Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspect Flec006.exe // Bagle Infection - Help Needed


  • Please log in to reply
16 replies to this topic

#1 Olaita

Olaita

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 02 February 2008 - 09:26 AM

Hi all,

unfortunately I think I've been infected with the bagle worm / flec006.exe.
My AVG Free antivirus has been disabled.
I tried to reinstall it but without any luck.
I also tried to install Kaspersky, but again installations fails.
Unable to boot in safe mode (blue screen appears and starts to reboot...)

I attach a fresh Hijack This LOG so maybe one of you could take a look at it and help me to clean up my laptop.
Thanks in advance!!

Olaita.

Attached Files



BC AdBot (Login to Remove)

 


#2 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 PM

Posted 02 February 2008 - 05:41 PM

Hello and Welcome to Bleeping Computer.

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Please give me some time to analyze your log, and I will post back with instructions ASAP.


Posted Image


#3 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 PM

Posted 03 February 2008 - 09:28 PM

Hello Olaita,

Step 1
Please download the following file but make sure to rename it as Combo-Fix.exe.
Posted Image
Click here to download
Doubleclick Combo-Fix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new HiJackThis log.

Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Step 2
We need to update your version of Hijackthis to the latest release.
Please find and delete the Hijackthis.exe you already have installed.

Click here to download HijackThis.
Save HJTInstall.exe to your Desktop.
Double click on the HJTInstall.exe icon to start the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis
After the final dialogue box it will launch HijackThis.

Click on the scan button. It will scan and then ask you to save the log.
Save the log, and post me it in your next reply.
So in your next reply, please post the combofix.txt and a fresh HJT log.


Posted Image


#4 Olaita

Olaita
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 05 February 2008 - 04:02 PM

Hi MoNsTeReNeRgY22 :thumbsup:

thanks for your reply.

I followed your instructions, step 1 and 2.
I attach the new log files and wait for your next instructions.

Thanks in advance for all your help!!
Olaita

Attached Files



#5 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 PM

Posted 06 February 2008 - 08:51 AM

Hello again,

Also next time, please post the logs directly in your reply instead of attaching them. When you attach them it makes it a lot harder to read. Thanks.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select XP Professional for your Operating System.
Download the file & save it as it's originally named, next to ComboFix.exe.



Posted Image


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.


Posted Image


#6 Olaita

Olaita
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 06 February 2008 - 10:14 AM

Hi there,

ok followed the instructions as you described.

The CF-RC.txt log is as follows:

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
____________________

I will not reboot my pc untill you give me instructions to do so.
Do I need to post you other logs?

Thanks!!
Olaita

#7 Olaita

Olaita
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 07 February 2008 - 08:08 AM

Hi,

just a quick update.
Last night my laptop downloaded a microsoft update and performed an automatic reboot....

Do I need to redo the procedure you told me yesterday and post again the CF-RC.txt log?

Thanks.
Olaita

#8 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 PM

Posted 10 February 2008 - 07:20 PM

Hello and sorry for the delay,

No need to redo those steps, just follow my new ones below.

Step 1
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

Folder::
C:\Documents and Settings\Roger\Dati applicazioni\m

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mule_st_key"=-



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
Step 2
  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


Posted Image


#9 Olaita

Olaita
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 12 February 2008 - 09:39 AM

Hi there,

no problem at all waiting for your reply. Instead I'm very greatful for your help and patience!!

So I followed both your steps 1 and 2.
Here are the new logs:

combofix.txt

ComboFix 08-02.05.3 - Roger 2008-02-12 15.14.14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1356 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Roger\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Roger\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Roger\Dati applicazioni\m
C:\Documents and Settings\Roger\Dati applicazioni\m\list.oct
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\100xCD 2.7.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\30 Wildlife Scenes Screensaver 5.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\3D Surfing Santa 1.1.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\4-Card-Keno 4.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Absolute Database 5.09.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Access Boss 3.0.5.259 (KeyGen).zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Achieve Planner 1.4.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Age of Empires II The Conquerors - Shipwreck map.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Airfoil 2.0.3.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Alvas.Labels 1.0 (Key+Serial).zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Animate Me 1.4.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Anime List Builder 3.0.4.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\AntiVir.Personal.Edition.Premium.7.-.Setup.&.Key.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Any Medias to MP3 Converter 2.2.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Aom iPod Video Converter 1.20 (Crack).zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Apollo DVD backup pro 1.1.7.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\ApreoFlex 1.04.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\AquaRuler X 4.2.4.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Arrowstick 1.1.0 [Patch].zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\ATI Refresh Rate Fixer 0.9.9.7 Beta.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Audio Converter and Ripper 4.1.2.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Audio Cutter Joiner 1.17.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Azureus Installer 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\BCWipe 3.10.5.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Bitdefender.Professional.v9.0.Build.9.Crack.-.Keygen.-.Serial.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Boxen 2 1.01.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Brush Pot 1.0 Crack.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\ca6 6.001.012 Cracked.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Cajon Bayou Demo Screensaver 1.0 [Key+Serial].zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Caribbean Mahjong 1.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Catalog Wizard 2.0 Patch.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\ClassDraw 1.01 Key.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Classic PhoneTools 6.02 (Cracked).zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Claves.de.panda.antivirus.2005.titanium(una.asegurada.ke.funciona).zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\ClearMyMail 2.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Coefficient of Congruence 1.00.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\CoffeeCup Flash Menu Builder 3.1 Key+Serial.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Command Line 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Controlling Your Business 4.0.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Copy All Urls 0.7.1.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Cricket Mobile 1.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\CuteSITE Builder 5.0 [Serial].zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\DanielaScript for mIRC 2.01.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Data Processing Suite 2.3.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Datatect 1.6.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\DB Documentor 1.1.1 Patch.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\DHTML Scrollbar Maker 1.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Digital Splats HTML 1.0.3.10.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Drag and Drop Robot 1.09.02.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Drive Encryption 4.01.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\E-mail ProGen 2.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Eags On 0.8.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Easy HR SmArT kEyS 2.08.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\EchoForum XMB LACI 1.39.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\eCleaner 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Electronic Information System 1.1.605.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Email Extractor 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\EMCO Remote Shortcut Manager 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Error Doctor 2007.66.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\ExamDiff 1.6n.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Facilosave 1.03.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\FATMon 3.2.0.6.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\FFMPEG Scout library1.00 beta.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Folder Notes 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Fortune3 E-Commerce Shopping Cart Wizard 6.3.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Genocide 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\GreenReporter 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\GuiStyle for Trillian 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Home Manager 2007 3.0.2611 (Cracked).zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\HOSTS Manager 1.4.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\HotClock 1.3 Cracked.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\ICE Color 1.4.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\imageCLASS MF6550 Printer Driver for Windows 1.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Images of Arizona 2006.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Instant Video Streamer 1.0 Crack.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\inTer 10.02.02.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\IP Tools 2.5.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\J and L Genealogy Reference 1.3.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Japanese Garden 3D Screensaver 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Jordan Smith's Easy Icon Maker 5.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Just Another Tetris Clone 1.2b.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Kabuki Warrior Screensaver 1.0 [Cracked].zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Keeper 7.4.0.4.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Kiran's Typing Tutor 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\KRyLack Password Recovery 2.40.01 Cracked.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Lantailor Office 2006 2.6.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Last Seconds Bidder 2.4.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\LenMus Phonascus 3.5.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\License Patrol 2.4.7.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Limouzik 2.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\LinkPartnerMax 1.0 [Key+Serial].zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\LodeRunner 1.51.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\MaestroSBT 2.6.0.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\MagicTweak 3.40.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Mastersoft Kakuro 1.02.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Matt's Puzzle 1.2.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\MB FREE Numerology Software Pro 1.5.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\McAfee_Personal_Firewall_Plus_5.0.31_Retail_english_[PornStar].zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\MessageBlockerXP 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\MessengerFlash Live 2.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\MetaTrader 4.00.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Metro 95.1 FM Radio Player 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\MP3 Folder Structure Maker 0.9.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Mp3 Music Explorer 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\MSN Multi Runner 2.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Neovilla Personal Portal 1.27 [With Crack].zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Net Snippets Free 3.2.0.9.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\NetCaptor 7.5.4.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\NetPublisher 2.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\NOD.32.antivirus.ver.7.ITA.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\NOD32-v2.70.9.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\NotePager Net 3.7 [Key+Serial].zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\NTP Time Zone Clock 3.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\OneButton 1.4.1.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Oracle Simple user Assistant 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Ordix Mpack Lite Edition 1.0 KeyGen.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\OrgPlus Standard 7 (KeyGen).zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Painting picture 1.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Panda.Titanium.Antivirus.Plus.Antispyware.2006.v5.01.02.WinALL.RETAIL-ARN.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\PDFunny Printer Free 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\PictureViewer Adult Edition 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\PiggyCash 1.1.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Pivo DnsResolver Component 1.01.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\PManager 3.3 [Key+Serial].zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Pocket PCDrive 2.3.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\PocoMail Portable Edition 3.4.0.2130.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Poker Winning Video Downloader Ultimate 4.71.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Pop-up Excel Calendar 1.2.2.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\PostCast Server Free Edition 2.6.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Power Ad Banner Manager 1.2.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Private Notetaker 2.1.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Pro Pinball Timeshock.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Projetex 2005 Import Utility 2.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\PSWriteNetLib for CLR 1.1 1.01.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\PuTTY Tray 0.60 r2.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\QuickLaunch 2.5 Build 2.5.0.123 [Patch].zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Quik Budget 3.2.17.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Raleigh 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\RvAlgo Prof 2.11.6.3.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Screensaver XP 3.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Sendmail Server 1.1.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Serial Timer 3.0.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Shell and Tube Heat Exchanger Design 1.5.0 [With Crack].zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Shortcut Wizard 1.01.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\ShortKeys Lite 2.1e.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Shutdown Delay 2.1.3.7.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\SlaveMouse 1.0 [Patch].zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\SleepTimer 1.1.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Slides2.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\SlovoEd English-Italian-English Gold Dictionary 3.04.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\SMSX ActiveX Control 1.12 (Cracked).zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\SoftX HTTP Debugger 4.3 [Key].zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\SoundGuard 1.1.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Spamfire (OS X) 1.4.4.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\SpamRoute for Microsoft Outlook and Outlook Express 4.1.0.4.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Spanish Synonyms Dictionary 2.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Sparkle SWF Optimizer 1.10.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Super Powers (Freedom Force) Episode 5 patch.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\sUSHi 2.8.8.9.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Symantec.Norton.Ghost.2006.v10.+.Crack.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\System Restore Point Creator 1.1.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Talking Calculator 1.2.2 Key.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Tessera Password Generator 1.2.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\The Adventures of Evil Fred 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\The Sleuthhound PDF 4.6.3 Cracked.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Tiff Ninja 1.1 (Key+Serial).zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\TimeOffice 1.9.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\TKSolfege 1.00.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\TouchFreeze 1.0.2.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\TrigoMath (Nokia Series 40) 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\uCertify - MCSD.NET Practice Test for Exam 70-320 - 360+ Questions 8.04.05.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\UFO Invasion 1.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Ultimate Jukebox 3.0.1.1 [KeyGen].zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Unreal Tournament 2003 - Aqua deathmatch map.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Unreal Tournament 2003 - Ripley 1vs1 deathmatch map.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Unreal Tournament 2003 - Two Towers deathmatch map.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Unreal Tournament 2003 Unreal4Ever Non-Umod Version 2.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Unreal Tournament 2004 AS Confexia map.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Video Stock Box 2.00 [KeyGen].zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\VIDEOzilla 2.6.1.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Vista PDF Creator 1.01.350 [Key].zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\VisualRoute 2006 10.0j.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\VM-Plus 1.0.5.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Volume Hotkey XP 2.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Volumouse 1.50.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Warcraft III - Squire's Keep map.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\WAV To MP3 Activex 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Web Camera Security System 1.0 (Crack).zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Web Photo Posting 1.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Web2Pic Pro 1.2.8.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Whisky Master 1.2.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\WinDriver Ghost Enterprise Edition 2.02.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\WinShredder 2.0 (Cracked).zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\WMA to MP3 Converter Pro 3.0.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Wondershare Flash to Zune Converter 1.0.0 (Key+Serial).zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Workflow for Moveable Type 1.0.2.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\World of Warcraft v1.9.4 to v1.10.0 UK patch.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\shared\Worm Wars III 3.4.zip
C:\Documents and Settings\Roger\Dati applicazioni\m\srvlist.oct

.
((((((((((((((((((((((((( Files Creati Da 2008-01-12 al 2008-02-12 )))))))))))))))))))))))))))))))))))
.

2008-02-06 16:00 . 2004-08-03 23:00 261,312 --a------ C:\cmldr
2008-02-05 22:06 . 2008-02-05 22:06 <DIR> d-------- C:\Programmi\Kaspersky Lab
2008-02-05 22:06 . 2008-02-05 22:25 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-02-05 22:06 . 2008-02-05 22:25 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-02-02 18:48 . 2008-02-03 03:03 <DIR> d-------- C:\Documents and Settings\Roger\.housecall6.6
2008-02-02 18:45 . 2008-02-05 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-02-02 18:22 . 2008-02-02 19:32 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-02-02 15:54 . 2008-02-02 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-02-02 15:41 . 2008-02-02 15:41 250 --a------ C:\WINDOWS\gmer.ini
2008-01-25 00:14 . 2008-01-25 00:35 <DIR> d-------- C:\Programmi\Spy Sweeper Updater
2008-01-24 23:33 . 2008-01-25 00:14 17,408 --a------ C:\psapi.dll
2008-01-24 23:26 . 2008-01-24 23:26 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Windows Desktop Search
2008-01-24 23:24 . 2008-01-24 23:24 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\PC Suite
2008-01-24 23:17 . 2008-02-07 14:32 5,356,320 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-24 23:17 . 2008-02-12 15:24 57,888 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-24 23:17 . 2008-02-07 14:32 26,228 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-24 23:17 . 2008-02-07 14:32 5,336 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-24 23:08 . 2008-01-24 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-01-24 21:13 . 2008-01-24 21:13 <DIR> d-------- C:\Programmi\Greatis
2008-01-24 21:13 . 2003-09-06 16:55 57,556 --a------ C:\WINDOWS\guard.bmp
2008-01-24 19:47 . 2008-02-07 14:35 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-01-24 19:46 . 2008-01-24 19:46 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 13:37 --------- d-----w C:\Programmi\RSSoft
2008-02-05 20:56 --------- d-----w C:\Programmi\Trend Micro
2008-02-02 14:54 --------- d-----w C:\Programmi\Lavasoft
2008-02-02 14:54 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-01-31 22:54 --------- d-----w C:\Programmi\eMule
2008-01-29 21:54 --------- d-----w C:\Documents and Settings\Roger\Dati applicazioni\Skype
2008-01-26 18:40 --------- d-----w C:\Programmi\Tmg Top 7.5
2008-01-24 21:49 --------- d-----w C:\Programmi\SmartDraw 2008
2008-01-24 21:48 --------- d-----w C:\Programmi\Drive Rescue
2008-01-24 17:38 --------- d-----w C:\Programmi\Winamp Toolbar
2008-01-24 17:38 --------- d-----w C:\Programmi\Virgilio Toolbar
2007-12-21 14:23 --------- d-----w C:\Programmi\MSN Messenger
2007-12-21 14:23 --------- d-----w C:\Programmi\Messenger Plus! Live
2007-12-20 13:30 --------- d-----w C:\Documents and Settings\Roger\Dati applicazioni\PC Suite
2007-12-17 19:22 --------- d-----w C:\Programmi\ABC Amber Nokia Converter
2007-12-16 18:36 --------- d-----w C:\Documents and Settings\Roger\Dati applicazioni\Nokia
2007-12-16 11:41 --------- d-----w C:\Documents and Settings\Roger\Dati applicazioni\Datalayer
2007-12-16 11:21 --------- d-----w C:\Programmi\Nokia
2007-12-16 11:18 --------- d-----w C:\Programmi\DIFX
2007-12-16 11:18 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2007-12-16 11:17 --------- d-----w C:\Programmi\File comuni\PCSuite
2007-12-16 11:17 --------- d-----w C:\Programmi\File comuni\Nokia
2007-12-16 11:15 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations
2007-12-15 23:12 --------- d-----w C:\Programmi\Playlist Manager 4 Winamp
2007-12-15 22:56 --------- d-----w C:\Programmi\OPAL Network
2007-12-15 22:56 --------- d-----w C:\Programmi\File comuni\Sagekey Software
2007-12-15 22:56 --------- d-----w C:\Programmi\Access 97 Runtime
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-13 22:22 --------- d-----w C:\Programmi\Winamp
2007-12-13 22:20 --------- d-----w C:\Programmi\Winamp Remote
2007-12-13 22:20 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar
2007-12-13 22:20 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\OrbNetworks
2007-11-29 14:51 253,952 ------w C:\WINDOWS\Setup1.exe
2007-11-18 10:33 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-08-17 21:59 410 ----a-w C:\Documents and Settings\Roger\Dati applicazioni\edatui.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programmi\Winamp Toolbar\winamptb.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [ ]
"KeePass Password Safe"="C:\Programmi\KeePass Password Safe\KeePass.exe" [2006-10-14 14:53 681472]
"msnmsgr"="C:\Programmi\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"Red Swoosh"="C:\Programmi\RSSoft\RedSwoosh.exe" [2007-02-27 02:30 62436]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 13:00 15360]
"Orb"="C:\Programmi\Winamp Remote\bin\OrbTray.exe" [2007-10-23 01:47 360448]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 21:40 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 21:04 7557120]
"nwiz"="nwiz.exe" [2006-05-01 21:04 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2006-05-01 21:04 49152]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 00:02 761948]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 14:59 16206848 C:\WINDOWS\RTHDCPL.exe]
"THotkey"="C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 12:47 356352]
"TPSMain"="TPSMain.exe" [2005-08-04 09:29 266240 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Programmi\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11 73728]
"SmoothView"="C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 12:33 118784]
"TFncKy"="TFncKy.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 04:20 122940]
"IntelZeroConfig"="C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
"IntelWireless"="C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [ ]
"CFSServ.exe"="CFSServ.exe" []
"VC6Player"="C:\Programmi\HHVcdV6Sys\VC6Play.exe" [2004-08-12 11:06 229376]
"NvMediaCenter"="NvMCTray.dll" [2006-05-01 21:04 86016 C:\WINDOWS\system32\nvmctray.dll]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2005-12-20 19:54 278528]
"dvd43"="C:\Programmi\dvd43\dvd43_tray.exe" [2006-05-22 12:26 694272]
"TomTomHOME.exe"="C:\Programmi\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-11-16 15:32 185896]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"AVP"="C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Acrobat.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Acrobat.lnk
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Acrobat.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^EPSON Status Monitor 3 Environment Check(3).lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\EPSON Status Monitor 3 Environment Check(3).lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check(3).lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Roger^Menu Avvio^Programmi^Esecuzione automatica^C6 Messenger.lnk]
path=C:\Documents and Settings\Roger\Menu Avvio\Programmi\Esecuzione automatica\C6 Messenger.lnk
backup=C:\WINDOWS\pss\C6 Messenger.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Roger^Menu Avvio^Programmi^Esecuzione automatica^Trend Micro Anti-Spyware.lnk]
path=C:\Documents and Settings\Roger\Menu Avvio\Programmi\Esecuzione automatica\Trend Micro Anti-Spyware.lnk
backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 C:\Programmi\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"CiSvc"=3 (0x3)
"AdobeVersionCue"=3 (0x3)
"Adobe LM Service"=3 (0x3)

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2006-03-01 12:22]
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 13:47]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 G3GRUMDM;G3G R USB Modem;C:\WINDOWS\system32\DRIVERS\g3grumdm.sys [2006-03-01 12:22]
S3 G3GRUSER;G3G R USB Serial;C:\WINDOWS\system32\DRIVERS\g3gruser.sys [2006-03-01 12:22]
S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS [2002-10-22 12:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002adfbc-1b16-11dc-99ff-00a0d15f89bb}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16fd9c62-825c-11dc-9a98-00a0d15f89bb}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SVCH.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16fd9c9b-825c-11dc-9a98-00a0d15f89bb}]
\Shell\Auto\command - G:\SVCH.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SVCH.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffba6ad4-8435-11dc-9a99-00a0d15f89bb}]
\Shell\Auto\command - G:\SVCH.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SVCH.exe e

.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-09 03:08:00 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job"
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeW-PTE -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 15:24:40
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-02-12 15.26.26
ComboFix-quarantined-files.txt 2008-02-12 14:26:22
ComboFix2.txt 2008-02-05 20:54:20
.
2008-02-07 02:03:12 --- E O F ---
_____________________________________________________________________________

and the new hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.30.00, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Programmi\HHVcdV6Sys\VC6SecS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\Programmi\Synaptics\SynTP\Toshiba.exe
C:\Programmi\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\HHVcdV6Sys\VC6Play.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\KeePass Password Safe\KeePass.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\RSSoft\RedSwoosh.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\Virtual CD v6\System\VC6Tray.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\cnmsm6y.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.5:5000/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [THotkey] C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [VC6Player] C:\Programmi\HHVcdV6Sys\VC6Play.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dvd43] C:\Programmi\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [KeePass Password Safe] C:\Programmi\KeePass Password Safe\KeePass.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Programmi\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ActionOutline.lnk = C:\Programmi\ActionOutline\Action.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\msntb.dll/search.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to SV Bookmark - res://C:\Programmi\SmElis\SV Bookmark\SVBMCom.dll/320
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\MSN Toolbar Suite\it-it\msntabres.dll.mui/230?f50c01e484784d0cb9f752d118c384fd
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\MSN Toolbar Suite\it-it\msntabres.dll.mui/229?f50c01e484784d0cb9f752d118c384fd
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MIF269~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF269~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Add to SV Bookmark - {09E441CA-9EA9-421C-9C2D-14DC1D8C2FAF} - res://C:\Programmi\SmElis\SV Bookmark\SVBMCom.dll/320 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Add to SV Bookmark - {09E441CA-9EA9-421C-9C2D-14DC1D8C2FAF} - res://C:\Programmi\SmElis\SV Bookmark\SVBMCom.dll/320 (file missing) (HKCU)
O9 - Extra button: SV Bookmarks - {86C702CF-64FE-42A0-8FD8-A128F56C6CC4} - res://C:\Programmi\SmElis\SV Bookmark\SVBMCom.dll/310 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: SV Bookmarks - {86C702CF-64FE-42A0-8FD8-A128F56C6CC4} - res://C:\Programmi\SmElis\SV Bookmark\SVBMCom.dll/310 (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Virtual CD v6 Management Service (VC6SecS) - H+H Software GmbH - C:\Programmi\HHVcdV6Sys\VC6SecS.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 14638 bytes
_________________________________________________________________________________________________

This is all for now.
I'll wait for your next instructions.

Bye and Thanks again.
Olaita.

#10 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 PM

Posted 15 February 2008 - 10:43 PM

Hello again,

First, you know anything about the following folder?
C:\Programmi\Tmg Top 7.5

Step 1
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
G:\SVCH.exe

Registry::
[-HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[-HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16fd9c9b-825c-11dc-9a98-00a0d15f89bb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffba6ad4-8435-11dc-9a99-00a0d15f89bb}]

DirLook::
C:\Programmi\Tmg Top 7.5



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
Step 2
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Step 3
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Posted Image


#11 Olaita

Olaita
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 19 February 2008 - 08:11 AM

Hi,

well the C:\Programmi\Tmg Top 7.5 is a program written for my company, we use it during business meetings. So it's safe.

Step 1
i post the 2 logs:
ComboFix.txt

ComboFix 08-02-19.2 - Roger 2008-02-19 13.45.34.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1520 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Roger\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Roger\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

FILE ::
G:\SVCH.exe
.

((((((((((((((((((((((((( Files Creati Da 2008-01-19 al 2008-02-19 )))))))))))))))))))))))))))))))))))
.

2008-02-05 22:06 . 2008-02-05 22:06 <DIR> d-------- C:\Programmi\Kaspersky Lab
2008-02-05 22:06 . 2008-02-05 22:25 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-02-05 22:06 . 2008-02-05 22:25 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-02-02 18:48 . 2008-02-03 03:03 <DIR> d-------- C:\Documents and Settings\Roger\.housecall6.6
2008-02-02 18:45 . 2008-02-05 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-02-02 18:22 . 2008-02-02 19:32 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-02-02 15:54 . 2008-02-02 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-02-02 15:41 . 2008-02-02 15:41 250 --a------ C:\WINDOWS\gmer.ini
2008-01-25 00:14 . 2008-01-25 00:35 <DIR> d-------- C:\Programmi\Spy Sweeper Updater
2008-01-24 23:33 . 2008-01-25 00:14 17,408 --a------ C:\psapi.dll
2008-01-24 23:26 . 2008-01-24 23:26 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Windows Desktop Search
2008-01-24 23:24 . 2008-01-24 23:24 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\PC Suite
2008-01-24 23:17 . 2008-02-14 18:11 5,356,320 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-24 23:17 . 2008-02-19 13:54 86,816 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-24 23:17 . 2008-02-14 18:11 39,332 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-24 23:17 . 2008-02-14 18:11 8,984 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-24 23:08 . 2008-01-24 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-01-24 21:13 . 2008-01-24 21:13 <DIR> d-------- C:\Programmi\Greatis
2008-01-24 21:13 . 2003-09-06 16:55 57,556 --a------ C:\WINDOWS\guard.bmp
2008-01-24 19:47 . 2008-02-14 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-01-24 19:46 . 2008-01-24 19:46 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 12:41 --------- d-----w C:\Programmi\RSSoft
2008-02-14 01:36 --------- d-----w C:\Documents and Settings\Roger\Dati applicazioni\Skype
2008-02-05 20:56 --------- d-----w C:\Programmi\Trend Micro
2008-02-02 14:54 --------- d-----w C:\Programmi\Lavasoft
2008-02-02 14:54 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-01-31 22:54 --------- d-----w C:\Programmi\eMule
2008-01-26 18:40 --------- d-----w C:\Programmi\Tmg Top 7.5
2008-01-24 21:49 --------- d-----w C:\Programmi\SmartDraw 2008
2008-01-24 21:48 --------- d-----w C:\Programmi\Drive Rescue
2008-01-24 17:38 --------- d-----w C:\Programmi\Winamp Toolbar
2008-01-24 17:38 --------- d-----w C:\Programmi\Virgilio Toolbar
2007-12-21 14:23 --------- d-----w C:\Programmi\MSN Messenger
2007-12-21 14:23 --------- d-----w C:\Programmi\Messenger Plus! Live
2007-12-20 13:30 --------- d-----w C:\Documents and Settings\Roger\Dati applicazioni\PC Suite
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 00:45 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:40 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
2007-11-29 14:51 253,952 ------w C:\WINDOWS\Setup1.exe
2007-08-17 21:59 410 ----a-w C:\Documents and Settings\Roger\Dati applicazioni\edatui.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Programmi\Tmg Top 7.5 ----

2007-12-19 23:47 1847296 --a------ C:\Programmi\Tmg Top 7.5\Tmg Top 2008.exe
2007-11-29 15:52 5908 --a------ C:\Programmi\Tmg Top 7.5\ST6UNST.LOG
2006-12-27 23:27 1847296 --a------ C:\Programmi\Tmg Top 7.5\Tmg Top 2007.exe
2004-11-04 12:04 1335296 --a------ C:\Programmi\Tmg Top 7.5\Tmg Top 7.5.exe
2004-06-24 18:22 83968 --a------ C:\Programmi\Tmg Top 7.5\TmG Top.xls


