Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please view my log


  • This topic is locked This topic is locked
29 replies to this topic

#1 Flegias

Flegias

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 03 February 2009 - 03:47 AM

Hello!

Can you help me with this HJT log file?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.39.13, on 03/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\ArchestrA\aaLogger.exe
C:\WINDOWS\system32\SupportAppMH\cdrom_mon.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Programmi\File comuni\ArchestrA\NTServApp.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\NA_Service.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Programmi\File comuni\ArchestrA\slssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe
C:\WINDOWS\system32\UsbConnect.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\usbconsole.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
C:\Programmi\EzButton\CPLDBL10.EXE
C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\FLIR Systems\Device Drivers\T3Mon.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
F:\Common\S7ubtoox\s7ubtstx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Apoint2K\Apntex.exe
F:\Common\Sqlany\dbsrv50.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
F:\Common\Sqlany\dbclient.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Programmi\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FLIR Systems Camera Monitor] "C:\Programmi\FLIR Systems\Device Drivers\T3Mon.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [S7UB Start] "F:\Common\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mozilla Sunbird.lnk = C:\Programmi\Mozilla Sunbird\sunbird.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} (CrazyTalk4 Control) - http://plug-in.reallusion.com/CrazyTalk4.cab
O16 - DPF: {DD01C8CA-5DA0-4B01-9603-B7194E561D32} (TVSLiveControl Class) - http://217.133.17.205:8010/rel/webViewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0693CDD4-F05E-4F02-BB6F-51B84BE39957}: NameServer = 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0693CDD4-F05E-4F02-BB6F-51B84BE39957}: NameServer = 151.99.125.1
O23 - Service: ArchestrA Logger (aaLogger) - Invensys Systems, Inc. - C:\Programmi\File comuni\ArchestrA\aaLogger.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppMH\cdrom_mon.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: FS Service Control - Wonderware Corporation - C:\Programmi\File comuni\ArchestrA\NTServApp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MobiLink IILServer - Novatel Wireless, Inc. - C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NILM License manager - Macrovision Corporation - F:\Programmi\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Wonderware SuiteLink (slssvc) - Invensys Systems, Inc. - C:\Programmi\File comuni\ArchestrA\slssvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: FLIR Systems Camera Monitor (T3Srv) - FLIR Systems - C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe
O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINDOWS\system32\UsbConnect.exe
O23 - Service: Wonderware NetDDE Helper (WWNetDDE) - Invensys Systems, Inc. - C:\Programmi\File comuni\ArchestrA\wwnetdde.exe
O23 - Service: Xway TCP/IP (XipConnect) - Schneider Automation - C:\WINDOWS\system32\XipConnect.exe

--
End of file - 7307 bytes

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 AM

Posted 10 February 2009 - 07:43 PM

Hi Flegias,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Tell me if you have done anything since previous post. Or you have run any other tools. Also tell me how is the current condition of your computer.

  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Set the scan files/folders to 3 mounts.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

    Note 1: If you have difficulty finding the logs, the logs are in this folder: C:\rsit

    Note 2: The tool takes not more than one minute to scan the system.
You might want to save this page on your favorites, so you can find it again when you return.

#3 Flegias

Flegias
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 11 February 2009 - 04:26 AM

Hello farbar, non need to say sorry!
thank you for helping me!

1. I run some antimalware and antispyware applications before and since my post (Malwarebytes AntiMalware, SDFIX). The symptoms are: After a while since the boot of Windows my pc doesn't access to the local network, the classic blue taskbar of Winxp changhes itself in the like the classic grey taskbar of Win2k and the sound card stops working.

2. RSIT logs:

Logfile of random's system information tool 1.05 (written by random/random)
Run by FabrizioFregnan at 2009-02-11 10:05:27
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 654 MB (7%) free of 9 GB
Total RAM: 478 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.05.31, on 11/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\ArchestrA\aaLogger.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
C:\Programmi\EzButton\CPLDBL10.EXE
C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
F:\Common\S7ubtoox\s7ubtstx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\WINDOWS\system32\SupportAppMH\cdrom_mon.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Programmi\File comuni\ArchestrA\NTServApp.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\NA_Service.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Programmi\File comuni\ArchestrA\slssvc.exe
C:\WINDOWS\System32\svchost.exe
F:\Common\Sqlany\dbsrv50.exe
C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe
C:\WINDOWS\system32\UsbConnect.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\usbconsole.exe
C:\WINDOWS\system32\wscntfy.exe
F:\Common\Sqlany\dbclient.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Documents and Settings\FabrizioFregnan\Desktop\RSIT.exe
C:\Programmi\Trend Micro\HijackThis\FabrizioFregnan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Programmi\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FLIR Systems Camera Monitor] "C:\Programmi\FLIR Systems\Device Drivers\T3Mon.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [S7UB Start] "F:\Common\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mozilla Sunbird.lnk = C:\Programmi\Mozilla Sunbird\sunbird.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} (CrazyTalk4 Control) - http://plug-in.reallusion.com/CrazyTalk4.cab
O16 - DPF: {DD01C8CA-5DA0-4B01-9603-B7194E561D32} (TVSLiveControl Class) - http://217.133.17.205:8010/rel/webViewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0693CDD4-F05E-4F02-BB6F-51B84BE39957}: NameServer = 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0693CDD4-F05E-4F02-BB6F-51B84BE39957}: NameServer = 151.99.125.1
O23 - Service: ArchestrA Logger (aaLogger) - Invensys Systems, Inc. - C:\Programmi\File comuni\ArchestrA\aaLogger.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppMH\cdrom_mon.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: FS Service Control - Wonderware Corporation - C:\Programmi\File comuni\ArchestrA\NTServApp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MobiLink IILServer - Novatel Wireless, Inc. - C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NILM License manager - Macrovision Corporation - F:\Programmi\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Wonderware SuiteLink (slssvc) - Invensys Systems, Inc. - C:\Programmi\File comuni\ArchestrA\slssvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: FLIR Systems Camera Monitor (T3Srv) - FLIR Systems - C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe
O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINDOWS\system32\UsbConnect.exe
O23 - Service: Wonderware NetDDE Helper (WWNetDDE) - Invensys Systems, Inc. - C:\Programmi\File comuni\ArchestrA\wwnetdde.exe
O23 - Service: Xway TCP/IP (XipConnect) - Schneider Automation - C:\WINDOWS\system32\XipConnect.exe

--
End of file - 7361 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Programmi\Java\jre6\bin\ssv.dll [2008-12-18 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Programmi\Java\jre6\bin\jp2ssv.dll [2008-12-18 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-18 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-05-29 155648]
"Apoint"=C:\Programmi\Apoint2K\Apoint.exe [2003-06-18 151552]
"CeEPOWER"=C:\Programmi\TOSHIBA\Power Management\CePMTray.exe [2003-07-24 135168]
"CPLDBL10"=C:\Programmi\EzButton\CPLDBL10.EXE [2003-07-03 204800]
"CeEKEY"=C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe [2003-07-30 638976]
"TPNF"=C:\Programmi\TOSHIBA\TouchPad\TPTray.exe [2003-07-18 49152]
"SunJavaUpdateSched"=C:\Programmi\Java\jre6\bin\jusched.exe [2008-12-18 136600]
"FLIR Systems Camera Monitor"=C:\Programmi\FLIR Systems\Device Drivers\T3Mon.exe [2007-02-01 276064]
"AVP"=C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2008-02-08 227856]
"S7UB Start"=F:\Common\S7ubtoox\s7ubtstx.exe [2000-10-25 102400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

C:\Documents and Settings\FabrizioFregnan\Menu Avvio\Programmi\Esecuzione automatica
Mozilla Sunbird.lnk - C:\Programmi\Mozilla Sunbird\sunbird.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-05-29 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-02-08 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoLogoff"=0
"EditLevel"=0
"NoCommonGroups"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programmi\Microsoft LifeCam\LifeCam.exe"="C:\Programmi\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Programmi\Microsoft LifeCam\LifeExp.exe"="C:\Programmi\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"F:\Programmi\Symantec\pcAnywhere\awhost32.exe"="F:\Programmi\Symantec\pcAnywhere\awhost32.exe:*:Enabled:pcAnywhere Host Service"
"F:\Programmi\Symantec\pcAnywhere\awrem32.exe"="F:\Programmi\Symantec\pcAnywhere\awrem32.exe:*:Enabled:pcAnywhere Remote Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programmi\MSN Messenger\livecall.exe"="C:\Programmi\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{153f85ab-3136-11dc-b6bd-00023f95f53d}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{180bb7b7-1adc-11dd-b7f9-00023f95f53d}]
shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{388ea157-342f-11dc-b6bf-00023f95f53d}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{388ea242-342f-11dc-b6bf-00023f95f53d}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38c236dd-ec49-11dd-b6ec-00023f95f53d}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41d881e2-3b73-11dd-b829-00023f95f53d}]
shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c46ddff-c8bf-11dc-b783-00023f95f53d}]
shell\AutoRun\command - H:\SafeGuard\Windows\SafeGuard20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8588d176-de95-11dd-b6dd-00023f95f53d}]
shell\AutoRun\command - WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90246aad-5ae1-11dc-b6e1-00023f95f53d}]
shell\Auto\command - printer.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5bdede6-2870-11dc-b6af-00023f95f53d}]
shell\AutoRun\command - H:\
shell\explore\command - H:\RECYCLER\autorun.exe -ExploreCurDir
shell\open\command - H:\RECYCLER\autorun.exe -OpenCurDir

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df1840c6-7d73-11dd-b898-00023f95f53d}]
shell\AutoRun\command - I:\
shell\explore\command - I:\RECYCLER\autorun.exe -ExploreCurDir
shell\open\command - I:\RECYCLER\autorun.exe -OpenCurDir

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe3962d9-4f15-11dd-b845-00023f95f53d}]
shell\AutoRun\command - H:\AutoRun.exe


======List of files/folders created in the last 3 months======

2009-02-04 16:58:26 ----D---- C:\WINDOWS\system32\NtmsData
2009-02-03 15:45:51 ----D---- C:\Documents and Settings\FabrizioFregnan\Dati applicazioni\WinRAR
2009-01-30 10:49:10 ----A---- C:\WINDOWS\system32\slabunin2k.exe
2009-01-30 09:36:32 ----D---- C:\rsit
2009-01-29 18:16:10 ----D---- C:\Avenger
2009-01-29 18:16:10 ----A---- C:\avenger.txt
2009-01-29 18:13:52 ----A---- C:\cleanup.exe
2009-01-29 16:38:54 ----A---- C:\WINDOWS\gmer.ini
2009-01-29 16:38:36 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-29 16:38:36 ----A---- C:\WINDOWS\gmer.exe
2009-01-29 16:38:36 ----A---- C:\WINDOWS\gmer.dll
2009-01-07 10:43:16 ----D---- C:\Programmi\You Ripper
2008-12-18 10:55:52 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-18 10:55:52 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-18 10:55:52 ----A---- C:\WINDOWS\system32\java.exe
2008-12-18 10:55:52 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-16 10:15:16 ----A---- C:\WINDOWS\system32\scp125.dll
2008-12-16 10:15:13 ----D---- C:\SIEMENS
2008-12-16 10:15:08 ----A---- C:\WINDOWS\AuthWlog.TXT
2008-12-16 10:09:35 ----A---- C:\WINDOWS\S7GSD_LOG.TXT
2008-12-16 10:09:19 ----A---- C:\WINDOWS\S7ColEdiLOG.TXT
2008-12-16 10:09:02 ----A---- C:\WINDOWS\S7UDR_LOG.TXT
2008-12-16 10:08:46 ----A---- C:\WINDOWS\S7UGR_LOG.TXT
2008-12-16 10:08:29 ----A---- C:\WINDOWS\S7AVERSX_LOG.TXT
2008-12-16 10:08:08 ----A---- C:\WINDOWS\S7UTP_LOG.TXT
2008-12-16 10:06:19 ----A---- C:\WINDOWS\S7IKX_LOG.TXT
2008-12-16 10:02:08 ----A---- C:\WINDOWS\system32\onlinex.exe
2008-12-16 10:00:47 ----A---- C:\WINDOWS\system32\dpmc2lib.dll
2008-12-16 10:00:47 ----A---- C:\WINDOWS\system32\dplib.dll
2008-12-16 10:00:47 ----A---- C:\WINDOWS\system32\dpc2lib.dll
2008-12-16 10:00:46 ----A---- C:\WINDOWS\system32\dpc1lib.dll
2008-12-16 10:00:39 ----A---- C:\WINDOWS\S7_SNETSNPB_LOG.TXT
2008-12-16 10:00:34 ----A---- C:\WINDOWS\IsUn0407.exe
2008-12-16 09:59:36 ----A---- C:\WINDOWS\system32\s7eptisx.exe
2008-12-16 09:59:35 ----A---- C:\WINDOWS\system32\s7epaapi.dll
2008-12-16 09:58:34 ----A---- C:\WINDOWS\S7baslSP.txt
2008-12-16 09:55:44 ----A---- C:\WINDOWS\S7alibxx.INI
2008-12-16 09:54:18 ----A---- C:\WINDOWS\S7USOCX_LOG.TXT
2008-12-16 09:54:09 ----A---- C:\WINDOWS\S7LSTLOG.TXT
2008-12-16 09:53:37 ----A---- C:\WINDOWS\S7PDD_LOG.TXT
2008-12-16 09:53:12 ----A---- C:\WINDOWS\S7EDB_LOG.TXT
2008-12-16 09:52:37 ----A---- C:\WINDOWS\S7USFAPX.INI
2008-12-16 09:50:00 ----A---- C:\WINDOWS\system32\S7OSC32X.DLL
2008-12-16 09:50:00 ----A---- C:\WINDOWS\system32\S7OSC16X.DLL
2008-12-16 09:49:57 ----D---- C:\WINDOWS\AuthTmpl
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\TDCtrl.dll
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\scpw32a.dll
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\scpw32.dll
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\SCPBW32A.DLL
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\scpbw32.dll
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\S7otblsx.exe
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\S7otbldx.dll
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\s7oformx.exe
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\S7oformx.dll
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\s7erxlre.dll
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\s7erxlrd.dll
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\s7erxlrc.dll
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\s7erxlrb.dll
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\S7erxlra.dll
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\s7erdapx.dll
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\s7afhlpx.exe
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\gsdectrl.dll
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\AuthTool.dll
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\AuthRESe.dll
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\AuthRESd.dll
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\AuthRESc.dll
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\AuthRESb.dll
2008-12-16 09:49:57 ----A---- C:\WINDOWS\system32\AuthRESa.dll
2008-12-16 09:47:53 ----A---- C:\WINDOWS\system32\s7esetdx.dll
2008-12-16 09:47:53 ----A---- C:\WINDOWS\system32\MelbReg.dll
2008-12-16 09:47:53 ----A---- C:\WINDOWS\system32\cp551inf.dll
2008-12-16 09:47:51 ----A---- C:\WINDOWS\system32\s7wcaotx.dll
2008-12-16 09:47:51 ----A---- C:\WINDOWS\system32\S7otbxsx.exe
2008-12-16 09:47:51 ----A---- C:\WINDOWS\system32\S7otbxdx.dll
2008-12-16 09:47:51 ----A---- C:\WINDOWS\system32\S7OTBLEX.dll
2008-12-16 09:47:51 ----A---- C:\WINDOWS\system32\S7OTBEME.dll
2008-12-16 09:47:51 ----A---- C:\WINDOWS\system32\S7OTBEMD.dll
2008-12-16 09:47:51 ----A---- C:\WINDOWS\system32\S7OTBEMC.dll
2008-12-16 09:47:51 ----A---- C:\WINDOWS\system32\S7OTBEMB.dll
2008-12-16 09:47:51 ----A---- C:\WINDOWS\system32\S7OTBEMA.dll
2008-12-16 09:47:51 ----A---- C:\WINDOWS\system32\s7osoinx.dll
2008-12-16 09:47:51 ----A---- C:\WINDOWS\system32\S7onlinx.dll
2008-12-16 09:47:50 ----A---- C:\WINDOWS\system32\S7OINTFX.dll
2008-12-16 09:47:50 ----A---- C:\WINDOWS\system32\s7erwlcx.dll
2008-12-16 09:47:50 ----A---- C:\WINDOWS\system32\s7epmpix.dll
2008-12-16 09:47:50 ----A---- C:\WINDOWS\system32\s7epmpie.dll
2008-12-16 09:47:50 ----A---- C:\WINDOWS\system32\s7epmpid.dll
2008-12-16 09:47:50 ----A---- C:\WINDOWS\system32\s7epmpic.dll
2008-12-16 09:47:50 ----A---- C:\WINDOWS\system32\s7epmpib.dll
2008-12-16 09:47:50 ----A---- C:\WINDOWS\system32\s7epmpia.dll
2008-12-16 09:47:50 ----A---- C:\WINDOWS\system32\s7epatsx.exe
2008-12-16 09:47:50 ----A---- C:\WINDOWS\system32\s7epatde.dll
2008-12-16 09:47:50 ----A---- C:\WINDOWS\system32\s7epatdd.dll
2008-12-16 09:47:50 ----A---- C:\WINDOWS\system32\s7epatdc.dll
2008-12-16 09:47:50 ----A---- C:\WINDOWS\system32\s7epatdb.dll
2008-12-16 09:47:49 ----A---- C:\WINDOWS\system32\s7epatda.dll
2008-12-16 09:47:49 ----A---- C:\WINDOWS\system32\S7epaesx.exe
2008-12-16 09:47:49 ----A---- C:\WINDOWS\system32\S7epaepe.dll
2008-12-16 09:47:49 ----A---- C:\WINDOWS\system32\S7epaepd.dll
2008-12-16 09:47:49 ----A---- C:\WINDOWS\system32\S7epaepc.dll
2008-12-16 09:47:49 ----A---- C:\WINDOWS\system32\S7epaepb.dll
2008-12-16 09:47:49 ----A---- C:\WINDOWS\system32\s7epaepa.dll
2008-12-16 09:47:49 ----A---- C:\WINDOWS\system32\s7einstx.dll
2008-12-16 09:47:49 ----A---- C:\WINDOWS\system32\s7einste.dll
2008-12-16 09:47:49 ----A---- C:\WINDOWS\system32\s7einstd.dll
2008-12-16 09:47:49 ----A---- C:\WINDOWS\system32\s7einstc.dll
2008-12-16 09:47:49 ----A---- C:\WINDOWS\system32\s7einstb.dll
2008-12-16 09:47:49 ----A---- C:\WINDOWS\system32\s7einsta.dll
2008-12-16 09:47:49 ----A---- C:\WINDOWS\system32\EPS7.DLL
2008-12-16 09:47:49 ----A---- C:\WINDOWS\system32\EPOKAUT9.DLL
2008-12-16 09:47:49 ----A---- C:\WINDOWS\system32\EPINST.DLL
2008-12-16 09:47:49 ----A---- C:\WINDOWS\system32\EPFMSDP.DLL
2008-12-16 09:47:49 ----A---- C:\WINDOWS\system32\EPDIAGEX.DLL
2008-12-16 09:47:49 ----A---- C:\WINDOWS\system32\EPDGNS.DLL
2008-12-16 09:47:48 ----A---- C:\WINDOWS\system32\diagdisp.dll
2008-12-16 09:47:46 ----A---- C:\WINDOWS\system32\diagdisb.dll
2008-12-16 09:47:41 ----A---- C:\WINDOWS\S7shacomp-overinst.txt
2008-12-16 09:47:41 ----A---- C:\WINDOWS\S7DOSLOG.TXT
2008-12-16 09:46:41 ----A---- C:\WINDOWS\system32\vbrun300.dll
2008-12-16 09:46:41 ----A---- C:\WINDOWS\system32\mfcuiw32.dll
2008-12-16 09:46:41 ----A---- C:\WINDOWS\system32\mfcuia32.dll
2008-12-16 09:46:41 ----A---- C:\WINDOWS\system32\MFCO30.DLL
2008-12-16 09:46:41 ----A---- C:\WINDOWS\system32\MFCANS32.DLL
2008-12-16 09:46:40 ----A---- C:\WINDOWS\system32\MFC30.DLL
2008-12-16 09:46:35 ----D---- C:\WINDOWS\Setup
2008-12-16 09:36:44 ----A---- C:\WINDOWS\S7baslog.txt
2008-12-03 16:34:10 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2008-12-03 16:34:09 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2008-12-03 16:34:08 ----A---- C:\WINDOWS\system32\msir3jp.dll
2008-12-03 16:34:08 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2008-12-03 16:33:49 ----A---- C:\WINDOWS\system32\c_g18030.dll
2008-12-03 16:33:48 ----A---- C:\WINDOWS\system32\kbd101a.dll
2008-12-03 16:33:30 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2008-12-03 16:33:30 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2008-12-03 16:33:30 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2008-12-03 16:33:30 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2008-12-03 16:33:30 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2008-12-03 16:33:29 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2008-12-03 16:33:29 ----A---- C:\WINDOWS\system32\kbdax2.dll
2008-12-03 16:33:29 ----A---- C:\WINDOWS\system32\kbd106n.dll
2008-12-03 16:33:29 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2008-12-03 16:33:28 ----A---- C:\WINDOWS\system32\kbd101.dll
2008-12-03 16:32:56 ----A---- C:\WINDOWS\system32\c_is2022.dll
2008-12-03 16:32:37 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-12-03 16:32:37 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-12-03 16:32:37 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-12-03 16:32:37 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-12-03 16:32:37 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-12-03 16:32:36 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-12-01 11:36:05 ----D---- C:\Programmi\Autodesk
2008-11-28 17:32:45 ----D---- C:\Programmi\Code-it Software
2008-11-19 17:09:41 ----A---- C:\WINDOWS\system32\MODBUS01.ini
2008-11-18 16:52:39 ----A---- C:\WINDOWS\system32\ModbusDrv.exe
2008-11-18 16:52:39 ----A---- C:\WINDOWS\system32\DrvModbus.dll
2008-11-18 16:51:00 ----D---- C:\Documents and Settings\FabrizioFregnan\Dati applicazioni\InstallShield
2008-11-18 16:49:59 ----D---- C:\twidosuite

