Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Mi controllate il LOG di Hijack,grazie Opzioni
antan48
Inviato: Wednesday, May 18, 2005 10:08:31 PM
Rank: Member

Iscritto dal : 2/20/2005
Posts: 0
Compare come pagina iniziale di Internet una diversa da quella preimpostata. Mi potete dire anche se ci sono problemi con la protezione antivirus di Norton? Mi pare che non ci siano aggiornamenti da dicembre 2004, grazie.

Logfile of HijackThis v1.99.1
Scan saved at 21.45.50, on 18/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\CRW\shwicon.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\d3td32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {794F43DD-B7AC-6EC0-A5F6-521F6ED11C88} - C:\WINDOWS\system32\apprn32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [d3td32.exe] C:\WINDOWS\system32\d3td32.exe
O4 - HKLM\..\RunOnce: [msei.exe] C:\WINDOWS\msei.exe
O4 - HKLM\..\RunOnce: [ieio32.exe] C:\WINDOWS\ieio32.exe
O4 - HKLM\..\RunOnce: [appki32.exe] C:\WINDOWS\appki32.exe
O4 - HKLM\..\RunOnce: [d3am32.exe] C:\WINDOWS\d3am32.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\system32\atlin.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\system32\atldy.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [atlzj32.exe] C:\WINDOWS\atlzj32.exe
O4 - HKLM\..\RunOnce: [ipgm32.exe] C:\WINDOWS\ipgm32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [crrv.exe] C:\WINDOWS\system32\crrv.exe
O4 - HKLM\..\RunOnce: [ieid.exe] C:\WINDOWS\ieid.exe
O4 - HKLM\..\RunOnce: [addad.exe] C:\WINDOWS\addad.exe
O4 - HKLM\..\RunOnce: [crsl32.exe] C:\WINDOWS\crsl32.exe
O4 - HKLM\..\RunOnce: [appga32.exe] C:\WINDOWS\appga32.exe
O4 - HKLM\..\RunOnce: [javaga.exe] C:\WINDOWS\system32\javaga.exe
O4 - HKLM\..\RunOnce: [ipkm.exe] C:\WINDOWS\ipkm.exe
O4 - HKLM\..\RunOnce: [ipfd32.exe] C:\WINDOWS\ipfd32.exe
O4 - HKLM\..\RunOnce: [appja32.exe] C:\WINDOWS\appja32.exe
O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [atlsn.exe] C:\WINDOWS\atlsn.exe
O4 - HKLM\..\RunOnce: [iele32.exe] C:\WINDOWS\system32\iele32.exe
O4 - HKLM\..\RunOnce: [apirv.exe] C:\WINDOWS\system32\apirv.exe
O4 - HKLM\..\RunOnce: [ntbo32.exe] C:\WINDOWS\ntbo32.exe
O4 - HKLM\..\RunOnce: [d3ad.exe] C:\WINDOWS\system32\d3ad.exe
O4 - HKLM\..\RunOnce: [winvz.exe] C:\WINDOWS\system32\winvz.exe
O4 - HKLM\..\RunOnce: [ietd.exe] C:\WINDOWS\system32\ietd.exe
O4 - HKLM\..\RunOnce: [ieno32.exe] C:\WINDOWS\ieno32.exe
O4 - HKLM\..\RunOnce: [sdksk32.exe] C:\WINDOWS\system32\sdksk32.exe
O4 - HKLM\..\RunOnce: [sysne.exe] C:\WINDOWS\sysne.exe
O4 - HKLM\..\RunOnce: [d3ri32.exe] C:\WINDOWS\d3ri32.exe
O4 - HKLM\..\RunOnce: [ntpx.exe] C:\WINDOWS\system32\ntpx.exe
O4 - HKLM\..\RunOnce: [netlz.exe] C:\WINDOWS\system32\netlz.exe
O4 - HKLM\..\RunOnce: [ipye.exe] C:\WINDOWS\system32\ipye.exe
O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe
O4 - HKLM\..\RunOnce: [iptx32.exe] C:\WINDOWS\system32\iptx32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\system32\ietr32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/5de42e78/enter.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1058972.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/it/activex_451_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4611CDD1-FD38-47E5-8244-CEB539499E17}: NameServer = 62.94.0.1 62.94.0.2
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipgm32.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Logfile of HijackThis v1.99.1
Scan saved at 21.45.50, on 18/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\CRW\shwicon.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\d3td32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {794F43DD-B7AC-6EC0-A5F6-521F6ED11C88} - C:\WINDOWS\system32\apprn32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [d3td32.exe] C:\WINDOWS\system32\d3td32.exe
O4 - HKLM\..\RunOnce: [msei.exe] C:\WINDOWS\msei.exe
O4 - HKLM\..\RunOnce: [ieio32.exe] C:\WINDOWS\ieio32.exe
O4 - HKLM\..\RunOnce: [appki32.exe] C:\WINDOWS\appki32.exe
O4 - HKLM\..\RunOnce: [d3am32.exe] C:\WINDOWS\d3am32.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\system32\atlin.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\system32\atldy.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [atlzj32.exe] C:\WINDOWS\atlzj32.exe
O4 - HKLM\..\RunOnce: [ipgm32.exe] C:\WINDOWS\ipgm32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [crrv.exe] C:\WINDOWS\system32\crrv.exe
O4 - HKLM\..\RunOnce: [ieid.exe] C:\WINDOWS\ieid.exe
O4 - HKLM\..\RunOnce: [addad.exe] C:\WINDOWS\addad.exe
O4 - HKLM\..\RunOnce: [crsl32.exe] C:\WINDOWS\crsl32.exe
O4 - HKLM\..\RunOnce: [appga32.exe] C:\WINDOWS\appga32.exe
O4 - HKLM\..\RunOnce: [javaga.exe] C:\WINDOWS\system32\javaga.exe
O4 - HKLM\..\RunOnce: [ipkm.exe] C:\WINDOWS\ipkm.exe
O4 - HKLM\..\RunOnce: [ipfd32.exe] C:\WINDOWS\ipfd32.exe
O4 - HKLM\..\RunOnce: [appja32.exe] C:\WINDOWS\appja32.exe
O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [atlsn.exe] C:\WINDOWS\atlsn.exe
O4 - HKLM\..\RunOnce: [iele32.exe] C:\WINDOWS\system32\iele32.exe
O4 - HKLM\..\RunOnce: [apirv.exe] C:\WINDOWS\system32\apirv.exe
O4 - HKLM\..\RunOnce: [ntbo32.exe] C:\WINDOWS\ntbo32.exe
O4 - HKLM\..\RunOnce: [d3ad.exe] C:\WINDOWS\system32\d3ad.exe
O4 - HKLM\..\RunOnce: [winvz.exe] C:\WINDOWS\system32\winvz.exe
O4 - HKLM\..\RunOnce: [ietd.exe] C:\WINDOWS\system32\ietd.exe
O4 - HKLM\..\RunOnce: [ieno32.exe] C:\WINDOWS\ieno32.exe
O4 - HKLM\..\RunOnce: [sdksk32.exe] C:\WINDOWS\system32\sdksk32.exe
O4 - HKLM\..\RunOnce: [sysne.exe] C:\WINDOWS\sysne.exe
O4 - HKLM\..\RunOnce: [d3ri32.exe] C:\WINDOWS\d3ri32.exe
O4 - HKLM\..\RunOnce: [ntpx.exe] C:\WINDOWS\system32\ntpx.exe
O4 - HKLM\..\RunOnce: [netlz.exe] C:\WINDOWS\system32\netlz.exe
O4 - HKLM\..\RunOnce: [ipye.exe] C:\WINDOWS\system32\ipye.exe
O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe
O4 - HKLM\..\RunOnce: [iptx32.exe] C:\WINDOWS\system32\iptx32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\system32\ietr32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/5de42e78/enter.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1058972.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/it/activex_451_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4611CDD1-FD38-47E5-8244-CEB539499E17}: NameServer = 62.94.0.1 62.94.0.2
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipgm32.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Logfile of HijackThis v1.99.1
Scan saved at 21.45.50, on 18/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\CRW\shwicon.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\d3td32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {794F43DD-B7AC-6EC0-A5F6-521F6ED11C88} - C:\WINDOWS\system32\apprn32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [d3td32.exe] C:\WINDOWS\system32\d3td32.exe
O4 - HKLM\..\RunOnce: [msei.exe] C:\WINDOWS\msei.exe
O4 - HKLM\..\RunOnce: [ieio32.exe] C:\WINDOWS\ieio32.exe
O4 - HKLM\..\RunOnce: [appki32.exe] C:\WINDOWS\appki32.exe
O4 - HKLM\..\RunOnce: [d3am32.exe] C:\WINDOWS\d3am32.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\system32\atlin.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\system32\atldy.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [atlzj32.exe] C:\WINDOWS\atlzj32.exe
O4 - HKLM\..\RunOnce: [ipgm32.exe] C:\WINDOWS\ipgm32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [crrv.exe] C:\WINDOWS\system32\crrv.exe
O4 - HKLM\..\RunOnce: [ieid.exe] C:\WINDOWS\ieid.exe
O4 - HKLM\..\RunOnce: [addad.exe] C:\WINDOWS\addad.exe
O4 - HKLM\..\RunOnce: [crsl32.exe] C:\WINDOWS\crsl32.exe
O4 - HKLM\..\RunOnce: [appga32.exe] C:\WINDOWS\appga32.exe
O4 - HKLM\..\RunOnce: [javaga.exe] C:\WINDOWS\system32\javaga.exe
O4 - HKLM\..\RunOnce: [ipkm.exe] C:\WINDOWS\ipkm.exe
O4 - HKLM\..\RunOnce: [ipfd32.exe] C:\WINDOWS\ipfd32.exe
O4 - HKLM\..\RunOnce: [appja32.exe] C:\WINDOWS\appja32.exe
O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [atlsn.exe] C:\WINDOWS\atlsn.exe
O4 - HKLM\..\RunOnce: [iele32.exe] C:\WINDOWS\system32\iele32.exe
O4 - HKLM\..\RunOnce: [apirv.exe] C:\WINDOWS\system32\apirv.exe
O4 - HKLM\..\RunOnce: [ntbo32.exe] C:\WINDOWS\ntbo32.exe
O4 - HKLM\..\RunOnce: [d3ad.exe] C:\WINDOWS\system32\d3ad.exe
O4 - HKLM\..\RunOnce: [winvz.exe] C:\WINDOWS\system32\winvz.exe
O4 - HKLM\..\RunOnce: [ietd.exe] C:\WINDOWS\system32\ietd.exe
O4 - HKLM\..\RunOnce: [ieno32.exe] C:\WINDOWS\ieno32.exe
O4 - HKLM\..\RunOnce: [sdksk32.exe] C:\WINDOWS\system32\sdksk32.exe
O4 - HKLM\..\RunOnce: [sysne.exe] C:\WINDOWS\sysne.exe
O4 - HKLM\..\RunOnce: [d3ri32.exe] C:\WINDOWS\d3ri32.exe
O4 - HKLM\..\RunOnce: [ntpx.exe] C:\WINDOWS\system32\ntpx.exe
O4 - HKLM\..\RunOnce: [netlz.exe] C:\WINDOWS\system32\netlz.exe
O4 - HKLM\..\RunOnce: [ipye.exe] C:\WINDOWS\system32\ipye.exe
O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe
O4 - HKLM\..\RunOnce: [iptx32.exe] C:\WINDOWS\system32\iptx32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\system32\ietr32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/5de42e78/enter.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1058972.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/it/activex_451_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4611CDD1-FD38-47E5-8244-CEB539499E17}: NameServer = 62.94.0.1 62.94.0.2
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipgm32.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Logfile of HijackThis v1.99.1
Scan saved at 21.45.50, on 18/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\CRW\shwicon.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\d3td32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {794F43DD-B7AC-6EC0-A5F6-521F6ED11C88} - C:\WINDOWS\system32\apprn32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [d3td32.exe] C:\WINDOWS\system32\d3td32.exe
O4 - HKLM\..\RunOnce: [msei.exe] C:\WINDOWS\msei.exe
O4 - HKLM\..\RunOnce: [ieio32.exe] C:\WINDOWS\ieio32.exe
O4 - HKLM\..\RunOnce: [appki32.exe] C:\WINDOWS\appki32.exe
O4 - HKLM\..\RunOnce: [d3am32.exe] C:\WINDOWS\d3am32.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\system32\atlin.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\system32\atldy.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [atlzj32.exe] C:\WINDOWS\atlzj32.exe
O4 - HKLM\..\RunOnce: [ipgm32.exe] C:\WINDOWS\ipgm32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [crrv.exe] C:\WINDOWS\system32\crrv.exe
O4 - HKLM\..\RunOnce: [ieid.exe] C:\WINDOWS\ieid.exe
O4 - HKLM\..\RunOnce: [addad.exe] C:\WINDOWS\addad.exe
O4 - HKLM\..\RunOnce: [crsl32.exe] C:\WINDOWS\crsl32.exe
O4 - HKLM\..\RunOnce: [appga32.exe] C:\WINDOWS\appga32.exe
O4 - HKLM\..\RunOnce: [javaga.exe] C:\WINDOWS\system32\javaga.exe
O4 - HKLM\..\RunOnce: [ipkm.exe] C:\WINDOWS\ipkm.exe
O4 - HKLM\..\RunOnce: [ipfd32.exe] C:\WINDOWS\ipfd32.exe
O4 - HKLM\..\RunOnce: [appja32.exe] C:\WINDOWS\appja32.exe
O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [atlsn.exe] C:\WINDOWS\atlsn.exe
O4 - HKLM\..\RunOnce: [iele32.exe] C:\WINDOWS\system32\iele32.exe
O4 - HKLM\..\RunOnce: [apirv.exe] C:\WINDOWS\system32\apirv.exe
O4 - HKLM\..\RunOnce: [ntbo32.exe] C:\WINDOWS\ntbo32.exe
O4 - HKLM\..\RunOnce: [d3ad.exe] C:\WINDOWS\system32\d3ad.exe
O4 - HKLM\..\RunOnce: [winvz.exe] C:\WINDOWS\system32\winvz.exe
O4 - HKLM\..\RunOnce: [ietd.exe] C:\WINDOWS\system32\ietd.exe
O4 - HKLM\..\RunOnce: [ieno32.exe] C:\WINDOWS\ieno32.exe
O4 - HKLM\..\RunOnce: [sdksk32.exe] C:\WINDOWS\system32\sdksk32.exe
O4 - HKLM\..\RunOnce: [sysne.exe] C:\WINDOWS\sysne.exe
O4 - HKLM\..\RunOnce: [d3ri32.exe] C:\WINDOWS\d3ri32.exe
O4 - HKLM\..\RunOnce: [ntpx.exe] C:\WINDOWS\system32\ntpx.exe
O4 - HKLM\..\RunOnce: [netlz.exe] C:\WINDOWS\system32\netlz.exe
O4 - HKLM\..\RunOnce: [ipye.exe] C:\WINDOWS\system32\ipye.exe
O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe
O4 - HKLM\..\RunOnce: [iptx32.exe] C:\WINDOWS\system32\iptx32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\system32\ietr32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/5de42e78/enter.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1058972.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/it/activex_451_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4611CDD1-FD38-47E5-8244-CEB539499E17}: NameServer = 62.94.0.1 62.94.0.2
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipgm32.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Logfile of HijackThis v1.99.1
Scan saved at 21.45.50, on 18/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\CRW\shwicon.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\d3td32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {794F43DD-B7AC-6EC0-A5F6-521F6ED11C88} - C:\WINDOWS\system32\apprn32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [d3td32.exe] C:\WINDOWS\system32\d3td32.exe
O4 - HKLM\..\RunOnce: [msei.exe] C:\WINDOWS\msei.exe
O4 - HKLM\..\RunOnce: [ieio32.exe] C:\WINDOWS\ieio32.exe
O4 - HKLM\..\RunOnce: [appki32.exe] C:\WINDOWS\appki32.exe
O4 - HKLM\..\RunOnce: [d3am32.exe] C:\WINDOWS\d3am32.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\system32\atlin.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\system32\atldy.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [atlzj32.exe] C:\WINDOWS\atlzj32.exe
O4 - HKLM\..\RunOnce: [ipgm32.exe] C:\WINDOWS\ipgm32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [crrv.exe] C:\WINDOWS\system32\crrv.exe
O4 - HKLM\..\RunOnce: [ieid.exe] C:\WINDOWS\ieid.exe
O4 - HKLM\..\RunOnce: [addad.exe] C:\WINDOWS\addad.exe
O4 - HKLM\..\RunOnce: [crsl32.exe] C:\WINDOWS\crsl32.exe
O4 - HKLM\..\RunOnce: [appga32.exe] C:\WINDOWS\appga32.exe
O4 - HKLM\..\RunOnce: [javaga.exe] C:\WINDOWS\system32\javaga.exe
O4 - HKLM\..\RunOnce: [ipkm.exe] C:\WINDOWS\ipkm.exe
O4 - HKLM\..\RunOnce: [ipfd32.exe] C:\WINDOWS\ipfd32.exe
O4 - HKLM\..\RunOnce: [appja32.exe] C:\WINDOWS\appja32.exe
O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [atlsn.exe] C:\WINDOWS\atlsn.exe
O4 - HKLM\..\RunOnce: [iele32.exe] C:\WINDOWS\system32\iele32.exe
O4 - HKLM\..\RunOnce: [apirv.exe] C:\WINDOWS\system32\apirv.exe
O4 - HKLM\..\RunOnce: [ntbo32.exe] C:\WINDOWS\ntbo32.exe
O4 - HKLM\..\RunOnce: [d3ad.exe] C:\WINDOWS\system32\d3ad.exe
O4 - HKLM\..\RunOnce: [winvz.exe] C:\WINDOWS\system32\winvz.exe
O4 - HKLM\..\RunOnce: [ietd.exe] C:\WINDOWS\system32\ietd.exe
O4 - HKLM\..\RunOnce: [ieno32.exe] C:\WINDOWS\ieno32.exe
O4 - HKLM\..\RunOnce: [sdksk32.exe] C:\WINDOWS\system32\sdksk32.exe
O4 - HKLM\..\RunOnce: [sysne.exe] C:\WINDOWS\sysne.exe
O4 - HKLM\..\RunOnce: [d3ri32.exe] C:\WINDOWS\d3ri32.exe
O4 - HKLM\..\RunOnce: [ntpx.exe] C:\WINDOWS\system32\ntpx.exe
O4 - HKLM\..\RunOnce: [netlz.exe] C:\WINDOWS\system32\netlz.exe
O4 - HKLM\..\RunOnce: [ipye.exe] C:\WINDOWS\system32\ipye.exe
O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe
O4 - HKLM\..\RunOnce: [iptx32.exe] C:\WINDOWS\system32\iptx32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\system32\ietr32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/5de42e78/enter.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1058972.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/it/activex_451_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4611CDD1-FD38-47E5-8244-CEB539499E17}: NameServer = 62.94.0.1 62.94.0.2
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipgm32.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Logfile of HijackThis v1.99.1
Scan saved at 21.45.50, on 18/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\CRW\shwicon.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\d3td32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {794F43DD-B7AC-6EC0-A5F6-521F6ED11C88} - C:\WINDOWS\system32\apprn32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [d3td32.exe] C:\WINDOWS\system32\d3td32.exe
O4 - HKLM\..\RunOnce: [msei.exe] C:\WINDOWS\msei.exe
O4 - HKLM\..\RunOnce: [ieio32.exe] C:\WINDOWS\ieio32.exe
O4 - HKLM\..\RunOnce: [appki32.exe] C:\WINDOWS\appki32.exe
O4 - HKLM\..\RunOnce: [d3am32.exe] C:\WINDOWS\d3am32.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\system32\atlin.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\system32\atldy.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [atlzj32.exe] C:\WINDOWS\atlzj32.exe
O4 - HKLM\..\RunOnce: [ipgm32.exe] C:\WINDOWS\ipgm32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [crrv.exe] C:\WINDOWS\system32\crrv.exe
O4 - HKLM\..\RunOnce: [ieid.exe] C:\WINDOWS\ieid.exe
O4 - HKLM\..\RunOnce: [addad.exe] C:\WINDOWS\addad.exe
O4 - HKLM\..\RunOnce: [crsl32.exe] C:\WINDOWS\crsl32.exe
O4 - HKLM\..\RunOnce: [appga32.exe] C:\WINDOWS\appga32.exe
O4 - HKLM\..\RunOnce: [javaga.exe] C:\WINDOWS\system32\javaga.exe
O4 - HKLM\..\RunOnce: [ipkm.exe] C:\WINDOWS\ipkm.exe
O4 - HKLM\..\RunOnce: [ipfd32.exe] C:\WINDOWS\ipfd32.exe
O4 - HKLM\..\RunOnce: [appja32.exe] C:\WINDOWS\appja32.exe
O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [atlsn.exe] C:\WINDOWS\atlsn.exe
O4 - HKLM\..\RunOnce: [iele32.exe] C:\WINDOWS\system32\iele32.exe
O4 - HKLM\..\RunOnce: [apirv.exe] C:\WINDOWS\system32\apirv.exe
O4 - HKLM\..\RunOnce: [ntbo32.exe] C:\WINDOWS\ntbo32.exe
O4 - HKLM\..\RunOnce: [d3ad.exe] C:\WINDOWS\system32\d3ad.exe
O4 - HKLM\..\RunOnce: [winvz.exe] C:\WINDOWS\system32\winvz.exe
O4 - HKLM\..\RunOnce: [ietd.exe] C:\WINDOWS\system32\ietd.exe
O4 - HKLM\..\RunOnce: [ieno32.exe] C:\WINDOWS\ieno32.exe
O4 - HKLM\..\RunOnce: [sdksk32.exe] C:\WINDOWS\system32\sdksk32.exe
O4 - HKLM\..\RunOnce: [sysne.exe] C:\WINDOWS\sysne.exe
O4 - HKLM\..\RunOnce: [d3ri32.exe] C:\WINDOWS\d3ri32.exe
O4 - HKLM\..\RunOnce: [ntpx.exe] C:\WINDOWS\system32\ntpx.exe
O4 - HKLM\..\RunOnce: [netlz.exe] C:\WINDOWS\system32\netlz.exe
O4 - HKLM\..\RunOnce: [ipye.exe] C:\WINDOWS\system32\ipye.exe
O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe
O4 - HKLM\..\RunOnce: [iptx32.exe] C:\WINDOWS\system32\iptx32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\system32\ietr32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/5de42e78/enter.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1058972.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/it/activex_451_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4611CDD1-FD38-47E5-8244-CEB539499E17}: NameServer = 62.94.0.1 62.94.0.2
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipgm32.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Logfile of HijackThis v1.99.1
Scan saved at 21.45.50, on 18/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\CRW\shwicon.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\d3td32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {794F43DD-B7AC-6EC0-A5F6-521F6ED11C88} - C:\WINDOWS\system32\apprn32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [d3td32.exe] C:\WINDOWS\system32\d3td32.exe
O4 - HKLM\..\RunOnce: [msei.exe] C:\WINDOWS\msei.exe
O4 - HKLM\..\RunOnce: [ieio32.exe] C:\WINDOWS\ieio32.exe
O4 - HKLM\..\RunOnce: [appki32.exe] C:\WINDOWS\appki32.exe
O4 - HKLM\..\RunOnce: [d3am32.exe] C:\WINDOWS\d3am32.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\system32\atlin.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\system32\atldy.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [atlzj32.exe] C:\WINDOWS\atlzj32.exe
O4 - HKLM\..\RunOnce: [ipgm32.exe] C:\WINDOWS\ipgm32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [crrv.exe] C:\WINDOWS\system32\crrv.exe
O4 - HKLM\..\RunOnce: [ieid.exe] C:\WINDOWS\ieid.exe
O4 - HKLM\..\RunOnce: [addad.exe] C:\WINDOWS\addad.exe
O4 - HKLM\..\RunOnce: [crsl32.exe] C:\WINDOWS\crsl32.exe
O4 - HKLM\..\RunOnce: [appga32.exe] C:\WINDOWS\appga32.exe
O4 - HKLM\..\RunOnce: [javaga.exe] C:\WINDOWS\system32\javaga.exe
O4 - HKLM\..\RunOnce: [ipkm.exe] C:\WINDOWS\ipkm.exe
O4 - HKLM\..\RunOnce: [ipfd32.exe] C:\WINDOWS\ipfd32.exe
O4 - HKLM\..\RunOnce: [appja32.exe] C:\WINDOWS\appja32.exe
O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [atlsn.exe] C:\WINDOWS\atlsn.exe
O4 - HKLM\..\RunOnce: [iele32.exe] C:\WINDOWS\system32\iele32.exe
O4 - HKLM\..\RunOnce: [apirv.exe] C:\WINDOWS\system32\apirv.exe
O4 - HKLM\..\RunOnce: [ntbo32.exe] C:\WINDOWS\ntbo32.exe
O4 - HKLM\..\RunOnce: [d3ad.exe] C:\WINDOWS\system32\d3ad.exe
O4 - HKLM\..\RunOnce: [winvz.exe] C:\WINDOWS\system32\winvz.exe
O4 - HKLM\..\RunOnce: [ietd.exe] C:\WINDOWS\system32\ietd.exe
O4 - HKLM\..\RunOnce: [ieno32.exe] C:\WINDOWS\ieno32.exe
O4 - HKLM\..\RunOnce: [sdksk32.exe] C:\WINDOWS\system32\sdksk32.exe
O4 - HKLM\..\RunOnce: [sysne.exe] C:\WINDOWS\sysne.exe
O4 - HKLM\..\RunOnce: [d3ri32.exe] C:\WINDOWS\d3ri32.exe
O4 - HKLM\..\RunOnce: [ntpx.exe] C:\WINDOWS\system32\ntpx.exe
O4 - HKLM\..\RunOnce: [netlz.exe] C:\WINDOWS\system32\netlz.exe
O4 - HKLM\..\RunOnce: [ipye.exe] C:\WINDOWS\system32\ipye.exe
O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe
O4 - HKLM\..\RunOnce: [iptx32.exe] C:\WINDOWS\system32\iptx32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\system32\ietr32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/5de42e78/enter.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1058972.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/it/activex_451_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4611CDD1-FD38-47E5-8244-CEB539499E17}: NameServer = 62.94.0.1 62.94.0.2
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipgm32.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Logfile of HijackThis v1.99.1
Scan saved at 21.45.50, on 18/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\CRW\shwicon.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\d3td32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {794F43DD-B7AC-6EC0-A5F6-521F6ED11C88} - C:\WINDOWS\system32\apprn32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [d3td32.exe] C:\WINDOWS\system32\d3td32.exe
O4 - HKLM\..\RunOnce: [msei.exe] C:\WINDOWS\msei.exe
O4 - HKLM\..\RunOnce: [ieio32.exe] C:\WINDOWS\ieio32.exe
O4 - HKLM\..\RunOnce: [appki32.exe] C:\WINDOWS\appki32.exe
O4 - HKLM\..\RunOnce: [d3am32.exe] C:\WINDOWS\d3am32.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\system32\atlin.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\system32\atldy.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [atlzj32.exe] C:\WINDOWS\atlzj32.exe
O4 - HKLM\..\RunOnce: [ipgm32.exe] C:\WINDOWS\ipgm32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [crrv.exe] C:\WINDOWS\system32\crrv.exe
O4 - HKLM\..\RunOnce: [ieid.exe] C:\WINDOWS\ieid.exe
O4 - HKLM\..\RunOnce: [addad.exe] C:\WINDOWS\addad.exe
O4 - HKLM\..\RunOnce: [crsl32.exe] C:\WINDOWS\crsl32.exe
O4 - HKLM\..\RunOnce: [appga32.exe] C:\WINDOWS\appga32.exe
O4 - HKLM\..\RunOnce: [javaga.exe] C:\WINDOWS\system32\javaga.exe
O4 - HKLM\..\RunOnce: [ipkm.exe] C:\WINDOWS\ipkm.exe
O4 - HKLM\..\RunOnce: [ipfd32.exe] C:\WINDOWS\ipfd32.exe
O4 - HKLM\..\RunOnce: [appja32.exe] C:\WINDOWS\appja32.exe
O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [atlsn.exe] C:\WINDOWS\atlsn.exe
O4 - HKLM\..\RunOnce: [iele32.exe] C:\WINDOWS\system32\iele32.exe
O4 - HKLM\..\RunOnce: [apirv.exe] C:\WINDOWS\system32\apirv.exe
O4 - HKLM\..\RunOnce: [ntbo32.exe] C:\WINDOWS\ntbo32.exe
O4 - HKLM\..\RunOnce: [d3ad.exe] C:\WINDOWS\system32\d3ad.exe
O4 - HKLM\..\RunOnce: [winvz.exe] C:\WINDOWS\system32\winvz.exe
O4 - HKLM\..\RunOnce: [ietd.exe] C:\WINDOWS\system32\ietd.exe
O4 - HKLM\..\RunOnce: [ieno32.exe] C:\WINDOWS\ieno32.exe
