Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus


  • This topic is locked This topic is locked
21 replies to this topic

#1 HOLAAAZZZ

HOLAAAZZZ

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 15 November 2009 - 04:42 PM

I attach the logs of DDS ! And HJT... thx

Attached Files


Edited by HOLAAAZZZ, 15 November 2009 - 04:45 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:42 PM

Posted 24 November 2009 - 04:31 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 HOLAAAZZZ

HOLAAAZZZ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 26 November 2009 - 01:09 PM

Ok..

OTL logfile created on: 26/11/2009 18.58.55 - Run 1
OTL by OldTimer - Version 3.1.11.0 Folder = C:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 76,62% Memory free
3,84 Gb Paging File | 3,53 Gb Available in Paging File | 91,78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 149,04 Gb Total Space | 10,33 Gb Free Space | 6,93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRAKOVIA
Current User Name: Saigon # User
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/26 15.50.45 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL(1).exe
PRC - [2009/11/17 20.44.10 | 00,654,128 | ---- | M] (BitTorrent, Inc.) -- C:\Programmi\BitTorrent\bittorrent.exe
PRC - [2009/10/14 13.09.56 | 01,719,568 | ---- | M] (Orbitdownloader.com) -- C:\Programmi\Orbitdownloader\orbitdm.exe
PRC - [2009/08/28 12.13.02 | 00,832,808 | ---- | M] (Opera Software) -- C:\Programmi\Opera\opera.exe
PRC - [2009/07/06 13.30.18 | 00,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Programmi\Orbitdownloader\orbitnet.exe
PRC - [2009/03/08 13.09.26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Internet Explorer\iexplore.exe
PRC - [2009/03/08 13.09.26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Internet Explorer\iexplore.exe
PRC - [2009/03/08 13.09.26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Internet Explorer\iexplore.exe
PRC - [2009/02/22 20.15.14 | 05,668,864 | ---- | M] (http://www.emule-project.net) -- C:\Programmi\eMule\emule.exe
PRC - [2008/04/14 03.14.07 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009/11/26 15.50.45 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL(1).exe
MOD - [2006/05/03 22.53.54 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/20 17.34.17 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Programmi\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/10/11 14.15.01 | 04,368,952 | ---- | M] (Prevx) -- C:\Programmi\Prevx\prevx.exe -- (CSIScanner)
SRV - [2009/07/25 13.08.59 | 00,182,768 | ---- | M] (Google) -- C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/05/14 14.54.22 | 00,020,680 | ---- | M] (ESET) -- C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 14.47.54 | 00,731,840 | ---- | M] (ESET) -- C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/11/04 00.06.28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/07/18 12.13.20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12.13.20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/05/01 15.25.56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2008/04/18 14.54.02 | 00,354,840 | R--- | M] (Intel Corporation) -- C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMON.EXE -- (IAANTMON) Intel®
SRV - [2008/04/14 03.14.20 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008/04/14 03.14.09 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 03.14.09 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Protocollo SMTP (Simple Mail Transfer Protocol)
SRV - [2008/04/14 03.14.09 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/14 03.14.09 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/04/08 13.12.50 | 01,112,560 | ---- | M] (Sonic Solutions) -- C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/04/03 10.33.26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/03/24 06.35.22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) -- C:\Programmi\File comuni\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/12/11 11.15.04 | 00,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/06/08 08.06.42 | 00,172,131 | R--- | M] (Hewlett-Packard Ltd) -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007/05/08 07.38.46 | 00,540,448 | ---- | M] (PDF Complete Inc) -- C:\Programmi\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/01/12 17.52.56 | 00,139,264 | ---- | M] (Prevx) -- C:\Programmi\Prevx1\PXAgent.exe -- (PREVXAgent)
SRV - [2007/01/04 18.48.52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/02 21.56.50 | 00,918,528 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/10/26 12.03.08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/01 18.51.48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [2004/10/22 02.24.18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/11/11 10.44.50 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Programmi\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/11 10.44.48 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Programmi\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/11 10.44.46 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Programmi\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/10/18 08.58.30 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2009/10/11 14.15.01 | 00,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys -- (pxsec)
DRV - [2009/10/11 14.15.01 | 00,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2009/09/14 12.45.31 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/09/09 18.18.21 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2009/09/09 17.33.12 | 00,022,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2009/08/22 19.49.07 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/14 14.49.32 | 00,094,360 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/05/14 14.47.14 | 00,107,256 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 14.41.10 | 00,114,472 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/02/17 18.11.30 | 00,024,232 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/12/05 07.58.48 | 00,241,296 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2008/11/21 21.53.40 | 01,204,128 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/11/17 15.23.16 | 03,636,864 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/07/08 13.54.02 | 00,148,496 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\00466928.sys -- (is-BNEP1drv)
DRV - [2008/07/08 13.54.02 | 00,148,496 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\05419820.sys -- (is-4PIGCdrv)
DRV - [2008/04/28 14.22.10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/24 15.28.08 | 00,281,600 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/04/15 18.53.44 | 00,312,344 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/13 17.39.16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 17.36.05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/08 04.00.00 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/03/27 19.14.06 | 00,224,672 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/17 09.45.50 | 05,955,872 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/07/13 11.26.12 | 00,094,976 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio)
DRV - [2007/06/18 16.12.04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/06/08 07.49.46 | 00,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007/02/14 15.21.00 | 00,067,960 | R--- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/12/08 12.36.20 | 00,100,864 | ---- | M] (Prevx Limited, http://www.prevx1.com/) -- C:\WINDOWS\system32\drivers\PxEmu.sys -- (PrevxEmulator)
DRV - [2006/12/08 12.36.16 | 00,018,560 | ---- | M] (Prevx Limited, http://www.prevx1.com/) -- C:\WINDOWS\system32\drivers\pxtdi.sys -- (PrevxTdi)
DRV - [2006/12/08 12.36.14 | 00,274,688 | ---- | M] (Prevx Limited, http://www.prevx1.com/) -- C:\WINDOWS\system32\drivers\pxfsf.sys -- (PrevxDriver)
DRV - [2006/07/26 13.09.26 | 00,006,144 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\anti_rkt.sys -- (AVG Anti-Rootkit)
DRV - [2006/07/26 13.09.20 | 00,003,712 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\cleanDrv.sys -- (AVG Clean Driver)
DRV - [2006/07/24 16.05.00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/03/02 13.00.00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2005/08/30 01.49.38 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005/08/30 01.49.34 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005/08/30 01.47.38 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-448539723-261478967-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-448539723-261478967-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-448539723-261478967-682003330-1003\..\URLSearchHook: {656cfb8c-c8d5-4166-b4e2-03d39af6ff42} - C:\Programmi\italian.ilsc\tbital.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-448539723-261478967-682003330-1003\S-1-5-21-448539723-261478967-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.91
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6
FF - prefs.js..extensions.enabledItems: StreamingPlugin@conviva.com:1.10.8.24856
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.6
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: fsonlinescanner@f-secure.com:1.01
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {39379F86-9CCB-4724-AE33-4278DE266C88}:1.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090918

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/14 02.00.30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Programmi\Real\RealPlayer\browserrecord\firefox\ext [2009/10/16 16.54.50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2009/11/24 14.06.08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2009/11/24 14.06.08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programmi\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/08/22 23.01.30 | 00,000,000 | ---D | M]

[2009/08/06 14.17.52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saigon # User\Dati applicazioni\Mozilla\Extensions
[2009/11/13 19.41.11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saigon # User\Dati applicazioni\Mozilla\Firefox\Profiles\hwyucp6s.default\extensions
[2009/08/20 09.59.14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saigon # User\Dati applicazioni\Mozilla\Firefox\Profiles\hwyucp6s.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/08/14 16.54.24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saigon # User\Dati applicazioni\Mozilla\Firefox\Profiles\hwyucp6s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/16 16.47.10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saigon # User\Dati applicazioni\Mozilla\Firefox\Profiles\hwyucp6s.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2009/09/23 14.23.06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saigon # User\Dati applicazioni\Mozilla\Firefox\Profiles\hwyucp6s.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/10/10 13.17.09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saigon # User\Dati applicazioni\Mozilla\Firefox\Profiles\hwyucp6s.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/10/20 19.50.27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saigon # User\Dati applicazioni\Mozilla\Firefox\Profiles\hwyucp6s.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2009/09/25 21.10.10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saigon # User\Dati applicazioni\Mozilla\Firefox\Profiles\hwyucp6s.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/10/20 19.50.29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saigon # User\Dati applicazioni\Mozilla\Firefox\Profiles\hwyucp6s.default\extensions\fsonlinescanner@f-secure.com
[2009/09/08 03.06.14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saigon # User\Dati applicazioni\Mozilla\Firefox\Profiles\hwyucp6s.default\extensions\StreamingPlugin@conviva.com
[2009/10/18 14.18.52 | 00,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions
[2006/10/26 19.12.16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Mozilla Firefox\plugins\NPOFF12.DLL
[2009/10/16 16.54.15 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nppl3260.dll
[2009/10/16 16.55.21 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nprjplug.dll
[2009/10/16 16.53.35 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\nprpjplug.dll
[2009/06/02 11.56.16 | 00,001,495 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/08/25 08.32.38 | 00,001,340 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\crawlersrch.xml
[2009/07/30 23.06.07 | 00,001,412 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\demauro.xml
[2009/07/30 23.06.07 | 00,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2009/07/30 23.06.07 | 00,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2009/07/30 23.06.07 | 00,000,649 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (URLDetector Class) - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll (Prevx Ltd.)
O2 - BHO: (italian.ilsc Toolbar) - {656cfb8c-c8d5-4166-b4e2-03d39af6ff42} - C:\Programmi\italian.ilsc\tbital.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programmi\PicLensIE\cooliris.dll (Cooliris Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (italian.ilsc Toolbar) - {656cfb8c-c8d5-4166-b4e2-03d39af6ff42} - C:\Programmi\italian.ilsc\tbital.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programmi\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (PimpFish Basic) - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Programmi\PimpFish\PimpFish.dll (Zabersoft)
O3 - HKU\S-1-5-21-448539723-261478967-682003330-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-448539723-261478967-682003330-1003\..\Toolbar\WebBrowser: (italian.ilsc Toolbar) - {656CFB8C-C8D5-4166-B4E2-03D39AF6FF42} - C:\Programmi\italian.ilsc\tbital.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-448539723-261478967-682003330-1003\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programmi\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-448539723-261478967-682003330-1003\..\Toolbar\WebBrowser: (PimpFish Basic) - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Programmi\PimpFish\PimpFish.dll (Zabersoft)
O4 - HKLM..\Run: [Cpqset] C:\Programmi\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DAEMON Tools] C:\Programmi\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKLM..\Run: [egui] C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAAnotif] C:\Programmi\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Programmi\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programmi\File comuni\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-448539723-261478967-682003330-1003..\Run: [msnmsgr] C:\Programmi\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-448539723-261478967-682003330-1003..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-448539723-261478967-682003330-1003..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-448539723-261478967-682003330-1003..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-448539723-261478967-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-448539723-261478967-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-448539723-261478967-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-448539723-261478967-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-448539723-261478967-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O7 - HKU\S-1-5-21-448539723-261478967-682003330-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - C:\Programmi\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download with TrueDownloader! - C:\Programmi\TrueDownloader\truedownloader.htm ()
O8 - Extra context menu item: &Grab video by Orbit - C:\Programmi\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programmi\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Programmi\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download by YouTube Robot - C:\Programmi\YouTubeRobot\RobotExt.ocx (YouTubeRobot.com)
O8 - Extra context menu item: PimpFish Basic - Grab movies on this page - C:\Programmi\PimpFish\grabpagemovies.htm ()
O8 - Extra context menu item: PimpFish Basic - Grab pictures on this page - C:\Programmi\PimpFish\grabpagepics.htm ()
O8 - Extra context menu item: PimpFish Basic - Grab pictures this page links to - C:\Programmi\PimpFish\grabpagelinks.htm ()
O8 - Extra context menu item: PimpFish Basic - Grab Target File - C:\Programmi\PimpFish\grablink.htm ()
O8 - Extra context menu item: PimpFish Basic - Grab This Picture - C:\Programmi\PimpFish\grabpic.htm ()
O8 - Extra context menu item: Save YouTube Video - C:\Programmi\File comuni\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Programmi\File comuni\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Scarica con Free Download Manager - C:\Programmi\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Scarica i video con Free Download Manager - C:\Programmi\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - C:\Programmi\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Scarica tutto con Free Download Manager - C:\Programmi\Free Download Manager\dlall.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Programmi\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-448539723-261478967-682003330-1003\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1248524542218 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1248527859468 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programmi\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/24 13.01.58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 60 Days ==========

[2009/11/26 18.43.39 | 00,532,884 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Saigon # User\Desktop\OTL.exe
[2009/11/26 18.32.34 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/11/26 18.31.37 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Saigon # User\Recent
[2009/11/24 15.04.49 | 00,000,000 | ---D | C] -- C:\The_Boxer_Rebellion_-_Union_2009_Album_ExclusivE_iTunes
[2009/11/24 14.04.55 | 00,000,000 | ---D | C] -- C:\Programmi\QuickTime
[2009/11/24 14.04.52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
[2009/11/23 22.14.41 | 00,000,000 | ---D | C] -- C:\Programmi\GRISOFT
[2009/11/23 22.13.59 | 00,000,000 | ---D | C] -- C:\Programmi\Softwin
[2009/11/23 22.08.56 | 00,000,000 | ---D | C] -- C:\SOPHTEMP
[2009/11/23 22.08.16 | 00,312,064 | ---- | C] (Resplendence) -- C:\WINDOWS\System32\rspsc.sys
[2009/11/23 22.08.14 | 00,000,000 | ---D | C] -- C:\Programmi\RootKit Hook Analyzer
[2009/11/23 22.07.30 | 00,000,000 | ---D | C] -- C:\Anti-Rootkit_[Sander]
[2009/11/21 19.19.56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saigon # User\Impostazioni locali\Dati applicazioni\WMTools Downloaded Files
[2009/11/21 18.43.39 | 00,000,000 | ---D | C] -- C:\Programmi\Trojan Remover
[2009/11/21 16.32.24 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/21 16.32.24 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/21 16.32.23 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/21 16.32.23 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/21 16.31.27 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/17 23.14.37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
[2009/11/17 23.14.21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saigon # User\Dati applicazioni\SUPERAntiSpyware.com
[2009/11/17 23.14.21 | 00,000,000 | ---D | C] -- C:\Programmi\SUPERAntiSpyware
[2009/11/17 20.47.31 | 22,839,960 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Saigon # User\Desktop\launch.exe
[2009/11/17 16.58.52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saigon # User\Impostazioni locali\Dati applicazioni\Conduit
[2009/11/17 16.58.50 | 00,000,000 | ---D | C] -- C:\Programmi\Conduit
[2009/11/17 16.58.49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saigon # User\Impostazioni locali\Dati applicazioni\italian.ilsc
[2009/11/17 16.58.42 | 00,000,000 | ---D | C] -- C:\Programmi\italian.ilsc
[2009/11/17 16.45.44 | 00,000,000 | ---D | C] -- C:\Programmi\File comuni\Wise Installation Wizard
[2009/11/15 22.29.31 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Saigon # User\Desktop\RootRepeal.exe
[2009/11/13 19.40.06 | 00,148,496 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\00466928.sys
[2009/11/12 13.55.52 | 00,067,960 | R--- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwusb.sys
[2009/11/12 13.55.51 | 00,106,557 | R--- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\btw_ci.dll
[2009/11/10 23.08.24 | 00,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/11/10 23.08.24 | 00,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/11/08 10.55.02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saigon # User\Documenti\My Art
[2009/11/08 10.54.56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saigon # User\Dati applicazioni\Samsung
[2009/11/08 10.24.12 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\framedyn.dll
[2009/11/08 10.21.14 | 00,094,000 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ssm_mdm.sys
[2009/11/08 10.21.14 | 00,058,320 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ssm_bus.sys
[2009/11/08 10.21.14 | 00,008,336 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ssm_mdfl.sys
[2009/11/08 10.21.14 | 00,006,176 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ssm_cmnt.sys
[2009/11/08 10.21.14 | 00,006,176 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ssm_cm.sys
[2009/11/08 10.21.13 | 00,005,840 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ssm_whnt.sys
[2009/11/08 10.21.13 | 00,005,840 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ssm_wh.sys
[2009/11/08 10.20.38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2009/11/08 10.17.52 | 00,000,000 | ---D | C] -- C:\Programmi\Samsung
[2009/11/08 10.14.30 | 00,000,000 | ---D | C] -- C:\Programmi\File comuni\Adobe
[2009/11/07 15.47.09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saigon # User\Impostazioni locali\Dati applicazioni\FlickrNet
[2009/11/07 15.41.34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saigon # User\Impostazioni locali\Dati applicazioni\Ginipic
[2009/11/07 15.41.25 | 00,000,000 | ---D | C] -- C:\Programmi\Ginipic
[2009/11/07 15.12.57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saigon # User\Impostazioni locali\Dati applicazioni\Cooliris
[2009/11/07 15.12.14 | 00,000,000 | ---D | C] -- C:\Programmi\PicLensIE
[2009/11/01 23.42.24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saigon # User\Desktop\softwaresveglia_install
[2009/10/25 12.28.36 | 00,000,000 | ---D | C] -- C:\Programmi\LSI SoftModem
[2009/10/25 09.11.52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saigon # User\Dati applicazioni\vlc
[2009/10/24 19.40.05 | 00,000,000 | ---D | C] -- C:\My FLVs
[2009/10/24 19.35.33 | 00,716,800 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2009/10/24 19.35.26 | 00,593,920 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpuGUI11.dll
[2009/10/24 19.35.26 | 00,294,912 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpu11.dll
[2009/10/24 19.35.26 | 00,200,704 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dtu100.dll
[2009/10/24 19.35.26 | 00,057,344 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpv11.dll
[2009/10/24 19.35.25 | 01,044,480 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libdivx.dll
[2009/10/24 19.35.25 | 00,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssldivx.dll
[2009/10/24 19.35.19 | 00,000,000 | ---D | C] -- C:\Programmi\YouTubeRobot
[2009/10/24 19.32.51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saigon # User\Documenti\My Downloaded Video
[2009/10/24 19.31.38 | 00,000,000 | ---D | C] -- C:\Programmi\Nuclear Coffee
[2009/10/24 18.53.24 | 00,000,000 | ---D | C] -- C:\Programmi\VideoLAN
[2009/10/23 20.14.10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saigon # User\Desktop\utbd
[2009/10/21 19.08.47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saigon # User\Documenti\RM
[2009/10/21 19.01.55 | 00,000,000 | ---D | C] -- C:\Programmi\Replay Music 3
[2009/10/21 19.01.55 | 00,000,000 | ---D | C] -- C:\WINDOWS\Replay Music
[2009/10/21 12.47.23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
[2009/10/20 17.30.49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saigon # User\Desktop\vcv
[2009/10/20 16.56.48 | 00,398,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31981.exe
[2009/10/20 15.57.09 | 00,323,584 | ---- | C] (Stefan Toengi) -- C:\WINDOWS\System32\AUDIOGENIE2.DLL
[2009/10/18 09.50.57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saigon # User\_gimp1.2
[2009/10/18 08.58.25 | 00,000,000 | ---D | C] -- C:\Programmi\DAEMON Tools
[2009/10/17 13.54.02 | 00,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2009/10/17 13.52.41 | 00,000,000 | ---D | C] -- C:\WINDOWS\gtk+
[2009/10/17 13.52.34 | 00,000,000 | ---D | C] -- C:\Programmi\File comuni\GNU
[2009/10/17 13.40.22 | 00,000,000 | ---D | C] -- C:\Programmi\GIMP
