Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Murlo keeps showing after deletion


  • This topic is locked This topic is locked
24 replies to this topic

#1 DByte

DByte

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 19 November 2010 - 03:33 AM

About a month ago, I noticed a big slowdown during startup and continued freezes, so I decided to run Spyware Doctor in safe mode. It found 22 registry keys related do Trojan Murlo, which were deleted easily. After that, the pc was apparently ok, but after few days slowdown was still there. I did the same procedure, plus I ran SUPERantispyware, Malwarebytes' antimalware and Combofix, with no interesting results. So, only Spyware Doctor could make my pc usable again.

Recently, in about a week I discovered the infection 3 times, discovering it in a different way, in this order:
-using Chrome, Adblock extension stopped working suddenly;
-crashed Chrome giving a strange error box (I don't remember exactly, something like "It's not a win32 valid application");
-tried to restart Chrome, impossible to load due to the same strange error box;
-begin to vanish some names of icon on desktop, windows and menus;
-every writing on the monitor was disappeared;
-trying to restart normally, the usual light blue xp logout screen was replaced by the other gray logout screen without any intervention;
-after reboot, everything was back to normal! :blink:

Tired of this behaviour, I came to write on this forum. Following your procedures to generate logs, I found very difficult making the GMER log, because of a BSOD appeared during scan, saying PAGE_FAULT_IN_NON_PAGED_AREA, error code 0x00000050, file making problem awryraod.sys, but this file doesn't exist. Unable to generate log, I booted in safe mode, and from here I was capable of running GMER and generate the log after a whole night.

Can you please help me to find the cause of all this?
Thanks in advance!

Here's the DDS log:


DDS (Ver_10-11-10.01) - NTFSx86
Run by DByte at 17.32.11,32 on 17/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2411 [GMT 1:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {0012F2B4-5CE9-7C92-0300-000100000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00200000-EE94-0012-94EE-120094EE1200}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {00000040-005C-0000-2C27-6F6300008871}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Creative\Shared Files\CTAudSvc.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Programmi\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Babylon\Babylon.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\BOINC\boincmgr.exe
C:\Programmi\BOINC\boinctray.exe
C:\Programmi\TGTSoft\StyleXP\StyleXP.exe
C:\Programmi\LogMeIn\x86\LMIGuardian.exe
C:\Programmi\PeerBlock\peerblock.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Programmi\DesktopEarth\DesktopEarth.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\DU Meter\DUMeter.exe
C:\Programmi\DU Meter\DUMeterSvc.exe
C:\Programmi\vghd\VirtuaGirl_Downloader.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Programmi\LogMeIn\x86\RaMaint.exe
C:\Programmi\LogMeIn\x86\LogMeIn.exe
C:\Programmi\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PSIService.exe
c:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\Programmi\BOINC\boinc.exe
C:\Documents and Settings\All Users\Dati applicazioni\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_nbody_0.21_windows_intelx86__sse2.exe
C:\Documents and Settings\All Users\Dati applicazioni\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_nbody_0.21_windows_intelx86__sse2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\DByte\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\programmi\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\programmi\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\programmi\babylon\utils\BabylonIEPI.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\programmi\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\programmi\spyware doctor\bdt\PCTBrowserDefender.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\programmi\daemon tools toolbar\DTToolbar.dll
uRun: [STYLEXP] c:\programmi\tgtsoft\stylexp\StyleXP.exe -Hide
uRun: [DU Meter] c:\programmi\du meter\DUMeter.exe
uRun: [MsnMsgr] "c:\programmi\windows live\messenger\msnmsgr.exe" /background
uRun: [FileHippo.com] "c:\programmi\filehippo.com\UpdateChecker.exe" /background
uRun: [PeerBlock] c:\programmi\peerblock\peerblock.exe
uRun: [Skype] "c:\programmi\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LogMeIn GUI] "c:\programmi\logmein\x86\LogMeInSystray.exe"
mRun: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
mRun: [avgnt] "c:\programmi\avira\antivir desktop\avgnt.exe" /min
mRun: [Babylon Client] c:\programmi\babylon\Babylon.exe -AutoStart
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\programmi\google\gmail notifier\gnotify.exe
mRun: [Google Desktop Search] "c:\programmi\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [boincmgr] "c:\programmi\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\programmi\boinc\boinctray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\dbyte\menuav~1\progra~1\esecuz~1\colleg~1.lnk - c:\programmi\desktopearth\DesktopEarth.exe
StartupFolder: c:\docume~1\dbyte\menuav~1\progra~1\esecuz~1\desktopvideoplayer.lnk - c:\programmi\vghd\vghd.exe
IE: &NeoTrace It! - c:\progra~1\neotra~1\NTXcontext.htm
IE: Translate this web page with Babylon - c:\programmi\babylon\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\babylon\utils\BabylonIEPI.dll/Action.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\programmi\babylon\utils\BabylonIEPI.dll/ActionTU.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\programmi\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {4819DFDF-ABC4-488C-A323-919848C51175}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: {E4B97E38-87A3-47B1-A79F-D80F6028438E} = 151.99.125.2,151.99.125.3
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fileco~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\programmi\superantispyware\SASWINLO.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programmi\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dbyte\datiap~1\mozilla\firefox\profiles\vozyza66.default\
FF - prefs.js: browser.search.selectedEngine - Nonciclopedia (Italiano)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\programmi\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\dbyte\dati applicazioni\mozilla\firefox\profiles\vozyza66.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\dbyte\dati applicazioni\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\programmi\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\programmi\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programmi\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-8-22 218592]
R1 avgio;avgio;c:\programmi\avira\antivir desktop\avgio.sys [2009-3-22 11608]
R1 SASDIFSV;SASDIFSV;c:\programmi\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\avira\antivir desktop\sched.exe [2009-3-22 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\programmi\avira\antivir desktop\avguard.exe [2009-3-22 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-22 60936]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programmi\spyware doctor\bdt\BDTUpdateService.exe [2009-12-10 112592]
R2 DUMeterSvc;DU Meter Service;c:\programmi\du meter\DUMeterSvc.exe [2010-9-24 1411616]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\logmein\x86\rainfo.sys [2008-2-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-6-9 47640]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\programmi\du meter\DUM_XP32.sys [2010-9-24 16424]
R3 pbfilter;pbfilter;c:\programmi\peerblock\pbfilter.sys [2009-12-12 14424]
R3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [2008-6-20 1694592]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2008-6-8 215552]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate1c98d612f8448f4;Google Update Service (gupdate1c98d612f8448f4);c:\programmi\google\update\GoogleUpdate.exe [2009-2-12 133104]
S2 StarWindServiceAE;StarWind AE Service;c:\programmi\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programmi\file comuni\creative labs shared\service\CTAELicensing.exe [2009-5-3 79360]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\programmi\google\google desktop search\GoogleDesktop.exe [2009-10-29 30192]
S3 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\programmi\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-8-12 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-8-12 8320]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-4-5 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-4-5 11088]
S3 Rx2Agent;Rx2Agent;c:\programmi\raxco\perfectspeed20\Rx2Agent.exe [2010-1-21 779528]
S3 Rx2Engine;Rx2Engine;c:\programmi\raxco\perfectspeed20\Rx2Engine.exe [2010-1-21 947464]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\spyware doctor\pctsAuxs.exe [2010-6-18 366840]
S3 sdCoreService;PC Tools Security Service;c:\programmi\spyware doctor\pctsSvc.exe [2010-6-18 1142224]
S3 TomTomHOMEService;TomTomHOMEService;c:\programmi\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-11-16 22:33:22 -------- d-----w- C:\ComboFix
2010-11-08 08:42:52 -------- d-----w- c:\programmi\Eraser
2010-11-02 12:56:53 -------- d-----w- c:\docume~1\dbyte\datiap~1\Ashampoo
2010-11-02 12:56:46 -------- d-----w- c:\docume~1\dbyte\impost~1\datiap~1\ashampoo
2010-11-02 12:56:46 -------- d-----w- c:\docume~1\alluse~1\datiap~1\ashampoo
2010-11-02 12:56:33 -------- d-----w- c:\programmi\Ashampoo
2010-10-29 23:26:51 -------- d-----w- c:\documents and settings\dbyte\.zenmap
2010-10-29 23:25:26 -------- d-----w- c:\programmi\Nmap
2010-10-28 15:06:08 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys
2010-10-25 16:23:34 -------- d-----w- c:\programmi\Foxit Software
2010-10-22 22:19:23 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-22 22:19:23 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-19 21:52:24 -------- d-----w- c:\programmi\JDownloader

==================== Find3M ====================

2010-11-17 16:11:08 5 ----a-w- c:\windows\treeskp.sys
2010-11-17 16:11:08 5 ----a-w- c:\windows\sbacknt.bin
2010-11-16 15:59:27 3504 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-11-16 15:31:35 3764 --sha-w- c:\docume~1\alluse~1\datiap~1\KGyGaAvL.sys
2010-11-08 00:20:24 89088 ----a-w- c:\windows\MBR.exe
2010-10-29 23:49:33 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-10-29 23:49:33 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-10-29 23:49:29 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-10-22 06:23:30 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-22 06:23:30 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-22 06:23:29 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-22 06:23:29 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-22 06:23:29 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-22 06:23:29 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-10-22 06:23:22 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-22 06:23:22 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-22 06:23:22 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-15 17:15:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-15 17:14:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-18 10:23:20 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:18 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:18 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:18 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:49:31 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:49:24 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:49:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 09:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:54:47 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:24 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:58:08 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 05:13:50 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:17 617472 ----a-w- c:\windows\system32\comctl32.dll
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

============= FINISH: 17.33.40,89 ===============

Attached Files


Edited by DByte, 19 November 2010 - 06:52 AM.


BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:58 PM

Posted 28 November 2010 - 01:30 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 DByte

DByte
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 29 November 2010 - 03:46 AM

Thanks for replying! :thumbsup:
I ran DDS, generated log, but I was unable to do the same with gmer: I started the scan at about 12:00 AM, when I woke up the scan seemed finished, but there was the same strange behaviour of the vanishing writing, so I couldn't read anything, so I forced reset and had a normal boot, and everything was normal... I can assume nothing changed from the previous scan posted on the forum, because I kept the pc off during all this time.

Another strange behaviour I think is related to a malware but I'm not sure: when I use eMule or uTorrent, I practically can't navigate due to extremely slow connection speed... but I only opened the programs, and they're not downloading! I thought the ISP blocked them with filters, but why block also normal internet traffic? And why p2p programs work well, but not the rest?

If you wish a new log from gmer, I can run it in safe mode as the previous time, from here I'm sure there's no problem. Meanwhile I give you what I've done:



DDS (Ver_10-11-27.01) - NTFSx86
Run by DByte at 0.03.59,37 on 29/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2324 [GMT 1:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {0012F2B4-5CE9-7C92-0300-000100000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00200000-EE94-0012-94EE-120094EE1200}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {00000040-005C-0000-2C27-6F6300008871}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Creative\Shared Files\CTAudSvc.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Google\Gmail Notifier\gnotify.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\BOINC\boincmgr.exe
C:\Programmi\BOINC\boinctray.exe
C:\Programmi\LogMeIn\x86\LMIGuardian.exe
C:\Programmi\PeerBlock\peerblock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\UPSilon 2000\Monw32.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\DesktopEarth\DesktopEarth.exe
C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\vghd\VirtuaGirl_Downloader.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Programmi\LogMeIn\x86\RaMaint.exe
C:\Programmi\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Programmi\LogMeIn\x86\LogMeIn.exe
C:\Programmi\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PSIService.exe
c:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
C:\Programmi\UPSilon 2000\RupsMon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmi\UPSilon 2000\USBMate.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\BOINC\boinc.exe
C:\Documents and Settings\All Users\Dati applicazioni\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_nbody_0.21_windows_intelx86__sse2.exe
C:\Documents and Settings\All Users\Dati applicazioni\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_nbody_0.21_windows_intelx86__sse2.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\DU Meter\DUMeter.exe
C:\Programmi\DU Meter\DUMeterSvc.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\DByte\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\programmi\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\programmi\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\programmi\babylon\utils\BabylonIEPI.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\programmi\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\programmi\spyware doctor\bdt\PCTBrowserDefender.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\programmi\daemon tools toolbar\DTToolbar.dll
uRun: [STYLEXP] c:\programmi\tgtsoft\stylexp\StyleXP.exe -Hide
uRun: [DU Meter] c:\programmi\du meter\DUMeter.exe
uRun: [MsnMsgr] "c:\programmi\windows live\messenger\msnmsgr.exe" /background
uRun: [FileHippo.com] "c:\programmi\filehippo.com\UpdateChecker.exe" /background
uRun: [PeerBlock] c:\programmi\peerblock\peerblock.exe
uRun: [Skype] "c:\programmi\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LogMeIn GUI] "c:\programmi\logmein\x86\LogMeInSystray.exe"
mRun: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
mRun: [avgnt] "c:\programmi\avira\antivir desktop\avgnt.exe" /min
mRun: [Babylon Client] c:\programmi\babylon\Babylon.exe -AutoStart
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\programmi\google\gmail notifier\gnotify.exe
mRun: [Google Desktop Search] "c:\programmi\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [boincmgr] "c:\programmi\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\programmi\boinc\boinctray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\dbyte\menuav~1\progra~1\esecuz~1\colleg~1.lnk - c:\programmi\desktopearth\DesktopEarth.exe
StartupFolder: c:\docume~1\dbyte\menuav~1\progra~1\esecuz~1\desktopvideoplayer.lnk - c:\programmi\vghd\vghd.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\rupsmo~1.lnk - c:\programmi\upsilon 2000\Monw32.exe
IE: &NeoTrace It! - c:\progra~1\neotra~1\NTXcontext.htm
IE: Translate this web page with Babylon - c:\programmi\babylon\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\babylon\utils\BabylonIEPI.dll/Action.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\programmi\babylon\utils\BabylonIEPI.dll/ActionTU.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\programmi\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {4819DFDF-ABC4-488C-A323-919848C51175}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: {E4B97E38-87A3-47B1-A79F-D80F6028438E} = 151.99.125.2,151.99.125.3
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fileco~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\programmi\superantispyware\SASWINLO.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programmi\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dbyte\datiap~1\mozilla\firefox\profiles\vozyza66.default\
FF - prefs.js: browser.search.selectedEngine - Nonciclopedia (Italiano)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\programmi\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\dbyte\dati applicazioni\mozilla\firefox\profiles\vozyza66.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\dbyte\dati applicazioni\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\programmi\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\programmi\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programmi\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: external IP: externalip@erik.morlin - c:\docume~1\dbyte\datiap~1\mozilla\firefox\profiles\vozyza66.default\extensions\externalip@erik.morlin
FF - Extension: FireGestures: firegestures@xuldev.org - c:\docume~1\dbyte\datiap~1\mozilla\firefox\profiles\vozyza66.default\extensions\firegestures@xuldev.org
FF - Extension: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - c:\docume~1\dbyte\datiap~1\mozilla\firefox\profiles\vozyza66.default\extensions\LogMeInClient@logmein.com
FF - Extension: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - c:\docume~1\dbyte\datiap~1\mozilla\firefox\profiles\vozyza66.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\dbyte\datiap~1\mozilla\firefox\profiles\vozyza66.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - c:\docume~1\dbyte\datiap~1\mozilla\firefox\profiles\vozyza66.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Extension: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - c:\docume~1\dbyte\datiap~1\mozilla\firefox\profiles\vozyza66.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF - Extension: FAYT: {c2d0e930-64de-11db-bd13-0800200c9a66} - c:\docume~1\dbyte\datiap~1\mozilla\firefox\profiles\vozyza66.default\extensions\{c2d0e930-64de-11db-bd13-0800200c9a66}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\docume~1\dbyte\datiap~1\mozilla\firefox\profiles\vozyza66.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Extended Statusbar: {daf44bf7-a45e-4450-979c-91cf07434c3d} - c:\docume~1\dbyte\datiap~1\mozilla\firefox\profiles\vozyza66.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - c:\docume~1\dbyte\datiap~1\mozilla\firefox\profiles\vozyza66.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Extension: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - c:\docume~1\dbyte\datiap~1\mozilla\firefox\profiles\vozyza66.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Extension: QuickRestart: {F645A8C9-E969-42D9-B3F3-F325537222FD} - c:\docume~1\dbyte\datiap~1\mozilla\firefox\profiles\vozyza66.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\programmi\nokia\nokia pc suite 7\bkmrksync
FF - Extension: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\programmi\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\programmi\java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-8-22 218592]
R1 avgio;avgio;c:\programmi\avira\antivir desktop\avgio.sys [2009-3-22 11608]
R1 SASDIFSV;SASDIFSV;c:\programmi\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\avira\antivir desktop\sched.exe [2009-3-22 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\programmi\avira\antivir desktop\avguard.exe [2009-3-22 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-22 60936]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programmi\spyware doctor\bdt\BDTUpdateService.exe [2009-12-10 112592]
R2 DUMeterSvc;DU Meter Service;c:\programmi\du meter\DUMeterSvc.exe [2010-9-24 1411616]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\logmein\x86\rainfo.sys [2008-2-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-6-9 47640]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\programmi\du meter\DUM_XP32.sys [2010-9-24 16424]
R3 pbfilter;pbfilter;c:\programmi\peerblock\pbfilter.sys [2009-12-12 19056]
R3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [2008-6-20 1694592]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2008-6-8 215552]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate1c98d612f8448f4;Google Update Service (gupdate1c98d612f8448f4);c:\programmi\google\update\GoogleUpdate.exe [2009-2-12 133104]
S2 StarWindServiceAE;StarWind AE Service;c:\programmi\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programmi\file comuni\creative labs shared\service\CTAELicensing.exe [2009-5-3 79360]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\programmi\google\google desktop search\GoogleDesktop.exe [2009-10-29 30192]
S3 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\programmi\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-8-12 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-8-12 8320]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-4-5 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-4-5 11088]
S3 Rx2Agent;Rx2Agent;c:\programmi\raxco\perfectspeed20\Rx2Agent.exe [2010-1-21 779528]
S3 Rx2Engine;Rx2Engine;c:\programmi\raxco\perfectspeed20\Rx2Engine.exe [2010-1-21 947464]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\spyware doctor\pctsAuxs.exe [2010-6-18 366840]
S3 sdCoreService;PC Tools Security Service;c:\programmi\spyware doctor\pctsSvc.exe [2010-6-18 1142224]
S3 TomTomHOMEService;TomTomHOMEService;c:\programmi\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-11-25 10:07:42 -------- d-----w- c:\programmi\Wireshark
2010-11-19 10:21:55 274152 ----a-w- c:\windows\system32\Strip.ocx
2010-11-19 10:21:54 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2010-11-19 10:21:54 138464 ----a-w- c:\windows\system32\Percent.ocx
2010-11-19 10:21:54 130800 ----a-w- c:\windows\system32\AGaugeM.ocx
2010-11-19 10:21:20 -------- d-----w- c:\programmi\UPSilon 2000
2010-11-19 10:20:18 274432 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\10\50\intel32\iscript.dll
2010-11-19 10:20:18 180224 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\10\50\intel32\iuser.dll
2010-11-19 10:20:17 749568 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\10\50\intel32\iKernel.dll
2010-11-19 10:20:17 69715 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\10\50\intel32\ctor.dll
2010-11-19 10:20:17 5632 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2010-11-19 10:20:16 192644 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\10\50\intel32\iGdi.dll
2010-11-19 10:20:15 323716 ----a-w- c:\programmi\file comuni\installshield\professional\runtime\10\50\intel32\setup.dll
2010-11-16 22:33:22 -------- d-----w- C:\ComboFix
2010-11-08 08:42:52 -------- d-----w- c:\programmi\Eraser
2010-11-02 12:56:53 -------- d-----w- c:\docume~1\dbyte\datiap~1\Ashampoo
2010-11-02 12:56:46 -------- d-----w- c:\docume~1\dbyte\impost~1\datiap~1\ashampoo
2010-11-02 12:56:46 -------- d-----w- c:\docume~1\alluse~1\datiap~1\ashampoo
2010-11-02 12:56:33 -------- d-----w- c:\programmi\Ashampoo
2010-10-29 23:26:51 -------- d-----w- c:\documents and settings\dbyte\.zenmap
2010-10-29 23:25:26 -------- d-----w- c:\programmi\Nmap

==================== Find3M ====================

2010-11-28 23:00:58 5 ----a-w- c:\windows\treeskp.sys
2010-11-28 23:00:58 5 ----a-w- c:\windows\sbacknt.bin
2010-11-18 06:00:01 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-11-18 06:00:01 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-11-18 05:59:58 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-11-16 15:59:27 3504 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-11-16 15:31:35 3764 --sha-w- c:\docume~1\alluse~1\datiap~1\KGyGaAvL.sys
2010-11-08 00:20:24 89088 ----a-w- c:\windows\MBR.exe
2010-10-22 06:23:30 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-22 06:23:30 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-22 06:23:29 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-22 06:23:29 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-22 06:23:29 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-22 06:23:29 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-22 06:23:29 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-22 06:23:29 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-10-22 06:23:22 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-22 06:23:22 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-22 06:23:22 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-15 17:15:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-15 17:14:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-18 10:23:20 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:18 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:18 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:18 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:49:31 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:49:24 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:49:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 09:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:54:47 1852800 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

============= FINISH: 0.04.55,42 ===============

Attached Files



#4 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:08:58 AM

Posted 29 November 2010 - 10:45 AM

Hello DByte

I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy.

As you can see the logs we ask for are very extensive and take a lot of time to investigate. If you haven't already, you can keep the link to this topic in your Favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this Topic, where you can choose email notifications.

Please make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box.
Please do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please have patience while I analyze your log.


Thanks!!
PW

#5 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:08:58 AM

Posted 30 November 2010 - 09:45 AM

Hello DByte,

I see you have remote software on your computer.

In your case, this is refering to:

LogMeIn

Remote control programs allow complete control of your machine as if you are sitting in front of it, even if you are in some distant location. While this can be a good thing, we need to make sure that this software was installed for a benign purpose, and not for a malicious one. If an attacker installed one of these programs, it would allow them to remotely control your computer, steal critical system information and download and execute files.

If you have this application installed on purpose, than you can safely ignore this warning. But if you didn't install this application, please remove it from Add/Remove Programs now.

P2P

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case µTorrent and EMule). These programs allow file sharing between users as the name(s) suggest. In today's world cyber crime has become an enormous problem. Different ways are used to infect personal computers to make use of their stored data or machine power for further propagation of malware files. A popular means is the use of file-sharing tools as a huge amount of prospective victims can be reached through them.

It is therefore possible to be infected by downloading infected files via peer-to-peer tools and so these tools must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes on copyright laws in many countries over the world and you are putting yourself at risk of of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

If you decide to keep this program please refrain from using it until we get your computer clean.

Registry Cleaners

The following is referring to Perfect Speed Optimizer and CCleaner.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

CCleaner is an excellent program but contains a registry cleaner. Please do not use the Registry Cleaner option in CCleaner.
More information about registry cleaners can be found at Miekiemoes Blog

Multiple Antivirus programs

You should never have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

In your case I notice that you have two antivirus programs installed. Avira Antivir and SpyWare Doctor.

I suggest you uninstall one of the antivirus programs via Add/Remove Programs. If you decide to keep Avira Antivir please uninstall the program via Add / Remove Programs and reinstall the newest version.

Upload file.

Click the browse button. Copy and paste the lines in bold in the open box, then click Send File after pasting one line. You will only be able to have one file scanned at a time.

c:\windows\system32\drivers\npf.sys

If the file has been analyzed before, click the Reanalyse File Now button.
Please copy and paste the results of the scan in your next post.

Step 1.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Step 2.

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


Step 3.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. <----Important
    Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

In your next reply please include the following:

VirusTotal scan results
RKUnhooker scan results
ComboFix.txt


How is your computer running? Any changes?


Thanks!!
PW

#6 DByte

DByte
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 30 November 2010 - 06:43 PM

Hi pwgib,

I'm perfecly aware of these programs:
- I use extensively Logmein on my pc, when I travel.
- I'm very careful when using eMule or uTorrent, plus recently I don't use them very much.
- Perfect Speed Optimizer is no longer installed... too heavy to use ;) Ccleaner is used mainly to cleanup unused files sometimes.
- My default antivirus is Antivir, Spyware Doctor is used only when I need it to do a scan, I keep it always disabled.

The file you requested to scan with Virustotal is unharmful: it's part of Winpcap, which came with Wireshark and Nmap, programs I use.
RKunhooker link was broken, I found the program elsewhere with google.
Now I'm thinking, probably I didn't check "Drivers, Stealth" during scan, maybe it's too verbose...
Anyway, here are the logs. Good Work! (and good luck!)

Virustotal scan:
File name: npf.sys
Submission date: 2010-11-30 18:35:52 (UTC)
Current status: finished
Result: 0 /43 (0.0%)
Antivirus Version Last Update Result
AhnLab-V3 2010.11.30.01 2010.11.30 -
AntiVir 7.10.14.155 2010.11.30 -
Antiy-AVL 2.0.3.7 2010.11.30 -
Avast 4.8.1351.0 2010.11.30 -
Avast5 5.0.677.0 2010.11.30 -
AVG 9.0.0.851 2010.11.30 -
BitDefender 7.2 2010.11.30 -
CAT-QuickHeal 11.00 2010.11.30 -
ClamAV 0.96.4.0 2010.11.30 -
Command 5.2.11.5 2010.11.30 -
Comodo 6904 2010.11.30 -
DrWeb 5.0.2.03300 2010.11.30 -
Emsisoft 5.0.0.50 2010.11.30 -
eSafe 7.0.17.0 2010.11.29 -
eTrust-Vet 36.1.8008 2010.11.30 -
F-Prot 4.6.2.117 2010.11.30 -
F-Secure 9.0.16160.0 2010.11.30 -
Fortinet 4.2.254.0 2010.11.30 -
GData 21 2010.11.30 -
Ikarus T3.1.1.90.0 2010.11.30 -
Jiangmin 13.0.900 2010.11.30 -
K7AntiVirus 9.69.3126 2010.11.30 -
Kaspersky 7.0.0.125 2010.11.30 -
McAfee 5.400.0.1158 2010.11.30 -
McAfee-GW-Edition 2010.1C 2010.11.30 -
Microsoft 1.6402 2010.11.30 -
NOD32 5661 2010.11.30 -
Norman 6.06.10 2010.11.30 -
nProtect 2010-11-30.01 2010.11.30 -
Panda 10.0.2.7 2010.11.30 -
PCTools 7.0.3.5 2010.11.30 -
Prevx 3.0 2010.11.30 -
Rising 22.76.01.04 2010.11.30 -
Sophos 4.60.0 2010.11.30 -
SUPERAntiSpyware4.40.0.1006 2010.11.30 -
Symantec 20101.2.0.161 2010.11.30 -
TheHacker 6.7.0.1.093 2010.11.30 -
TrendMicro 9.120.0.1004 2010.11.30 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.30 -
VBA32 3.12.14.2 2010.11.30 -
VIPRE 7455 2010.11.30 -
ViRobot 2010.11.30.4177 2010.11.30 -
VirusBuster 13.6.67.6 2010.11.30 -

