:\WINDOWS\system32\d3ad.exe
O4 - HKLM\..\RunOnce: [winvz.exe] C:\WINDOWS\system32\winvz.exe
O4 - HKLM\..\RunOnce: [ietd.exe] C:\WINDOWS\system32\ietd.exe
O4 - HKLM\..\RunOnce: [ieno32.exe] C:\WINDOWS\ieno32.exe
O4 - HKLM\..\RunOnce: [sdksk32.exe] C:\WINDOWS\system32\sdksk32.exe
O4 - HKLM\..\RunOnce: [sysne.exe] C:\WINDOWS\sysne.exe
O4 - HKLM\..\RunOnce: [d3ri32.exe] C:\WINDOWS\d3ri32.exe
O4 - HKLM\..\RunOnce: [ntpx.exe] C:\WINDOWS\system32\ntpx.exe
O4 - HKLM\..\RunOnce: [netlz.exe] C:\WINDOWS\system32\netlz.exe
O4 - HKLM\..\RunOnce: [ipye.exe] C:\WINDOWS\system32\ipye.exe
O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe
O4 - HKLM\..\RunOnce: [iptx32.exe] C:\WINDOWS\system32\iptx32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\system32\ietr32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) -
http://www.20x2p.com/5de42e78/enter.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} -
http://deposito.hostance.net/dialer/1058972.exeO16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} -
http://download.energyfactor.com/dialer/it/activex_451_it.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{4611CDD1-FD38-47E5-8244-CEB539499E17}: NameServer = 62.94.0.1 62.94.0.2
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipgm32.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 21.45.50, on 18/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\CRW\shwicon.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\d3td32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {794F43DD-B7AC-6EC0-A5F6-521F6ED11C88} - C:\WINDOWS\system32\apprn32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [d3td32.exe] C:\WINDOWS\system32\d3td32.exe
O4 - HKLM\..\RunOnce: [msei.exe] C:\WINDOWS\msei.exe
O4 - HKLM\..\RunOnce: [ieio32.exe] C:\WINDOWS\ieio32.exe
O4 - HKLM\..\RunOnce: [appki32.exe] C:\WINDOWS\appki32.exe
O4 - HKLM\..\RunOnce: [d3am32.exe] C:\WINDOWS\d3am32.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\system32\atlin.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\system32\atldy.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [atlzj32.exe] C:\WINDOWS\atlzj32.exe
O4 - HKLM\..\RunOnce: [ipgm32.exe] C:\WINDOWS\ipgm32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [crrv.exe] C:\WINDOWS\system32\crrv.exe
O4 - HKLM\..\RunOnce: [ieid.exe] C:\WINDOWS\ieid.exe
O4 - HKLM\..\RunOnce: [addad.exe] C:\WINDOWS\addad.exe
O4 - HKLM\..\RunOnce: [crsl32.exe] C:\WINDOWS\crsl32.exe
O4 - HKLM\..\RunOnce: [appga32.exe] C:\WINDOWS\appga32.exe
O4 - HKLM\..\RunOnce: [javaga.exe] C:\WINDOWS\system32\javaga.exe
O4 - HKLM\..\RunOnce: [ipkm.exe] C:\WINDOWS\ipkm.exe
O4 - HKLM\..\RunOnce: [ipfd32.exe] C:\WINDOWS\ipfd32.exe
O4 - HKLM\..\RunOnce: [appja32.exe] C:\WINDOWS\appja32.exe
O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [atlsn.exe] C:\WINDOWS\atlsn.exe
O4 - HKLM\..\RunOnce: [iele32.exe] C:\WINDOWS\system32\iele32.exe
O4 - HKLM\..\RunOnce: [apirv.exe] C:\WINDOWS\system32\apirv.exe
O4 - HKLM\..\RunOnce: [ntbo32.exe] C:\WINDOWS\ntbo32.exe
O4 - HKLM\..\RunOnce: [d3ad.exe] C:\WINDOWS\system32\d3ad.exe
O4 - HKLM\..\RunOnce: [winvz.exe] C:\WINDOWS\system32\winvz.exe
O4 - HKLM\..\RunOnce: [ietd.exe] C:\WINDOWS\system32\ietd.exe
O4 - HKLM\..\RunOnce: [ieno32.exe] C:\WINDOWS\ieno32.exe
O4 - HKLM\..\RunOnce: [sdksk32.exe] C:\WINDOWS\system32\sdksk32.exe
O4 - HKLM\..\RunOnce: [sysne.exe] C:\WINDOWS\sysne.exe
O4 - HKLM\..\RunOnce: [d3ri32.exe] C:\WINDOWS\d3ri32.exe
O4 - HKLM\..\RunOnce: [ntpx.exe] C:\WINDOWS\system32\ntpx.exe
O4 - HKLM\..\RunOnce: [netlz.exe] C:\WINDOWS\system32\netlz.exe
O4 - HKLM\..\RunOnce: [ipye.exe] C:\WINDOWS\system32\ipye.exe
O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe
O4 - HKLM\..\RunOnce: [iptx32.exe] C:\WINDOWS\system32\iptx32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\system32\ietr32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) -
http://www.20x2p.com/5de42e78/enter.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} -
http://deposito.hostance.net/dialer/1058972.exeO16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} -
http://download.energyfactor.com/dialer/it/activex_451_it.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{4611CDD1-FD38-47E5-8244-CEB539499E17}: NameServer = 62.94.0.1 62.94.0.2
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipgm32.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 21.45.50, on 18/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\CRW\shwicon.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\d3td32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {794F43DD-B7AC-6EC0-A5F6-521F6ED11C88} - C:\WINDOWS\system32\apprn32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [d3td32.exe] C:\WINDOWS\system32\d3td32.exe
O4 - HKLM\..\RunOnce: [msei.exe] C:\WINDOWS\msei.exe
O4 - HKLM\..\RunOnce: [ieio32.exe] C:\WINDOWS\ieio32.exe
O4 - HKLM\..\RunOnce: [appki32.exe] C:\WINDOWS\appki32.exe
O4 - HKLM\..\RunOnce: [d3am32.exe] C:\WINDOWS\d3am32.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\system32\atlin.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\system32\atldy.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [atlzj32.exe] C:\WINDOWS\atlzj32.exe
O4 - HKLM\..\RunOnce: [ipgm32.exe] C:\WINDOWS\ipgm32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [crrv.exe] C:\WINDOWS\system32\crrv.exe
O4 - HKLM\..\RunOnce: [ieid.exe] C:\WINDOWS\ieid.exe
O4 - HKLM\..\RunOnce: [addad.exe] C:\WINDOWS\addad.exe
O4 - HKLM\..\RunOnce: [crsl32.exe] C:\WINDOWS\crsl32.exe
O4 - HKLM\..\RunOnce: [appga32.exe] C:\WINDOWS\appga32.exe
O4 - HKLM\..\RunOnce: [javaga.exe] C:\WINDOWS\system32\javaga.exe
O4 - HKLM\..\RunOnce: [ipkm.exe] C:\WINDOWS\ipkm.exe
O4 - HKLM\..\RunOnce: [ipfd32.exe] C:\WINDOWS\ipfd32.exe
O4 - HKLM\..\RunOnce: [appja32.exe] C:\WINDOWS\appja32.exe
O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [atlsn.exe] C:\WINDOWS\atlsn.exe
O4 - HKLM\..\RunOnce: [iele32.exe] C:\WINDOWS\system32\iele32.exe
O4 - HKLM\..\RunOnce: [apirv.exe] C:\WINDOWS\system32\apirv.exe
O4 - HKLM\..\RunOnce: [ntbo32.exe] C:\WINDOWS\ntbo32.exe
O4 - HKLM\..\RunOnce: [d3ad.exe] C:\WINDOWS\system32\d3ad.exe
O4 - HKLM\..\RunOnce: [winvz.exe] C:\WINDOWS\system32\winvz.exe
O4 - HKLM\..\RunOnce: [ietd.exe] C:\WINDOWS\system32\ietd.exe
O4 - HKLM\..\RunOnce: [ieno32.exe] C:\WINDOWS\ieno32.exe
O4 - HKLM\..\RunOnce: [sdksk32.exe] C:\WINDOWS\system32\sdksk32.exe
O4 - HKLM\..\RunOnce: [sysne.exe] C:\WINDOWS\sysne.exe
O4 - HKLM\..\RunOnce: [d3ri32.exe] C:\WINDOWS\d3ri32.exe
O4 - HKLM\..\RunOnce: [ntpx.exe] C:\WINDOWS\system32\ntpx.exe
O4 - HKLM\..\RunOnce: [netlz.exe] C:\WINDOWS\system32\netlz.exe
O4 - HKLM\..\RunOnce: [ipye.exe] C:\WINDOWS\system32\ipye.exe
O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe
O4 - HKLM\..\RunOnce: [iptx32.exe] C:\WINDOWS\system32\iptx32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\system32\ietr32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) -
http://www.20x2p.com/5de42e78/enter.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} -
http://deposito.hostance.net/dialer/1058972.exeO16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} -
http://download.energyfactor.com/dialer/it/activex_451_it.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{4611CDD1-FD38-47E5-8244-CEB539499E17}: NameServer = 62.94.0.1 62.94.0.2
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipgm32.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe