Logfile of HijackThis v1.99.1
Scan saved at 09:43:36, on 16/06/2005
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\programmi\filenet\idm\fnsysmgr.exe
C:\WINNT\System32\PROMon.exe
C:\WINNT\System32\loadwc.exe
C:\EPOAgent\naimag32.exe
C:\WINNT\System32\logdata.exe
C:\WINNT\System32\dataspool.exe
C:\WINNT\System32\expolerhost.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\WINNT\System32\windiagrun.exe
C:\Programmi\Optus\FACSys Desktop Client\facsys.exe
C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
\Nanacm1sa03\Leone R\condivisione\Cascone\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.it.msn.com/access/allinone.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.poste.it/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = PROXYNA.RETE.POSTE:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;*.POSTE;(local)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O1 - Hosts: 172.16.3.191 servsag1
O1 - Hosts: 172.16.3.192 servsag2
O1 - Hosts: 172.16.3.224 cluster1
O1 - Hosts: 172.16.3.217 ws_prod
O3 - Toolbar: andRadio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MGA QuickDesk] "C:\Programmi\MGA NT PowerDesk\QDesk\MGAQDESK.EXE"
O4 - HKLM\..\Run: [0FileNET System Manager] c:\programmi\filenet\idm\fnsysmgr.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINNT\System32\runonce.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINNT\FVProtect.exe
O4 - HKLM\..\Run: [NaimAgent_UI] C:\EPOAgent\naimag32.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [Remote Procedure Call Locator] RUNDLL32.EXE reg678.dll ondll_reg
O4 - HKLM\..\Run: [WinGate initialize] C:\WINNT\System32\WinGate.exe -remoteshell
O4 - HKLM\..\Run: [crypt] C:\WINNT\System32\datadiagrun.exe
O4 - HKLM\..\Run: [winlogrunx] C:\WINNT\System32\logdata.exe :srun:
O4 - HKLM\..\Run: [winhost] C:\WINNT\System32\runlog.exe
O4 - HKLM\..\Run: [cryptwinx] C:\WINNT\System32\dataspool.exe %srun%
O4 - HKLM\..\Run: [expoler] C:\WINNT\System32\spooldatacrypt.exe
O4 - HKLM\..\Run: [diagdata32x] C:\WINNT\System32\expolerhost.exe %srun%
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [hostexpoler] C:\WINNT\System32\service.exe
O4 - HKLM\..\Run: [servicerunx] C:\WINNT\System32\windiagrun.exe %srun%
O4 - HKLM\..\RunOnce: [MSAntiVirus] C:\WINNT\System32\service.exe %1
O4 - Global Startup: FACSys Desktop Client.lnk = C:\Programmi\Optus\FACSys Desktop Client\facsys.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show andRelated Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O13 - WWW. Prefix: http://
O15 - Trusted IP range:
http://10.200.23.225O16 - DPF: {044748BF-8787-11D7-A806-0050BA874AC9} (ctrlNaviga.UserControl1) - file://C:\TEMP\ctrlNaviga.CAB
O16 - DPF: {08288600-E9D9-11D1-9C84-006008319186} (VanTFind.VanTFindCtrl) - file://C:\TEMP\VanTFind.CAB
O16 - DPF: {0CBD083F-B6B3-11D0-AD20-0060976EA210} (DropBox Control) - file://C:\TEMP\vandropbox.cab
O16 - DPF: {14924309-C4D4-11D1-85ED-006097794610} (StkCstUserControl.StkCstMaster) - file://C:\TEMP\ucStkCst.cab
O16 - DPF: {186BBCF0-989D-11D6-A790-0050BA875382} (DMSFAXAx.DMSFAX) - file://C:\TEMP\OCXDMSFAX.CAB
O16 - DPF: {1C8B8F66-60FA-11D1-8B99-0020AFF5AA3B} (ucCommonDataField.ucCmnDataField) - file://C:\TEMP\icccdf4.cab
O16 - DPF: {201CF4B6-C42D-11D1-A0EC-006008936BDD} (ItemStUC.ItemStocking) - file://C:\TEMP\ucItmStk.cab
O16 - DPF: {2F756781-B536-11D2-8847-00105A287731} (VanDispBrd.DispatchBoard) - file://C:\TEMP\VanDispBrd.cab
O16 - DPF: {4117ECE7-C7FE-11D1-9844-0060089F7AEB} (StkLkpUC.StockLookup) - file://C:\TEMP\ucStkLkp.cab
O16 - DPF: {4E192D78-E515-11D1-B89E-0020AFF695A0} (ItmMastUC.ItemMaster) - file://C:\TEMP\ucItmMst.cab
O16 - DPF: {57DE800D-2D37-11D7-A82B-0050BA871338} (DMSFAXAx.DMSFAX) - file://C:\TEMP\OCXDMSFAX.CAB
O16 - DPF: {5D90B6F9-6BC1-4A8C-8FFF-20B82F0154A7} (RL_SCSF_DATA_ENTRY.RL_SCSF_UCDE) -
http://10.200.23.225/rl_scsf/bin/DATA_ENTRY/RL_SCSF_DATA_ENTRY.CABO16 - DPF: {603607C4-BE6F-11D1-983A-0060089F7AEB} (CarrierUserControl.CarrierMaster) - file://C:\TEMP\ucCarrier.cab
O16 - DPF: {6D852581-7F1A-11D2-9CAB-006008319186} (VanColorPickProj.VanColorPick) - file://C:\TEMP\VanColorPick.CAB
O16 - DPF: {7719F1F9-60DD-11D6-A842-0050BAD3C282} (OcxBrowseFile.OcxBrowse) - file://C:\TEMP\OcxBrowse.CAB
O16 - DPF: {9345E91A-BF88-11D1-8AFE-00A02470741B} (VendorContUC.VendorCont) - file://C:\TEMP\ucVendCt.cab
O16 - DPF: {97EEFD1A-C41D-11D1-A0EC-006008936BDD} (CustLabelsUsrCtrl.CustomLabels) - file://C:\TEMP\ucCusLbl.cab
O16 - DPF: {99AC51A7-BEFF-11D1-B5B1-00A024CD30C6} (VanFind.VanFindCtrl) - file://C:\TEMP\VanFind.CAB
O16 - DPF: {9E85612B-D0A6-11D1-89BF-0060089F7A3E} (ShipComp.ShipmentViewer) - file://C:\TEMP\SHIPVIEW.cab
O16 - DPF: {A6928F2E-DDEF-11D1-804D-006097F95635} (vanStageTask.van_stage_task_ctl) - file://C:\TEMP\vanStageTask.CAB
O16 - DPF: {AA64AF34-C45D-11D1-85ED-006097794610} (VirDomUC.VirDomainMaster) - file://C:\TEMP\ucVirDm.cab
O16 - DPF: {ADCBFFBC-DB3F-11D2-AADF-006008936C61} (VanGrid.VanGridCtrl) - file://C:\TEMP\VanGrid.CAB
O16 - DPF: {B17BDF56-51B3-11D4-A6F9-0050BAD5DD72} (DMSFAXAx.DMSFAX) - file://C:\TEMP\OCXDMSFAX.CAB
O16 - DPF: {B1907EA4-B6D4-11D7-A80E-0050BA874AC9} (OCXGrid.TabellaCampagna) - file://C:\TEMP\OCXCampagnaGrid.CAB
O16 - DPF: {B2E0C2EA-A543-11CF-BC8C-207402C10627} (GMS Angular Gauge ActiveX Control) - file://C:\TEMP\AGaugeM.cab
O16 - DPF: {B744CC97-779B-11D6-95BD-00E07D8460A8} (ctrlNaviga.UserControl1) - file://C:\TEMP\ctrlNaviga.CAB
O16 - DPF: {B86D4018-C597-11D1-9843-0060089F7AEB} (UOMUserControl.UOMMaster) - file://C:\TEMP\ucUOM.cab
O16 - DPF: {B86D4502-C597-11D1-9843-0060089F7AEB} (ItemCat.ItmCatUC) - file://C:\TEMP\ucItmCat.cab