[2009/10/16 16.54.16 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/10/16 16.53.22 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/10/16 16.53.20 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/10/16 16.52.36 | 00,000,000 | ---D | C] -- C:\Programmi\File comuni\xing shared
[2009/10/16 16.51.00 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/10/16 16.50.33 | 00,000,000 | ---D | C] -- C:\Programmi\Real
[2009/10/16 16.50.22 | 00,000,000 | ---D | C] -- C:\Programmi\File comuni\Real
[2009/10/16 16.50.12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Real
[2009/10/16 16.49.39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saigon # User\Dati applicazioni\Real
[2009/10/16 16.46.14 | 00,000,000 | ---D | C] -- C:\Programmi\IrfanView
[2009/10/16 16.45.57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/10/16 14.47.51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saigon # User\Documenti\Espanol Libros
[2009/10/14 20.45.12 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsvc2.dll
[2009/10/13 14.35.50 | 00,000,000 | ---D | C] -- C:\Programmi\Burn4Free
[2009/10/13 14.35.28 | 01,645,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2009/10/13 14.35.22 | 00,000,000 | ---D | C] -- C:\Programmi\BurnAware Free
[2009/10/11 14.15.01 | 00,000,000 | ---D | C] -- C:\Programmi\Prevx
[2009/09/14 12.45.31 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Saigon # User\Dati applicazioni\pcouffin.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2009/11/26 18.53.56 | 00,532,884 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Saigon # User\Desktop\OTL.exe
[2009/11/26 18.45.52 | 03,577,118 | ---- | M] () -- C:\Documents and Settings\Saigon # User\Desktop\ComboFix.exe
[2009/11/26 18.41.19 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/26 18.41.00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/26 18.40.08 | 42,949,66720 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/11/26 18.39.22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/26 18.39.18 | 00,000,194 | -HS- | M] () -- C:\Documents and Settings\Saigon # User\ntuser.ini
[2009/11/26 18.39.17 | 16,777,216 | -H-- | M] () -- C:\Documents and Settings\Saigon # User\NTUSER.DAT
[2009/11/26 18.22.11 | 00,080,384 | ---- | M] () -- C:\Documents and Settings\Saigon # User\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/26 13.40.49 | 00,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A280B8C3-4674-4F87-B5EB-63613B59ACDE}.job
[2009/11/26 03.17.00 | 59,398,796 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/11/24 16.07.31 | 00,384,512 | ---- | M] () -- C:\Documents and Settings\Saigon # User\Documenti\2009-11-12 Lista cd e vinili in vendita.xls
[2009/11/24 10.01.07 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/23 22.15.30 | 08,403,905 | ---- | M] () -- C:\WINDOWS\System32\VARNLDP
[2009/11/23 22.14.45 | 00,000,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Beta.lnk
[2009/11/22 14.57.36 | 00,077,312 | ---- | M] () -- C:\mbr.exe
[2009/11/22 14.31.31 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/21 18.38.46 | 00,000,397 | ---- | M] () -- C:\Documents and Settings\Saigon # User\Dati applicazioni\burnaware.ini
[2009/11/21 17.49.40 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/17 23.14.30 | 00,000,752 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/17 21.34.12 | 22,839,960 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Saigon # User\Desktop\launch.exe
[2009/11/17 21.26.50 | 02,051,858 | ---- | M] () -- C:\Documents and Settings\Saigon # User\Desktop\SysInspector-KRAKOVIA-091117-2123.xml
[2009/11/17 21.26.50 | 00,219,264 | ---- | M] () -- C:\Documents and Settings\Saigon # User\Desktop\SysInspector-KRAKOVIA-091117-2123.zip
[2009/11/17 21.02.42 | 00,016,016 | ---- | M] () -- C:\Documents and Settings\Saigon # User\Documenti\TUNNEL DE NEWSS.docx
[2009/11/17 16.36.17 | 07,375,392 | ---- | M] () -- C:\Documents and Settings\Saigon # User\Desktop\SUPERAntiSpyware.exe
[2009/11/17 16.23.31 | 00,015,289 | ---- | M] () -- C:\Documents and Settings\Saigon # User\Desktop\Desktop.zip
[2009/11/15 22.30.27 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Saigon # User\Desktop\RootRepeal.exe
[2009/11/15 22.27.58 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Saigon # User\Desktop\dds.scr
[2009/11/14 20.10.04 | 00,291,840 | ---- | M] () -- C:\Documents and Settings\Saigon # User\Desktop\gmer.exe
[2009/11/14 01.47.57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/13 19.33.29 | 00,010,765 | ---- | M] () -- C:\Documents and Settings\Saigon # User\Documenti\LETTER TO L-P !!!!!!!!!!!!.docx
[2009/11/13 03.18.00 | 00,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/10 23.08.24 | 00,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/11/10 23.08.24 | 00,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/11/10 07.18.57 | 00,550,704 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2009/11/10 07.18.57 | 00,498,374 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/10 07.18.57 | 00,106,080 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2009/11/10 07.18.57 | 00,091,606 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/10 07.18.56 | 01,263,542 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/09 19.11.27 | 00,047,208 | ---- | M] () -- C:\Documents and Settings\Saigon # User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
[2009/11/08 10.52.43 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Dati applicazioni\LauncherAccess.dt
[2009/11/08 10.17.58 | 00,000,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Samsung PC Studio 3.lnk
[2009/11/07 21.33.10 | 00,000,030 | ---- | M] () -- C:\WINDOWS\BERLITZ.INI
[2009/11/07 15.09.10 | 00,002,357 | ---- | M] () -- C:\Documents and Settings\Saigon # User\Impostazioni locali\Dati applicazioni\dyvshdbw.exe
[2009/11/04 18.54.38 | 01,905,152 | ---- | M] () -- C:\Documents and Settings\Saigon # User\Documenti\APPUNTI DI BIO-cordati.ppt
[2009/10/26 13.50.07 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2009/10/25 06.11.34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/24 20.47.16 | 00,323,584 | ---- | M] (Stefan Toengi) -- C:\WINDOWS\System32\AUDIOGENIE2.DLL
[2009/10/23 20.13.34 | 00,870,349 | ---- | M] () -- C:\Documents and Settings\Saigon # User\Desktop\DesktopTube_install.exe
[2009/10/22 10.16.23 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/20 16.52.08 | 00,398,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31981.exe
[2009/10/20 15.57.25 | 00,156,672 | ---- | M] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2009/10/20 15.57.23 | 00,237,568 | ---- | M] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/10/18 08.58.30 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2009/10/17 16.55.31 | 00,000,026 | ---- | M] () -- C:\WINDOWS\dvdSanta.INI
[2009/10/16 16.54.16 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/10/16 16.53.22 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/10/16 16.53.20 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/10/16 16.51.00 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/10/11 14.15.01 | 00,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys
[2009/10/11 14.15.01 | 00,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2009/10/11 14.14.58 | 00,000,832 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/09/30 16.16.52 | 00,001,512 | ---- | M] () -- C:\Documents and Settings\Saigon # User\Desktop\CCleaner.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/26 18.42.52 | 03,577,118 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Desktop\ComboFix.exe