((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [ ]
"KeePass Password Safe"="C:\Programmi\KeePass Password Safe\KeePass.exe" [2006-10-14 14:53 681472]
"msnmsgr"="C:\Programmi\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"Red Swoosh"="C:\Programmi\RSSoft\RedSwoosh.exe" [2007-02-27 02:30 62436]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 13:00 15360]
"Orb"="C:\Programmi\Winamp Remote\bin\OrbTray.exe" [2007-10-23 01:47 360448]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 21:40 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 21:04 7557120]
"nwiz"="nwiz.exe" [2006-05-01 21:04 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2006-05-01 21:04 49152]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 00:02 761948]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 14:59 16206848 C:\WINDOWS\RTHDCPL.exe]
"THotkey"="C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 12:47 356352]
"TPSMain"="TPSMain.exe" [2005-08-04 09:29 266240 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Programmi\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11 73728]
"SmoothView"="C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 12:33 118784]
"TFncKy"="TFncKy.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 04:20 122940]
"IntelZeroConfig"="C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
"IntelWireless"="C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [ ]
"CFSServ.exe"="CFSServ.exe" []
"VC6Player"="C:\Programmi\HHVcdV6Sys\VC6Play.exe" [2004-08-12 11:06 229376]
"NvMediaCenter"="NvMCTray.dll" [2006-05-01 21:04 86016 C:\WINDOWS\system32\nvmctray.dll]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2005-12-20 19:54 278528]
"dvd43"="C:\Programmi\dvd43\dvd43_tray.exe" [2006-05-22 12:26 694272]
"TomTomHOME.exe"="C:\Programmi\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-11-16 15:32 185896]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"AVP"="C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Acrobat.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Acrobat.lnk
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Acrobat.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^EPSON Status Monitor 3 Environment Check(3).lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\EPSON Status Monitor 3 Environment Check(3).lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check(3).lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Roger^Menu Avvio^Programmi^Esecuzione automatica^C6 Messenger.lnk]
path=C:\Documents and Settings\Roger\Menu Avvio\Programmi\Esecuzione automatica\C6 Messenger.lnk
backup=C:\WINDOWS\pss\C6 Messenger.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Roger^Menu Avvio^Programmi^Esecuzione automatica^Trend Micro Anti-Spyware.lnk]
path=C:\Documents and Settings\Roger\Menu Avvio\Programmi\Esecuzione automatica\Trend Micro Anti-Spyware.lnk
backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 C:\Programmi\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"CiSvc"=3 (0x3)
"AdobeVersionCue"=3 (0x3)
"Adobe LM Service"=3 (0x3)

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2006-03-01 12:22]
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 13:47]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 G3GRUMDM;G3G R USB Modem;C:\WINDOWS\system32\DRIVERS\g3grumdm.sys [2006-03-01 12:22]
S3 G3GRUSER;G3G R USB Serial;C:\WINDOWS\system32\DRIVERS\g3gruser.sys [2006-03-01 12:22]
S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS [2002-10-22 12:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002adfbc-1b16-11dc-99ff-00a0d15f89bb}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16fd9c62-825c-11dc-9a98-00a0d15f89bb}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SVCH.exe e

.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-16 03:08:00 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job"
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeW-PTE -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 13:54:46
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-02-19 13.56.37
ComboFix-quarantined-files.txt 2008-02-19 12:56:32
ComboFix2.txt 2008-02-12 14:26:27
ComboFix3.txt 2008-02-05 20:54:20
.
2008-02-14 02:02:49 --- E O F ---
______________________________________________________________________________

hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.58.20, on 19/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Programmi\HHVcdV6Sys\VC6SecS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\Programmi\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Programmi\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSServ.exe
C:\Programmi\HHVcdV6Sys\VC6Play.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\KeePass Password Safe\KeePass.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Virtual CD v6\System\VC6Tray.exe
C:\Programmi\RSSoft\RedSwoosh.exe
C:\Programmi\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\ActionOutline\Action.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.5:5000/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [THotkey] C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [VC6Player] C:\Programmi\HHVcdV6Sys\VC6Play.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dvd43] C:\Programmi\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [KeePass Password Safe] C:\Programmi\KeePass Password Safe\KeePass.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Programmi\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ActionOutline.lnk = C:\Programmi\ActionOutline\Action.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\msntb.dll/search.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to SV Bookmark - res://C:\Programmi\SmElis\SV Bookmark\SVBMCom.dll/320
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\MSN Toolbar Suite\it-it\msntabres.dll.mui/230?f50c01e484784d0cb9f752d118c384fd
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\MSN Toolbar Suite\it-it\msntabres.dll.mui/229?f50c01e484784d0cb9f752d118c384fd
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MIF269~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF269~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Add to SV Bookmark - {09E441CA-9EA9-421C-9C2D-14DC1D8C2FAF} - res://C:\Programmi\SmElis\SV Bookmark\SVBMCom.dll/320 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Add to SV Bookmark - {09E441CA-9EA9-421C-9C2D-14DC1D8C2FAF} - res://C:\Programmi\SmElis\SV Bookmark\SVBMCom.dll/320 (file missing) (HKCU)
O9 - Extra button: SV Bookmarks - {86C702CF-64FE-42A0-8FD8-A128F56C6CC4} - res://C:\Programmi\SmElis\SV Bookmark\SVBMCom.dll/310 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: SV Bookmarks - {86C702CF-64FE-42A0-8FD8-A128F56C6CC4} - res://C:\Programmi\SmElis\SV Bookmark\SVBMCom.dll/310 (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Virtual CD v6 Management Service (VC6SecS) - H+H Software GmbH - C:\Programmi\HHVcdV6Sys\VC6SecS.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 14811 bytes
_______________________________________________________________________


Step 2

ATF Cleaner by Atribune

Main choose: Select All >> NO FILES WERE REMOVED (is this normal?)
Firefox: Select All >> OK FILES WERE CLEANED/REMOVED

Step 3
I'll now proceed with the Kaspersky online scan.
I do managed to install Kaspersky Antivirus 7.0.0.125 (as I mentioned in a previous post)...
Anyway I do the online scan as well.
Then I'll post the log.

