Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.41.12, on 29/03/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\Programmi\user\USB Safely Remove\USBSRService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
D:\Programmi\user\Sygate\smc.exe
D:\WINDOWS\system32\spoolsv.exe
d:\programmi\file comuni\logishrd\lvmvfm\LVPrcSrv.exe
D:\Programmi\Avira\AntiVir Desktop\sched.exe
D:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
D:\Programmi\user\Hard Disk Monitor\DiskMonitorService.exe
D:\Programmi\Avira\AntiVir Desktop\avguard.exe
D:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Programmi\BootRacer\BootRacerServ.exe
D:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
D:\WINDOWS\system32\crypserv.exe
D:\Programmi\Avira\AntiVir Desktop\avshadow.exe
D:\Programmi\user\VPN Client\cvpnd.exe
D:\Programmi\user\DU Meter\DUMeterSvc.exe
D:\Programmi\user\MultiNetwork Manager\NTx\GSBootTimeSrv.exe
D:\Programmi\Java\jre6\bin\jqs.exe
D:\Programmi\user\Power Translator\LogoMedia TranslateDotNet Server.exe
D:\Programmi\user\Malwarebytes\mbamservice.exe
D:\Programmi\user\NetLimiter 2 Monitor\nlsvc.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\Programmi\user\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe
D:\WINDOWS\system32\r_server.exe
D:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
D:\Programmi\user\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\system32\svchost.exe
D:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe
D:\Programmi\user\PerfectDisk\PDSched.exe
D:\Programmi\Avira\AntiVir Desktop\avmailc.exe
D:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Programmi\user\NetLimiter 2 Monitor\NLClient.exe
D:\WINDOWS\Explorer.EXE
D:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
D:\WINDOWS\AGRSMMSG.exe
D:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
D:\Programmi\Synaptics\SynTP\SynTPLpr.exe
D:\Programmi\Synaptics\SynTP\SynTPEnh.exe
D:\WINDOWS\system32\rundll32.exe
D:\Programmi\user\Spyware Terminator\SpywareTerminatorShield.exe
D:\Programmi\user\MultiNetwork Manager\NTX\MNMCtrl.exe
D:\Programmi\user\Unlocker\UnlockerAssistant.exe
D:\Programmi\user\visualtooltip22\VisualToolTip.exe
D:\Programmi\user\PicPick\picpick.exe
D:\Programmi\user\Acronis\TrueImageMonitor.exe
D:\Programmi\user\Acronis\TimounterMonitor.exe
D:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
D:\Programmi\Avira\AntiVir Desktop\avgnt.exe
D:\Programmi\File comuni\Java\Java Update\jusched.exe
D:\Programmi\TGTSoft\StyleXP\StyleXP.exe
D:\Programmi\user\USB Safely Remove\USBSafelyRemove.exe
D:\Programmi\user\Desk Drive\DeskDrive.exe
D:\Programmi\user\FreeRAM XP Pro\FreeRAM XP Pro.exe
D:\Programmi\Microsoft ActiveSync\wcescomm.exe
D:\Programmi\user\DU Meter\DUMeter.exe
D:\Programmi\user\userteryCare\userteryCare.exe
D:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
D:\PROGRA~1\MICROS~3\rapimgr.exe
D:\Programmi\Messenger\msmsgs.exe
D:\WINDOWS\system32\msiexec.exe
D:\Programmi\user\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\Programmi\Soluto\soluto.exe /userinit,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programmi\File comuni\Adobe\Acrouser\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Programmi\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - D:\Programmi\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - D:\Programmi\user\Power Translator\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] D:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [eabconfg.cpl] D:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] D:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Programmi\user\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [MNM] "D:\Programmi\user\MultiNetwork Manager\\NTX\MNMCtrl" /h /d 20
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Programmi\user\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [VisualTooltip] D:\Programmi\user\visualtooltip22\VisualToolTip.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\user\Sygate\smc.exe -startgui
O4 - HKLM\..\Run: [PicPick Start] D:\Programmi\user\PicPick\picpick.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Programmi\user\Acronis\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Programmi\user\Acronis\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "D:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [STYLEXP] D:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MRC] "D:\Programmi\user\PC Tune-Up\PCTuneUp.exe" /MBRSTART
O4 - HKCU\..\Run: [USB Safely Remove] D:\Programmi\user\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [DeskDriveStartup] D:\Programmi\user\Desk Drive\DeskDrive.exe
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Programmi\user\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DU Meter] D:\Programmi\user\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [userteryCare] "D:\Programmi\user\userteryCare\userteryCare.exe"
O4 - HKCU\..\Run: [swg] "D:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKLM\..\Policies\Explorer\Run: [BootRacer] "D:\Programmi\BootRacer\Bootrace.exe" /2
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\user\NeoTrace\NTXcontext.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... -
res://D:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Invia a &Bluetooth - D:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\PROGRA~1\user\NeoTrace\NTXtoolbar.htm (HKCU)
O15 - Trusted IP range:
http://81.72.160.46O15 - Trusted IP range:
http://10.3.0.20O15 - ESC Trusted IP range:
http://81.72.160.46O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{81253BD8-8AAA-4E09-8DC7-6DA7624A7279}: NameServer = 156.54.205.68,156.54.17.166
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF52E03D-3EF6-4788-883C-EF40B2799F91}: NameServer = 151.99.125.2,151.99.250.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{F796B8AC-25E9-42D6-9915-8CFB5C2F276A}: NameServer = 156.54.205.68,156.54.17.166
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: mnm_7_bta - D:\Programmi\user\MultiNetwork Manager\NTx\MNMEventNotify.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Active@ Disk Monitor - LSoft Technologies Inc - D:\Programmi\user\Hard Disk Monitor\DiskMonitorService.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - D:\Programmi\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - D:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BootRacerServ - Greatis Software (c) - D:\Programmi\BootRacer\BootRacerServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - D:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Programmi\user\VPN Client\cvpnd.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - D:\Programmi\user\DU Meter\DUMeterSvc.exe
O23 - Service: GSBootTimeSrv - Globesoft® Corporation - D:\Programmi\user\MultiNetwork Manager\NTx\GSBootTimeSrv.exe
O23 - Service: Google Update Service (gupdate1c9886939c4b58a) (gupdate1c9886939c4b58a) - Google Inc. - D:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - D:\Programmi\HPQ\SHARED\HPQWMI.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - D:\Programmi\user\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - d:\programmi\file comuni\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - D:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Programmi\user\Malwarebytes\mbamservice.exe
O23 - Service: NBService - Nero AG - D:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - D:\Programmi\user\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - D:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Programmi\user\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - D:\Programmi\user\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PRTG Watchdog (prtgwatchservice) - Unknown owner - D:\Programmi\user\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - D:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - D:\WINDOWS\system32\r_server.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - D:\Programmi\user\Sygate\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Programmi\user\Spyware Terminator\sp_rsser.exe
O23 - Service: StyleXPService - Unknown owner - D:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - D:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - D:\Programmi\user\USB Safely Remove\USBSRService.exe
--
End of file - 14700 bytes