O16 - DPF: {B8958DE0-BAC9-101C-933E-0000C005958C} (FarPoint DateTime Control) - file://C:\TEMP\edt32x20.CAB
O16 - DPF: {B9FDDE3F-28E2-11D2-B461-006008936ABD} (vanChevron.van_chevron_ctl) - file://C:\TEMP\vanChevron.CAB
O16 - DPF: {BA90D6D7-F6F3-11D6-A7F8-0050BA871338} (ClientPosta.Posta) - file://C:\TEMP\ClientPosta.CAB
O16 - DPF: {BB1B5064-1496-4E40-A80D-EFF7C5A953A6} (VacPro.italy_vdem) -
http://207.234.185.217/italy_vdem.CABO16 - DPF: {BE77224A-C41F-11D1-85ED-006097794610} (StkDtUserControl.StkDtMaster) - file://C:\TEMP\ucStkDt.cab
O16 - DPF: {C6CCA9AF-2B4E-11D1-9B21-0080C79EFE90} (VanPallet.VanPalletCtrl) - file://C:\TEMP\VanPallet.CAB
O16 - DPF: {D67FD81C-8F95-4E52-B8EB-7B663EC5B94D} (OCXGrid.TabellaCampagna) - file://C:\TEMP\OCXCampagnaGrid.CAB
O16 - DPF: {E0DB982A-E986-11D0-B2F8-00A0247B9D10} (VanViewer.VanViewerCrtl) - file://C:\TEMP\VanViewer.CAB
O16 - DPF: {EB0CF3B4-C33B-11D1-A0EC-006008936BDD} (StkStUC.StockStatusMaint) - file://C:\TEMP\ucStkSt.cab
O16 - DPF: {EB52CF7B-3917-11CE-80FB-0000C0C14E92} (SSDateCombo Control) - file://C:\TEMP\VanSSCALA32.cab
O16 - DPF: {EBF47667-BF3F-11D1-983D-0060089F7AEB} (CarrConUserControl.CarrierContactMaster) - file://C:\TEMP\ucCarCont.cab
O16 - DPF: {EC9B6CDE-C5BF-11D2-820B-00A024CD30C6} (VanLiteralDLL.VanLiteral) - file://C:\TEMP\VanLiteralDLL.CAB
O16 - DPF: {ED738376-C44A-11D1-A0EC-006008936BDD} (BDUsrCtrl.BusinessDomain) - file://C:\TEMP\ucBusDom.cab
O16 - DPF: {F29BE3C6-BE82-11D1-91FE-0020AFF5AA68} (CurrencyUserControl.CurrencyMaster) - file://C:\TEMP\ucCurr.cab
O16 - DPF: {F39FD815-E9C3-11D1-9C83-006008319186} (VanTree.VanTreeCtrl) - file://C:\TEMP\VanTree.CAB
O16 - DPF: {F74887C8-C44B-11D1-85ED-006097794610} (VendorUserControl.VendorMaster) - file://C:\TEMP\ucVend.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} -
http://deposito.hostance.net/dialer/1026378.exeO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = napoli
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = napoli
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 10.199.51.1 10.199.51.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 10.199.51.1 10.199.51.2
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Programmi\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: GoverLAN Service (GOVsrv) - Unknown owner - C:\Program Files\PJ Technologies\GOVsrv\GOVsrv.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: ll_reg - Unknown owner - Rundll32.exe (file missing)
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT.exe
O23 - Service: McShield - Unknown owner - C:\Programmi\File comuni\Network Associates\McShield\Mcshield.exe
O23 - Service: MGACtrl - Martrox Graphics Inc. - C:\WINNT\System32\mgasc.exe
O23 - Service: NAI ePolicy Orchestrator Agent (NAIMAGENT32) - Network Associates, Inc. - C:\EPOAgent\naimas32.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Oracle\Ora81\BIN\ONRSD.EXE
