StartupList report, 01/11/05, 7.32.42
StartupList version: 1.52.2
Started from : C:\UTILITY\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v5.00 (5.00.2614.3500)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMMI\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAMMI\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAMMI\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAMMI\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAMMI\WEBSHOTS\WEBSHOTS.SCR
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\UTILITY\HIJACKTHIS.EXE

---

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Menu Avvio\Programmi\Esecuzione automatica]
Webshots.lnk = C:\Programmi\Webshots\Launcher.exe
Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE

---

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AVG7_CC = C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
AVG7_EMC = C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
AVG7_AMSVR = C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
SpeedTouch USB Diagnostics = "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
EnsoniqMixer = starter.exe

---

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

---

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry value not found*

---

C:\WINDOWS\WININIT.BAK listing:
(Created 31/10/2005, 7:7:40)

[Rename]
NUL=C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT
NUL=C:\WINDOWS\COOKIES\INDEX.DAT
NUL=C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT
NUL=C:\WINDOWS\COOKIES\INDEX.DAT
NUL=C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT
NUL=C:\WINDOWS\COOKIES\INDEX.DAT
NUL=C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT
NUL=C:\WINDOWS\COOKIES\INDEX.DAT
NUL=C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT
NUL=C:\WINDOWS\COOKIES\INDEX.DAT
NUL=C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT
NUL=C:\WINDOWS\COOKIES\INDEX.DAT

---

C:\AUTOEXEC.BAT listing:

C:\PROGRA~1\GRISOFT\AVGFRE~1\BOOTUP.EXE
SET PATH=%PATH%;"C:\Programmi\VoiceAge\Common"
SET PATH=%PATH%;"C:\Programmi\VoiceAge\Common"
mode con codepage prepare=((850) C:\WINDOWS\COMMAND\ega.cpi)
mode con codepage select=850
keyb it,,C:\WINDOWS\COMMAND\keyboard.sys

---

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\WINDOWS\SYSTEM\MAX3548.DLL - {CF021F40-3E14-23A5-CBA2-716D61783548}
(no name) - (no file) - {2361D002-F7BE-11D9-A949-44453787AEA7}
(no name) - c:\programmi\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
iMeshBar BHO - (no file) - {5345A7A1-805A-4923-B505-86B2FEBA3FE0}

---

Enumerating Task Scheduler jobs:

Avvio ottimizzazione applicazione.job
Ottimizzazione di Scandisk.job
Ottimizzazione Utilità di deframmentazione.job
Ottimizzazione di Pulitura disco.job

---

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH8.OCX
CODEBASE = http://active.macromedia.com/flash2/cabs/swflash.cab

[DownloaderActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\DOWNLO~1.OCX
CODEBASE = http://c6.community.virgilio.it/download/DownloaderActiveX.cab

[YAutoImport Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YAUTOIOL.DLL
CODEBASE = http://download.yahoo.com/dl/mail/yautoiol1.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38652.9408101852

---

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: *Registry key not found*
OLE Module: *Registry key not found*

---

End of report, 5.355 bytes
Report generated in 0,235 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Esegui queste operazioni

riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA

in modalità provvisoria fai una scansione Antivirus con il tuo programma e utilizza anche questi remover
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1043
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1177

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

Fai una scansione con questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1286

riavvia in modo normale e inviami il log di Hijack
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175

---

Collaboratore Aiutamici