Logfile of HijackThis v1.99.1
Scan saved at 16.25.44, on 11/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\shost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\Explorer.EXE
C:\Programmi\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\windows\winsysban7.exe
C:\WINDOWS2\System32\ctfmon.exe
C:\Programmi\Save\Save.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Programmi\Philips ToUcam Camera\GameCam SE\Program\RFTray.exe
C:\unzipped\hijackthis[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://searchbar.findthewebsiteyouneed.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://searchbar.findthewebsiteyouneed.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://searchbar.findthewebsiteyouneed.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.libero.it/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.tiscali.itR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://searchbar.findthewebsiteyouneed.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://searchbar.findthewebsiteyouneed.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;(local)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com
www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS2\System32\msdxm.ocx
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmi\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [bgud`] C:\WINDOWS2\System32\cznvfhl.exe
O4 - HKLM\..\Run: [jemmdkqomlkbxlqkrgfkv] C:\WINDOWS2\System32\nrfkhdsjfv.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd7.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban7.exe
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS2\System32\ctfmon.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Programmi\Save\Save.exe"
O4 - HKCU\..\Run: [iriw] C:\PROGRA~1\FILECO~1\iriw\iriwm.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS2\System32\Shdocvw.dll
O9 - Extra button: Alice - {F4DC7BA4-0EAE-456E-9934-C1067E51593A} -
http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS2\shost.exe
