ecco
Logfile of HijackThis v1.98.2
Scan saved at 17.06.18, on 16/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINXPOK2\System32\smss.exe
C:\WINXPOK2\system32\winlogon.exe
C:\WINXPOK2\system32\services.exe
C:\WINXPOK2\system32\lsass.exe
C:\WINXPOK2\system32\svchost.exe
C:\WINXPOK2\System32\svchost.exe
C:\WINXPOK2\system32\spoolsv.exe
C:\WINXPOK2\System32\DRIVERS\CDANTSRV.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINXPOK2\System32\nvsvc32.exe
C:\WINXPOK2\System32\svchost.exe
C:\Programmi\Trend Micro\Internet Security\Tmntsrv.exe
C:\Programmi\Trend Micro\Internet Security\tmproxy.exe
C:\Programmi\Trend Micro\Internet Security\PccPfw.exe
C:\WINXPOK2\Explorer.EXE
C:\Programmi\Trend Micro\Internet Security\pccguide.exe
C:\Programmi\Trend Micro\Internet Security\PCClient.exe
C:\Programmi\Trend Micro\Internet Security\TMOAgent.exe
C:\WINXPOK2\System32\RunDll32.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\AdunanzA Fastweb\eMule_AdnzA.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Mauro\IMPOST~1\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.searchv.com/1/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
http://www.searchv.com/1/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
http://www.searchv.com/1/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://www.anonymizer.com/affiliate/door.cgi?
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINXPOK2\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Programmi\Trend Micro\PC-cillin 2003\Pop3trap.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmi\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Programmi\Trend Micro\PC-cillin 2003\PCCClient.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Programmi\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Programmi\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [lwz] c:\windows\lwz.exe
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Programmi\Jetico\BestCrypt\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [zSPGuard] c:\programmi\pjw\spguard\spguard.exe /s
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINXPOK2\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINXPOK2\System32\spoolsrv32.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Search - {00000000-0000-0000-0000-000000000000} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINXPOK2\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINXPOK2\System32\msjava.dll
O9 - Extra button: Search - {30F61037-18D2-47F9-AA8B-22769BD5BF31} - (no file)
O9 - Extra button: Search - {3EBE6E7C-BA91-43DE-841A-FB4251625686} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O12 - Plugin for .jsp: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mov: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .psd: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O16 - DPF: {00000000-0000-0000-0000-000020030000} -
http://tbosat.altervista.org/10423.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} -
file://C:\Program Files\Q330994.exe
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:C:\arct.chm::/painter.exe
O16 - DPF: {2A57772A-D963-4533-A999-A4D66B7EF424} (BHO.clsUrlSearch) -
http://sexprovider.com/video/exit/inst.exe
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} -
http://akamai.downloadv3.com/binaries/L ... _EN_XP.cab
O16 - DPF: {5D7334F5-CF58-4F22-8502-6CC0ACB2FEFF} -
http://www.dialer-shop.com/protected/code/axrbpt.cab
O16 - DPF: {B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C} -
http://akamai.downloadv3.com/binaries/o ... eSvcEN.cab
O16 - DPF: {C94158E1-6151-4442-ABE6-FD53D6534EFB} -
http://searchfind.info/bar/win32.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} -
http://deposito.hostance.net/dialer/304843.exe
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} -
http://download.rfwnad.com/cab/crack.CAB
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - (no file)