Ecco un altro pc incasinato, grazie a tutti.
Marco
Logfile of HijackThis v1.98.2
Scan saved at 17.39.44, on 08/09/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\languard.exe
C:\WINDOWS\cpds.exe
C:\WINDOWS\System32\syshelp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Roberto.ROBERTO-ZB01OH0.000\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.redfunny.com?3615
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 216.69.164.89 auto.search.msn.com #NETVISION
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\svchost.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft WinUpdate] Winlogin.exe
O4 - HKLM\..\Run: [Windows Compliant] xtdpvn.exe
O4 - HKLM\..\Run: [dr8y] C:\WINDOWS\xvxyij.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programmi\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [dr80+¿ÔÇè]Iú" ‹üžigC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\xvxyij.exe
O4 - HKLM\..\Run: [LanGuard] "C:\WINDOWS\languard.exe"
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Programmi\File comuni\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [cpds] C:\WINDOWS\cpds.exe
O4 - HKLM\..\Run: [svchosts] "C:\WINDOWS\svchosts.exe"
O4 - HKLM\..\Run: [micrup] "C:\WINDOWS\micrup.exe"
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\syshelp.exe
O4 - HKLM\..\RunServices: [Microsoft WinUpdate] Winlogin.exe
O4 - HKLM\..\RunServices: [Windows Compliant] xtdpvn.exe
O4 - HKLM\..\RunOnce: [StopSignStatus] Rundll32.exe "C:\Programmi\File comuni\eAcceleration\Installer\stopsinfo.dll",VerifyStatus /ro
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
O15 - Trusted Zone:
www.archiviosex.netO15 - Trusted Zone:
www.redfunny.comO15 - Trusted Zone:
www.skymasters.bizO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?946826107981O16 - DPF: {F57D27AE-CE57-4BC8-B232-EA57747BE5B7} -