Thanks.

#12 Olaita

Olaita
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 19 February 2008 - 06:36 PM

Ok. This is the kaspersky online scan log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, February 20, 2008 12:10:36 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/02/2008
Kaspersky Anti-Virus database records: 573113
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 172658
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 02:03:58

Infected Object Name / Virus Name / Last Action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
C:\Documenti\Le mie Conversazioni\Eventi Archiviati.xml Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\00f3_File_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\00f5_Mail_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\00f6_pdm_eventcritlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\00f6_pdm_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\00f7_Web_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\report.rpt Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.290.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.290.gthr Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wsb Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.ci Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy321.gthr Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_25c.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Desktop Search\Logs\UNCFATPHLog.txt Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Roger\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Roger\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Roger\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Roger\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Roger\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Roger\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Roger\ntuser.dat.LOG Object is locked skipped
C:\Programmi\RSSoft\debug.log Object is locked skipped
C:\System Volume Information\_restore{1A5159F7-F181-4BF0-88FD-A98A8B465AEA}\RP19\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\cch~15391367498.htp Object is locked skipped
C:\WINDOWS\TEMP\cch~15391367948.htp Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{1A5159F7-F181-4BF0-88FD-A98A8B465AEA}\RP19\change.log Object is locked skipped

Scan process completed.
______________________________________

See there are quite some 'skipped' files...hope this is not really a problem...

Wait for your next step.

Thanks!!
Olaita

#13 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 PM

Posted 22 February 2008 - 12:51 AM

Hello again,

Step 1
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 4...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.
Step 2
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16fd9c62-825c-11dc-9a98-00a0d15f89bb}]



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.


Posted Image


#14 Olaita

Olaita
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 28 February 2008 - 09:37 AM

Hi, sorry for my late reply. I've been travelling for work.

I've followed your instructions:
Step 1
Update JRE - OK


Step 2
Combo-Fix LOG

ComboFix 08-02-19.2 - Roger 2008-02-28 14.57.09.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1386 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Roger\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Roger\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2008-01-28 al 2008-02-28 )))))))))))))))))))))))))))))))))))
.

2008-02-26 17:50 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-26 17:49 . 2008-02-26 17:50 <DIR> d-------- C:\Programmi\Java
2008-02-26 17:49 . 2008-02-26 17:49 <DIR> d-------- C:\Programmi\File comuni\Java
2008-02-21 18:20 . 2008-02-21 18:20 <DIR> d--h----- C:\Documents and Settings\All Users\Dati applicazioni\CanonBJ
2008-02-19 14:34 . 2008-02-19 14:34 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-05 22:06 . 2008-02-05 22:06 <DIR> d-------- C:\Programmi\Kaspersky Lab
2008-02-05 22:06 . 2008-02-05 22:25 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-02-05 22:06 . 2008-02-05 22:25 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-02-02 18:48 . 2008-02-03 03:03 <DIR> d-------- C:\Documents and Settings\Roger\.housecall6.6
2008-02-02 18:45 . 2008-02-05 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-02-02 18:22 . 2008-02-02 19:32 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-02-02 15:54 . 2008-02-02 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-02-02 15:41 . 2008-02-02 15:41 250 --a------ C:\WINDOWS\gmer.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 14:04 211,232 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-28 14:04 12,429,344 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-28 13:39 --------- d-----w C:\Programmi\RSSoft
2008-02-28 13:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-02-28 11:57 23,600 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-28 11:57 168,692 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-20 19:02 --------- d-----w C:\Documents and Settings\Roger\Dati applicazioni\Screenshot Sender
2008-02-20 17:33 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-02-14 01:36 --------- d-----w C:\Documents and Settings\Roger\Dati applicazioni\Skype
2008-02-05 20:56 --------- d-----w C:\Programmi\Trend Micro
2008-02-02 14:54 --------- d-----w C:\Programmi\Lavasoft
2008-02-02 14:54 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-01-31 22:54 --------- d-----w C:\Programmi\eMule
2008-01-26 18:40 --------- d-----w C:\Programmi\Tmg Top 7.5
2008-01-24 23:35 --------- d-----w C:\Programmi\Spy Sweeper Updater
2008-01-24 23:14 17,408 ----a-w C:\psapi.dll
2008-01-24 22:26 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Windows Desktop Search
2008-01-24 22:24 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\PC Suite
2008-01-24 22:08 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-01-24 21:49 --------- d-----w C:\Programmi\SmartDraw 2008
2008-01-24 21:48 --------- d-----w C:\Programmi\Drive Rescue
2008-01-24 20:13 --------- d-----w C:\Programmi\Greatis
2008-01-24 17:38 --------- d-----w C:\Programmi\Winamp Toolbar
2008-01-24 17:38 --------- d-----w C:\Programmi\Virgilio Toolbar
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 00:45 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:40 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
2007-11-29 14:51 253,952 ------w C:\WINDOWS\Setup1.exe
2007-08-17 21:59 410 ----a-w C:\Documents and Settings\Roger\Dati applicazioni\edatui.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [ ]
"KeePass Password Safe"="C:\Programmi\KeePass Password Safe\KeePass.exe" [2006-10-14 14:53 681472]
"msnmsgr"="C:\Programmi\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"Red Swoosh"="C:\Programmi\RSSoft\RedSwoosh.exe" [2007-02-27 02:30 62436]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 13:00 15360]
"Orb"="C:\Programmi\Winamp Remote\bin\OrbTray.exe" [2007-10-23 01:47 360448]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 21:40 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 21:04 7557120]
"nwiz"="nwiz.exe" [2006-05-01 21:04 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2006-05-01 21:04 49152]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 00:02 761948]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 14:59 16206848 C:\WINDOWS\RTHDCPL.exe]
"THotkey"="C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 12:47 356352]
"TPSMain"="TPSMain.exe" [2005-08-04 09:29 266240 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Programmi\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11 73728]
"SmoothView"="C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 12:33 118784]
"TFncKy"="TFncKy.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 04:20 122940]
"IntelZeroConfig"="C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
"IntelWireless"="C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [ ]
"CFSServ.exe"="CFSServ.exe" []
"VC6Player"="C:\Programmi\HHVcdV6Sys\VC6Play.exe" [2004-08-12 11:06 229376]
"NvMediaCenter"="NvMCTray.dll" [2006-05-01 21:04 86016 C:\WINDOWS\system32\nvmctray.dll]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2005-12-20 19:54 278528]
"dvd43"="C:\Programmi\dvd43\dvd43_tray.exe" [2006-05-22 12:26 694272]
"TomTomHOME.exe"="C:\Programmi\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-11-16 15:32 185896]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"AVP"="C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Acrobat.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Acrobat.lnk
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Acrobat.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^EPSON Status Monitor 3 Environment Check(3).lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\EPSON Status Monitor 3 Environment Check(3).lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check(3).lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Roger^Menu Avvio^Programmi^Esecuzione automatica^C6 Messenger.lnk]
path=C:\Documents and Settings\Roger\Menu Avvio\Programmi\Esecuzione automatica\C6 Messenger.lnk
backup=C:\WINDOWS\pss\C6 Messenger.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Roger^Menu Avvio^Programmi^Esecuzione automatica^Trend Micro Anti-Spyware.lnk]
path=C:\Documents and Settings\Roger\Menu Avvio\Programmi\Esecuzione automatica\Trend Micro Anti-Spyware.lnk
backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 C:\Programmi\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"CiSvc"=3 (0x3)
"AdobeVersionCue"=3 (0x3)
"Adobe LM Service"=3 (0x3)

