Logfile of HijackThis v1.99.1
Scan saved at 21.45.55, on 29/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Programmi\Trust\250S Series\lwbwheel.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Programmi\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Netropa\Onscreen Display\OSD.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Ahead\Nero BackItUp\NBJ.exe
C:\WINDOWS\system32\winnook.exe
C:\spywarevanisher-free\FreeScanner.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Slim 3000\ICON.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\mario\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.top20results.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://gw.aliceadsl.it/homeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Programmi\Copernic 2001 Basic\Search Bar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 69.50.166.11
www.google.comO1 - Hosts: 69.50.166.11 google.com
O1 - Hosts: 69.50.166.11
www.google.co.ukO1 - Hosts: 69.50.166.11 google.co.uk
O1 - Hosts: 69.50.166.11
www.google.caO1 - Hosts: 69.50.166.11 google.ca
O1 - Hosts: 69.50.166.11
www.google.esO1 - Hosts: 69.50.166.11 google.es
O1 - Hosts: 69.50.166.11
www.google.deO1 - Hosts: 69.50.166.11 google.de
O1 - Hosts: 69.50.166.11
www.google.frO1 - Hosts: 69.50.166.11 google.fr
O1 - Hosts: 69.50.166.11
www.google.com.auO1 - Hosts: 69.50.166.11 google.com.au
O1 - Hosts: 69.50.166.14
www.yahoo.comO1 - Hosts: 69.50.166.14 yahoo.com
O1 - Hosts: 66.218.75.184 mail.yahoo.com
O1 - Hosts: 69.50.166.12
www.msn.comO1 - Hosts: 69.50.166.12 msn.com
O1 - Hosts: 69.50.166.12 search.msn.com
O1 - Hosts: 69.50.166.12
www.go.comO1 - Hosts: 69.50.166.12 go.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - :SystemRoot:\azentretien.dll (file missing)
O2 - BHO: BHOMoneyGainer Class - {2559D0B1-AF60-4BD5-965D-0E51383A6367} - C:\WINDOWS\shginas.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\azesearch4.dll
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\system32\iasada.dll
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\azesearch4.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [TrustInstaller] E:\Setup.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmi\Trust\250S Series\lwbwheel.exe
O4 - HKLM\..\Run: [ashMaiSv] F:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Programmi\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] "C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programmi\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [UserFaultCheck] :systemroot:\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AntivirusGold] C:\Programmi\AntivirusGold\AntivirusGold.exe /h
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\winnook.exe
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Slim 3000 Monitor.lnk = ?
O8 - Extra context menu item: andDownload with andDAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download andall with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Ricerca utilizzando Copernic - C:\Programmi\Copernic 2001 Basic\Search Extension.htm
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programmi\Copernic 2001 Basic\Copernic.exe
O9 - Extra 'Tools' menuitem: Avviare Copernic 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programmi\Copernic 2001 Basic\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Programmi\Copernic 2001 Basic\Copernic.exe
O9 - Extra button: Traduci - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Programmi\Copernic 2001 Basic\Translate.htm
O9 - Extra 'Tools' menuitem: andTraduci utilizzando Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Programmi\Copernic 2001 Basic\Translate.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {6CD4E6E4-0D63-4948-9DBF-7B9D682C2C1E} -
http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{A126EF90-039F-43FB-8DCF-88E63B9B7FBB}: NameServer = 80.19.114.21 151.99.125.1
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\uapnpmgr.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\abifile.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe