Logfile of HijackThis v1.99.1
Scan saved at 22.46.17, on 14/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\RVS\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~2\UpsPilot\Winpower.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~2\UpsPilot\hello21.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
L:\Programmi\QuickTime\qttask.exe
L:\Programmi\NetLimiter\NetLimiter.exe
L:\Programmi\D-Tools\daemon.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
L:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\ORiNOCO\Client Manager\CmLUC.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINDOWS\twain_32\trust\19200\SCANER32.EXE
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\SalvoEli\Desktop\Nuova cartella (4)\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.it/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 209.158.71.16:8609
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;(local)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvMixerTray] C:\Programmi\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPoXUSDM] "C:\Programmi\EPOX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ImInstaller] C:\DOCUME~1\SalvoEli\IMPOST~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe -product IncrediMail
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "L:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NetLimiter] l:\Programmi\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "L:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Programmi\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [byzrpi] C:\WINDOWS\System32\umrdic.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Programmi\NaviSearch\bin\nls.exe
O4 - HKLM\..\RunServices: [Winpower] C:\Program Files\UpsPilot\Winpower.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Programmi\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MemTurbo.lnk = C:\Programmi\MemTurbo30\MemTurbo.exe
O4 - Startup: Trust Scanner Utilities.lnk = C:\WINDOWS\twain_32\trust\19200\SCANER32.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = L:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: ORiNOCO Client Manager.lnk = C:\Programmi\ORiNOCO\Client Manager\CmLUC.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) -
http://www.drivershq.com/cab/prod/DD_v4.CABO16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) -
https://support.microsoft.com/OAS/ActiveX/odc.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/0736ee81e8a3c56b5e05/netzip/RdxIE601_it.cabO16 - DPF: {5DDF3BA5-7DCD-45A9-B4A1-601E67700271} (DDv4_Member.DDv4) -
http://www.drivershq.com/cab/prod/DDv4_Member.CABO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1118304692484O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) -
https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CABO16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) -
http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cabO16 - DPF: {A6EE3F8E-925E-11D4-892D-0000C0D84CF5} (3DCT Viewer Class) -
http://www.3dcompress.com/download/3DSee.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/msnmessengersetupdownloader.cabO16 - DPF: {ED6D016A-12F8-4871-BEDC-CE13AAAB4F0B} (DD_v4_Member.DDv4) -
http://www.drivershq.com/members/DD_v4_Member.CABO17 - HKLM\System\CCS\Services\Tcpip\..\{AD35DC75-79E2-4BFF-9EBA-586EA465A816}: NameServer = 212.216.112.112,212.216.172.62
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: ISEXEng - Unknown owner - (no file)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: RVS Installer (RVSINST) - RVS Datentechnik GmbH, München - C:\Programmi\RVS\WCOM\SYSTEM\RVSINST.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Winpower - Zero G - C:\PROGRA~2\UpsPilot\Winpower.exe