Help E1xplorer Log Hjthis diverso dal solito
Inviato: ven giu 23, 2006 3:09 pmLogfile of HijackThis v1.99.1
Scan saved at 16.02.59, on 23/06/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\downlo~1\rwbhc\dnobtr.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mgabg.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PDesk\PDesk.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINNT\system32\sysmon.exe
C:\WINNT\Mixer.exe
C:\Programmi\File comuni\FotoNation\EvLstnr.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Disspy\Disspy.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\WINNT\system32\wuauclt.exe
C:\Programmi\bin\Term.exe
C:\Documents and Settings\cadlab\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.1987324.com?301
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {7E1737D3-90EB-C507-D31F-017959190A30} - WinInitDll.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Systems] C:\WINNT\system32\sysmon.exe
O4 - HKLM\..\Run: [sysconf16] Bogobot.exe
O4 - HKLM\..\Run: [corrida] panel_its.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Programmi\File comuni\FotoNation\EvLstnr.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINNT\System32\yaemu.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\cadlab\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WareOut] "C:\Programmi\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [DTOURS] InpriseMon.exe
O4 - HKCU\..\Run: [StatusCheck] control64.exe
O4 - HKCU\..\Run: [Disspy] C:\Programmi\Disspy\Disspy.exe - silent
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O14 - IERESET.INF: START_PAGE_URL=http://it.msn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://it.msn.com
O15 - Trusted Zone: www.1987324.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{43C5C409-F8E4-4229-9FE9-B3C6DEA60D38}: NameServer = 85.255.113.125,85.255.112.26
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.176.157,85.255.112.6
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.176.157,85.255.112.6
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.157,85.255.112.6
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
Scan saved at 16.02.59, on 23/06/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\downlo~1\rwbhc\dnobtr.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mgabg.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PDesk\PDesk.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINNT\system32\sysmon.exe
C:\WINNT\Mixer.exe
C:\Programmi\File comuni\FotoNation\EvLstnr.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Disspy\Disspy.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\WINNT\system32\wuauclt.exe
C:\Programmi\bin\Term.exe
C:\Documents and Settings\cadlab\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.1987324.com?301
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {7E1737D3-90EB-C507-D31F-017959190A30} - WinInitDll.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Systems] C:\WINNT\system32\sysmon.exe
O4 - HKLM\..\Run: [sysconf16] Bogobot.exe
O4 - HKLM\..\Run: [corrida] panel_its.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Programmi\File comuni\FotoNation\EvLstnr.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINNT\System32\yaemu.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\cadlab\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WareOut] "C:\Programmi\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [DTOURS] InpriseMon.exe
O4 - HKCU\..\Run: [StatusCheck] control64.exe
O4 - HKCU\..\Run: [Disspy] C:\Programmi\Disspy\Disspy.exe - silent
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O14 - IERESET.INF: START_PAGE_URL=http://it.msn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://it.msn.com
O15 - Trusted Zone: www.1987324.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{43C5C409-F8E4-4229-9FE9-B3C6DEA60D38}: NameServer = 85.255.113.125,85.255.112.26
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.176.157,85.255.112.6
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.176.157,85.255.112.6
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.157,85.255.112.6
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
![[banned]](http://www.megalab.it/forum/images/smilies/banned.gif "Bannato!")