Quando apro diverse finestre contemporaneamente mi si attiva Star Download che mi propone di fare il download della url sottostante
http://aflashcounter.com/0300/xpl.wmf<b></b><i></i><u></u><font color=red></font id=red>
Ho provato, in modalità provvisoria a fare la scansione con: "Ad Aware - a-squared - Spybot".
Ho trovato un po di robaccia che ho provveduto ad elminare ma al successivo riavvio il problema si è ripresentato.
Vi posto i risultati della scansione fatta con Hijack. Non ci capisco molto ed ho poca pazienza.
Un grazie anticipato a chi mi darà indicazioni utili a risolvere il problema.
Logfile of HijackThis v1.99.0
Scan saved at 22.12.41, on 30/03/06
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
D:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
D:\Programmi\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\System32\rundll32.exe
D:\Programmi\AVPersonal\AVWUPSRV.EXE
D:\Programmi\SPAMfighter\SFAgent.exe
D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
D:\Programmi\Free History Eraser\HistoryEraser.exe
d:\programmi\mcafee.com\agent\mcdetect.exe
D:\Programmi\mmm\Mmm.exe
d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
D:\Programmi\AutoPostit\Postit.exe
D:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\mgabg.exe
D:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
D:\Programmi\AutoPostit\cntr.exe
D:\Programmi\Alice ti aiuta\bin\mpbtn.exe
D:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
D:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
D:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
D:\WINDOWS\System32\ups.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\system32\svchost.exe
D:\Programmi\Alwil Software\Avast4\ashWebSv.exe
D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
D:\Programmi\Outlook Express\msimn.exe
D:\Programmi\Messenger\msmsgs.exe
D:\WINDOWS\System32\ctfmon.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Programmi\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://it.geocities.com/anmisoraR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://it.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://it.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://it.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://it.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://it.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://search.qsrch.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Antonio CORSI Coll. Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - D:\Programmi\quickbar\quickbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NXIECatcher Class - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - D:\Programmi\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\programmi\google\googletoolbar1.dll
O2 - BHO: XBTB09580 Class - {B2A8E452-6A63-40ba-8B69-5620B5129ABA} - D:\PROGRA~1\WORDRE~1\WORDRE~1.DLL
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll
O2 - BHO: gPhotoShow Toolbar Helper - {F26BB70E-AC8A-4232-A71B-FE64AC45F763} - D:\Programmi\gPhotoShow Toolbar\v2.0.0.0\gPhotoShow_Toolbar.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Rapido - {D3403F20-7D39-435F-A8CB-45016C29E48E} - D:\Programmi\Rapido\Rapido.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programmi\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: WordReferenceEnIt - {5776A2BC-D803-47F6-9DC0-8344DB8D604C} - D:\Programmi\WordReferenceEnIt\wordreferenceEnIt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll
O3 - Toolbar: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - D:\Programmi\quickbar\quickbar.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - D:\Programmi\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: gPhotoShow Toolbar - {D0E449ED-EE93-4833-8A0A-40DE0E477507} - D:\Programmi\gPhotoShow Toolbar\v2.0.0.0\gPhotoShow_Toolbar.dll
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] d:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] D:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] D:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [CloneCDTray] "D:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "D:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [RegistryMechanic] D:\Programmi\Registry Mechanic\RegMech.exe /S
O4 - HKLM\..\Run: [SPAMfighter Agent] "D:\Programmi\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Zone Labs Client] D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ccleaner] "D:\Programmi\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [SPSTEALT] "D:\Programmi\Free History Eraser\HistoryEraser.exe" /stealt
O4 - HKCU\..\Run: [Mmm] "D:\Programmi\mmm\Mmm.exe"
O4 - Startup: AutoPostit.lnk = D:\Programmi\AutoPostit\Postit.exe
O4 - Startup: ERUNT AutoBackup.lnk = D:\Programmi\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Alice ti aiuta.lnk = D:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Cerca con Google - res://D:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://D:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll/search.htm
O8 - Extra context menu item: &Traduci parola in italiano - res://D:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://D:\Programmi\MSN Toolbar
Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/230?978e0cce947947299548ad8085bd1610
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://D:\Programmi\MSN Toolbar
Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/229?978e0cce947947299548ad8085bd1610
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://D:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://D:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Salva oggetto con NetXfer - D:\Programmi\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Salva oggetto con Star Downloader - D:\Programmi\Star Downloader\sdie.htm
O8 - Extra context menu item: Salva tutti gli oggetti con NetXfer - D:\Programmi\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Versione cache della pagina - res://D:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Programmi\ScaricaSiti\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Programmi\ScaricaSiti\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\PROGRA~1\Yahoo!\common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\PROGRA~1\Yahoo!\common\yhexbmesit.dll
O9 - Extra button: Umail - {2FECB27B-4DE3-4A04-90C1-9D60316E6D0D} -
http://umail.virgilio.it (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.virgilio.it/adsl/01.adsl
O15 - Trusted Zone: *.http://www.master69.biz
O15 - Trusted Zone: *.http://www.sgrunt.biz
O15 - Trusted Zone: *.http://www.yeak.net
O15 - Trusted Zone:
www.linkautomatici.comO15 - Trusted Zone:
www.playitalia.comO15 - Trusted Zone:
www.redfunny.comO15 - Trusted Zone:
www.sgrunt.bizO15 - Trusted Zone:
www.skymasters.bizO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - D:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{72C5473F-396D-4E6A-9131-7B14DA425B92}: NameServer = 85.37.17.16 151.99.125.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8698025E-1E15-4337-A677-0E4DB7DFB153}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Active WebCam Watchdog - Unknown - D:\Program.exe (file missing)
O23 - Service: avast! iAVS4 Control Service - Unknown - D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - D:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - D:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: FreePOPs - Unknown - D:\Programmi\FreePOPs\freepopsservice.exe
O23 - Service: McAfee WSC Integration - McAfee, Inc - d:\programmi\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler - McAfee, Inc - d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - D:\WINDOWS\System32\mgabg.exe
O23 - Service: McAfee SpamKiller Server - Networks Associates Technology. Inc. - D:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - D:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: SysEnforce - Unknown - D:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe