Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4.53.06, on 15/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\documents and settings\administrator\impostazioni locali\dati applicazioni\ovfvem.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre1.6.0_07\bin\jucheck.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://search.bearshare.com/sidebar.html?src=ssbR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.libero.it/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://www.crawler.com/search/ie.aspx?tb_id=60327R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
http://dnl.crawler.com/support/sa_custo ... TbId=60327R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.crawler.com/search/ie.aspx?tb_id=60327R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://dnl.crawler.com/support/sa_custo ... TbId=60327R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: wellgames Toolbar - {8E41E543-E069-4197-8608-E8B4C2F75747} - C:\Programmi\wellgames\tbwel1.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Programmi\wellgames\tbwel1.dll
O3 - Toolbar: wellgames Toolbar - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Programmi\wellgames\tbwel1.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ovfvem] "c:\documents and settings\administrator\impostazioni locali\dati applicazioni\ovfvem.exe" ovfvem
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\Kaspersky Anti-Virus 2009\mzvkbd.dll
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Panda Software Controller - Unknown owner - C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.EXE (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\programmi\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O24 - Desktop Component 0: (no name) -
http://tbn0.google.com/images?q=tbn:28q ... iller1.jpgO24 - Desktop Component 1: (no name) -
http://tbn0.google.com/images?q=tbn:EEe ... Willer.jpgO24 - Desktop Component 2: (no name) -
http://tbn0.google.com/images?q=tbn:fw4 ... iller1.jpgO24 - Desktop Component 3: (no name) -
http://www.ludicer.it/immagini/tex-will ... iller1.jpgO24 - Desktop Component 4: (no name) -
http://tbn0.google.com/images?q=tbn:9pz ... ndiera.jpgO24 - Desktop Component 5: (no name) -
http://tbn0.google.com/images?q=tbn:beq ... 00x600.jpgO24 - Desktop Component 6: (no name) -
http://tbn0.google.com/images?q=tbn:zi6 ... /spock.jpgO24 - Desktop Component 7: (no name) -
http://tbn0.google.com/images?q=tbn:166 ... /spock.jpgO24 - Desktop Component 8: (no name) -
http://tbn0.google.com/images?q=tbn:PDf ... o_pd_1.jpgO24 - Desktop Component 9: (no name) -
http://tbn0.google.com/images?q=tbn:VSF ... ndiera.jpg--
End of file - 7920 bytes Sun Feb 15 04:45:32 2009
EliBagle v12.22 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 13 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Sun Feb 15 04:45:44 2009
EliBagle v12.22 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 13 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
Nº Total de Directorios: 3195
Nº Total de Ficheros: 30179
Nº de Ficheros Analizados: 7547
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0