[2009/11/24 16.07.31 | 00,384,512 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Documenti\2009-11-12 Lista cd e vinili in vendita.xls
[2009/11/23 22.14.45 | 00,000,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Beta.lnk
[2009/11/23 22.13.06 | 08,403,905 | ---- | C] () -- C:\WINDOWS\System32\VARNLDP
[2009/11/22 14.57.25 | 00,077,312 | ---- | C] () -- C:\mbr.exe
[2009/11/21 16.32.24 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/21 16.32.24 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/21 16.32.24 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/21 16.32.23 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/21 16.32.23 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/17 23.14.30 | 00,000,752 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/17 21.26.55 | 02,051,858 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Desktop\SysInspector-KRAKOVIA-091117-2123.xml
[2009/11/17 21.26.50 | 00,219,264 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Desktop\SysInspector-KRAKOVIA-091117-2123.zip
[2009/11/17 21.02.41 | 00,016,016 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Documenti\TUNNEL DE NEWSS.docx
[2009/11/17 20.49.04 | 00,291,840 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Desktop\gmer.exe
[2009/11/17 16.28.54 | 01,905,152 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Documenti\APPUNTI DI BIO-cordati.ppt
[2009/11/17 16.26.47 | 07,375,392 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Desktop\SUPERAntiSpyware.exe
[2009/11/17 15.52.52 | 00,015,289 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Desktop\Desktop.zip
[2009/11/15 22.26.41 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Desktop\dds.scr
[2009/11/08 10.26.02 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\LauncherAccess.dt
[2009/11/08 10.19.42 | 00,000,766 | ---- | C] () -- C:\WINDOWS\System32\Uninstall.ico
[2009/11/08 10.19.00 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/11/08 10.17.58 | 00,000,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Samsung PC Studio 3.lnk
[2009/11/07 15.09.10 | 00,002,357 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Impostazioni locali\Dati applicazioni\dyvshdbw.exe
[2009/10/25 13.45.37 | 00,000,030 | ---- | C] () -- C:\WINDOWS\BERLITZ.INI
[2009/10/24 19.35.33 | 00,389,120 | ---- | C] () -- C:\WINDOWS\System32\actskn43.ocx
[2009/10/24 19.35.33 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/10/24 19.35.25 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/10/23 20.12.45 | 00,870,349 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Desktop\DesktopTube_install.exe
[2009/10/21 19.05.04 | 00,003,909 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Dati applicazioni\ReplayMusicLog.log
[2009/10/18 08.58.29 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2009/10/16 20.58.04 | 00,010,765 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Documenti\LETTER TO L-P !!!!!!!!!!!!.docx
[2009/10/13 14.28.25 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Impostazioni locali\Dati applicazioni\FnF4.txt
[2009/09/14 13.48.57 | 00,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\.zreglib
[2009/09/14 12.45.42 | 00,000,031 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Dati applicazioni\pcouffin.log
[2009/09/14 12.45.31 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Dati applicazioni\pcouffin.cat
[2009/09/14 12.45.31 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Dati applicazioni\pcouffin.inf
[2009/09/11 12.16.01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2009/09/11 12.08.58 | 00,023,508 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/09/11 12.08.48 | 00,001,060 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/09/11 12.00.45 | 00,011,907 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2009/09/11 12.00.37 | 00,059,758 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/09/11 12.00.36 | 00,014,796 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/09/11 12.00.28 | 00,017,676 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/09/11 12.00.15 | 00,003,476 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/09/10 12.57.30 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/09/09 18.43.50 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/09/09 18.18.21 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\vaxscsi.sys
[2009/08/22 19.49.07 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/08/22 19.45.45 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/08/22 19.45.45 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/08/22 19.45.45 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/08/22 19.45.45 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/08/12 13.44.25 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/08/12 13.36.07 | 00,004,938 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\ypkpiykb.yyr
[2009/08/12 13.35.49 | 00,000,036 | ---- | C] () -- C:\WINDOWS\IniFile1.ini
[2009/08/06 15.49.58 | 00,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2009/08/04 21.18.13 | 00,087,040 | ---- | C] () -- C:\WINDOWS\System32\TrayIcon12.dll
[2009/08/04 21.18.12 | 00,061,952 | ---- | C] () -- C:\WINDOWS\System32\ajnetmask.dll
[2009/08/04 15.15.04 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009/08/04 15.15.04 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009/08/04 15.15.04 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009/08/04 15.15.04 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/04 15.15.04 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2009/08/04 15.15.03 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/04 10.34.31 | 00,000,067 | ---- | C] () -- C:\WINDOWS\Easy Video to DVD.INI
[2009/08/03 14.07.42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/27 17.27.41 | 00,000,397 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Dati applicazioni\burnaware.ini
[2009/07/25 23.54.40 | 00,000,832 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/24 22.18.37 | 00,080,384 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/24 14.12.04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2009/07/24 14.05.50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/07/24 14.05.50 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/07/24 14.05.50 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/07/24 14.05.50 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/07/24 14.05.50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/07/24 14.05.50 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/07/24 13.51.32 | 00,000,142 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2009/07/24 13.51.12 | 00,029,612 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/07/24 13.48.42 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Impostazioni locali\Dati applicazioni\QSwitch.txt
[2009/07/24 13.48.42 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Impostazioni locali\Dati applicazioni\DSwitch.txt
[2009/07/24 13.48.42 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Saigon # User\Impostazioni locali\Dati applicazioni\AtStart.txt
[2009/07/24 13.39.00 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4935.dll
[2007/06/08 08.05.38 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll
[2005/02/19 19.56.14 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\tdfileman.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:CB0AACC9
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:5C321E34
< End of report >










