Logfile of HijackThis v1.99.1
Scan saved at 16.33.52, on 17/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\msole32.exe
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\service.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\winsystem32.exe
C:\WINDOWS\System32\intmonp.exe
C:\WINDOWS\System32\intmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Daniela\Impostazioni locali\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.quicknavigate.com/search.php?qq=:1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.quicknavigate.com/bar.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.quicknavigate.com/search.php?qq=:1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.qfind.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.qfind.net/search.php?qq=%sR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://qfind.net/bar/index.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.qfind.net/search.php?qq=%sR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.qfind.net/R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.quicknavigate.com/search.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.quicknavigate.com/search.php?qq=%1R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.qfind.net/search.php?qq=%sR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.qfind.net/search.php?qq=%sR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.quicknavigate.com/search.php?qq=%1R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
http://www.quicknavigate.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
http://www.qfind.net/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\System32\hp7F0D.tmp
O3 - Toolbar: andRadio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)
O4 - HKLM\..\Run: [MSN BETA] service.exe
O4 - HKLM\..\Run: [Windows System32] winsystem32.exe
O4 - HKLM\..\RunServices: [winnt DNS ident] iexplorer.exe
O4 - HKLM\..\RunServices: [MSN BETA] service.exe
O4 - HKLM\..\RunServices: [Windows System32] winsystem32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows System32] winsystem32.exe
O4 - HKCU\..\Run: [MSN BETA] service.exe
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show andRelated Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone:
www.archiviosex.netO15 - Trusted Zone:
http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{428F17D2-5124-44F9-824F-63D34605DD19}: NameServer = 85.37.17.13 151.99.125.1
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
Grazie per il vostro aiuto!!!