Mi si è installato about blank come home page e nonostante ripetuti scan con spybot e ad aware non riesco a rimuoverlo.
Ti invio il log di Hijack... me lo controlli x favore?
Grazie mille
Logfile of HijackThis v1.98.2
Scan saved at 17:48:38, on 30/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\msdtc.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\netrg.exe
C:\Documents and Settings\default\Documenti\Programmi\Sicurezza\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xkwzb.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xkwzb.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xkwzb.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xkwzb.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xkwzb.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xkwzb.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xkwzb.dll/sp.html#83556
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {4FB1194E-D990-3D10-F676-4013A1C619B5} - C:\WINDOWS\atlyp32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iexplore.exe] c:\programmi\internet explorer\iexplore.exe
O4 - HKLM\..\Run: [netrg.exe] C:\WINDOWS\system32\netrg.exe
O4 - HKLM\..\RunOnce: [appit.exe] C:\WINDOWS\system32\appit.exe
O4 - HKLM\..\RunOnce: [d3pz.exe] C:\WINDOWS\d3pz.exe
O4 - HKLM\..\RunOnce: [apilw32.exe] C:\WINDOWS\system32\apilw32.exe
O4 - HKLM\..\RunOnce: [mspo32.exe] C:\WINDOWS\system32\mspo32.exe
O4 - HKLM\..\RunOnce: [windw32.exe] C:\WINDOWS\windw32.exe
O4 - HKLM\..\RunOnce: [mfcxp.exe] C:\WINDOWS\mfcxp.exe
O4 - HKLM\..\RunOnce: [ntsp.exe] C:\WINDOWS\ntsp.exe
O4 - HKLM\..\RunOnce: [msll32.exe] C:\WINDOWS\system32\msll32.exe
O4 - HKLM\..\RunOnce: [winfi.exe] C:\WINDOWS\system32\winfi.exe
O4 - HKLM\..\RunOnce: [javaga32.exe] C:\WINDOWS\javaga32.exe
O4 - HKLM\..\RunOnce: [atlvs.exe] C:\WINDOWS\system32\atlvs.exe
O4 - HKLM\..\RunOnce: [ntoo32.exe] C:\WINDOWS\ntoo32.exe
O4 - HKLM\..\RunOnce: [ntmn32.exe] C:\WINDOWS\system32\ntmn32.exe
O4 - HKLM\..\RunOnce: [sdkvu.exe] C:\WINDOWS\system32\sdkvu.exe
O4 - HKLM\..\RunOnce: [mfczf32.exe] C:\WINDOWS\system32\mfczf32.exe
O4 - HKLM\..\RunOnce: [atlne.exe] C:\WINDOWS\atlne.exe
O4 - HKLM\..\RunOnce: [apibg32.exe] C:\WINDOWS\apibg32.exe
O4 - HKLM\..\RunOnce: [apiew32.exe] C:\WINDOWS\apiew32.exe
O4 - HKLM\..\RunOnce: [winep.exe] C:\WINDOWS\winep.exe
O4 - HKLM\..\RunOnce: [atlgu.exe] C:\WINDOWS\atlgu.exe
O4 - HKLM\..\RunOnce: [ietw32.exe] C:\WINDOWS\ietw32.exe
O4 - HKLM\..\RunOnce: [appjm32.exe] C:\WINDOWS\appjm32.exe
O4 - HKLM\..\RunOnce: [msxo.exe] C:\WINDOWS\system32\msxo.exe
O4 - HKLM\..\RunOnce: [msrz32.exe] C:\WINDOWS\msrz32.exe
O4 - HKLM\..\RunOnce: [ipcs32.exe] C:\WINDOWS\ipcs32.exe
O4 - HKLM\..\RunOnce: [crgu32.exe] C:\WINDOWS\crgu32.exe
O4 - HKLM\..\RunOnce: [appvj.exe] C:\WINDOWS\appvj.exe
O4 - HKLM\..\RunOnce: [sdkfv.exe] C:\WINDOWS\sdkfv.exe
O4 - HKLM\..\RunOnce: [msjx.exe] C:\WINDOWS\system32\msjx.exe
O4 - HKLM\..\RunOnce: [d3sv.exe] C:\WINDOWS\system32\d3sv.exe
O4 - HKLM\..\RunOnce: [javawx.exe] C:\WINDOWS\javawx.exe
O4 - HKLM\..\RunOnce: [winms32.exe] C:\WINDOWS\system32\winms32.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: WKCALREM.LNK = C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-000020040000} - ms-its:mhtml:file://c:\foo.mht!http://67.15.130.39/x3x/itenergy.chm::/dialer.exe
O16 - DPF: {00000000-0023-0000-5400-320020040070} -
http://66.240.181.129/gs/gsa0636.exeO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116256005671O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {ADB880A6-D8FF-11CF-9377-00AA003B7A11} (HHCtrl Object) -
http://195.225.176.5/d/khmeljb/ecviwiq/ilzgegq/jkrlhq/IT/hhctrl.ocxO17 - HKLM\System\CCS\Services\Tcpip\..\{6FFB22BC-E89E-46DF-B8C2-28B1039BC1D4}: NameServer = 199.166.31.3,199.5.157.128
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6A7DFF8-71C5-4111-AF0F-F78E7EDE6B48}: NameServer = 69.50.176.156,195.225.176.31