OTL Extras logfile created on: 26/11/2009 18.58.55 - Run 1
OTL by OldTimer - Version 3.1.11.0 Folder = C:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 76,62% Memory free
3,84 Gb Paging File | 3,53 Gb Available in Paging File | 91,78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 149,04 Gb Total Space | 10,33 Gb Free Space | 6,93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRAKOVIA
Current User Name: Saigon # User
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Programmi\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-448539723-261478967-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Programmi\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programmi\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programmi\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Programmi\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Programmi\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programmi\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programmi\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programmi\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programmi\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" = C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmi\BitTorrent\bittorrent.exe" = C:\Programmi\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Programmi\eMule\emule.exe" = C:\Programmi\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" = C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programmi\BearShare Applications\BearShare\BearShare.exe" = C:\Programmi\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)
"C:\Programmi\Orbitdownloader\orbitdm.exe" = C:\Programmi\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programmi\Orbitdownloader\orbitnet.exe" = C:\Programmi\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programmi\Mozilla Firefox\firefox.exe" = C:\Programmi\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Programmi\Prevx1\PXConsole.exe" = C:\Programmi\Prevx1\PXConsole.exe:*:Enabled:PXConsole -- (Prevx)
"C:\Programmi\Prevx1\PXAgent.exe" = C:\Programmi\Prevx1\PXAgent.exe:*:Enabled:PXAgent -- (Prevx)
"C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" = C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition -- (SUPERAntiSpyware.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}" = Opera 10.00
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}" = ESET NOD32 Antivirus
"{2F8BE445-D14C-40E2-AF62-E43539FD1500}" = YouTUBE ™ movie downloader
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{31B5B620-CA8A-4F99-A64E-7DDB3D1BBB69}_is1" = appleJuice Client
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{49C77D21-F91F-4296-B7DF-19C5FF51AF4D}" = Windows Live Call
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5AE2BE5E-930A-481C-817E-C373E8910C8A}" = Windows Live Messenger
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{6FC0A4F8-8301-48C6-ADB7-B9EA8CF09C39}" = Ginipic
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8180DC57-B9CC-4C0C-8334-B357B67BCF6B}" = Movavi Video Converter 8
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0410-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Italian) 12
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_HOMESTUDENTR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6327AE2-7539-4CD0-9A53-7D722B8C0E90}" = Cooliris for Internet Explorer
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009-09-09
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E171E280-0BAE-4460-9F47-CA96D17828B6}" = Windows Live Essentials
"{E3A54A70-1CFA-4D79-ACD6-5AA2A98C212F}" = Samsung PC Studio 3
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
"Absolute MP3 Splitter_is1" = Absolute MP3 Splitter version 2.8.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"a-squared Free_is1" = a-squared Free 4.5
"a-squared HiJackFree_is1" = a-squared HiJackFree 3.1
"AVGantiRootkit" = AVG Anti-Rootkit Beta
"AVS DVD Copy_is1" = AVS DVD Copy version 4.1.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BearShare" = BearShare
"BitTorrent" = BitTorrent
"Burn4Free" = Burn4Free CD and DVD
"burnatonce_is1" = burnatonce
"BurnAware Free_is1" = BurnAware Free 2.4.1
"CCleaner" = CCleaner (remove only)
"CloneDVD2" = CloneDVD2
"DC++" = DC++ 0.750
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dvdSanta 4.50 - Make your own DVD movies!_is1" = dvdSanta 4.50
"eMule" = eMule
"Free Download Manager_is1" = Free Download Manager 3.0
"Free Studio_is1" = Free Studio version 4.2
"Getleft_is1" = Getleft v1.2
"GIMP" = GIMP
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InfraRecorder" = InfraRecorder
"IrfanView" = IrfanView (remove only)
"italian.ilsc Toolbar" = italian.ilsc Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MP3 Splitter & Joiner Pro_is1" = MP3 Splitter & Joiner Pro 3.48
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Orbit_is1" = Orbit Downloader
"PDF Complete" = PDF Complete
"PimpFish" = PimpFish Basic
"Prevx1" = Prevx1
"Prism" = Prism Video Converter
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"Replay Media Catcher 3.01" = Replay Media Catcher 3.01
"Replay Music3.45" = Replay Music
"RootKit Hook Analyzer_is1" = RootKit Hook Analyzer
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Software Informer_is1" = Software Informer 1.0 BETA
"Some PDF Image Extract_is1" = Some PDF Image Extractr 1.5
"Some PDF to HTML Converter_is1" = Some PDF to HTML Converter 1.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrueDownloader_is1" = TrueDownloader 0.82
"Uninstall_is1" = Uninstall 1.0.0.1
"UseNeXT_is1" = UseNeXT
"VideoGet" = Nuclear Coffee - VideoGet 1.1 Trial
"VLC media player" = VLC media player 1.0.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR gestione archivi
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YouTubeRobot_is1" = YouTube Robot 2.0.2007.829