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2006-03-01 12:22]
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 13:47]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 G3GRUMDM;G3G R USB Modem;C:\WINDOWS\system32\DRIVERS\g3grumdm.sys [2006-03-01 12:22]
S3 G3GRUSER;G3G R USB Serial;C:\WINDOWS\system32\DRIVERS\g3gruser.sys [2006-03-01 12:22]
S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS [2002-10-22 12:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002adfbc-1b16-11dc-99ff-00a0d15f89bb}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cf6b6a8-e1dd-11dc-9b06-00a0d15f89bb}]
\Shell\AutoRun\command - D:\Simposio.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-28 13:38:38 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job"
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeW-PTE -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 15:04:14
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-02-28 15.05.55
ComboFix-quarantined-files.txt 2008-02-28 14:05:50
ComboFix2.txt 2008-02-19 12:56:38
ComboFix3.txt 2008-02-12 14:26:27
ComboFix4.txt 2008-02-05 20:54:20
.
2008-02-14 02:02:49 --- E O F ---
_____________________________________________________


HiJackThis - LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.09.22, on 28/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Programmi\HHVcdV6Sys\VC6SecS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\Programmi\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\Programmi\Synaptics\SynTP\Toshiba.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSServ.exe
C:\Programmi\HHVcdV6Sys\VC6Play.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\dvd43\dvd43_tray.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Virtual CD v6\System\VC6Tray.exe
C:\Programmi\KeePass Password Safe\KeePass.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\RSSoft\RedSwoosh.exe
C:\Programmi\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\ActionOutline\Action.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.5:5000/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [THotkey] C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [VC6Player] C:\Programmi\HHVcdV6Sys\VC6Play.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dvd43] C:\Programmi\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [KeePass Password Safe] C:\Programmi\KeePass Password Safe\KeePass.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Programmi\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ActionOutline.lnk = C:\Programmi\ActionOutline\Action.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\msntb.dll/search.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to SV Bookmark - res://C:\Programmi\SmElis\SV Bookmark\SVBMCom.dll/320
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\MSN Toolbar Suite\it-it\msntabres.dll.mui/230?f50c01e484784d0cb9f752d118c384fd
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\MSN Toolbar Suite\it-it\msntabres.dll.mui/229?f50c01e484784d0cb9f752d118c384fd
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MIF269~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF269~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Add to SV Bookmark - {09E441CA-9EA9-421C-9C2D-14DC1D8C2FAF} - res://C:\Programmi\SmElis\SV Bookmark\SVBMCom.dll/320 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Add to SV Bookmark - {09E441CA-9EA9-421C-9C2D-14DC1D8C2FAF} - res://C:\Programmi\SmElis\SV Bookmark\SVBMCom.dll/320 (file missing) (HKCU)
O9 - Extra button: SV Bookmarks - {86C702CF-64FE-42A0-8FD8-A128F56C6CC4} - res://C:\Programmi\SmElis\SV Bookmark\SVBMCom.dll/310 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: SV Bookmarks - {86C702CF-64FE-42A0-8FD8-A128F56C6CC4} - res://C:\Programmi\SmElis\SV Bookmark\SVBMCom.dll/310 (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Virtual CD v6 Management Service (VC6SecS) - H+H Software GmbH - C:\Programmi\HHVcdV6Sys\VC6SecS.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 14894 bytes
__________________________________________________

Am I still infected?
Thanks :thumbsup:
Olaita

#15 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 PM

Posted 29 February 2008 - 11:57 PM

Hello again,

Your PC is looking a lot better, just a few more things to be done.

Also, are you familiar with the D:\ drive on your pc?
Do you also recognise this file, Simposio.exe?

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:
  • Go to http://support.f-secure.com/enu/home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient

Edited by MoNsTeReNeRgY22, 01 March 2008 - 01:26 AM.


Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users