======List of files/folders modified in the last 3 months======

2009-02-11 10:04:55 ----D---- C:\WINDOWS\Temp
2009-02-11 09:44:21 ----D---- C:\Programmi\Mozilla Firefox
2009-02-11 09:41:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-11 09:28:49 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-11 09:28:33 ----D---- C:\WINDOWS\Prefetch
2009-02-11 09:28:15 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2009-02-11 09:26:54 ----A---- C:\WINDOWS\system32\NetAccessLog.txt
2009-02-11 09:26:49 ----D---- C:\Programmi\Mozilla Sunbird
2009-02-09 10:51:09 ----D---- C:\WINDOWS\system32
2009-02-09 10:51:06 ----D---- C:\Documents and Settings\FabrizioFregnan\Dati applicazioni\AdobeUM
2009-02-06 16:20:43 ----D---- C:\Documents and Settings\FabrizioFregnan\Dati applicazioni\foobar2000
2009-02-04 16:53:04 ----D---- C:\WINDOWS\Help
2009-02-04 09:41:50 ----SHD---- C:\RECYCLER
2009-02-03 18:23:07 ----D---- C:\WINDOWS\system32\drivers
2009-02-03 16:03:42 ----D---- C:\SDFix
2009-02-03 15:38:10 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-03 15:37:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-03 12:39:57 ----D---- C:\WINDOWS\Minidump
2009-02-03 12:39:57 ----D---- C:\WINDOWS
2009-01-30 12:07:53 ----HD---- C:\WINDOWS\inf
2009-01-30 12:04:04 ----HD---- C:\Programmi\InstallShield Installation Information
2009-01-30 10:49:10 ----D---- C:\Program Files
2009-01-23 09:05:06 ----SHD---- C:\System Volume Information
2009-01-23 09:05:06 ----D---- C:\WINDOWS\system32\Restore
2009-01-20 16:32:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-07 10:43:16 ----D---- C:\Programmi
2008-12-22 15:58:21 ----SHD---- C:\WINDOWS\Installer
2008-12-22 15:57:45 ----D---- C:\Programmi\File comuni
2008-12-19 11:09:28 ----A---- C:\WINDOWS\win.ini
2008-12-18 10:55:21 ----D---- C:\Programmi\Java
2008-12-12 16:44:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-03 16:34:01 ----RSD---- C:\WINDOWS\Fonts
2008-12-01 15:48:47 ----D---- C:\PL7TEMP
2008-12-01 11:36:52 ----D---- C:\WINDOWS\java
2008-11-28 17:31:56 ----D---- C:\WINDOWS\Downloaded Installations
2008-11-18 16:51:36 ----D---- C:\Programmi\Schneider Electric

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2004-05-20 36918]
R1 intelppm;Driver processore Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-19 40192]
R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []
R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2002-12-19 5888]
R1 SrvcEPIOMngr;SrvcEPIOMngr; C:\WINDOWS\System32\Drivers\EPIoMngr.sys [2002-12-19 5888]
R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2002-12-19 5888]
R1 SrvcTPIOMngr;SrvcTPIOMngr; C:\WINDOWS\System32\Drivers\TPIoMngr.sys [2002-07-18 4183]
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2003-07-29 7140]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2004-06-02 38705]
R2 Dpmtrcdd;Dpmtrcdd; C:\WINDOWS\System32\DRIVERS\dpmtrcdd.sys [2001-06-27 30080]
R2 DPortIO;Dritek Port I/O Driver; C:\WINDOWS\System32\Drivers\DPortIO.sys [2001-04-12 3674]
R2 irda;Protocollo IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
R2 lvalarmk;lvalarmk; C:\WINDOWS\system32\drivers\lvalarmk.dll [2004-04-01 10829]
R2 Machnm32;Machnm32 Driver; \??\C:\WINDOWS\System32\Machnm32.sys []
R2 niarbk;niarbk; C:\WINDOWS\system32\drivers\niarbk.dll [2004-04-08 37376]
R2 nibffrk;nibffrk; C:\WINDOWS\system32\drivers\nibffrk.dll [2004-04-08 21504]
R2 Nidaq32k;Nidaq32k; C:\WINDOWS\system32\drivers\Nidaq32k.sys [2004-04-08 674304]
R2 nidimk;nidimk; C:\WINDOWS\system32\drivers\nidimk.dll [2004-03-26 108124]
R2 nidmmk;NI DMM and Data Logger Kernel Driver; C:\WINDOWS\system32\drivers\nidmmk.dll [2004-04-08 50688]
R2 nidmxfk;nidmxfk; C:\WINDOWS\system32\drivers\nidmxfk.dll [2004-03-30 128117]
R2 nilvaik;nilvaik; C:\WINDOWS\system32\drivers\nilvaik.dll [2004-04-01 18037]
R2 nimdsk;nimdsk; C:\WINDOWS\system32\drivers\nimdsk.dll [2004-04-08 30208]
R2 nimxpk;nimxpk; C:\WINDOWS\system32\drivers\nimxpk.dll [2004-03-29 19570]
R2 nipxirmk;nipxirmk; C:\WINDOWS\system32\drivers\nipxirmk.dll [2004-03-15 41071]
R2 nistck;nistck; C:\WINDOWS\system32\drivers\nistck.dll [2004-04-08 111616]
R2 niswdk;niswdk; C:\WINDOWS\system32\drivers\niswdk.dll [2004-03-31 341101]
R2 s7osmcax;s7osmcax; C:\WINDOWS\System32\Drivers\s7osmcax.sys [2001-12-05 171520]
R2 s7otranx;s7otranx; C:\WINDOWS\System32\Drivers\S7otranx.sys [2001-12-05 478720]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2002-12-17 76288]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-06-13 114880]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-06-13 80512]
R3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINDOWS\system32\drivers\wA301a.sys [2003-06-13 33847]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-05-14 740044]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2003-06-20 93912]
R3 Arp1394;Protocollo client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 CmBatt;Driver batteria a metodo di controllo ACPI Microsoft; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2003-01-16 16256]
R3 Duntlw;UNTLW device; C:\WINDOWS\System32\Drivers\DuntlwNT.sys [2006-02-24 53568]
R3 EPOWER;Compal E-POWER Driver; C:\WINDOWS\System32\Drivers\hkdrv.sys [2003-09-02 6896]
R3 HidUsb;Driver di classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-18 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-06-13 89787]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]
R3 mouhid;Driver di mouse HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-31 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nicdrk;nicdrk; C:\WINDOWS\system32\drivers\nicdrk.dll [2004-03-30 128112]
R3 nimdbgk;nimdbgk; C:\WINDOWS\system32\drivers\nimdbgk.dll [2004-03-26 133227]
R3 nimru2k;nimru2k; C:\WINDOWS\system32\drivers\nimru2k.dll [2004-03-26 130141]
R3 nimstsk;nimstsk; C:\WINDOWS\system32\drivers\nimstsk.dll [2004-04-05 44149]
R3 nimxdfk;nimxdfk; C:\WINDOWS\system32\drivers\nimxdfk.dll [2004-03-26 172639]
R3 niorbk;niorbk; C:\WINDOWS\system32\drivers\niorbk.dll [2004-03-31 35420]
R3 niscdk;niscdk; C:\WINDOWS\system32\drivers\niscdk.dll [2004-03-30 385642]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-06-13 45568]
R3 TOSHIBASoftModem;TOSHIBA Software Modem; C:\WINDOWS\System32\DRIVERS\LTSM.sys [2002-09-17 809872]
R3 usbehci;Driver Miniport controller enhanced host USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Driver hub USB standard Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Driver Miniport Controller Universal Host USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2004-06-02 151985]
S1 kbdhid;Driver di tastiera HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848]
S2 NatMotion;NatMotion; C:\WINDOWS\system32\drivers\NatMotion.sys [2004-03-08 109639]
S3 anc2wzh9;anc2wzh9; C:\WINDOWS\system32\drivers\anc2wzh9.sys []
S3 AR5211;Atheros AR5001 Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\ar5211.sys [2003-07-29 322720]
S3 catchme;catchme; \??\C:\DOCUME~1\FABRIZ~1\IMPOST~1\Temp\catchme.sys []
S3 CCDECODE;Decoder sottotitoli codificati; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2004-05-20 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2004-05-20 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2004-05-20 68950]
S3 FTDIBUS;Telemecanique USB Serial Cable Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2004-11-25 24369]
S3 FTSER2K;Telemecanique USB Cable Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2004-11-25 57820]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-29 85969]
S3 gpibclsb;GPIB Board Class Driver; C:\WINDOWS\System32\Drivers\gpibclsb.sys [2002-07-17 56904]
S3 gpibclsd;GPIB Device Class Driver; C:\WINDOWS\System32\Drivers\gpibclsd.sys [2002-07-17 34664]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2006-12-04 88960]
S3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2004-08-03 63744]
S3 MSTEE;Convertitore a T/Sito a sito per flusso Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connesione TV/Video Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nidsark;nidsark; C:\WINDOWS\system32\drivers\nidsark.dll [2004-03-30 636522]
S3 niesrk;niesrk; C:\WINDOWS\system32\drivers\niesrk.dll [2004-04-05 508523]
S3 nimsdrk;nimsdrk; C:\WINDOWS\system32\drivers\nimsdrk.dll [2004-04-05 73346]
S3 nimslk;nimslk; C:\WINDOWS\system32\drivers\nimslk.dll [2004-04-05 14464]
S3 nimsrlk;nimsrlk; C:\WINDOWS\system32\drivers\nimsrlk.dll [2004-04-05 151683]
S3 nisdigk;nisdigk; C:\WINDOWS\system32\drivers\nisdigk.dll [2004-04-05 203893]
S3 nispdk;nispdk; C:\WINDOWS\system32\drivers\nispdk.dll [2004-03-30 67178]
S3 nissrk;nissrk; C:\WINDOWS\system32\drivers\nissrk.dll [2004-04-05 393323]
S3 nistc2k;nistc2k; C:\WINDOWS\system32\drivers\nistc2k.dll [2004-03-30 121461]
S3 nistcrk;nistcrk; C:\WINDOWS\system32\drivers\nistcrk.dll [2004-04-05 81529]
S3 nitiork;nitiork; C:\WINDOWS\system32\drivers\nitiork.dll [2004-04-05 1193593]
S3 NiViPxiK;NiViPxiK; C:\WINDOWS\system32\drivers\NiViPxiK.sys [2004-03-30 24064]
S3 niwfrk;niwfrk; C:\WINDOWS\system32\drivers\niwfrk.dll [2004-04-05 285803]
S3 nm;Driver di Network Monitor; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]
S3 ONDAUsbDiag;ONDA USB Diagnostics Port; C:\WINDOWS\system32\DRIVERS\ONDAUsbDiag.sys [2007-04-10 92928]
S3 ONDAUsbModem;ONDA USB MODEM DRIVER; C:\WINDOWS\system32\DRIVERS\ONDAUsbModem.sys [2007-04-10 92928]
S3 ONDAUsbNmea;ONDA USB NMEA Port; C:\WINDOWS\system32\DRIVERS\ONDAUsbNmea.sys [2007-04-10 92928]
S3 s7oefs_x;SIMATIC MPI/EFS Driver; C:\WINDOWS\System32\drivers\s7oefs_x.sys [2000-03-28 30704]
S3 slabbus;CP210x USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\slabbus.sys [2004-12-16 55312]
S3 slabser;CP210x USB to UART Bridge Controller Drivers; C:\WINDOWS\system32\DRIVERS\slabser.sys [2004-12-16 89808]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2002-04-23 35913]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usb_rndisx;Scheda RNDIS USB; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2004-08-03 12672]
S3 usbaudio;Driver audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Driver principale generico USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;Driver archiviazione di massa USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-12-05 1963680]
S3 WSTCODEC;Codec World Standard Teletext; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aaLogger;ArchestrA Logger; C:\Programmi\File comuni\ArchestrA\aaLogger.exe [2003-07-18 188486]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor; C:\WINDOWS\system32\SupportAppMH\cdrom_mon.exe [2007-04-19 81920]
R2 AVP;Kaspersky Anti-Virus 7.0; C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2008-02-08 227856]
R2 CeEPwrSvc;CeEPwrSvc; C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe [2003-07-11 73728]
R2 FS Service Control;FS Service Control; C:\Programmi\File comuni\ArchestrA\NTServApp.exe [2003-01-09 32845]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programmi\Java\jre6\bin\jqs.exe [2008-12-18 152984]
R2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2004-05-24 322104]
R2 MobiLink IILServer;MobiLink IILServer; C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe [2004-10-08 49152]
R2 MSCamSvc;MSCamSvc; C:\Programmi\Microsoft LifeCam\MSCamS32.exe [2007-01-04 240408]
R2 NA_Service;NetAccess Service; C:\WINDOWS\system32\NA_Service.exe [2005-09-13 49152]
R2 nidevldu;nidevldu; C:\WINDOWS\system32\nipalsm.exe [2003-11-15 5730]
R2 nipxirmu;nipxirmu; C:\WINDOWS\system32\nipalsm.exe [2003-11-15 5730]
R2 niSvcLoc;NI Service Locator; C:\WINDOWS\system32\niSvcLoc.exe [2003-05-01 49152]
R2 slssvc;Wonderware SuiteLink; C:\Programmi\File comuni\ArchestrA\slssvc.exe [2003-04-14 40960]
R2 T3Srv;FLIR Systems Camera Monitor; C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe [2007-02-01 140896]
R2 UsbConnect;Usb PLC; C:\WINDOWS\system32\UsbConnect.exe [2004-03-26 61440]
S2 Irmon;Monitor infrarossi; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
S2 XipConnect;Xway TCP/IP; C:\WINDOWS\system32\XipConnect.exe [2004-03-26 61440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NILM License manager;NILM License manager; F:\Programmi\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2004-02-25 609280]
S3 ose;Office Source Engine; C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Programmi\WinPcap\rpcapd.exe [2007-01-25 93048]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe [2007-10-02 79360]
S3 usnjsvc;Servizio Messenger Sharing Folders USN Journal Reader; C:\Programmi\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WWNetDDE;Wonderware NetDDE Helper; C:\Programmi\File comuni\ArchestrA\wwnetdde.exe [2003-04-14 80688]

-----------------EOF-----------------




info.txt logfile of random's system information tool 1.05 2009-02-11 10:05:48

======Uninstall list======

-->C:\Programmi\File comuni\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Programmi\InstallShield Installation Information\{490A0AB2-4AD1-4593-A718-929D36BCD53C}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\WINDOWS\IsUn040c.exe -a -a -a -a -a -a -a -f"c:\programmi\schneider electric\xbt\XBT-L1000\Proto.isu"
-->C:\WINDOWS\IsUn0410.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\system32\_UNODBC.LOG" -cC:\WINDOWS\system32\_UNODBC.DLL
-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{0F737E8A-3FCF-43DA-B6DC-2BDFC3F07E78}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{BD0F102A-1F7C-46E4-9DF4-3D63E4774D5D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{D60D82D1-2C77-4B78-992B-6C2DBADF57B6}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 6.0 - Italiano-->MsiExec.exe /I{AC76BA86-7AD7-1040-7646-000000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Aggiornamento della protezione per Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Aggiornamento rapido per Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Aggiornamento rapido per Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Autodesk MapGuide® Viewer ActiveX Control Release 6-->MsiExec.exe /I{CFEFDE13-C8C6-407F-A9C1-889F29EE863F}
Avvio installazione di Microsoft Works 2003-->C:\Programmi\Microsoft Works Suite 2003\Setup\Launcher.exe D:\
AXIS Camera Control-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{BE2A41AD-3BFF-4A0C-A05C-F5B40C5C5E41}\Setup.exe"
CCHelp-->MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CP210x USB to UART Bridge Controller-->C:\WINDOWS\system32\slabunin2k.exe C:\WINDOWS\system32\slabunin.u2k
Document Creator OEM v2.22-->"C:\Programmi\File comuni\FLIR Systems\Neevia\unins000.exe"
Easy Button-->C:\WINDOWS\UnInst32.exe CPLDBL10.UNI
FLIR RTP Player-->"C:\Programmi\FLIR Systems AB\RTP Player\UninstallerData\Uninstall FLIRRtpPlayer.exe"
foobar2000 v0.9.5.3-->"C:\Programmi\foobar2000\uninstall.exe"
FSCap-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{2C71583C-0D2F-4A7E-BC95-2426462EE7B4}\Setup.exe"
Halto 1.0.5 FULL-->"C:\Programmi\Halto\unins000.exe"
HijackThis 2.0.2-->"C:\Programmi\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HOBOware Pro 2.7
...F:\HOBOware Lite-->"F:\HOBOware Lite\unins001.exe"
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
InterVideo WinDVD 4-->"C:\Programmi\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java 2 Runtime Environment, SE v1.4.2_06-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java Media Framework 2.1.1e-->C:\WINDOWS\IsUninst.exe -fC:\Programmi\JMF2.1.1e\Uninst.isu
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Anti-Virus 7.0-->MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0-->MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
K-Lite Codec Pack 3.2.5 Full-->"C:\Programmi\K-Lite Codec Pack\unins000.exe"
Kodak EasyShare software-->C:\Documents and Settings\All Users\Dati applicazioni\Kodak\EasyShareSetup\$SETUP_9_99dab\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Malwarebytes' Anti-Malware-->"C:\Programmi\Malwarebytes' Anti-Malware\unins000.exe"
Manuali TOSHIBA-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}\SETUP.EXE" -l0x10
MH600HS Onda Wizard-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{559AD08F-3474-4F96-B374-A59F2A1E2518}\setup.exe" -l0x10 -removeonly
Microsoft .NET Framework (Italian) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1040)
Microsoft .NET Framework (Italian)-->MsiExec.exe /X{015F2BEE-F15C-41F7-9637-47A5353A0E29}
Microsoft .NET Framework 1.1 Italian Language Pack-->MsiExec.exe /X{F2D2B58B-B2FD-46D1-8319-DCE564079934}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 - Language Pack (italiano)-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - ITA\install.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft LifeCam-->MsiExec.exe /X{BAC4E6F1-DA94-437E-9E5F-FA564131223E}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110410-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Photo 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mobile Connect-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}\setup.exe" -l0x10 -removeonly
MobiLink-->MsiExec.exe /I{92F70F0E-947E-4209-88A7-15E0988E248E}
Mozilla Firefox (3.0.6)-->C:\Programmi\Mozilla Firefox\uninstall\helper.exe
Mozilla Sunbird (0.3.1)-->C:\Programmi\Mozilla Sunbird\uninstall\uninst.exe
National Instruments Software-->"F:\Programmi\National Instruments\Shared\NIUninstaller\uninst.exe"
NetworkActiv PIAFCTM 1.5-->C:\Program Files\NetworkActiv PIAFCTM 1.5\NetworkActivPIAFCTMv1.5.exe UnInstall
NI LabVIEW Run-Time Engine 6.1-->MsiExec.exe /I{CC8971B9-9132-4C04-A8D4-628663C9E9F0}
PDFCreator-->MsiExec.exe /I{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PL7 Junior V3.1-->C:\WINDOWS\PL7SYS\UNINSTAL\SETUP PL7JUNR/PL7 Junior/31/I
PL7 Junior V4.3-->C:\WINDOWS\PL7SYS\UNINSTAL\SETUP PL7JUNR/PL7 Junior/43/I
RealPlayer-->C:\Programmi\File comuni\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Realtek Fast Ethernet Adapter Driver-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\SETUP.EXE" -l0x9 REMOVE
Recordster-->MsiExec.exe /I{1E81725C-1EE7-476D-8E1D-3150469643F6}
RegSvrEx-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\REGSVREX.INF, DefaultUninstall.ntx86
Replay Media Catcher-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Programmi\Replay Media Catcher\Uninstall\uninstall.xml"
SA Drivers Manager-->C:\Programmi\InstallShield Installation Information\{10B15004-CD2A-49BD-ACB7-DFA124F39273}\setup.exe -runfromtemp -l0x0009 -removeonly\ -REMV
SA MODBUS Driver-->C:\Programmi\InstallShield Installation Information\{490A0AB2-4AD1-4593-A718-929D36BCD53C}\setup.exe -runfromtemp -l0x0009 -removeonly
SA PLC USB Driver-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{D60D82D1-2C77-4B78-992B-6C2DBADF57B6}\setup.exe" -l0x9
SA UNITELWAY WDM Driver-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{BD0F102A-1F7C-46E4-9DF4-3D63E4774D5D}\setup.exe" -l0x9
SA XIP Driver-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{0F737E8A-3FCF-43DA-B6DC-2BDFC3F07E78}\setup.exe" -l0x9
Sentinel System Driver 5.41.1 (32-bit)-->MsiExec.exe /I{5081528F-5DD5-49BA-8213-9A6A13502497}
SFR-->MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2-->MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SIMATIC STEP 7 V5.1 + ServicePack 4-->C:\WINDOWS\IsUn0410.exe -f"F:\Step 7\DeIsL1.isu" -c"C:\WINDOWS\system32\S7esetdx.dll
SIMATIC AuthorsW V2.4 + ServicePack 2-->C:\WINDOWS\IsUn0410.exe -fC:\SIEMENS\AuthorsW\DeIsL1.isu -c"C:\WINDOWS\system32\s7esetdx.dll
SIMATIC NCM S7 Ind. Ethernet V5.1 + ServicePack 3 + Hotfix 1-->F:\Step 7\S7WBX\App\UNINSH1.EXE -f"F:\Step 7\S7WBX\DeIsL1.isu" -c"F:\Step 7\S7WBX\app\s7wnunh1.dll"
SIMATIC NCM S7 PROFIBUS V5.1 + ServicePack 3 + Hotfix 1-->F:\Step 7\S7WBX\App\UNINSL2.EXE -f"F:\Step 7\S7WBX\DeIsL2.isu" -c"F:\Step 7\S7WBX\app\s7wnunl2.dll"
SMSC IrCC Driver V5.1.2462.0 (WinXP)-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{EC86822D-3A20-11D5-801B-00E029348F40}\SETUP.EXE"
SPAC View-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{8E4C09BF-FAC5-47E0-B9A6-5FF9577F852E}\Setup.exe" -l0x10
Telemecanique USB Multi-Function Cable Drivers-->C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
ThermaCAM QuickReport English Language Pack-->MsiExec.exe /X{8814711D-2550-4481-B794-16FEA8E6F45D}
ThermaCAM QuickReport-->MsiExec.exe /X{96BEDBDA-EB5C-499F-8AFC-1AC00FC2E0F8}
ThermaCAM Researcher Pro 2.7-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{AC0E443C-614A-47D4-8E6E-96D70FB6E965}\setup.exe"
ThermaNET-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{ADC4B707-E8DB-471E-A013-2F7538528DE2}\Setup.exe"
ThermoVision Digital Toolkit 3.1 SR-1-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{BE46F008-A3D8-4AB5-B1F7-ECA668D3C74E}\setup.exe"
ThermoVision SDK-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{ADCDD36B-7403-40CA-A602-02F17E91FB32}\setup.exe"
TightVNC 1.3.8-->C:\Programmi\TightVNC\unins000.exe
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe"
Toshiba Connect-->C:\Programmi\Toshiba Connect\UninstID.exe
TOSHIBA Console-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\SETUP.EXE" -l0x10
TOSHIBA Software Modem-->Tosmreg -U
TSXPCX3030 Device Driver-->C:\WINDOWS\IsUninst.exe -fC:\TSXPCX3030DeviceFiles\Uninst.isu
TwidoSoft-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{A7DB7470-C9DF-11D4-B49F-0006294FC964}\setup.exe" anything
Unlocker 1.8.7-->C:\Programmi\Unlocker\uninst.exe
Utilit?Risparmio energetico TOSHIBA-->C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B83DA26B-5237-41E8-8612-8F3F63F69811} /l1040
Utilit?Tasti di scelta rapida TOSHIBA-->C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{41DBA4F1-E295-41B3-9922-7B346C5B8EBF} /l1040
Utilit?Touchpad ON/OFF-->C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{107C7E59-F4CF-444F-BCCC-8223137D1AD1} /l1040
VideoLAN VLC media player 0.8.6i-->C:\Programmi\VideoLAN\VLC\uninstall.exe
Vijeo-Designer-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{C4A5C2DE-3122-4714-8110-65C74DD1DF0A}\Setup.exe" -l0x10 UNINSTALL
WeatherLink 5.7-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{F2BEBB8A-1CD6-4F0C-B197-A10AB7C62E09}\Setup.exe" -l0x9
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{A511414C-4846-4630-8AC0-B156D8CB1FC0}
Windows Media Format 11 runtime-->"C:\Programmi\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Programmi\WinRAR\uninstall.exe
WinZip-->"C:\Programmi\WinZip\WINZIP32.EXE" /uninstall
Wonderware InTouch-->MsiExec.exe /I{9A6CB4AA-BBDC-413B-B49E-D563BCB48DD9}
XBT-L1000 V4.42-->C:\WINDOWS\IsUn0410.exe -f"c:\programmi\schneider electric\xbt\XBT-L1000\Uninst.isu" -cc:\PROGRA~1\SCHNEI~1\xbt\XBT-L1~1\UnDll.dll
XIP Driver-->C:\WINDOWS\IsUninst.exe -fC:\XWAYDRV\XIPDriverUninst.isu
YouRipper-->C:\Programmi\You Ripper\Uninst.exe

=====HijackThis Backups=====

O1 - Hosts: 61.129.115.198 www.xldd.com
O1 - Hosts: 61.129.115.198 www.shuixian.net
O1 - Hosts: 61.129.115.198 www.ojiang.com
O1 - Hosts: 61.129.115.198 www.xlarea.com

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Kaspersky Anti-Virus

System event log

Computer Name: NB-FREGNAN
Event Code: 2000
Message: La chiamata del server ad un servizio di sistema non riuscita in modo imprevisto.

Record Number: 34362
Source Name: Srv
Time Written: 20090204094608.000000+060
Event Type: Errore
User:

Computer Name: NB-FREGNAN
Event Code: 2000
Message: La chiamata del server ad un servizio di sistema non riuscita in modo imprevisto.

Record Number: 34361
Source Name: Srv
Time Written: 20090204094608.000000+060
Event Type: Errore
User:

Computer Name: NB-FREGNAN
Event Code: 2000
Message: La chiamata del server ad un servizio di sistema non riuscita in modo imprevisto.

Record Number: 34360
Source Name: Srv
Time Written: 20090204094608.000000+060
Event Type: Errore
User:

Computer Name: NB-FREGNAN
Event Code: 2000
Message: La chiamata del server ad un servizio di sistema non riuscita in modo imprevisto.

Record Number: 34359
Source Name: Srv
Time Written: 20090204094608.000000+060
Event Type: Errore
User:

Computer Name: NB-FREGNAN
Event Code: 2000
Message: La chiamata del server ad un servizio di sistema non riuscita in modo imprevisto.

Record Number: 34358
Source Name: Srv
Time Written: 20090204094608.000000+060
Event Type: Errore
User:

Application event log

Computer Name: NB-FREGNAN
Event Code: 1906
Message:
Record Number: 12702
Source Name: HHCTRL
Time Written: 20081119171403.000000+060
Event Type: Informazione
User:

Computer Name: NB-FREGNAN
Event Code: 1906
Message:
Record Number: 12701
Source Name: HHCTRL
Time Written: 20081119171403.000000+060
Event Type: Informazione
User:

Computer Name: NB-FREGNAN
Event Code: 1906
Message:
Record Number: 12700
Source Name: HHCTRL
Time Written: 20081119171403.000000+060
Event Type: Informazione
User:

Computer Name: NB-FREGNAN
Event Code: 1906
Message:
Record Number: 12699
Source Name: HHCTRL
Time Written: 20081119171403.000000+060
Event Type: Informazione
User:

Computer Name: NB-FREGNAN
Event Code: 1906
Message:
Record Number: 12698
Source Name: HHCTRL
Time Written: 20081119171403.000000+060
Event Type: Informazione
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=F:\Step 7\s7bin;F:\Common\Sqlany;C:\Programmi\File comuni\ArchestrA\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\VXIPNP\WinNT\Bin;F:\Programmi\Schneider Electric\Vijeo-Designer\Vijeo-Runtime\public\bin;F:\Programmi\Schneider Electric\Vijeo-Designer\Vijeo-Frame\Help
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"KMP_DUPLICATE_LIB_OK"=TRUE
"MKL_SERIAL"=YES
"NIDAQmxSwitchDir"=F:\Programmi\National Instruments\NI-DAQ\Switch\
"VXIPNPPATH"=C:\VXIPNP\
"SQLANY"=F:\Common\Sqlany
"S7TMP"=F:\Step 7\S7tmp

-----------------EOF-----------------

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 AM

Posted 11 February 2009 - 02:28 PM

Hi again,

Thanks for understanding.

Your computer is infected with a flash drive infection. This type of infection gets usually carried over through removable storage devices (flash drive/ USB drive/ thumb drive/ ipod/ memory stick/ memory card/ photo camera memory card/ external hard drive, etc) and networks. Please make sure you have your removable devices ready to disinfect. Don't connect them yet. But when it is instructed to connect them do that and leave it there while you are running Combofix.

Please read this carefully: http://www.zyxware.com/articles/2007/08/14...virus-infection

Note: It is important to have autoplay feature turned off and not to open the thump drives by double clicking. Instead rightclick the drive and select Explore
  • You have Java 6 Update 11 and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components:
    Click "start" and then "Control Panel" icon.
    Doubleclick the "Add or Remove Programs" icon
    A list of programs installed will be "populated" this may take a bit of time.
    Uninstall all the older Java the following by clicking on the following entries and selecting "remove":

    Java 2 Runtime Environment, SE v1.4.2_06
    Java 2 Runtime Environment, SE
    Java Media Framework 2.1.1e
    Java SE Runtime Environment 6 Update 1


  • Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
    Copy and paste the text in code box into it.

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{153f85ab-3136-11dc-b6bd-00023f95f53d}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{180bb7b7-1adc-11dd-b7f9-00023f95f53d}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{388ea157-342f-11dc-b6bf-00023f95f53d}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{388ea242-342f-11dc-b6bf-00023f95f53d}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38c236dd-ec49-11dd-b6ec-00023f95f53d}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41d881e2-3b73-11dd-b829-00023f95f53d}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90246aad-5ae1-11dc-b6e1-00023f95f53d}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5bdede6-2870-11dc-b6af-00023f95f53d}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df1840c6-7d73-11dd-b898-00023f95f53d}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe3962d9-4f15-11dd-b845-00023f95f53d}]
    • Save the file to the desktop as regfix.reg
    • Make sure the Save as type field says All files.
    • Locate regfix.reg on the desktop and double-click on it and confirm.
    • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    • You get another window popup saying that regfix.reg successfully added to the registry.
    Note: You have to turn off any registry protector software you have in order the changes to be taken place.

  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    • Turn of the auto-protect or resident-shield of your antivirus.
    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    • Wait until it has finished scanning which takes only a few seconds and then exit the program.
    • Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Posted Image


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


#5 Flegias

Flegias
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 12 February 2009 - 06:32 AM

Hello farbar!

I had an error on the merging of the fixreg.reg to the registry (fixreg.reg wasn't a valid script for the system registry) and I'm sure about the correct content of it. So I deleted the keys manually. Hope to have done a good work.

I've done the other steps without any problem!

ComboFix 09-02-11.02 - FabrizioFregnan 2009-02-12 11.57.06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.478.228 [GMT 1:00]
Eseguito da: c:\documents and settings\FabrizioFregnan\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2009-01-12 al 2009-02-12 )))))))))))))))))))))))))))))))))))
.

2009-02-12 10:50 . 2008-12-18 10:55 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-04 16:58 . 2009-02-04 17:01 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-03 15:37 . 2009-02-03 15:37 578,048 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-01-30 16:33 . 2009-01-30 16:33 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2009-01-30 12:04 . 2005-07-25 10:04 48,640 --------- c:\windows\system32\drivers\ser2pl.sys
2009-01-30 10:49 . 2004-12-16 17:41 89,808 --a------ c:\windows\system32\drivers\slabser.sys
2009-01-30 10:49 . 2004-12-16 17:40 55,312 --a------ c:\windows\system32\drivers\slabbus.sys
2009-01-30 10:49 . 2004-10-15 15:45 47,616 --a------ c:\windows\system32\slabunin2k.exe
2009-01-30 10:49 . 2004-12-16 17:41 6,144 --a------ c:\windows\system32\drivers\slabcmnt.sys
2009-01-30 10:49 . 2004-12-16 17:41 6,144 --a------ c:\windows\system32\drivers\slabcm.sys
2009-01-30 10:49 . 2004-12-16 17:39 5,776 --a------ c:\windows\system32\drivers\slabwhnt.sys
2009-01-30 10:49 . 2004-12-16 17:39 5,776 --a------ c:\windows\system32\drivers\slabwh.sys
2009-01-30 10:49 . 2009-01-30 10:49 101 --a------ c:\windows\system32\slabunin.u2k
2009-01-30 09:36 . 2009-02-11 10:05 <DIR> d-------- C:\rsit
2009-01-29 18:13 . 2009-01-29 18:13 19,286 --a------ C:\cleanup.exe
2009-01-29 16:38 . 2009-02-04 09:27 250 --a------ c:\windows\gmer.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 11:09 977,184 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-02-12 11:09 38,683,936 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-02-12 10:45 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-02-12 10:44 --------- d-----w c:\programmi\Mozilla Sunbird
2009-02-12 10:40 538,652 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-02-12 10:40 106,796 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-02-12 09:57 --------- d-----w c:\programmi\Java
2009-02-12 09:42 --------- d-----w c:\programmi\JMF2.1.1e
2009-02-11 10:23 --------- d-----w c:\documents and settings\FabrizioFregnan\Dati applicazioni\foobar2000
2009-02-09 09:51 --------- d-----w c:\documents and settings\FabrizioFregnan\Dati applicazioni\AdobeUM
2009-02-03 17:23 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 17:23 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-30 11:04 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-07 09:43 --------- d-----w c:\programmi\You Ripper
2008-12-18 09:55 410,984 ----a-w c:\windows\system32\deploytk.dll
2004-03-15 16:51 114,688 ----a-w c:\programmi\internet explorer\plugins\LV71ActiveXControl.dll
2003-05-01 07:36 114,688 ----a-w c:\programmi\internet explorer\plugins\LV7ActiveXControl.dll
2001-12-13 19:56 98,304 ----a-w c:\programmi\internet explorer\plugins\LVActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-05-29 155648]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2003-06-18 151552]
"CeEPOWER"="c:\programmi\TOSHIBA\Power Management\CePMTray.exe" [2003-07-24 135168]
"CPLDBL10"="c:\programmi\EzButton\CPLDBL10.EXE" [2003-07-03 204800]
"CeEKEY"="c:\programmi\TOSHIBA\E-KEY\CeEKey.exe" [2003-07-30 638976]
"TPNF"="c:\programmi\TOSHIBA\TouchPad\TPTray.exe" [2003-07-18 49152]
"FLIR Systems Camera Monitor"="c:\programmi\FLIR Systems\Device Drivers\T3Mon.exe" [2007-02-01 276064]
"S7UB Start"="f:\common\S7ubtoox\s7ubtstx.exe" [2000-10-25 102400]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-18 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\FabrizioFregnan\Menu Avvio\Programmi\Esecuzione automatica\
Mozilla Sunbird.lnk - c:\programmi\Mozilla Sunbird\sunbird.exe [2007-06-19 6967808]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7404:TCP"= 7404:TCP:ardzvl

R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppMH\cdrom_mon.exe [2008-05-05 81920]
R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [2008-12-16 30080]
R2 DPortIO;Dritek Port I/O Driver;c:\windows\system32\drivers\DPORTIO.SYS [2001-04-12 3674]
R2 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.dll [2004-04-01 10829]
R2 Machnm32;Machnm32 Driver;c:\windows\system32\Machnm32.sys [2008-07-14 2304]
R2 MobiLink IILServer;MobiLink IILServer;c:\programmi\Novatel Wireless\MobiLink\iilserver.exe [2004-10-08 49152]
R2 NA_Service;NetAccess Service;c:\windows\system32\NA_Service.exe [2007-10-18 49152]
R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [2004-04-08 37376]
R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [2004-04-08 21504]
R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [2004-04-08 674304]
R2 nidevldu;nidevldu;system32\nipalsm.exe --> system32\nipalsm.exe [?]
R2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [2004-03-26 108124]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [2004-04-08 50688]
R2 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfk.dll [2004-03-30 128117]
R2 nilvaik;nilvaik;c:\windows\system32\drivers\nilvaik.dll [2004-04-01 18037]
R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [2004-04-08 30208]
R2 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpk.dll [2004-03-29 19570]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [2004-03-15 41071]
R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [2004-04-08 111616]
R2 niswdk;niswdk;c:\windows\system32\drivers\niswdk.dll [2004-03-31 341101]
R2 s7osmcax;s7osmcax;c:\windows\system32\drivers\s7osmcax.sys [2008-12-16 171520]
R2 T3Srv;FLIR Systems Camera Monitor;c:\programmi\FLIR Systems\Device Drivers\T3Srv.exe [2007-02-01 140896]
R2 UsbConnect;Usb PLC;c:\windows\system32\UsbConnect.exe [2007-10-18 61440]
R3 Duntlw;UNTLW device;c:\windows\system32\drivers\DuntlwNT.sys [2007-09-17 53568]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrk.dll [2004-03-30 128112]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2k.dll [2004-03-26 130141]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstsk.dll [2004-04-05 44149]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdk.dll [2004-03-30 385642]
S2 NatMotion;NatMotion;c:\windows\system32\drivers\NatMotion.sys [2004-03-08 109639]
S3 gpibclsb;GPIB Board Class Driver;c:\windows\system32\drivers\gpibclsb.sys [2002-07-17 56904]
S3 gpibclsd;GPIB Device Class Driver;c:\windows\system32\drivers\gpibclsd.sys [2002-07-17 34664]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsark.dll [2004-03-30 636522]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrk.dll [2004-04-05 508523]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrk.dll [2004-04-05 73346]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [2004-04-05 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [2004-04-05 151683]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigk.dll [2004-04-05 203893]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdk.dll [2004-03-30 67178]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrk.dll [2004-04-05 393323]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2k.dll [2004-03-30 121461]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrk.dll [2004-04-05 81529]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiork.dll [2004-04-05 1193593]
S3 NiViPxiK;NiViPxiK;c:\windows\system32\drivers\NiViPxiK.sys [2004-03-30 24064]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrk.dll [2004-04-05 285803]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 ONDAUsbDiag;ONDA USB Diagnostics Port;c:\windows\system32\drivers\ONDAUsbDiag.sys [2008-05-05 92928]
S3 ONDAUsbModem;ONDA USB MODEM DRIVER;c:\windows\system32\drivers\ONDAUsbModem.sys [2008-05-05 92928]
S3 ONDAUsbNmea;ONDA USB NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [2008-05-05 92928]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [2008-12-16 30704]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - NIPALK
*Deregistered* - WmiApSrv
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
*Deregistered* - XipConnect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
tgkilha

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c46ddff-c8bf-11dc-b783-00023f95f53d}]
\Shell\AutoRun\command - h:\safeguard\Windows\SafeGuard20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8588d176-de95-11dd-b6dd-00023f95f53d}]
\Shell\AutoRun\command - WDSetup.exe
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Notify-WgaLogon - (no file)


.
------- Scansione supplementare -------
.
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {0693CDD4-F05E-4F02-BB6F-51B84BE39957} = 151.99.125.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - hxxp://plug-in.reallusion.com/CrazyTalk4.cab
DPF: {DD01C8CA-5DA0-4B01-9603-B7194E561D32} - hxxp://217.133.17.205:8010/rel/webViewer.cab
FF - ProfilePath - c:\documents and settings\FabrizioFregnan\Dati applicazioni\Mozilla\Firefox\Profiles\iq26ksyn.default\
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 12:08:34
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="990D440B3EE0967606650FB4A6FDAE065BCAE5696A6079C7C3479AF17E3D282D610A5796ABD61F9C51E43A59DE94968DBC0DF981807A4886FE3B1C79E0662EDA540FB97B31A2D1C21FCB5B8E9043293D365DD950A25885464EB0D7943E7094DD665EC4D1A2E56A554CA4FB59C801237B2FA85F68B9E5118BC2199784F6DBF9F6FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6171C11EC38DE3D9DB7CE019D40AA5CEF1B0D75D9072DC1ED67191CA293DE742CB6E96933EFC65FBA7CA9347701AAD5342379831712EB65DCA026EED9964B14595EEBCBA8B5AE78ED75D0A291300C1DD33308846611CB361972E8226827CEA39346F9B8FB5E7A47E4717F5079D8582B8DAE294788E641F10AC6C4AD05BF219D8C7C05F67D96C1A4BA4459ECBA7BA75402CED3075F8A0889FAD99E7E8D6ABDAF576205BEA2215F19EA1687A1823058A1B9A001F971889CA31B3FE2F30149E2BD6DAFF63E8451F36658E13505A21F8A4E1D042F45E97EC2197EDC80E1038F935E2BEED914DF1264FEC7F695279006244C7CAEDE8519A07FF79B6B6891DB86195BCF0030D815DFD88BE1F9DA0AE53ACEBF89AA9647EEB61E00CE7991BC7688FAB202948312A94CBCE6B563BFA362A076005AD15F8F841BAC29D7E7771665880C97C733DD3FC6FCC020B3FC7F5DE732CC1CE8D6475514BC7B1C58EC193F59885D718EB6505039A9D87BB1685A15F97EC652943D60827D202236D992F7522CA14659A7CEECA9F0A03D6F6819961D44A71E171FDFBFF641DBFA8845379BD9D880621E46FDCC2684C369A9F5557C3C1464CE142F69FE86891B24D8EC8B8D5600641143021B8A91AA081F07DA3AD72B5B7D1B26CE5BBBF51E1EFEA00116DD3CE52374FD59CFC6ACC276E11D7DB7F919B05387DCEC0B980270B7320E1CAF1FF2F0A3F4B9AB9CA4ADCB2BF8B2A791B628CC56DD7C5B213A5A12CDA803B786E656AE623C153CD2CBBCEA597142845EE76D8F8DAB7F5219499F3ADC8F13B39CCFB74D703BE0B5996876E9C59AFD278BE8F2F7124010E9C4F56AC274588953487A5AA2F1A4A6A36BA86CB54989C606D79BB7AE15B290A04970C5AC37BAE23EB18675249D6E1EF59842A45ED19535F7D6642D7C56DA935B1F6EB0195D30D17FD89D367042D3B70142EB9698DFDB95BC71ABB84EAD56635E13A91E50B0F63A078D683C463ED4157DDF60B03E093CE57461DC36B704067BD3C5DF74BB9111B7A776959B0986358C083CDF53CBF5D95AA3B9EAF1ED58100E4BAB528E6BF2C416980DD85C41A2FA29A176AE5262659D5BB5DA492ECABBDC7DB60E473D925C1CD77620E7799AB0F1A92D0194F747A7B403777E71214CD699E2EC89094286E8E5B1404F7FE5645E2880"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1148)
c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1208)
c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
.
Ora fine scansione: 2009-02-12 12.13.25
ComboFix-quarantined-files.txt 2009-02-12 11:13:21

Pre-Run: 718.974.976 byte disponibili
Post-Run: 785,817,600 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

204

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 AM

Posted 12 February 2009 - 12:45 PM

  • Please insert your removable devices.

  • Close any open browsers.

    Open notepad and copy/paste the text in the code box below into it:

    File::
    H:\RECYCLER\autorun.exe
    G:\AutoRun.exe
    H:\AutoRun.exe
    I:\RECYCLER\autorun.exe

    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


  • Download Find File Information (scroll down the page) and save it to your desktop.
    • Double-click on FileInfo.vbs to start and follow the prompts.
    • When you see a prompt like this "Enter drive letter to search (letter only)", enter an asterisk (*) and click OK.
    • In the next window, enter: jwgkvsq
    • Click OK. A text file named searched.txt will open and automatically be saved in the root of your C:\ directory.
    • Please copy/paste the information from searched.txt in your next reply.
    Note: If you have a script blocking program you may get a warning asking if you want to allow the script to run. Some will say "malicious script warning" or something to that effect. There is nothing malicious about this script, you can click to allow it to execute.

  • Go to Start > Run and type in Notepad
    Make sure that under Format menu Word Wrap is unchecked. Copy/paste the following text inside the code box into a new notepad document.

    regedit /e look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs"
    notepad look.txt
    • Go to the File menu at the top of the Notepad and select Save as.
    • Select save in: desktop
    • Fill in File name: look.bat
    • Save as type: All file types (*.*)
    • Click save
    • Close the Notepad.
    • Locate and double-click look.bat on the desktop.
    • Notepad will open with some txt in it. Copy and paste the contents in your next reply.


#7 Flegias

Flegias
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 13 February 2009 - 09:40 AM

Hello farbar!

It wasn't found any jwgkvsq on my removable devices.

ComboFix 09-02-12.03 - FabrizioFregnan 2009-02-13 14.27.57.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.478.176 [GMT 1:00]
Eseguito da: c:\documents and settings\FabrizioFregnan\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\FabrizioFregnan\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino

FILE ::
G:\AutoRun.exe
H:\AutoRun.exe
h:\recycler\autorun.exe
i:\recycler\autorun.exe
.

((((((((((((((((((((((((( Files Creati Da 2009-01-13 al 2009-02-13 )))))))))))))))))))))))))))))))))))
.

2009-02-12 10:50 . 2008-12-18 10:55 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-04 16:58 . 2009-02-04 17:01 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-03 15:37 . 2009-02-03 15:37 578,048 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-01-30 16:33 . 2009-01-30 16:33 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2009-01-30 12:04 . 2005-07-25 10:04 48,640 --------- c:\windows\system32\drivers\ser2pl.sys
2009-01-30 10:49 . 2004-12-16 17:41 89,808 --a------ c:\windows\system32\drivers\slabser.sys
2009-01-30 10:49 . 2004-12-16 17:40 55,312 --a------ c:\windows\system32\drivers\slabbus.sys
2009-01-30 10:49 . 2004-10-15 15:45 47,616 --a------ c:\windows\system32\slabunin2k.exe
2009-01-30 10:49 . 2004-12-16 17:41 6,144 --a------ c:\windows\system32\drivers\slabcmnt.sys
2009-01-30 10:49 . 2004-12-16 17:41 6,144 --a------ c:\windows\system32\drivers\slabcm.sys
2009-01-30 10:49 . 2004-12-16 17:39 5,776 --a------ c:\windows\system32\drivers\slabwhnt.sys
2009-01-30 10:49 . 2004-12-16 17:39 5,776 --a------ c:\windows\system32\drivers\slabwh.sys
2009-01-30 10:49 . 2009-01-30 10:49 101 --a------ c:\windows\system32\slabunin.u2k
2009-01-30 09:36 . 2009-02-11 10:05 <DIR> d-------- C:\rsit
2009-01-29 18:13 . 2009-01-29 18:13 19,286 --a------ C:\cleanup.exe
2009-01-29 16:38 . 2009-02-04 09:27 250 --a------ c:\windows\gmer.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-13 13:33 996,384 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-02-13 13:33 39,049,504 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-02-13 09:41 --------- d-----w c:\programmi\Mozilla Sunbird
2009-02-13 09:41 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-02-13 09:26 543,524 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-02-13 09:26 108,620 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-02-12 15:24 --------- d-----w c:\programmi\Microsoft LifeCam
2009-02-12 09:57 --------- d-----w c:\programmi\Java
2009-02-12 09:42 --------- d-----w c:\programmi\JMF2.1.1e
2009-02-11 10:23 --------- d-----w c:\documents and settings\FabrizioFregnan\Dati applicazioni\foobar2000
2009-02-09 09:51 --------- d-----w c:\documents and settings\FabrizioFregnan\Dati applicazioni\AdobeUM
2009-02-03 17:23 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 17:23 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-30 11:04 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-07 09:43 --------- d-----w c:\programmi\You Ripper
2008-12-18 09:55 410,984 ----a-w c:\windows\system32\deploytk.dll
2004-03-15 16:51 114,688 ----a-w c:\programmi\internet explorer\plugins\LV71ActiveXControl.dll
2003-05-01 07:36 114,688 ----a-w c:\programmi\internet explorer\plugins\LV7ActiveXControl.dll
2001-12-13 19:56 98,304 ----a-w c:\programmi\internet explorer\plugins\LVActiveXControl.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-12_12.10.46,98 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-12 10:41:53 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-13 09:37:57 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-12 10:41:53 32,768 -c--a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2009-02-13 09:37:57 32,768 -c--a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2009-02-13 09:37:31 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_15c.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-05-29 155648]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2003-06-18 151552]
"CeEPOWER"="c:\programmi\TOSHIBA\Power Management\CePMTray.exe" [2003-07-24 135168]
"CPLDBL10"="c:\programmi\EzButton\CPLDBL10.EXE" [2003-07-03 204800]
"CeEKEY"="c:\programmi\TOSHIBA\E-KEY\CeEKey.exe" [2003-07-30 638976]
"TPNF"="c:\programmi\TOSHIBA\TouchPad\TPTray.exe" [2003-07-18 49152]
"FLIR Systems Camera Monitor"="c:\programmi\FLIR Systems\Device Drivers\T3Mon.exe" [2007-02-01 276064]
"S7UB Start"="f:\common\S7ubtoox\s7ubtstx.exe" [2000-10-25 102400]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-18 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\FabrizioFregnan\Menu Avvio\Programmi\Esecuzione automatica\
Mozilla Sunbird.lnk - c:\programmi\Mozilla Sunbird\sunbird.exe [2007-06-19 6967808]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7404:TCP"= 7404:TCP:ardzvl

R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppMH\cdrom_mon.exe [2008-05-05 81920]
R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [2008-12-16 30080]
R2 DPortIO;Dritek Port I/O Driver;c:\windows\system32\drivers\DPORTIO.SYS [2001-04-12 3674]
R2 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.dll [2004-04-01 10829]
R2 Machnm32;Machnm32 Driver;c:\windows\system32\Machnm32.sys [2008-07-14 2304]
R2 MobiLink IILServer;MobiLink IILServer;c:\programmi\Novatel Wireless\MobiLink\iilserver.exe [2004-10-08 49152]
R2 NA_Service;NetAccess Service;c:\windows\system32\NA_Service.exe [2007-10-18 49152]
R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [2004-04-08 37376]
R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [2004-04-08 21504]
R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [2004-04-08 674304]
R2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [2004-03-26 108124]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [2004-04-08 50688]
R2 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfk.dll [2004-03-30 128117]
R2 nilvaik;nilvaik;c:\windows\system32\drivers\nilvaik.dll [2004-04-01 18037]
R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [2004-04-08 30208]
R2 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpk.dll [2004-03-29 19570]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [2004-03-15 41071]
R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [2004-04-08 111616]
R2 niswdk;niswdk;c:\windows\system32\drivers\niswdk.dll [2004-03-31 341101]
R2 s7osmcax;s7osmcax;c:\windows\system32\drivers\s7osmcax.sys [2008-12-16 171520]
R3 Duntlw;UNTLW device;c:\windows\system32\drivers\DuntlwNT.sys [2007-09-17 53568]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrk.dll [2004-03-30 128112]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2k.dll [2004-03-26 130141]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstsk.dll [2004-04-05 44149]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdk.dll [2004-03-30 385642]
S2 NatMotion;NatMotion;c:\windows\system32\drivers\NatMotion.sys [2004-03-08 109639]
S3 gpibclsb;GPIB Board Class Driver;c:\windows\system32\drivers\gpibclsb.sys [2002-07-17 56904]
S3 gpibclsd;GPIB Device Class Driver;c:\windows\system32\drivers\gpibclsd.sys [2002-07-17 34664]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsark.dll [2004-03-30 636522]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrk.dll [2004-04-05 508523]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrk.dll [2004-04-05 73346]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [2004-04-05 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [2004-04-05 151683]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigk.dll [2004-04-05 203893]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdk.dll [2004-03-30 67178]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrk.dll [2004-04-05 393323]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2k.dll [2004-03-30 121461]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrk.dll [2004-04-05 81529]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiork.dll [2004-04-05 1193593]
S3 NiViPxiK;NiViPxiK;c:\windows\system32\drivers\NiViPxiK.sys [2004-03-30 24064]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrk.dll [2004-04-05 285803]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 ONDAUsbDiag;ONDA USB Diagnostics Port;c:\windows\system32\drivers\ONDAUsbDiag.sys [2008-05-05 92928]
S3 ONDAUsbModem;ONDA USB MODEM DRIVER;c:\windows\system32\drivers\ONDAUsbModem.sys [2008-05-05 92928]
S3 ONDAUsbNmea;ONDA USB NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [2008-05-05 92928]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [2008-12-16 30704]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - NIPALK
*Deregistered* - NetDDEdsdm
*Deregistered* - Netman
*Deregistered* - nidevldu
*Deregistered* - nipxirmu
*Deregistered* - niSvcLoc
*Deregistered* - Nla
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - slssvc
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - T3Srv
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UsbConnect
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
*Deregistered* - XipConnect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
tgkilha

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c46ddff-c8bf-11dc-b783-00023f95f53d}]
\Shell\AutoRun\command - h:\safeguard\Windows\SafeGuard20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8588d176-de95-11dd-b6dd-00023f95f53d}]
\Shell\AutoRun\command - WDSetup.exe
.
.
------- Scansione supplementare -------
.
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {0693CDD4-F05E-4F02-BB6F-51B84BE39957} = 151.99.125.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - hxxp://plug-in.reallusion.com/CrazyTalk4.cab
DPF: {DD01C8CA-5DA0-4B01-9603-B7194E561D32} - hxxp://217.133.17.205:8010/rel/webViewer.cab
FF - ProfilePath - c:\documents and settings\FabrizioFregnan\Dati applicazioni\Mozilla\Firefox\Profiles\iq26ksyn.default\
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 14:33:42
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="990D440B3EE0967606650FB4A6FDAE065BCAE5696A6079C7C3479AF17E3D282D610A5796ABD61F9C51E43A59DE94968DBC0DF981807A4886FE3B1C79E0662EDA540FB97B31A2D1C21FCB5B8E9043293D365DD950A25885464EB0D7943E7094DD665EC4D1A2E56A554CA4FB59C801237B2FA85F68B9E5118BC2199784F6DBF9F6FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6171C11EC38DE3D9DB7CE019D40AA5CEF1B0D75D9072DC1ED67191CA293DE742CB6E96933EFC65FBA7CA9347701AAD5342379831712EB65DCA026EED9964B14595EEBCBA8B5AE78ED75D0A291300C1DD33308846611CB361972E8226827CEA39346F9B8FB5E7A47E4717F5079D8582B8DAE294788E641F10AC6C4AD05BF219D8C7C05F67D96C1A4BA4459ECBA7BA75402CED3075F8A0889FAD99E7E8D6ABDAF576205BEA2215F19EA1687A1823058A1B9A001F971889CA31B3FE2F30149E2BD6DAFF63E8451F36658E13505A21F8A4E1D042F45E97EC2197EDC80E1038F935E2BEED914DF1264FEC7F695279006244C7CAEDE8519A07FF79B6B6891DB86195BCF0030D815DFD88BE1F9DA0AE53ACEBF89AA9647EEB61E00CE7991BC7688FAB202948312A94CBCE6B563BFA362A076005AD15F8F841BAC29D7E7771665880C97C733DD3FC6FCC020B3FC7F5DE732CC1CE8D6475514BC7B1C58EC193F59885D718EB6505039A9D87BB1685A15F97EC652943D60827D202236D992F7522CA14659A7CEECA9F0A03D6F6819961D44A71E171FDFBFF641DBFA8845379BD9D880621E46FDCC2684C369A9F5557C3C1464CE142F69FE86891B24D8EC8B8D5600641143021B8A91AA081F07DA3AD72B5B7D1B26CE5BBBF51E1EFEA00116DD3CE52374FD59CFC6ACC276E11D7DB7F919B05387DCEC0B980270B7320E1CAF1FF2F0A3F4B9AB9CA4ADCB2BF8B2A791B628CC56DD7C5B213A5A12CDA803B786E656AE623C153CD2CBBCEA597142845EE76D8F8DAB7F5219499F3ADC8F13B39CCFB74D703BE0B5996876E9C59AFD278BE8F2F7124010E9C4F56AC274588953487A5AA2F1A4A6A36BA86CB54989C606D79BB7AE15B290A04970C5AC37BAE23EB18675249D6E1EF59842A45ED19535F7D6642D7C56DA935B1F6EB0195D30D17FD89D367042D3B70142EB9698DFDB95BC71ABB84EAD56635E13A91E50B0F63A078D683C463ED4157DDF60B03E093CE57461DC36B704067BD3C5DF74BB9111B7A776959B0986358C083CDF53CBF5D95AA3B9EAF1ED58100E4BAB528E6BF2C416980DD85C41A2FA29A176AE5262659D5BB5DA492ECABBDC7DB60E473D925C1CD77620E7799AB0F1A92D0194F747A7B403777E71214CD699E2EC89094286E8E5B1404F7FE5645E2880"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1140)
c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1196)
c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
.
Ora fine scansione: 2009-02-13 14.38.07
ComboFix-quarantined-files.txt 2009-02-13 13:38:02
ComboFix2.txt 2009-02-12 11:13:33

Pre-Run: 873.115.648 byte disponibili
Post-Run: 863,162,368 byte disponibili

232


searched.txt

blank!


look.txt

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00003020

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 AM

Posted 13 February 2009 - 11:19 AM

  • Please use Internet Explorer to perform a BitDefender Online Virus and Malware Scan
    • Click on I Agree.
    • If an Active X warning box will appear Click on Install.
      Note: If you got the message:"Could not load the Online Scanner! Click here for other possible fixes", it means Internet Explorer has blocked the Active X being installed. Just above the page under the Internet Explorer toolbar you see this message:
      "This website wants to install the following add-on: "Bitdefender OnlineScanner v8' from 'BITDEFENDER LLC'. If you trust the website and the add-on and want to install it, click here..."
      Click on that and select: Install Active x.
    • Now Click On Start Scan. Please wait as it might take some time.
    • If it found anything when it finished click Click here to export the scan report
    • Give the report a name and save it. The file will be a .HTML file.
    • Please attach the file to your reply.
    • To attach the file press ADDREPLY, under the reply window press Browse... show the path to the file on your computer.
    • Highlight the file and click Open then press the green UPLOAD button.
  • Download regsearch.zip by Bobbi Flekman and Save it to your desktop.
    • Extract it to your desktop. It will extract the zip file to a folder named regsearch.
    • Open the folder and double click regsearch.exe to start the program.
    • Type tgkilha in the upper window.
    • Click "OK" and Registry Search will search the Registry and report what it finds.
    • Copy and paste the result into your next reply.
    Note: The search takes a while. If you get notifications of access violation click Ok as many times as it needed.

  • Please run RSIT, set the list of Files/Folders created to 1 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log). Tell me also how is your computer running.


#9 Flegias

Flegias
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 16 February 2009 - 08:58 AM

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman 2005
; Version: 2.0.6.0

; Results at 16/02/2009 13.53.57 for strings:
; 'tgkilha'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
; Contents of value:
; 6to4
; AppMgmt
; AudioSrv
; Browser
; CryptSvc
; DMServer
; DHCP
; ERSvc
; EventSystem
; FastUserSwitchingCompatibility
; HidServ
; Ias
; Iprip
; Irmon
; LanmanServer
; LanmanWorkstation
; Messenger
; Netman
; Nla
; Ntmssvc
; NWCWorkstation
; Nwsapagent
; Rasauto
; Rasman
; Remoteaccess
; Schedule
; Seclogon
; SENS
; Sharedaccess
; SRService
; Tapisrv
; Themes
; TrkWks
; W32Time
; WZCSVC
; Wmi
; WmdmPmSp
; winmgmt
; TermService
; wuauserv
; BITS
; ShellHWDetection
; helpsvc
; WmdmPmSN
; xmlprov
; wscsvc
; tgkilha
;
"netsvcs"=hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\
6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\
00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\
53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\
00,44,00,48,00,43,00,50,00,00,00,45,00,52,00,53,00,76,00,63,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,61,\
00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
00,69,00,74,00,79,00,00,00,48,00,69,00,64,00,53,00,65,00,72,00,76,00,00,00,\
49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,00,72,00,6d,\
00,6f,00,6e,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,\
76,00,65,00,72,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,\
00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4d,00,65,00,73,00,\
73,00,65,00,6e,00,67,00,65,00,72,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,\
00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,\
00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,\
74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,\
00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,\
63,00,65,00,73,00,73,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,\
00,00,00,53,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,\
4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,\
00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,\
00,65,00,73,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,57,00,33,00,\
32,00,54,00,69,00,6d,00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,\
00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,\
00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,54,00,65,00,72,00,6d,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,\
73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,\
00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,\
6e,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,57,00,6d,00,64,\
00,6d,00,50,00,6d,00,53,00,4e,00,00,00,78,00,6d,00,6c,00,70,00,72,00,6f,00,\
76,00,00,00,77,00,73,00,63,00,73,00,76,00,63,00,00,00,74,00,67,00,6b,00,69,\
00,6c,00,68,00,61,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TGKILHA]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TGKILHA\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TGKILHA\0000]
"Service"="tgkilha"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TGKILHA]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TGKILHA\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TGKILHA\0000]
"Service"="tgkilha"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TGKILHA]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TGKILHA\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TGKILHA\0000]
"Service"="tgkilha"

; End Of The Log...




Logfile of random's system information tool 1.05 (written by random/random)
Run by FabrizioFregnan at 2009-02-16 14:25:54
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 755 MB (8%) free of 9 GB
Total RAM: 478 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.26.26, on 16/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\ArchestrA\aaLogger.exe
C:\WINDOWS\system32\SupportAppMH\cdrom_mon.exe
C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Programmi\File comuni\ArchestrA\NTServApp.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
C:\WINDOWS\system32\NA_Service.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Programmi\File comuni\ArchestrA\slssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe
C:\WINDOWS\system32\UsbConnect.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\usbconsole.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
C:\Programmi\EzButton\CPLDBL10.EXE
C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
C:\Programmi\FLIR Systems\Device Drivers\T3Mon.exe
F:\Common\S7ubtoox\s7ubtstx.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Apoint2K\Apntex.exe
F:\Common\Sqlany\dbsrv50.exe
F:\Common\Sqlany\dbclient.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Documents and Settings\FabrizioFregnan\Desktop\RSIT.exe
C:\Programmi\Trend Micro\HijackThis\FabrizioFregnan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Programmi\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [FLIR Systems Camera Monitor] "C:\Programmi\FLIR Systems\Device Drivers\T3Mon.exe"
O4 - HKLM\..\Run: [S7UB Start] "F:\Common\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mozilla Sunbird.lnk = C:\Programmi\Mozilla Sunbird\sunbird.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} (CrazyTalk4 Control) - http://plug-in.reallusion.com/CrazyTalk4.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {DD01C8CA-5DA0-4B01-9603-B7194E561D32} (TVSLiveControl Class) - http://217.133.17.205:8010/rel/webViewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0693CDD4-F05E-4F02-BB6F-51B84BE39957}: NameServer = 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0693CDD4-F05E-4F02-BB6F-51B84BE39957}: NameServer = 151.99.125.1
O23 - Service: ArchestrA Logger (aaLogger) - Invensys Systems, Inc. - C:\Programmi\File comuni\ArchestrA\aaLogger.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppMH\cdrom_mon.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: FS Service Control - Wonderware Corporation - C:\Programmi\File comuni\ArchestrA\NTServApp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MobiLink IILServer - Novatel Wireless, Inc. - C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NILM License manager - Macrovision Corporation - F:\Programmi\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Wonderware SuiteLink (slssvc) - Invensys Systems, Inc. - C:\Programmi\File comuni\ArchestrA\slssvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: FLIR Systems Camera Monitor (T3Srv) - FLIR Systems - C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe
O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINDOWS\system32\UsbConnect.exe
O23 - Service: Wonderware NetDDE Helper (WWNetDDE) - Invensys Systems, Inc. - C:\Programmi\File comuni\ArchestrA\wwnetdde.exe
O23 - Service: Xway TCP/IP (XipConnect) - Schneider Automation - C:\WINDOWS\system32\XipConnect.exe

--
End of file - 8177 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programmi\Java\jre6\bin\ssv.dll [2008-12-18 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Programmi\Java\jre6\bin\jp2ssv.dll [2008-12-18 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-18 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-05-29 155648]
"Apoint"=C:\Programmi\Apoint2K\Apoint.exe [2003-06-18 151552]
"CeEPOWER"=C:\Programmi\TOSHIBA\Power Management\CePMTray.exe [2003-07-24 135168]
"CPLDBL10"=C:\Programmi\EzButton\CPLDBL10.EXE [2003-07-03 204800]
"CeEKEY"=C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe [2003-07-30 638976]
"TPNF"=C:\Programmi\TOSHIBA\TouchPad\TPTray.exe [2003-07-18 49152]
"FLIR Systems Camera Monitor"=C:\Programmi\FLIR Systems\Device Drivers\T3Mon.exe [2007-02-01 276064]
"S7UB Start"=F:\Common\S7ubtoox\s7ubtstx.exe [2000-10-25 102400]
"SunJavaUpdateSched"=C:\Programmi\Java\jre6\bin\jusched.exe [2008-12-18 136600]
"AVP"=C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2008-02-08 227856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

C:\Documents and Settings\FabrizioFregnan\Menu Avvio\Programmi\Esecuzione automatica
Mozilla Sunbird.lnk - C:\Programmi\Mozilla Sunbird\sunbird.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-05-29 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-02-08 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoLogoff"=0
"EditLevel"=0
"NoCommonGroups"=0
"NoDriveAutoRun"=FFFFFFFF
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutorun"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programmi\MSN Messenger\livecall.exe"="C:\Programmi\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c46ddff-c8bf-11dc-b783-00023f95f53d}]
shell\AutoRun\command - H:\SafeGuard\Windows\SafeGuard20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8588d176-de95-11dd-b6dd-00023f95f53d}]
shell\AutoRun\command - WDSetup.exe


======List of files/folders created in the last 1 months======

2009-02-13 17:47:24 ----D---- C:\WINDOWS\BDOSCAN8
2009-02-13 15:21:51 ----SHD---- C:\RECYCLER
2009-02-13 15:18:27 ----A---- C:\searched.txt
2009-02-13 09:11:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-12 11:55:53 ----A---- C:\Boot.bak
2009-02-12 11:55:40 ----RASHD---- C:\cmdcons
2009-02-12 11:51:57 ----A---- C:\WINDOWS\zip.exe
2009-02-12 11:51:57 ----A---- C:\WINDOWS\VFIND.exe
2009-02-12 11:51:57 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-02-12 11:51:57 ----A---- C:\WINDOWS\SWSC.exe
2009-02-12 11:51:57 ----A---- C:\WINDOWS\SWREG.exe
2009-02-12 11:51:57 ----A---- C:\WINDOWS\sed.exe
2009-02-12 11:51:57 ----A---- C:\WINDOWS\NIRCMD.exe
2009-02-12 11:51:57 ----A---- C:\WINDOWS\grep.exe
2009-02-12 11:51:57 ----A---- C:\WINDOWS\fdsv.exe
2009-02-12 11:51:42 ----AD---- C:\Qoobox
2009-02-12 11:33:10 ----RASHD---- C:\autorun.inf
2009-02-12 10:50:49 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-12 10:50:48 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-12 10:50:48 ----A---- C:\WINDOWS\system32\java.exe
2009-02-04 16:58:26 ----D---- C:\WINDOWS\system32\NtmsData
2009-02-03 15:45:51 ----D---- C:\Documents and Settings\FabrizioFregnan\Dati applicazioni\WinRAR
2009-01-30 10:49:10 ----A---- C:\WINDOWS\system32\slabunin2k.exe
2009-01-30 09:36:32 ----D---- C:\rsit
2009-01-29 18:16:10 ----D---- C:\Avenger
2009-01-29 18:16:10 ----A---- C:\avenger.txt
2009-01-29 18:13:52 ----A---- C:\cleanup.exe
2009-01-29 16:38:54 ----A---- C:\WINDOWS\gmer.ini
2009-01-29 16:38:36 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-29 16:38:36 ----A---- C:\WINDOWS\gmer.exe
2009-01-29 16:38:36 ----A---- C:\WINDOWS\gmer.dll

======List of files/folders modified in the last 1 months======

2009-02-16 14:25:32 ----D---- C:\WINDOWS\Temp
2009-02-16 14:24:31 ----D---- C:\Programmi\Mozilla Firefox
2009-02-16 14:21:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-16 14:21:08 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2009-02-16 10:25:13 ----D---- C:\Programmi\WMR11
2009-02-16 09:13:00 ----D---- C:\WINDOWS
2009-02-16 09:12:35 ----D---- C:\Programmi\Mozilla Sunbird
2009-02-16 09:12:20 ----A---- C:\WINDOWS\system32\NetAccessLog.txt
2009-02-13 17:47:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-13 17:47:24 ----HD---- C:\WINDOWS\inf
2009-02-13 15:30:01 ----D---- C:\WINDOWS\Prefetch
2009-02-13 14:38:27 ----D---- C:\WINDOWS\system32
2009-02-13 14:34:14 ----A---- C:\WINDOWS\system.ini
2009-02-13 14:31:22 ----D---- C:\WINDOWS\AppPatch
2009-02-13 14:31:14 ----D---- C:\WINDOWS\system32\drivers
2009-02-13 14:31:11 ----D---- C:\Programmi\File comuni
2009-02-12 16:30:32 ----D---- C:\WINDOWS\Minidump
2009-02-12 16:30:32 ----D---- C:\WINDOWS\Debug
2009-02-12 16:25:27 ----SHD---- C:\WINDOWS\Installer
2009-02-12 16:24:53 ----D---- C:\Programmi\Microsoft LifeCam
2009-02-12 11:55:53 ----RASH---- C:\boot.ini
2009-02-12 11:51:42 ----D---- C:\WINDOWS\ERDNT
2009-02-12 10:57:22 ----D---- C:\Programmi\Java
2009-02-12 10:42:50 ----D---- C:\Programmi\JMF2.1.1e
2009-02-11 11:23:22 ----D---- C:\Documents and Settings\FabrizioFregnan\Dati applicazioni\foobar2000
2009-02-09 10:51:06 ----D---- C:\Documents and Settings\FabrizioFregnan\Dati applicazioni\AdobeUM
2009-02-04 16:53:04 ----D---- C:\WINDOWS\Help
2009-02-03 16:03:42 ----D---- C:\SDFix
2009-02-03 15:37:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-30 12:04:04 ----HD---- C:\Programmi\InstallShield Installation Information
2009-01-30 10:49:10 ----D---- C:\Program Files
2009-01-23 09:05:06 ----SHD---- C:\System Volume Information
2009-01-23 09:05:06 ----D---- C:\WINDOWS\system32\Restore
2009-01-20 16:32:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2004-05-20 36918]
R1 intelppm;Driver processore Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-19 40192]
R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []
R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2002-12-19 5888]
R1 SrvcEPIOMngr;SrvcEPIOMngr; C:\WINDOWS\System32\Drivers\EPIoMngr.sys [2002-12-19 5888]
R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2002-12-19 5888]
R1 SrvcTPIOMngr;SrvcTPIOMngr; C:\WINDOWS\System32\Drivers\TPIoMngr.sys [2002-07-18 4183]
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2003-07-29 7140]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2004-06-02 38705]
R2 Dpmtrcdd;Dpmtrcdd; C:\WINDOWS\System32\DRIVERS\dpmtrcdd.sys [2001-06-27 30080]
R2 DPortIO;Dritek Port I/O Driver; C:\WINDOWS\System32\Drivers\DPortIO.sys [2001-04-12 3674]
R2 irda;Protocollo IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
R2 lvalarmk;lvalarmk; C:\WINDOWS\system32\drivers\lvalarmk.dll [2004-04-01 10829]
R2 Machnm32;Machnm32 Driver; \??\C:\WINDOWS\System32\Machnm32.sys []
R2 niarbk;niarbk; C:\WINDOWS\system32\drivers\niarbk.dll [2004-04-08 37376]
R2 nibffrk;nibffrk; C:\WINDOWS\system32\drivers\nibffrk.dll [2004-04-08 21504]
R2 Nidaq32k;Nidaq32k; C:\WINDOWS\system32\drivers\Nidaq32k.sys [2004-04-08 674304]
R2 nidimk;nidimk; C:\WINDOWS\system32\drivers\nidimk.dll [2004-03-26 108124]
R2 nidmmk;NI DMM and Data Logger Kernel Driver; C:\WINDOWS\system32\drivers\nidmmk.dll [2004-04-08 50688]
R2 nidmxfk;nidmxfk; C:\WINDOWS\system32\drivers\nidmxfk.dll [2004-03-30 128117]
R2 nilvaik;nilvaik; C:\WINDOWS\system32\drivers\nilvaik.dll [2004-04-01 18037]
R2 nimdsk;nimdsk; C:\WINDOWS\system32\drivers\nimdsk.dll [2004-04-08 30208]
R2 nimxpk;nimxpk; C:\WINDOWS\system32\drivers\nimxpk.dll [2004-03-29 19570]
R2 nipxirmk;nipxirmk; C:\WINDOWS\system32\drivers\nipxirmk.dll [2004-03-15 41071]
R2 nistck;nistck; C:\WINDOWS\system32\drivers\nistck.dll [2004-04-08 111616]
R2 niswdk;niswdk; C:\WINDOWS\system32\drivers\niswdk.dll [2004-03-31 341101]
R2 s7osmcax;s7osmcax; C:\WINDOWS\System32\Drivers\s7osmcax.sys [2001-12-05 171520]
R2 s7otranx;s7otranx; C:\WINDOWS\System32\Drivers\S7otranx.sys [2001-12-05 478720]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2002-12-17 76288]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-06-13 114880]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-06-13 80512]
R3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINDOWS\system32\drivers\wA301a.sys [2003-06-13 33847]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-05-14 740044]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2003-06-20 93912]
R3 Arp1394;Protocollo client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 CmBatt;Driver batteria a metodo di controllo ACPI Microsoft; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2003-01-16 16256]
R3 Duntlw;UNTLW device; C:\WINDOWS\System32\Drivers\DuntlwNT.sys [2006-02-24 53568]
R3 EPOWER;Compal E-POWER Driver; C:\WINDOWS\System32\Drivers\hkdrv.sys [2003-09-02 6896]
R3 HidUsb;Driver di classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-18 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-06-13 89787]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]
R3 mouhid;Driver di mouse HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-31 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nicdrk;nicdrk; C:\WINDOWS\system32\drivers\nicdrk.dll [2004-03-30 128112]
R3 nimdbgk;nimdbgk; C:\WINDOWS\system32\drivers\nimdbgk.dll [2004-03-26 133227]
R3 nimru2k;nimru2k; C:\WINDOWS\system32\drivers\nimru2k.dll [2004-03-26 130141]
R3 nimstsk;nimstsk; C:\WINDOWS\system32\drivers\nimstsk.dll [2004-04-05 44149]
R3 nimxdfk;nimxdfk; C:\WINDOWS\system32\drivers\nimxdfk.dll [2004-03-26 172639]
R3 niorbk;niorbk; C:\WINDOWS\system32\drivers\niorbk.dll [2004-03-31 35420]
R3 niscdk;niscdk; C:\WINDOWS\system32\drivers\niscdk.dll [2004-03-30 385642]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-06-13 45568]
R3 TOSHIBASoftModem;TOSHIBA Software Modem; C:\WINDOWS\System32\DRIVERS\LTSM.sys [2002-09-17 809872]
R3 usbehci;Driver Miniport controller enhanced host USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Driver hub USB standard Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Driver Miniport Controller Universal Host USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2004-06-02 151985]
S1 kbdhid;Driver di tastiera HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848]
S2 NatMotion;NatMotion; C:\WINDOWS\system32\drivers\NatMotion.sys [2004-03-08 109639]
S3 a2qk4d3j;a2qk4d3j; C:\WINDOWS\system32\drivers\a2qk4d3j.sys []
S3 AR5211;Atheros AR5001 Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\ar5211.sys [2003-07-29 322720]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Decoder sottotitoli codificati; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2004-05-20 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2004-05-20 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2004-05-20 68950]
S3 FTDIBUS;Telemecanique USB Serial Cable Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2004-11-25 24369]
S3 FTSER2K;Telemecanique USB Cable Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2004-11-25 57820]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-29 85969]
S3 gpibclsb;GPIB Board Class Driver; C:\WINDOWS\System32\Drivers\gpibclsb.sys [2002-07-17 56904]
S3 gpibclsd;GPIB Device Class Driver; C:\WINDOWS\System32\Drivers\gpibclsd.sys [2002-07-17 34664]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2006-12-04 88960]
S3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2004-08-03 63744]
S3 MSTEE;Convertitore a T/Sito a sito per flusso Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connesione TV/Video Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nidsark;nidsark; C:\WINDOWS\system32\drivers\nidsark.dll [2004-03-30 636522]
S3 niesrk;niesrk; C:\WINDOWS\system32\drivers\niesrk.dll [2004-04-05 508523]
S3 nimsdrk;nimsdrk; C:\WINDOWS\system32\drivers\nimsdrk.dll [2004-04-05 73346]
S3 nimslk;nimslk; C:\WINDOWS\system32\drivers\nimslk.dll [2004-04-05 14464]
S3 nimsrlk;nimsrlk; C:\WINDOWS\system32\drivers\nimsrlk.dll [2004-04-05 151683]
S3 nisdigk;nisdigk; C:\WINDOWS\system32\drivers\nisdigk.dll [2004-04-05 203893]
S3 nispdk;nispdk; C:\WINDOWS\system32\drivers\nispdk.dll [2004-03-30 67178]
S3 nissrk;nissrk; C:\WINDOWS\system32\drivers\nissrk.dll [2004-04-05 393323]
S3 nistc2k;nistc2k; C:\WINDOWS\system32\drivers\nistc2k.dll [2004-03-30 121461]
S3 nistcrk;nistcrk; C:\WINDOWS\system32\drivers\nistcrk.dll [2004-04-05 81529]
S3 nitiork;nitiork; C:\WINDOWS\system32\drivers\nitiork.dll [2004-04-05 1193593]
S3 NiViPxiK;NiViPxiK; C:\WINDOWS\system32\drivers\NiViPxiK.sys [2004-03-30 24064]
S3 niwfrk;niwfrk; C:\WINDOWS\system32\drivers\niwfrk.dll [2004-04-05 285803]
S3 nm;Driver di Network Monitor; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]
S3 ONDAUsbDiag;ONDA USB Diagnostics Port; C:\WINDOWS\system32\DRIVERS\ONDAUsbDiag.sys [2007-04-10 92928]
S3 ONDAUsbModem;ONDA USB MODEM DRIVER; C:\WINDOWS\system32\DRIVERS\ONDAUsbModem.sys [2007-04-10 92928]
S3 ONDAUsbNmea;ONDA USB NMEA Port; C:\WINDOWS\system32\DRIVERS\ONDAUsbNmea.sys [2007-04-10 92928]
S3 s7oefs_x;SIMATIC MPI/EFS Driver; C:\WINDOWS\System32\drivers\s7oefs_x.sys [2000-03-28 30704]
S3 slabbus;CP210x USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\slabbus.sys [2004-12-16 55312]
S3 slabser;CP210x USB to UART Bridge Controller Drivers; C:\WINDOWS\system32\DRIVERS\slabser.sys [2004-12-16 89808]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2002-04-23 35913]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usb_rndisx;Scheda RNDIS USB; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2004-08-03 12672]
S3 usbaudio;Driver audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Driver principale generico USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;Driver archiviazione di massa USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-12-05 1963680]
S3 WSTCODEC;Codec World Standard Teletext; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aaLogger;ArchestrA Logger; C:\Programmi\File comuni\ArchestrA\aaLogger.exe [2003-07-18 188486]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor; C:\WINDOWS\system32\SupportAppMH\cdrom_mon.exe [2007-04-19 81920]
R2 AVP;Kaspersky Anti-Virus 7.0; C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2008-02-08 227856]
R2 CeEPwrSvc;CeEPwrSvc; C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe [2003-07-11 73728]
R2 FS Service Control;FS Service Control; C:\Programmi\File comuni\ArchestrA\NTServApp.exe [2003-01-09 32845]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programmi\Java\jre6\bin\jqs.exe [2008-12-18 152984]
R2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2004-05-24 322104]
R2 MobiLink IILServer;MobiLink IILServer; C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe [2004-10-08 49152]
R2 NA_Service;NetAccess Service; C:\WINDOWS\system32\NA_Service.exe [2005-09-13 49152]
R2 nidevldu;nidevldu; C:\WINDOWS\system32\nipalsm.exe [2003-11-15 5730]
R2 nipxirmu;nipxirmu; C:\WINDOWS\system32\nipalsm.exe [2003-11-15 5730]
R2 niSvcLoc;NI Service Locator; C:\WINDOWS\system32\niSvcLoc.exe [2003-05-01 49152]
R2 slssvc;Wonderware SuiteLink; C:\Programmi\File comuni\ArchestrA\slssvc.exe [2003-04-14 40960]
R2 T3Srv;FLIR Systems Camera Monitor; C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe [2007-02-01 140896]
R2 UsbConnect;Usb PLC; C:\WINDOWS\system32\UsbConnect.exe [2004-03-26 61440]
S2 Irmon;Monitor infrarossi; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
S2 XipConnect;Xway TCP/IP; C:\WINDOWS\system32\XipConnect.exe [2004-03-26 61440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NILM License manager;NILM License manager; F:\Programmi\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2004-02-25 609280]
S3 ose;Office Source Engine; C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Programmi\WinPcap\rpcapd.exe [2007-01-25 93048]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe [2007-10-02 79360]
S3 usnjsvc;Servizio Messenger Sharing Folders USN Journal Reader; C:\Programmi\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WWNetDDE;Wonderware NetDDE Helper; C:\Programmi\File comuni\ArchestrA\wwnetdde.exe [2003-04-14 80688]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-02-16 14:26:44

======Uninstall list======

-->C:\Programmi\File comuni\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Programmi\InstallShield Installation Information\{490A0AB2-4AD1-4593-A718-929D36BCD53C}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\WINDOWS\IsUn040c.exe -a -a -a -a -a -a -a -f"c:\programmi\schneider electric\xbt\XBT-L1000\Proto.isu"
-->C:\WINDOWS\IsUn0410.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\system32\_UNODBC.LOG" -cC:\WINDOWS\system32\_UNODBC.DLL
-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{0F737E8A-3FCF-43DA-B6DC-2BDFC3F07E78}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{BD0F102A-1F7C-46E4-9DF4-3D63E4774D5D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{D60D82D1-2C77-4B78-992B-6C2DBADF57B6}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 6.0 - Italiano-->MsiExec.exe /I{AC76BA86-7AD7-1040-7646-000000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Aggiornamento della protezione per Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Aggiornamento rapido per Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Aggiornamento rapido per Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Autodesk MapGuide® Viewer ActiveX Control Release 6-->MsiExec.exe /I{CFEFDE13-C8C6-407F-A9C1-889F29EE863F}
Avvio installazione di Microsoft Works 2003-->C:\Programmi\Microsoft Works Suite 2003\Setup\Launcher.exe D:\
AXIS Camera Control-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{BE2A41AD-3BFF-4A0C-A05C-F5B40C5C5E41}\Setup.exe"
CCHelp-->MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCleaner (remove only)-->"F:\Programmi\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CP210x USB to UART Bridge Controller-->C:\WINDOWS\system32\slabunin2k.exe C:\WINDOWS\system32\slabunin.u2k
Document Creator OEM v2.22-->"C:\Programmi\File comuni\FLIR Systems\Neevia\unins000.exe"
Easy Button-->C:\WINDOWS\UnInst32.exe CPLDBL10.UNI
FLIR RTP Player-->"C:\Programmi\FLIR Systems AB\RTP Player\UninstallerData\Uninstall FLIRRtpPlayer.exe"
foobar2000 v0.9.5.3-->"C:\Programmi\foobar2000\uninstall.exe"
FSCap-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{2C71583C-0D2F-4A7E-BC95-2426462EE7B4}\Setup.exe"
Halto 1.0.5 FULL-->"C:\Programmi\Halto\unins000.exe"
HijackThis 2.0.2-->"C:\Programmi\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
InterVideo WinDVD 4-->"C:\Programmi\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Kaspersky Anti-Virus 7.0-->MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0-->MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
K-Lite Codec Pack 3.2.5 Full-->"C:\Programmi\K-Lite Codec Pack\unins000.exe"
Kodak EasyShare software-->C:\Documents and Settings\All Users\Dati applicazioni\Kodak\EasyShareSetup\$SETUP_9_99dab\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Malwarebytes' Anti-Malware-->"C:\Programmi\Malwarebytes' Anti-Malware\unins000.exe"
Manuali TOSHIBA-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}\SETUP.EXE" -l0x10
MH600HS Onda Wizard-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{559AD08F-3474-4F96-B374-A59F2A1E2518}\setup.exe" -l0x10 -removeonly
Microsoft .NET Framework (Italian) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1040)
Microsoft .NET Framework (Italian)-->MsiExec.exe /X{015F2BEE-F15C-41F7-9637-47A5353A0E29}
Microsoft .NET Framework 1.1 Italian Language Pack-->MsiExec.exe /X{F2D2B58B-B2FD-46D1-8319-DCE564079934}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 - Language Pack (italiano)-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - ITA\install.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110410-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Photo 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mobile Connect-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}\setup.exe" -l0x10 -removeonly
MobiLink-->MsiExec.exe /I{92F70F0E-947E-4209-88A7-15E0988E248E}
Mozilla Firefox (3.0.6)-->C:\Programmi\Mozilla Firefox\uninstall\helper.exe
Mozilla Sunbird (0.3.1)-->C:\Programmi\Mozilla Sunbird\uninstall\uninst.exe
National Instruments Software-->"F:\Programmi\National Instruments\Shared\NIUninstaller\uninst.exe"
NetworkActiv PIAFCTM 1.5-->C:\Program Files\NetworkActiv PIAFCTM 1.5\NetworkActivPIAFCTMv1.5.exe UnInstall
NI LabVIEW Run-Time Engine 6.1-->MsiExec.exe /I{CC8971B9-9132-4C04-A8D4-628663C9E9F0}
PDFCreator-->MsiExec.exe /I{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PL7 Junior V3.1-->C:\WINDOWS\PL7SYS\UNINSTAL\SETUP PL7JUNR/PL7 Junior/31/I
PL7 Junior V4.3-->C:\WINDOWS\PL7SYS\UNINSTAL\SETUP PL7JUNR/PL7 Junior/43/I
RealPlayer-->C:\Programmi\File comuni\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Realtek Fast Ethernet Adapter Driver-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\SETUP.EXE" -l0x9 REMOVE
Recordster-->MsiExec.exe /I{1E81725C-1EE7-476D-8E1D-3150469643F6}
RegSvrEx-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\REGSVREX.INF, DefaultUninstall.ntx86
Replay Media Catcher-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Programmi\Replay Media Catcher\Uninstall\uninstall.xml"
SA Drivers Manager-->C:\Programmi\InstallShield Installation Information\{10B15004-CD2A-49BD-ACB7-DFA124F39273}\setup.exe -runfromtemp -l0x0009 -removeonly\ -REMV
SA MODBUS Driver-->C:\Programmi\InstallShield Installation Information\{490A0AB2-4AD1-4593-A718-929D36BCD53C}\setup.exe -runfromtemp -l0x0009 -removeonly
SA PLC USB Driver-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{D60D82D1-2C77-4B78-992B-6C2DBADF57B6}\setup.exe" -l0x9
SA UNITELWAY WDM Driver-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{BD0F102A-1F7C-46E4-9DF4-3D63E4774D5D}\setup.exe" -l0x9
SA XIP Driver-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{0F737E8A-3FCF-43DA-B6DC-2BDFC3F07E78}\setup.exe" -l0x9
Sentinel System Driver 5.41.1 (32-bit)-->MsiExec.exe /I{5081528F-5DD5-49BA-8213-9A6A13502497}
SFR-->MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2-->MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SIMATIC STEP 7 V5.1 + ServicePack 4-->C:\WINDOWS\IsUn0410.exe -f"F:\Step 7\DeIsL1.isu" -c"C:\WINDOWS\system32\S7esetdx.dll
SIMATIC AuthorsW V2.4 + ServicePack 2-->C:\WINDOWS\IsUn0410.exe -fC:\SIEMENS\AuthorsW\DeIsL1.isu -c"C:\WINDOWS\system32\s7esetdx.dll
SIMATIC NCM S7 Ind. Ethernet V5.1 + ServicePack 3 + Hotfix 1-->F:\Step 7\S7WBX\App\UNINSH1.EXE -f"F:\Step 7\S7WBX\DeIsL1.isu" -c"F:\Step 7\S7WBX\app\s7wnunh1.dll"
SIMATIC NCM S7 PROFIBUS V5.1 + ServicePack 3 + Hotfix 1-->F:\Step 7\S7WBX\App\UNINSL2.EXE -f"F:\Step 7\S7WBX\DeIsL2.isu" -c"F:\Step 7\S7WBX\app\s7wnunl2.dll"
SMSC IrCC Driver V5.1.2462.0 (WinXP)-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{EC86822D-3A20-11D5-801B-00E029348F40}\SETUP.EXE"
SPAC View-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{8E4C09BF-FAC5-47E0-B9A6-5FF9577F852E}\Setup.exe" -l0x10
Telemecanique USB Multi-Function Cable Drivers-->C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
ThermaCAM QuickReport English Language Pack-->MsiExec.exe /X{8814711D-2550-4481-B794-16FEA8E6F45D}
ThermaCAM QuickReport-->MsiExec.exe /X{96BEDBDA-EB5C-499F-8AFC-1AC00FC2E0F8}
ThermaCAM Researcher Pro 2.7-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{AC0E443C-614A-47D4-8E6E-96D70FB6E965}\setup.exe"
ThermaNET-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{ADC4B707-E8DB-471E-A013-2F7538528DE2}\Setup.exe"
ThermoVision Digital Toolkit 3.1 SR-1-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{BE46F008-A3D8-4AB5-B1F7-ECA668D3C74E}\setup.exe"
ThermoVision SDK-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{ADCDD36B-7403-40CA-A602-02F17E91FB32}\setup.exe"
TightVNC 1.3.8-->C:\Programmi\TightVNC\unins000.exe
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe"
Toshiba Connect-->C:\Programmi\Toshiba Connect\UninstID.exe
TOSHIBA Console-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\SETUP.EXE" -l0x10
TOSHIBA Software Modem-->Tosmreg -U
TSXPCX3030 Device Driver-->C:\WINDOWS\IsUninst.exe -fC:\TSXPCX3030DeviceFiles\Uninst.isu
TwidoSoft-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{A7DB7470-C9DF-11D4-B49F-0006294FC964}\setup.exe" anything
Unlocker 1.8.7-->C:\Programmi\Unlocker\uninst.exe
Utilit?Risparmio energetico TOSHIBA-->C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B83DA26B-5237-41E8-8612-8F3F63F69811} /l1040
Utilit?Tasti di scelta rapida TOSHIBA-->C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{41DBA4F1-E295-41B3-9922-7B346C5B8EBF} /l1040
Utilit?Touchpad ON/OFF-->C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{107C7E59-F4CF-444F-BCCC-8223137D1AD1} /l1040
VideoLAN VLC media player 0.8.6i-->C:\Programmi\VideoLAN\VLC\uninstall.exe
Vijeo-Designer-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{C4A5C2DE-3122-4714-8110-65C74DD1DF0A}\Setup.exe" -l0x10 UNINSTALL
WeatherLink 5.7-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{F2BEBB8A-1CD6-4F0C-B197-A10AB7C62E09}\Setup.exe" -l0x9
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{A511414C-4846-4630-8AC0-B156D8CB1FC0}
Windows Media Format 11 runtime-->"C:\Programmi\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Programmi\WinRAR\uninstall.exe
WinZip-->"C:\Programmi\WinZip\WINZIP32.EXE" /uninstall
Wonderware InTouch-->MsiExec.exe /I{9A6CB4AA-BBDC-413B-B49E-D563BCB48DD9}
XBT-L1000 V4.42-->C:\WINDOWS\IsUn0410.exe -f"c:\programmi\schneider electric\xbt\XBT-L1000\Uninst.isu" -cc:\PROGRA~1\SCHNEI~1\xbt\XBT-L1~1\UnDll.dll
XIP Driver-->C:\WINDOWS\IsUninst.exe -fC:\XWAYDRV\XIPDriverUninst.isu
YouRipper-->C:\Programmi\You Ripper\Uninst.exe

=====HijackThis Backups=====

O1 - Hosts: 61.129.115.198 www.xldd.com
O1 - Hosts: 61.129.115.198 www.shuixian.net
O1 - Hosts: 61.129.115.198 www.ojiang.com
O1 - Hosts: 61.129.115.198 www.xlarea.com

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Kaspersky Anti-Virus

System event log

Computer Name: NB-FREGNAN
Event Code: 2000
Message: La chiamata del server ad un servizio di sistema non riuscita in modo imprevisto.

Record Number: 35428
Source Name: Srv
Time Written: 20090204094626.000000+060
Event Type: Errore
User:

Computer Name: NB-FREGNAN
Event Code: 2000
Message: La chiamata del server ad un servizio di sistema non riuscita in modo imprevisto.

Record Number: 35427
Source Name: Srv
Time Written: 20090204094626.000000+060
Event Type: Errore
User:

Computer Name: NB-FREGNAN
Event Code: 2000
Message: La chiamata del server ad un servizio di sistema non riuscita in modo imprevisto.

Record Number: 35426
Source Name: Srv
Time Written: 20090204094626.000000+060
Event Type: Errore
User:

Computer Name: NB-FREGNAN
Event Code: 2000
Message: La chiamata del server ad un servizio di sistema non riuscita in modo imprevisto.

Record Number: 35425
Source Name: Srv
Time Written: 20090204094626.000000+060
Event Type: Errore
User:

Computer Name: NB-FREGNAN
Event Code: 2000
Message: La chiamata del server ad un servizio di sistema non riuscita in modo imprevisto.

Record Number: 35424
Source Name: Srv
Time Written: 20090204094626.000000+060
Event Type: Errore
User:

Application event log

Computer Name: NB-FREGNAN
Event Code: 1906
Message:
Record Number: 12775
Source Name: HHCTRL
Time Written: 20081119172225.000000+060
Event Type: Informazione
User:

Computer Name: NB-FREGNAN
Event Code: 1906
Message:
Record Number: 12774
Source Name: HHCTRL
Time Written: 20081119172225.000000+060
Event Type: Informazione
User:

Computer Name: NB-FREGNAN
Event Code: 1906
Message:
Record Number: 12773
Source Name: HHCTRL
Time Written: 20081119172225.000000+060
Event Type: Informazione
User:

Computer Name: NB-FREGNAN
Event Code: 1906
Message:
Record Number: 12772
Source Name: HHCTRL
Time Written: 20081119172225.000000+060
Event Type: Informazione
User:

Computer Name: NB-FREGNAN
Event Code: 1906
Message:
Record Number: 12771
Source Name: HHCTRL
Time Written: 20081119172135.000000+060
Event Type: Informazione
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;F:\Step 7\s7bin;F:\Common\Sqlany;C:\Programmi\File comuni\ArchestrA;C:\VXIPNP\WinNT\Bin;F:\Programmi\Schneider Electric\Vijeo-Designer\Vijeo-Runtime\public\bin;F:\Programmi\Schneider Electric\Vijeo-Designer\Vijeo-Frame\Help
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"KMP_DUPLICATE_LIB_OK"=TRUE
"MKL_SERIAL"=YES
"NIDAQmxSwitchDir"=F:\Programmi\National Instruments\NI-DAQ\Switch\
"VXIPNPPATH"=C:\VXIPNP\
"SQLANY"=F:\Common\Sqlany
"S7TMP"=F:\Step 7\S7tmp

-----------------EOF-----------------

Attached Files



#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 AM

Posted 16 February 2009 - 01:42 PM

Well done.
  • There is still one old Java left on the system. Please go to Add/Remove programs in the control Panel and uninstall:

    Java 2 Runtime Environment, SE v1.4.2

  • Please run File Find Information you have downloaded before.
    When you see a prompt like this "Enter drive letter to search (letter only)", enter an asterisk (*) and click OK.
    Type or copy and paste: tgkilha
    Click OK and post the result it produces.

  • Tell me also how is your computer running.


#11 Flegias

Flegias
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 19 February 2009 - 05:07 AM

Hello farbar,
  • I removed the old java platform.
  • I run File Find Information but no tgkilha entries were found
  • The symptoms that I described at the beginning of the topic still remains:

    After a while since the boot of Windows my pc doesn't access to the local network, the classic blue taskbar of Winxp changhes itself in the classic grey taskbar of Win2k and the sound card stops working.

    I have a Generic Host process error everytime before the symptoms appears.
Maybe these problems aren't malware related?

Thank you.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 AM

Posted 19 February 2009 - 03:45 PM

Maybe these problems aren't malware related?



I suspect the problem is not malware related. Let's do this one and then see.

I have a Generic Host process error everytime before the symptoms appears.

We will take a look at this error.
  • Please delete your copy of Combofix from your desktop and download the latest update from one of the following links:

    Link 1
    Link 2
    Link 3

  • Close any open browsers.

    Open notepad and copy/paste the text in the code box below into it:

    Driver::
    tgkilha
    
    NetSvc::
    tgkilha
    
    Folder::
    F:\Programmi\Symantec
    
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "F:\Programmi\Symantec\pcAnywhere\awhost32.exe"=-
    "F:\Programmi\Symantec\pcAnywhere\awrem32.exe"=-

    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


  • Go to start > Run copy/paste the following lines one by one in the run box and click OK after each line..

    Note: Tell me if any errors occurred.


    ipconfig /flushdns
    C:\WINDOWS\gmer_uninstall.cmd


  • Reboot the computer and if you get the error you mentioned please try to give me a translation of full error message.

  • Go to start => run and type eventvwr and press Enter. Go to the Applications and System in the left window. Double click the errors in the right window and find the first time the error you mentioned is occurred. Please note the date and post it.


#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 AM

Posted 19 February 2009 - 05:14 PM

Please in addition to the previous post:

Check if all devices are working properly:
  • Go to start > right-click My computer and select Properties.
  • Under Hardware tab select Device Manger.
  • Check if there is any ? or ! besides the listed devices. If yes note the device name.
  • Double-click on the listed device with ? or !
  • Under General tab note the writing in the Device Status section and post it to your reply.


#14 Flegias

Flegias
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 20 February 2009 - 05:48 AM

Hello farbar!

No errors occurred about the 3rd step.

Please see the pictures for more informations about the error mentioned previously:

This is the windows error
Posted Image

After a while, the classic blue taskbar of Winxp changhes itself in the classic grey taskbar of Win2k and KAV shows an alert and the audio and the network stop to work but internet works good:
Posted Image

As requested this is the Applications and System error (I matched the exact date and time of the error and of the event, see the time on the previous picture):
Posted Image

This is the screenshot of the device manager, I disabled the cdrom device because I have only one cd/dvd rom device on my pc:
Posted Image

ComboFix 09-02-18.01 - FabrizioFregnan 2009-02-20 10.37.21.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.478.224 [GMT 1:00]
Eseguito da: c:\documents and settings\FabrizioFregnan\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\FabrizioFregnan\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\programmi\Symantec

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TGKILHA


((((((((((((((((((((((((( Files Creati Da 2009-01-20 al 2009-02-20 )))))))))))))))))))))))))))))))))))
.