O4 - HKLM\..\RunOnce: [sdksk32.exe] C:\WINDOWS\system32\sdksk32.exe
O4 - HKLM\..\RunOnce: [sysne.exe] C:\WINDOWS\sysne.exe
O4 - HKLM\..\RunOnce: [d3ri32.exe] C:\WINDOWS\d3ri32.exe
O4 - HKLM\..\RunOnce: [ntpx.exe] C:\WINDOWS\system32\ntpx.exe
O4 - HKLM\..\RunOnce: [netlz.exe] C:\WINDOWS\system32\netlz.exe
O4 - HKLM\..\RunOnce: [ipye.exe] C:\WINDOWS\system32\ipye.exe
O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe
O4 - HKLM\..\RunOnce: [iptx32.exe] C:\WINDOWS\system32\iptx32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\system32\ietr32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/5de42e78/enter.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1058972.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/it/activex_451_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4611CDD1-FD38-47E5-8244-CEB539499E17}: NameServer = 62.94.0.1 62.94.0.2
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipgm32.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Logfile of HijackThis v1.99.1
Scan saved at 21.45.50, on 18/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\CRW\shwicon.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\d3td32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {794F43DD-B7AC-6EC0-A5F6-521F6ED11C88} - C:\WINDOWS\system32\apprn32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [d3td32.exe] C:\WINDOWS\system32\d3td32.exe
O4 - HKLM\..\RunOnce: [msei.exe] C:\WINDOWS\msei.exe
O4 - HKLM\..\RunOnce: [ieio32.exe] C:\WINDOWS\ieio32.exe
O4 - HKLM\..\RunOnce: [appki32.exe] C:\WINDOWS\appki32.exe
O4 - HKLM\..\RunOnce: [d3am32.exe] C:\WINDOWS\d3am32.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\system32\atlin.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\system32\atldy.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [atlzj32.exe] C:\WINDOWS\atlzj32.exe
O4 - HKLM\..\RunOnce: [ipgm32.exe] C:\WINDOWS\ipgm32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [crrv.exe] C:\WINDOWS\system32\crrv.exe
O4 - HKLM\..\RunOnce: [ieid.exe] C:\WINDOWS\ieid.exe
O4 - HKLM\..\RunOnce: [addad.exe] C:\WINDOWS\addad.exe
O4 - HKLM\..\RunOnce: [crsl32.exe] C:\WINDOWS\crsl32.exe
O4 - HKLM\..\RunOnce: [appga32.exe] C:\WINDOWS\appga32.exe
O4 - HKLM\..\RunOnce: [javaga.exe] C:\WINDOWS\system32\javaga.exe
O4 - HKLM\..\RunOnce: [ipkm.exe] C:\WINDOWS\ipkm.exe
O4 - HKLM\..\RunOnce: [ipfd32.exe] C:\WINDOWS\ipfd32.exe
O4 - HKLM\..\RunOnce: [appja32.exe] C:\WINDOWS\appja32.exe
O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [atlsn.exe] C:\WINDOWS\atlsn.exe
O4 - HKLM\..\RunOnce: [iele32.exe] C:\WINDOWS\system32\iele32.exe
O4 - HKLM\..\RunOnce: [apirv.exe] C:\WINDOWS\system32\apirv.exe
O4 - HKLM\..\RunOnce: [ntbo32.exe] C:\WINDOWS\ntbo32.exe
O4 - HKLM\..\RunOnce: [d3ad.exe] C:\WINDOWS\system32\d3ad.exe
O4 - HKLM\..\RunOnce: [winvz.exe] C:\WINDOWS\system32\winvz.exe
O4 - HKLM\..\RunOnce: [ietd.exe] C:\WINDOWS\system32\ietd.exe
O4 - HKLM\..\RunOnce: [ieno32.exe] C:\WINDOWS\ieno32.exe
O4 - HKLM\..\RunOnce: [sdksk32.exe] C:\WINDOWS\system32\sdksk32.exe
O4 - HKLM\..\RunOnce: [sysne.exe] C:\WINDOWS\sysne.exe
O4 - HKLM\..\RunOnce: [d3ri32.exe] C:\WINDOWS\d3ri32.exe
O4 - HKLM\..\RunOnce: [ntpx.exe] C:\WINDOWS\system32\ntpx.exe
O4 - HKLM\..\RunOnce: [netlz.exe] C:\WINDOWS\system32\netlz.exe
O4 - HKLM\..\RunOnce: [ipye.exe] C:\WINDOWS\system32\ipye.exe
O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe
O4 - HKLM\..\RunOnce: [iptx32.exe] C:\WINDOWS\system32\iptx32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\system32\ietr32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/5de42e78/enter.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1058972.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/it/activex_451_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4611CDD1-FD38-47E5-8244-CEB539499E17}: NameServer = 62.94.0.1 62.94.0.2
