Logfile of HijackThis v1.99.1
Scan saved at 20.52.37, on 21/04/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Winamp\Winampa.exe
C:\WINNT\System32\s2ohuyfi265jwhthd.exe
C:\WINNT\System32\tibs3.exe
C:\WINNT\cj0g9w0b19.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\RENZOC~1\IMPOST~1\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://letgohome.com/sp.htm?id=31130R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://freshvideogals.com/search/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://freshvideogals.com/search/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://letgohome.com/sp.htm?id=31130R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://letgohome.com/hp.htm?id=31130R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://letgohome.com/hp.htm?id=31130R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://freshvideogals.com/search/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://letgohome.com/hp.htm?id=31130R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://freshvideogals.com/search/R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://freshvideogals.com/search/R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://letgohome.com/sp.htm?id=31130R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://freshvideogals.com/search/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://freshvideogals.com/search/small.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://freshvideogals.com/search/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
http://searchmyrequest.com/hp.phpR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.libero.it:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.libero.it; *.iol.it; *.inwind.it; *.blu.it;(local)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINNT\System32\F8KH4I~1.DLL
O3 - Toolbar: andRadio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [AdobeFonts] C:\WINNT\Fonts\fonts.hta
O4 - HKLM\..\Run: [Control handler] C:\WINNT\System32\s2ohuyfi265jwhthd.exe
O4 - HKLM\..\Run: [tibs3] C:\WINNT\System32\tibs3.exe
O4 - HKLM\..\Run: [d3pf0fw2o7] C:\WINNT\cj0g9w0b19.exe
O4 - HKCU\..\Run: [aimboot] :SystemRoot%\awinrar.exe
O9 - Extra button: Microsoft AntiSpyware helper - {EBC6182C-1027-40B7-B317-FE5AC49C0728} - C:\WINNT\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EBC6182C-1027-40B7-B317-FE5AC49C0728} - C:\WINNT\System32\wldr.dll
O9 - Extra button: Microsoft AntiSpyware helper - {FF4E9528-ABF5-4B8A-BB72-5378A8A68901} - C:\WINNT\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FF4E9528-ABF5-4B8A-BB72-5378A8A68901} - C:\WINNT\System32\wldr.dll
O9 - Extra button: Microsoft AntiSpyware helper - {EBC6182C-1027-40B7-B317-FE5AC49C0728} - C:\WINNT\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EBC6182C-1027-40B7-B317-FE5AC49C0728} - C:\WINNT\System32\wldr.dll (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {ED18B45C-7AF0-4C69-8207-8353F7DED12C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ED18B45C-7AF0-4C69-8207-8353F7DED12C} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {FF4E9528-ABF5-4B8A-BB72-5378A8A68901} - C:\WINNT\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FF4E9528-ABF5-4B8A-BB72-5378A8A68901} - C:\WINNT\System32\wldr.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2210F92-C30C-401B-B4E6-4CE4D40E4F27}: NameServer = 193.70.152.25 193.70.192.25
O20 - AppInit_DLLs: m3c1d9g8b8e7pill.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe