Mimi
13-06-2005, 11:41
Io uso sempre Firefox, ma per l'home banking posso usare solo IE.
Appena apro explorer mi si apre un'altra finestra con le classiche donnine nude e mi si blocca tutto il PC!!!
Io come anti virus ho norton, ma ho provato a fare una scansione con Nod32 e mi dice che il pc è pulito, ho usato Ad.aware e spybot e ho rimosso tutte le cose strane, ho usato CWShredder e per lui è tutto OK ora ho provato HijackThis e questo e il log che mi da:
Logfile of HijackThis v1.99.1
Scan saved at 12.16.53, on 13/06/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\ScsiAccess.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Linksts.exe
C:\WINNT\system32\sistray.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\ntvdm.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINNT\explorer.exe
C:\Programmi\Norton AntiVirus\OPScan.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary
Internet Files\Content.IE5\5O8J1DO5\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://new-search.net/search.php?v=6&aff=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://new-search.net/index.php?v=6&aff=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://portale.aci.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\system32\sistray.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec
Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - Startup: collprn.bat
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -
C:\Programmi\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -
C:\Programmi\ICQ\ICQ.exe
O15 - Trusted Zone: *.aci.it
O15 - Trusted Zone: http://www.dexara.net
O15 - Trusted Zone: *.dexara.net
O15 - Trusted Zone: *.sermetra.it
O15 - Trusted Zone: http://www.studioaperto.net
O15 - Trusted Zone: *.studioaperto.net
O16 - DPF: {00000000-0000-0000-0000-000020030000} -
http://www.tatuaggi.cc/tatuaggi.exe
O16 - DPF: {07333473-17BF-4305-B295-173BB550F5FB} (Progetto1.UserControl1) -
http://maciste.aci.it/MACiSteWeb/Support/password.CAB
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} -
ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona
Control) - http://servizi.sermetra.it/moduli/Insegne/cab/cortvrml.cab
O16 - DPF: {8719B823-8CC6-11D6-BDAB-000255195BA0} (PersonalData Class) -
http://10.139.230.10:7777/sportello/Configurazione/Coder.CAB
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} -
http://www.netvenda.com/sites/gamdr-it/itd/games3.cab
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) -
https://www.st.aci.it/SportelloTelematico/ST_FirmaClient.CAB
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control)
- http://chat1.kataweb.it:4080/chat/data/html/misc/msichat.cab
O16 - DPF: {B3B8DBD3-EEFF-11D5-97DF-00062971F17C}
(ST_MCTC_GWStarter.ctlConfigChecker) -
https://www.st.aci.it/SportelloTelematico/ST_MCTC_GWStarter.CAB
O16 - DPF: {BA63DE73-DC30-11D6-BE45-000255195295}
(GetInformationUser.clsUserInfo) -
http://192.168.1.125/Assistenza/CabFiles/GetInformationUser.CAB
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} -
http://deposito.hostance.net/dialer/604998.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {FFFF0018-0001-101A-A3C9-08002B2F49FB} -
http://www.aste-giudiziarie-online.com/astem.exe
O17 -
HKLM\System\CCS\Services\Tcpip\..\{E53939E2-8643-47D2-9DAC-59B82FA6616A}:
NameServer = 10.11.254.210 10.11.254.140
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} -
C:\WINNT\System32\vbsys2.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec
Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: ptssvc - Unknown owner - C:\Programmi\Kodak\Kodak EasyShare
software\bin\ptssvc.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
Appena apro explorer mi si apre un'altra finestra con le classiche donnine nude e mi si blocca tutto il PC!!!
Io come anti virus ho norton, ma ho provato a fare una scansione con Nod32 e mi dice che il pc è pulito, ho usato Ad.aware e spybot e ho rimosso tutte le cose strane, ho usato CWShredder e per lui è tutto OK ora ho provato HijackThis e questo e il log che mi da:
Logfile of HijackThis v1.99.1
Scan saved at 12.16.53, on 13/06/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\ScsiAccess.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Linksts.exe
C:\WINNT\system32\sistray.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\ntvdm.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINNT\explorer.exe
C:\Programmi\Norton AntiVirus\OPScan.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary
Internet Files\Content.IE5\5O8J1DO5\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://new-search.net/search.php?v=6&aff=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://new-search.net/index.php?v=6&aff=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://portale.aci.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\system32\sistray.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec
Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - Startup: collprn.bat
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -
C:\Programmi\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -
C:\Programmi\ICQ\ICQ.exe
O15 - Trusted Zone: *.aci.it
O15 - Trusted Zone: http://www.dexara.net
O15 - Trusted Zone: *.dexara.net
O15 - Trusted Zone: *.sermetra.it
O15 - Trusted Zone: http://www.studioaperto.net
O15 - Trusted Zone: *.studioaperto.net
O16 - DPF: {00000000-0000-0000-0000-000020030000} -
http://www.tatuaggi.cc/tatuaggi.exe
O16 - DPF: {07333473-17BF-4305-B295-173BB550F5FB} (Progetto1.UserControl1) -
http://maciste.aci.it/MACiSteWeb/Support/password.CAB
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} -
ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona
Control) - http://servizi.sermetra.it/moduli/Insegne/cab/cortvrml.cab
O16 - DPF: {8719B823-8CC6-11D6-BDAB-000255195BA0} (PersonalData Class) -
http://10.139.230.10:7777/sportello/Configurazione/Coder.CAB
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} -
http://www.netvenda.com/sites/gamdr-it/itd/games3.cab
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) -
https://www.st.aci.it/SportelloTelematico/ST_FirmaClient.CAB
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control)
- http://chat1.kataweb.it:4080/chat/data/html/misc/msichat.cab
O16 - DPF: {B3B8DBD3-EEFF-11D5-97DF-00062971F17C}
(ST_MCTC_GWStarter.ctlConfigChecker) -
https://www.st.aci.it/SportelloTelematico/ST_MCTC_GWStarter.CAB
O16 - DPF: {BA63DE73-DC30-11D6-BE45-000255195295}
(GetInformationUser.clsUserInfo) -
http://192.168.1.125/Assistenza/CabFiles/GetInformationUser.CAB
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} -
http://deposito.hostance.net/dialer/604998.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {FFFF0018-0001-101A-A3C9-08002B2F49FB} -
http://www.aste-giudiziarie-online.com/astem.exe
O17 -
HKLM\System\CCS\Services\Tcpip\..\{E53939E2-8643-47D2-9DAC-59B82FA6616A}:
NameServer = 10.11.254.210 10.11.254.140
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} -
C:\WINNT\System32\vbsys2.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec
Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: ptssvc - Unknown owner - C:\Programmi\Kodak\Kodak EasyShare
software\bin\ptssvc.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe