Logfile of HijackThis v1.99.1
Scan saved at 10.37.21, on 03/02/2006
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\BHROOT\BIN\NT611SVC.EXE
C:\BHROOT\BIN\monitor.exe
C:\WINNT\System32\bmwebcfg.exe
C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\BHROOT\BIN\PORTMAP.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\shost.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\spnsrvnt.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\PROGRA~1\JAVASOFT\JRE\132E6D~1.1\bin\java.exe
C:\WINNT\System32\mspmspsv.exe
C:\BHROOT\BIN\DBMANG.EXE
C:\WINNT\Explorer.exe
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINNT\System32\NeroFilter.EXE
C:\WINNT\System32\ntsfd.exe
C:\w3.exe
C:\WINNT\System32\mssetupconf.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\elitemediapop.exe
C:\WINNT\System32\Isass.exe
C:\dm.exe
C:\winsysban5.exe
C:\WINNT\System32\updater.exe
C:\taskmgrs.exe
C:\Programmi\File comuni\Windows\services32.exe
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\Programmi\AVPersonal\AVGNT.EXE
C:\m\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://searchbar.findthewebsiteyouneed.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://searchbar.findthewebsiteyouneed.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://searchbar.findthewebsiteyouneed.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://searchbar.findthewebsiteyouneed.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://searchbar.findthewebsiteyouneed.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINNT\System32\gebcd.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\System32\WinNB57.dll
O2 - BHO: Bytemobile BHO - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINNT\System32\bmbho.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINNT\System32\jkklm.dll
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\System32\WinNB57.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\System32\wakccq.exe reg_run
O4 - HKLM\..\Run: [ihost.exe] C:\taskmgrs.exe
O4 - HKLM\..\Run: [System Update] mssetupconf.exe
O4 - HKLM\..\Run: [elitemedia] C:\WINNT\elitemediapop.exe
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] ntsfd.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\RunServices: [ff] wmd.exe
O4 - HKLM\..\RunServices: [NeroCheck] NeroFilter.EXE
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] ntsfd.exe
O4 - HKLM\..\RunServices: [System Update] mssetupconf.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] updater.exe
O4 - HKCU\..\Run: [System Update] mssetupconf.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] ntsfd.exe
O4 - HKCU\..\RunServices: [NeroCheck] NeroFilter.EXE
O4 - HKCU\..\RunServices: [System Update] mssetupconf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINNT\System32\wuauclt.dll
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINNT\System32\wuauclt.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone:
http://click.getmirar.com (HKLM)
O15 - Trusted Zone:
http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone:
http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone:
http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) -
http://awbeta.net-nucleus.com/FIX/WinATS.cabO16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) -
http://cabs.elitemediagroup.net/cabs/mediaview.cabO20 - Winlogon Notify: gebcd - C:\WINNT\System32\gebcd.dll
O20 - Winlogon Notify: jkklm - C:\WINNT\SYSTEM32\jkklm.dll
O20 - Winlogon Notify: sstqq - C:\WINNT\SYSTEM32\sstqq.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMMI\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: bh611 - Bell& Howell - C:\BHROOT\BIN\NT611SVC.EXE
O23 - Service: Bell & Howell Monitor Service (BHMonitorService) - Bell & Howell - C:\BHROOT\BIN\monitor.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINNT\System32\bmwebcfg.exe
O23 - Service: COSIDS_TB - TransAction Software, D 81737 Munich - C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
O23 - Service: Bell & Howell Database Manager (dbmang) - Bell & Howell - C:\BHROOT\BIN\DBMANG.EXE
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: MAPI Mail Client (MAPI) - Unknown owner - C:\WINNT\System32\mapi32.exe (file missing)
O23 - Service: ONC/RPC Portmapper (portmapper) - Bell & Howell - C:\BHROOT\BIN\PORTMAP.EXE
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINNT\shost.exe
O23 - Service: SentinelSuperProNet Server (SuperProServer) - Rainbow Technologies - C:\WINNT\System32\spnsrvnt.exe
O23 - Service: TIS 2000 Apache Web Server - Unknown owner - C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
O23 - Service: Windows Time Sync (wservtime) - Unknown owner - C:\WINNT\csrss.exe (file missing)