Logfile of HijackThis v1.99.1
Scan saved at 19.05.29, on 25/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\logon.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\SMBOLS~1\msdtc.exe
C:\WINDOWS\?ystem32\?serinit.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Uso Privato\Impostazioni locali\Temp\wzc175\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 205.214.67.211 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - C:\Programmi\LinkOptimizer\LinkOptimizer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKLM\..\Run: [Connector] C:\WINDOWS\system32\subfiles16\tyng17.EXE -d
O4 - HKLM\..\Run: [FASTTRACKPassepartout] C:\WINDOWS\Passepartout.exe -A
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\Run: [tlyv1.exe] C:\WINDOWS\TEMP\tlyv1.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [FASTTRACKPassepartout] C:\WINDOWS\Passepartout.exe -A
O4 - HKCU\..\Run: [Iirc] "C:\WINDOWS\SMBOLS~1\msdtc.exe" -vt wnew
O4 - HKCU\..\Run: [Vari] C:\WINDOWS\?ystem32\?serinit.exe
O4 - Global Startup: LG SyncManager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-000320050660} -
http://207.234.185.217/aboxinst_int16.exeO16 - DPF: {00000000-0000-0000-0000-000330050660} -
http://207.234.185.217/aboxinst_int20.exeO16 - DPF: {00000000-0709-0000-0000-000330050660} -
http://207.234.185.217/aboxinst_int21.exeO16 - DPF: {0F222EC8-205D-463F-90C9-D7249B333F09} (VacPro.int_ver1) -
http://advnt01.biz/dialer/int_ver1.CABO16 - DPF: {640DB888-6A57-409C-A329-5D87FEF1EC06} -
http://gromozon.com/133a4093/50300/1/xp/FreeAccess.ocxO16 - DPF: {9853EC59-448B-4118-A6A9-1E575DB48952} -
http://gromozon.com/dc3b8d7f/52139/1/xp/FreeAccess.ocxO16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} -
http://deposito.trafficredlight.net/10243-23.exeO16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} -
http://zllin.info/ism/us054/ism.exeO16 - DPF: {F7FD91D1-45E6-4349-B698-F976062DAC26} -
http://www.puttane-vere.it/adult/adulti.exeO16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} -
http://download.energy-factor.com/dialer/it/activex_1376_it.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{945A5C03-7A67-4FA6-ADB8-DFAAA01B130F}: NameServer = 85.37.17.51 85.38.28.97
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7D1AA4A-EF08-4CFE-B736-C835ECE680E0}: NameServer = 151.99.250.2,151.99.125.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)