Logfile of HijackThis v1.99.1
Scan saved at 13.17.38, on 01/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Lucio\Documenti\Software\Software scaricato\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedit.myway.com/samisc/ ... ebar.jhtml
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=it&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/defau ... l=it&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=it&s=gen
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www1.euro.dell.com/content/defau ... l=it&s=gen
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Programmi\MyWaySA\SrchAsDe\deSrcAs.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\svchost.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Programmi\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmi\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Programmi\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Programmi\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Programmi\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [dmldt.exe] C:\WINDOWS\system32\dmldt.exe
O4 - HKLM\..\Run: [xqwxe.exe] C:\WINDOWS\system32\xqwxe.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: ActivePrintCab - https://eureka.bancaeuromobiliare.it/AM ... intCab.CAB
O16 - DPF: AdobeFdFToolKit - https://eureka.bancaeuromobiliare.it/AM ... oolKit.CAB
O16 - DPF: AdobeFdfToolKitActX - https://eureka.bancaeuromobiliare.it/AM ... itActX.CAB
O16 - DPF: AlnovaUtilitiesActXCab - https://eureka.bancaeuromobiliare.it/AM ... ctXCab.CAB
O16 - DPF: CEJbxPrintEO - https://eureka.bancaeuromobiliare.it/AM ... rintEO.CAB
O16 - DPF: CEJbxPrintTL - https://eureka.bancaeuromobiliare.it/AM ... rintTL.CAB
O16 - DPF: CEJbxPrintWO - https://eureka.bancaeuromobiliare.it/AM ... rintWO.CAB
O16 - DPF: CEJbxPrintWOMT - https://eureka.bancaeuromobiliare.it/AM ... ntWOMT.CAB
O16 - DPF: FileDownloadCab - https://eureka.bancaeuromobiliare.it/AM ... oadCab.CAB
O16 - DPF: InstalacionATLTableDLL - https://eureka.bancaeuromobiliare.it/AM ... bleDLL.CAB
O16 - DPF: mschrt20 - https://eureka.bancaeuromobiliare.it/AM ... chrt20.cab
O16 - DPF: SetupACTXAC - https://eureka.bancaeuromobiliare.it/AM ... ionOCX.CAB
O16 - DPF: SetupATLMASK - https://eureka.bancaeuromobiliare.it/AM ... askDLL.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9F0EAC1-97D6-4448-A6E1-FB36677A0F7E}: NameServer = 85.255.116.133,85.255.112.236
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.133 85.255.112.236
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.133 85.255.112.236
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Programmi\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmi\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmi\Intel\PROSetWired\NCS\Sync\NetSvc.exe
Tra l'altro ho notato che questi due file:
O4 - HKLM\..\Run: [dmldt.exe] C:\WINDOWS\system32\dmldt.exe
O4 - HKLM\..\Run: [xqwxe.exe] C:\WINDOWS\system32\xqwxe.exe
in precedenti scansioni con HijackThis non c'erano.
Allego anche la schermata.
Grazie e a presto.