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-448539723-261478967-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/08/2009 14.40.13 | Computer Name = KRAKOVIA | Source = crypt32 | ID = 131080
Description = Impossibile eseguire il recupero con aggiornamento automatico del
numero di sequenza dell'elenco principale di altri produttori da: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
a causa del seguente errore: The server name or address could not be resolved

Error - 22/08/2009 14.40.13 | Computer Name = KRAKOVIA | Source = MsiInstaller | ID = 1008
Description = Un errore nell'elaborazione dei criteri di restrizione software non
consente l'installazione di C:\Documents and Settings\Saigon # User\Documenti\BIT
ON!\NOD 32\eav_nt32_enu.msi. L'oggetto non pu essere considerato attendibile.

Error - 22/08/2009 14.52.13 | Computer Name = KRAKOVIA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore removeit.exe, versione 0.0.0.0,
modulo che ha provocato l'errore kernel32.dll, versione 5.1.2600.5781, indirizzo
errore 0x00012afb.

Error - 22/08/2009 14.54.21 | Computer Name = KRAKOVIA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore removeit.exe, versione 0.0.0.0,
modulo che ha provocato l'errore kernel32.dll, versione 5.1.2600.5781, indirizzo
errore 0x00012afb.

Error - 22/08/2009 14.54.29 | Computer Name = KRAKOVIA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore removeit.exe, versione 0.0.0.0,
modulo che ha provocato l'errore kernel32.dll, versione 5.1.2600.5781, indirizzo
errore 0x00012afb.

Error - 22/08/2009 14.54.45 | Computer Name = KRAKOVIA | Source = crypt32 | ID = 131080
Description = Impossibile eseguire il recupero con aggiornamento automatico del
numero di sequenza dell'elenco principale di altri produttori da: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
a causa del seguente errore: The server name or address could not be resolved

Error - 22/08/2009 14.54.48 | Computer Name = KRAKOVIA | Source = crypt32 | ID = 131080
Description = Impossibile eseguire il recupero con aggiornamento automatico del
numero di sequenza dell'elenco principale di altri produttori da: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
a causa del seguente errore: The server name or address could not be resolved

Error - 22/08/2009 14.54.48 | Computer Name = KRAKOVIA | Source = MsiInstaller | ID = 1008
Description = Un errore nell'elaborazione dei criteri di restrizione software non
consente l'installazione di C:\Documents and Settings\Saigon # User\Documenti\BIT
ON!\ESET NOD32 Antivirus & Smart Security 4.0.437 x32 & x64\eav_nt32_enu.msi. L'oggetto
non pu essere considerato attendibile.

Error - 22/08/2009 17.57.16 | Computer Name = KRAKOVIA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore firefox.exe, versione 1.9.1.3497,
modulo che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x0b0b0b0b.