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipgm32.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Sponsor
Inviato: Wednesday, May 18, 2005 10:08:31 PM

 
alfonso
Inviato: Wednesday, May 18, 2005 10:55:34 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\aianv.dll/sp.html#44768
-
R3 - Default URLSearchHook is missing
-
O2 - BHO: Class - {794F43DD-B7AC-6EC0-A5F6-521F6ED11C88} - C:\WINDOWS\system32\apprn32.dll
-
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
-
O4 - HKLM\..\Run: [d3td32.exe] C:\WINDOWS\system32\d3td32.exe
O4 - HKLM\..\RunOnce: [msei.exe] C:\WINDOWS\msei.exe
O4 - HKLM\..\RunOnce: [ieio32.exe] C:\WINDOWS\ieio32.exe
O4 - HKLM\..\RunOnce: [appki32.exe] C:\WINDOWS\appki32.exe
O4 - HKLM\..\RunOnce: [d3am32.exe] C:\WINDOWS\d3am32.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\system32\atlin.exe
O4 - HKLM\..\RunOnce: [atldy.exe] C:\WINDOWS\system32\atldy.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [atlzj32.exe] C:\WINDOWS\atlzj32.exe
O4 - HKLM\..\RunOnce: [ipgm32.exe] C:\WINDOWS\ipgm32.exe
O4 - HKLM\..\RunOnce: [netfl.exe] C:\WINDOWS\system32\netfl.exe
O4 - HKLM\..\RunOnce: [crrv.exe] C:\WINDOWS\system32\crrv.exe
O4 - HKLM\..\RunOnce: [ieid.exe] C:\WINDOWS\ieid.exe
O4 - HKLM\..\RunOnce: [addad.exe] C:\WINDOWS\addad.exe
O4 - HKLM\..\RunOnce: [crsl32.exe] C:\WINDOWS\crsl32.exe
O4 - HKLM\..\RunOnce: [appga32.exe] C:\WINDOWS\appga32.exe
O4 - HKLM\..\RunOnce: [javaga.exe] C:\WINDOWS\system32\javaga.exe
O4 - HKLM\..\RunOnce: [ipkm.exe] C:\WINDOWS\ipkm.exe
O4 - HKLM\..\RunOnce: [ipfd32.exe] C:\WINDOWS\ipfd32.exe
O4 - HKLM\..\RunOnce: [appja32.exe] C:\WINDOWS\appja32.exe
O4 - HKLM\..\RunOnce: [syszp32.exe] C:\WINDOWS\syszp32.exe
O4 - HKLM\..\RunOnce: [d3rl.exe] C:\WINDOWS\d3rl.exe
O4 - HKLM\..\RunOnce: [atlsn.exe] C:\WINDOWS\atlsn.exe
O4 - HKLM\..\RunOnce: [iele32.exe] C:\WINDOWS\system32\iele32.exe
O4 - HKLM\..\RunOnce: [apirv.exe] C:\WINDOWS\system32\apirv.exe
O4 - HKLM\..\RunOnce: [ntbo32.exe] C:\WINDOWS\ntbo32.exe
O4 - HKLM\..\RunOnce: [d3ad.exe] C:\WINDOWS\system32\d3ad.exe
O4 - HKLM\..\RunOnce: [winvz.exe] C:\WINDOWS\system32\winvz.exe
O4 - HKLM\..\RunOnce: [ietd.exe] C:\WINDOWS\system32\ietd.exe
O4 - HKLM\..\RunOnce: [ieno32.exe] C:\WINDOWS\ieno32.exe
O4 - HKLM\..\RunOnce: [sdksk32.exe] C:\WINDOWS\system32\sdksk32.exe
O4 - HKLM\..\RunOnce: [sysne.exe] C:\WINDOWS\sysne.exe
O4 - HKLM\..\RunOnce: [d3ri32.exe] C:\WINDOWS\d3ri32.exe
O4 - HKLM\..\RunOnce: [ntpx.exe] C:\WINDOWS\system32\ntpx.exe
O4 - HKLM\..\RunOnce: [netlz.exe] C:\WINDOWS\system32\netlz.exe
O4 - HKLM\..\RunOnce: [ipye.exe] C:\WINDOWS\system32\ipye.exe
O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe
O4 - HKLM\..\RunOnce: [iptx32.exe] C:\WINDOWS\system32\iptx32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\system32\ietr32.exe
-
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/5de42e78/enter.cab
-
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1058972.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/it/activex_451_it.exe
-
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipgm32.exe
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
aianv.dll
apprn32.dll
CPLCL32.EXE
d3td32.exe
msei.exe
ieio32.exe
appki32.exe
d3am32.exe
atlin.exe
atldy.exe
ieqi32.exe
atlzj32.exe
ipgm32.exe
netfl.exe
crrv.exe
ieid.exe
addad.exe
crsl32.exe
appga32.exe
javaga.exe
ipkm.exe
ipfd32.exe
appja32.exe
syszp32.exe
d3rl.exe
atlsn.exe
iele32.exe
apirv.exe
ntbo32.exe
d3ad.exe
winvz.exe
ietd.exe
ieno32.exe
sdksk32.exe
sysne.exe
d3ri32.exe
ntpx.exe
netlz.exe
ipye.exe
ntea32.exe
iptx32.exe
ietr32.exe
ipgm32.exe
==================================


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA
poi clicca il pulsante PAGINA PREDEFINITA e su OK

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.

Collaboratore Aiutamici
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.