2009-02-18 10:39 . 2009-02-18 10:39 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2009-02-13 17:47 . 2009-02-16 09:24 <DIR> d-------- c:\windows\BDOSCAN8
2009-02-12 10:50 . 2008-12-18 10:55 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-04 16:58 . 2009-02-04 17:01 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-03 15:37 . 2009-02-03 15:37 578,048 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-01-30 16:33 . 2009-01-30 16:33 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2009-01-30 12:04 . 2005-07-25 10:04 48,640 --------- c:\windows\system32\drivers\ser2pl.sys
2009-01-30 10:49 . 2004-12-16 17:41 89,808 --a------ c:\windows\system32\drivers\slabser.sys
2009-01-30 10:49 . 2004-12-16 17:40 55,312 --a------ c:\windows\system32\drivers\slabbus.sys
2009-01-30 10:49 . 2004-10-15 15:45 47,616 --a------ c:\windows\system32\slabunin2k.exe
2009-01-30 10:49 . 2004-12-16 17:41 6,144 --a------ c:\windows\system32\drivers\slabcmnt.sys
2009-01-30 10:49 . 2004-12-16 17:41 6,144 --a------ c:\windows\system32\drivers\slabcm.sys
2009-01-30 10:49 . 2004-12-16 17:39 5,776 --a------ c:\windows\system32\drivers\slabwhnt.sys
2009-01-30 10:49 . 2004-12-16 17:39 5,776 --a------ c:\windows\system32\drivers\slabwh.sys
2009-01-30 10:49 . 2009-01-30 10:49 101 --a------ c:\windows\system32\slabunin.u2k
2009-01-30 09:36 . 2009-02-16 14:49 <DIR> d-------- C:\rsit
2009-01-29 18:13 . 2009-01-29 18:13 19,286 --a------ C:\cleanup.exe
2009-01-29 16:38 . 2009-02-13 16:08 250 --a------ c:\windows\gmer.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-20 09:52 39,741,216 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-02-20 09:49 --------- d-----w c:\programmi\Mozilla Sunbird
2009-02-20 09:47 1,023,008 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-02-20 09:45 553,988 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-02-20 09:45 111,500 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-02-20 08:11 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-02-16 14:56 --------- d-----w c:\documents and settings\FabrizioFregnan\Dati applicazioni\AdobeUM
2009-02-16 09:25 --------- d-----w c:\programmi\WMR11
2009-02-12 15:24 --------- d-----w c:\programmi\Microsoft LifeCam
2009-02-12 09:57 --------- d-----w c:\programmi\Java
2009-02-12 09:42 --------- d-----w c:\programmi\JMF2.1.1e
2009-02-11 10:23 --------- d-----w c:\documents and settings\FabrizioFregnan\Dati applicazioni\foobar2000
2009-02-03 17:23 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 17:23 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-30 11:04 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-07 09:43 --------- d-----w c:\programmi\You Ripper
2008-12-18 09:55 410,984 ----a-w c:\windows\system32\deploytk.dll
2004-03-15 16:51 114,688 ----a-w c:\programmi\internet explorer\plugins\LV71ActiveXControl.dll
2003-05-01 07:36 114,688 ----a-w c:\programmi\internet explorer\plugins\LV7ActiveXControl.dll
2001-12-13 19:56 98,304 ----a-w c:\programmi\internet explorer\plugins\LVActiveXControl.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-12_12.10.46,98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-13 16:48:17 45,056 ----a-w c:\windows\BDOSCAN8\avxdisk.dll
+ 2009-02-13 16:48:18 10,240 ----a-w c:\windows\BDOSCAN8\avxs.dll
+ 2009-02-13 16:48:19 27,136 ----a-w c:\windows\BDOSCAN8\avxt.dll
+ 2009-02-13 16:48:27 102,400 ----a-w c:\windows\BDOSCAN8\bdcore.dll
+ 2008-01-09 14:01:48 118,784 ----a-w c:\windows\BDOSCAN8\bdupd.dll
+ 2008-01-09 14:01:48 53,248 ----a-w c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-02-13 16:48:30 142,848 ----a-w c:\windows\BDOSCAN8\libfn.dll
+ 2009-02-13 16:48:21 86,016 ----a-w c:\windows\BDOSCAN8\librtvr.dll
+ 2008-01-09 14:01:48 53,248 ----a-w c:\windows\bdoscandel.exe
+ 2008-01-09 14:01:48 118,784 ----a-w c:\windows\Downloaded Program Files\bdupd.dll
+ 2008-01-09 14:01:48 53,248 ----a-w c:\windows\Downloaded Program Files\ipsupd.dll
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-02-18 09:40:36 11,264 ----a-r c:\windows\Installer\{682ABE6A-2CCE-4C6C-AA82-0FE5AB8033F3}\Icon682ABE6A.exe
- 2009-02-12 10:41:53 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-13 09:37:57 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-12 10:41:53 32,768 -c--a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2009-02-13 09:37:57 32,768 -c--a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2009-02-20 09:46:52 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_178.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-05-29 155648]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2003-06-18 151552]
"CeEPOWER"="c:\programmi\TOSHIBA\Power Management\CePMTray.exe" [2003-07-24 135168]
"CPLDBL10"="c:\programmi\EzButton\CPLDBL10.EXE" [2003-07-03 204800]
"CeEKEY"="c:\programmi\TOSHIBA\E-KEY\CeEKey.exe" [2003-07-30 638976]
"TPNF"="c:\programmi\TOSHIBA\TouchPad\TPTray.exe" [2003-07-18 49152]
"FLIR Systems Camera Monitor"="c:\programmi\FLIR Systems\Device Drivers\T3Mon.exe" [2007-02-01 276064]
"S7UB Start"="f:\common\S7ubtoox\s7ubtstx.exe" [2000-10-25 102400]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-18 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\FabrizioFregnan\Menu Avvio\Programmi\Esecuzione automatica\
Mozilla Sunbird.lnk - c:\programmi\Mozilla Sunbird\sunbird.exe [2007-06-19 6967808]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7404:TCP"= 7404:TCP:ardzvl

R2 NatMotion;NatMotion; [x]
R2 XipConnect;Xway TCP/IP;c:\windows\system32\XipConnect.exe [2004-03-26 61440]
R3 gpibclsb;GPIB Board Class Driver;c:\windows\System32\Drivers\gpibclsb.sys [2002-07-17 56904]
R3 gpibclsd;GPIB Device Class Driver;c:\windows\System32\Drivers\gpibclsd.sys [2002-07-17 34664]
R3 nidsark;nidsark;c:\windows\system32\drivers\nidsark.dll [2004-03-30 636522]
R3 niesrk;niesrk;c:\windows\system32\drivers\niesrk.dll [2004-04-05 508523]
R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrk.dll [2004-04-05 73346]
R3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [2004-04-05 14464]
R3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [2004-04-05 151683]
R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigk.dll [2004-04-05 203893]
R3 nispdk;nispdk;c:\windows\system32\drivers\nispdk.dll [2004-03-30 67178]
R3 nissrk;nissrk;c:\windows\system32\drivers\nissrk.dll [2004-04-05 393323]
R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2k.dll [2004-03-30 121461]
R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrk.dll [2004-04-05 81529]
R3 nitiork;nitiork;c:\windows\system32\drivers\nitiork.dll [2004-04-05 1193593]
R3 NiViPxiK;NiViPxiK; [x]
R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrk.dll [2004-04-05 285803]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
R3 ONDAUsbDiag;ONDA USB Diagnostics Port;c:\windows\system32\DRIVERS\ONDAUsbDiag.sys [2007-04-10 92928]
R3 ONDAUsbModem;ONDA USB MODEM DRIVER;c:\windows\system32\DRIVERS\ONDAUsbModem.sys [2007-04-10 92928]
R3 ONDAUsbNmea;ONDA USB NMEA Port;c:\windows\system32\DRIVERS\ONDAUsbNmea.sys [2007-04-10 92928]
R3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\System32\drivers\s7oefs_x.sys [2000-03-28 30704]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppMH\cdrom_mon.exe [2007-04-19 81920]
S2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\DRIVERS\dpmtrcdd.sys [2001-06-27 30080]
S2 DPortIO;Dritek Port I/O Driver;c:\windows\system32\Drivers\DPortIO.sys [2001-04-12 3674]
S2 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.dll [2004-04-01 10829]
S2 Machnm32;Machnm32 Driver;c:\windows\System32\Machnm32.sys [2006-11-16 2304]
S2 MobiLink IILServer;MobiLink IILServer;c:\programmi\Novatel Wireless\MobiLink\iilserver.exe [2004-10-08 49152]
S2 NA_Service;NetAccess Service;c:\windows\system32\NA_Service.exe [2005-09-13 49152]
S2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [2004-04-08 37376]
S2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [2004-04-08 21504]
S2 Nidaq32k;Nidaq32k; [x]
S2 nidevldu;nidevldu;c:\windows\system32\nipalsm.exe [2003-11-15 5730]
S2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [2004-03-26 108124]
S2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [2004-04-08 50688]
S2 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfk.dll [2004-03-30 128117]
S2 nilvaik;nilvaik;c:\windows\system32\drivers\nilvaik.dll [2004-04-01 18037]
S2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [2004-04-08 30208]
S2 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpk.dll [2004-03-29 19570]
S2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [2004-03-15 41071]
S2 nistck;nistck;c:\windows\system32\drivers\nistck.dll [2004-04-08 111616]
S2 niswdk;niswdk;c:\windows\system32\drivers\niswdk.dll [2004-03-31 341101]
S2 s7osmcax;s7osmcax;c:\windows\System32\Drivers\s7osmcax.sys [2001-12-05 171520]
S2 T3Srv;FLIR Systems Camera Monitor;c:\programmi\FLIR Systems\Device Drivers\T3Srv.exe [2007-02-01 140896]
S2 UsbConnect;Usb PLC;c:\windows\system32\UsbConnect.exe [2004-03-26 61440]
S3 Duntlw;UNTLW device;c:\windows\system32\Drivers\DuntlwNT.sys [2006-02-24 53568]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrk.dll [2004-03-30 128112]
S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2k.dll [2004-03-26 130141]
S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstsk.dll [2004-04-05 44149]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdk.dll [2004-03-30 385642]


--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - NIPALK
*Deregistered* - aaLogger
*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - Autorun CDROM Monitor
*Deregistered* - AVP
*Deregistered* - Browser
*Deregistered* - CeEPwrSvc
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - FS Service Control
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - ImapiService
*Deregistered* - IntelIde
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - irda
*Deregistered* - Irmon
*Deregistered* - JavaQuickStarterService
*Deregistered* - kl1
*Deregistered* - klif
*Deregistered* - klim5
*Deregistered* - KodakCCS
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - lvalarmk
*Deregistered* - Machnm32
*Deregistered* - mnmdd
*Deregistered* - MobiLink IILServer
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NA_Service
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - NetDDEdsdm
*Deregistered* - Netman
*Deregistered* - niarbk
*Deregistered* - nibffrk
*Deregistered* - nicdrk
*Deregistered* - Nidaq32k
*Deregistered* - nidevldu
*Deregistered* - nidimk
*Deregistered* - nidmmk
*Deregistered* - nidmxfk
*Deregistered* - nilvaik
*Deregistered* - nimdbgk
*Deregistered* - nimdsk
*Deregistered* - nimru2k
*Deregistered* - nimstsk
*Deregistered* - nimxdfk
*Deregistered* - nimxpk
*Deregistered* - niorbk
*Deregistered* - nipxirmk
*Deregistered* - nipxirmu
*Deregistered* - niscdk
*Deregistered* - nistck
*Deregistered* - niSvcLoc
*Deregistered* - niswdk
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasirda
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RpcSs
*Deregistered* - s7osmcax
*Deregistered* - s7otranx
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - Sentinel
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - slssvc
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SrvcEKIOMngr
*Deregistered* - SrvcEPIOMngr
*Deregistered* - SrvcSSIOMngr
*Deregistered* - SrvcTPIOMngr
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - T3Srv
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - UsbConnect
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
*Deregistered* - XipConnect

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c46ddff-c8bf-11dc-b783-00023f95f53d}]
\Shell\AutoRun\command - h:\safeguard\Windows\SafeGuard20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8588d176-de95-11dd-b6dd-00023f95f53d}]
\Shell\AutoRun\command - WDSetup.exe
.
.
------- Scansione supplementare -------
.
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {0693CDD4-F05E-4F02-BB6F-51B84BE39957} = 151.99.125.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - hxxp://plug-in.reallusion.com/CrazyTalk4.cab
DPF: {DD01C8CA-5DA0-4B01-9603-B7194E561D32} - hxxp://217.133.17.205:8010/rel/webViewer.cab
FF - ProfilePath - c:\documents and settings\FabrizioFregnan\Dati applicazioni\Mozilla\Firefox\Profiles\iq26ksyn.default\
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-20 10:47:57
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="990D440B3EE0967606650FB4A6FDAE065BCAE5696A6079C7C3479AF17E3D282D610A5796ABD61F9C51E43A59DE94968DBC0DF981807A4886FE3B1C79E0662EDA540FB97B31A2D1C21FCB5B8E9043293D365DD950A25885464EB0D7943E7094DD665EC4D1A2E56A554CA4FB59C801237B2FA85F68B9E5118BC2199784F6DBF9F6FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6171C11EC38DE3D9DB7CE019D40AA5CEF1B0D75D9072DC1ED67191CA293DE742CB6E96933EFC65FBA7CA9347701AAD5342379831712EB65DCA026EED9964B14595EEBCBA8B5AE78ED75D0A291300C1DD33308846611CB361972E8226827CEA39346F9B8FB5E7A47E4717F5079D8582B8DAE294788E641F10AC6C4AD05BF219D8C7C05F67D96C1A4BA4459ECBA7BA75402CED3075F8A0889FAD99E7E8D6ABDAF576205BEA2215F19EA1687A1823058A1B9A001F971889CA31B3FE2F30149E2BD6DAFF63E8451F36658E13505A21F8A4E1D042F45E97EC2197EDC80E1038F935E2BEED914DF1264FEC7F695279006244C7CAEDE8519A07FF79B6B6891DB86195BCF0030D815DFD88BE1F9DA0AE53ACEBF89AA9647EEB61E00CE7991BC7688FAB202948312A94CBCE6B563BFA362A076005AD15F8F841BAC29D7E7771665880C97C733DD3FC6FCC020B3FC7F5DE732CC1CE8D6475514BC7B1C58EC193F59885D718EB6505039A9D87BB1685A15F97EC652943D60827D202236D992F7522CA14659A7CEECA9F0A03D6F6819961D44A71E171FDFBFF641DBFA8845379BD9D880621E46FDCC2684C369A9F5557C3C1464CE142F69FE86891B24D8EC8B8D5600641143021B8A91AA081F07DA3AD72B5B7D1B26CE5BBBF51E1EFEA00116DD3CE52374FD59CFC6ACC276E11D7DB7F919B05387DCEC0B980270B7320E1CAF1FF2F0A3F4B9AB9CA4ADCB2BF8B2A791B628CC56DD7C5B213A5A12CDA803B786E656AE623C153CD2CBBCEA597142845EE76D8F8DAB7F5219499F3ADC8F13B39CCFB74D703BE0B5996876E9C59AFD278BE8F2F7124010E9C4F56AC274588953487A5AA2F1A4A6A36BA86CB54989C606D79BB7AE15B290A04970C5AC37BAE23EB18675249D6E1EF59842A45ED19535F7D6642D7C56DA935B1F6EB0195D30D17FD89D367042D3B70142EB9698DFDB95BC71ABB84EAD56635E13A91E50B0F63A078D683C463ED4157DDF60B03E093CE57461DC36B704067BD3C5DF74BB9111B7A776959B0986358C083CDF53CBF5D95AA3B9EAF1ED58100E4BAB528E6BF2C416980DD85C41A2FA29A176AE5262659D5BB5DA492ECABBDC7DB60E473D925C1CD77620E7799AB0F1A92D0194F747A7B403777E71214CD699E2EC89094286E8E5B1404F7FE5645E2880"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1152)
c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1208)
c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\ArchestrA\aaLogger.exe
c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
c:\programmi\TOSHIBA\Power Management\CeEPwrSvc.exe
c:\programmi\File comuni\ArchestrA\NTServApp.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\system32\ModbusDrv.exe
c:\windows\system32\netdde.exe
c:\windows\system32\NA_XWAY.exe
c:\windows\system32\XipDrv.exe
c:\windows\system32\niSvcLoc.exe
c:\programmi\File comuni\ArchestrA\slssvc.exe
c:\windows\system32\UsbConsole.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Apoint2K\ApntEx.exe
f:\common\sqlany\dbsrv50.exe
f:\common\sqlany\dbclient.exe
.
**************************************************************************
.
Ora fine scansione: 2009-02-20 10:58:55 - Il pc stato riavviato
ComboFix-quarantined-files.txt 2009-02-20 09:58:38
ComboFix2.txt 2009-02-12 11:13:33

Pre-Run: 712.839.168 byte disponibili
Post-Run: 665,239,552 byte disponibili

375

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 AM

Posted 20 February 2009 - 07:55 AM

Flegias,

You did a good job in providing those screen shots. I am able to see what you see. :thumbup2:

This is the first time you provided information including KAV's warning. I went through all the screenshots. We might attend to information you provided depending on the following steps:
  • Please visit this page: http://support.microsoft.com/kb/894391
    Download the patch for Windows XP, 32-bit versions.
    Temporarily disable KAV auto-protection and apply the patch.
    Reboot your computer twice and tell me if the error occurs after the second rebbot. Proceed with the next step only if after the second reboot the error occurs.

  • If you can not find the following file make sure that you can view all hidden and system files. Instructions on how to do this can be found here: How to see hidden files in Windows

    Click on this link--> virustotal

    Click the browse button and navigate to the file below in bold, then click Send File.

    C:\Windows\Sytem32\svchost.exe

    Please copy and paste the results of the scan in your next post.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users