Error - 22/08/2009 18.26.44 | Computer Name = KRAKOVIA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore egui.exe, versione 4.0.437.0,
modulo che ha provocato l'errore egui.exe, versione 4.0.437.0, indirizzo errore
0x00069b55.

[ System Events ]
Error - 25/11/2009 22.18.24 | Computer Name = KRAKOVIA | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
%%126

Error - 25/11/2009 22.18.25 | Computer Name = KRAKOVIA | Source = Service Control Manager | ID = 7026
Description = All'avvio non stato possibile caricare i seguenti driver: PXRDDriver

Error - 25/11/2009 22.18.32 | Computer Name = KRAKOVIA | Source = Service Control Manager | ID = 7024
Description = Servizio Routing e Accesso remoto terminato. Errore specifico del
servizio 340 (0x154).

Error - 26/11/2009 8.22.30 | Computer Name = KRAKOVIA | Source = Service Control Manager | ID = 7000
Description = Il servizio SASDIFSV non stato avviato per il seguente errore: %%183

Error - 26/11/2009 13.41.36 | Computer Name = KRAKOVIA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 26/11/2009 13.41.49 | Computer Name = KRAKOVIA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 26/11/2009 13.42.28 | Computer Name = KRAKOVIA | Source = Service Control Manager | ID = 7001
Description = Il servizio Pubblicazione FTP dipende dal servizio Amministrazione
di IIS che non stato avviato per il seguente errore: %%1068

Error - 26/11/2009 13.42.28 | Computer Name = KRAKOVIA | Source = Service Control Manager | ID = 7001
Description = Il servizio Protocollo SMTP (Simple Mail Transfer Protocol) dipende
dal servizio Amministrazione di IIS che non stato avviato per il seguente errore:
%%1068

Error - 26/11/2009 13.42.28 | Computer Name = KRAKOVIA | Source = Service Control Manager | ID = 7001
Description = Il servizio Pubblicazione sul Web dipende dal servizio Amministrazione
di IIS che non stato avviato per il seguente errore: %%1068

Error - 26/11/2009 13.42.28 | Computer Name = KRAKOVIA | Source = Service Control Manager | ID = 7026
Description = All'avvio non stato possibile caricare i seguenti driver: ehdrv ElbyCDIO
Fips
intelppm
is-4PIGCdrv
is-BNEP1drv
PXRDDriver
SASKUTIL
StarOpen


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:42 PM

Posted 27 November 2009 - 07:53 AM

Hi,

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own

Please check for a file called C:\ComboFix.txt and if it exists post its contents.

Why are you posting here? What is the problem with your PC?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 HOLAAAZZZ

HOLAAAZZZ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 29 November 2009 - 10:36 AM

I'm posting here because my PC has a rootkit / malware / virus something anyway....

Here it is :

Attached Files



#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:42 PM

Posted 29 November 2009 - 03:02 PM

Hi,

what symptoms do you have? What makes you believe you are infected?

Please run a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Please also run a scan with Malwarebytes:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 HOLAAAZZZ

HOLAAAZZZ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 01 December 2009 - 04:47 PM

Here are a few more logs..

Attached Files



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:42 PM

Posted 02 December 2009 - 04:54 PM

Hi,

why are you running out of safe mode?

Please also answer my previous question: What makes you believe, you are infected?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 HOLAAAZZZ

HOLAAAZZZ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 06 December 2009 - 06:22 AM

Well , my Internet is too slow (20 mins only to load a single page) and I can't update Anything, my anti-viruses, my programs....................anything !!

And this is not normal !!

And, moreover, I found time ago a rootkit, I deleted it, but I think it's still there although my antiviruses (and scanner online, those I still run) detect nothing!

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:42 PM

Posted 11 December 2009 - 09:24 AM

Hi,

I'm terribly sorry for the delay. :( I had unexpected family issues to deal with, which left me without internet access for most of the week, but I'm back in the internet connected world now and I hope there won't be any more delays.

Can you boot your PC into normal mode? If so please run Malwarebytes in normal mode as previously instructed and post the log here.

Can you tell me which infection you found and removed on your system? Do you recall the exact name? Which program deleted it?

Sorry once more,
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 HOLAAAZZZ

HOLAAAZZZ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 12 December 2009 - 03:17 PM

MM well I remember I deleted a rootkit, but... some time ago, I don't remember the name, maybe the program is F Secure Online Scanner, usually I detect new viruses online...

I almost never use Malwarebytes.. Anyway I've many different logs here : http://www.mediafire.com/?iyhwgumumyq

#12 HOLAAAZZZ

HOLAAAZZZ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 13 December 2009 - 05:08 AM

MAYBE I found the name of the hidden driver/rootkit : c:\windows\system32\drivers\fdc.sys

Can this be a virus ? How Can I delete it?

#13 HOLAAAZZZ

HOLAAAZZZ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 13 December 2009 - 05:10 AM

MAYBE I found the name of the hidden driver/rootkit : c:\windows\system32\drivers\fdc.sys

Can this be a virus ? How Can I delete it?

MAYBE I found the name of the hidden driver/rootkit : c:\windows\system32\drivers\fdc.sys

Can this be a virus ? How Can I delete it?

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:42 PM

Posted 15 December 2009 - 10:30 AM

Hi,

fdc.sys can or should be a file from Microsoft necessary if you want to use floppies. It could of course have been modified or replaced by malware, however nothing in your logs indicate that this has happened.

Can you boot into normal mode? If so please update and run Malwarebytes now and post the log in your next reply.

regards myrti

Edited by myrti, 15 December 2009 - 10:30 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 HOLAAAZZZ

HOLAAAZZZ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 17 December 2009 - 08:14 AM

Oh yeahhhh Here it is :D

Attached Files


Edited by HOLAAAZZZ, 17 December 2009 - 08:36 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users