RKunhooker log:
RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.7.300.501
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
>SSDT State
NtCreateKey
Actual Address 0xB7ECC112
Hooked by: PCTCore.sys
NtCreateProcess
Actual Address 0xB7EAB2D6
Hooked by: PCTCore.sys
NtCreateProcessEx
Actual Address 0xB7EAB4C8
Hooked by: PCTCore.sys
NtCreateThread
Actual Address 0xB8701884
Hooked by: Unknown module filename
NtDeleteKey
Actual Address 0xB7ECC900
Hooked by: PCTCore.sys
NtDeleteValueKey
Actual Address 0xB7ECCBB4
Hooked by: PCTCore.sys
NtLoadKey
Actual Address 0xB87018A2
Hooked by: Unknown module filename
NtOpenKey
Actual Address 0xB7ECAE12
Hooked by: PCTCore.sys
NtOpenProcess
Actual Address 0xB8701870
Hooked by: Unknown module filename
NtOpenThread
Actual Address 0xB8701875
Hooked by: Unknown module filename
NtRenameKey
Actual Address 0xB7ECD020
Hooked by: PCTCore.sys
NtReplaceKey
Actual Address 0xB87018AC
Hooked by: Unknown module filename
NtRestoreKey
Actual Address 0xB87018A7
Hooked by: Unknown module filename
NtSetValueKey
Actual Address 0xB7ECC3D2
Hooked by: PCTCore.sys
NtTerminateProcess
Actual Address 0xB7EAAF44
Hooked by: PCTCore.sys
==============================================
>Shadow
==============================================
>Processes
Process: System
Process Id: 4
EPROCESS Address: 0x8AF399C8

Process: C:\Programmi\PeerBlock\peerblock.exe
Process Id: 200
EPROCESS Address: 0x8A68C590

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 396
EPROCESS Address: 0x89A4A918

Process: C:\WINDOWS\system32\spoolsv.exe
Process Id: 416
EPROCESS Address: 0x8A360750

Process: C:\Programmi\vghd\VirtuaGirl_Downloader.exe
Process Id: 440
EPROCESS Address: 0x8A82B898

Process: C:\Documents and Settings\All Users\Dati applicazioni\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_0.45_windows_intelx86__sse2.exe
Process Id: 540
EPROCESS Address: 0x89720520

Process: C:\Programmi\Creative\Shared Files\CTAudSvc.exe
Process Id: 572
EPROCESS Address: 0x8AD321D8

Process: C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe
Process Id: 600
EPROCESS Address: 0x8A7EF4F8

Process: C:\Programmi\vghd\vghd.exe
Process Id: 608
EPROCESS Address: 0x8A8D5DA0

Process: C:\Programmi\Avira\AntiVir Desktop\sched.exe
Process Id: 636
EPROCESS Address: 0x8A8A2108

Process: C:\WINDOWS\explorer.exe
Process Id: 648
EPROCESS Address: 0x8A3FE750

Process: C:\Programmi\UPSilon 2000\RupsMon.exe
Process Id: 660
EPROCESS Address: 0x899F6DA0

Process: C:\Programmi\Skype\Phone\Skype.exe
Process Id: 744
EPROCESS Address: 0x8A8D4448

Process: C:\WINDOWS\system32\Crypserv.exe
Process Id: 764
EPROCESS Address: 0x8A71D710

Process: C:\Programmi\DU Meter\DUMeterSvc.exe
Process Id: 936
EPROCESS Address: 0x8A6E4540

Process: C:\Programmi\DU Meter\DUMeter.exe
Process Id: 944
EPROCESS Address: 0x8A7E38E0

Process: C:\WINDOWS\system32\smss.exe
Process Id: 992
EPROCESS Address: 0x8A879360

Process: C:\Programmi\LogMeIn\x86\LogMeInSystray.exe
Process Id: 1004
EPROCESS Address: 0x8A52C600

Process: C:\WINDOWS\system32\rundll32.exe
Process Id: 1028
EPROCESS Address: 0x8A2AE750

Process: C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
Process Id: 1032
EPROCESS Address: 0x8A2E4750

Process: C:\Programmi\Google\Gmail Notifier\gnotify.exe
Process Id: 1048
EPROCESS Address: 0x8A7F64F0

Process: C:\Programmi\Babylon\Babylon.exe
Process Id: 1052
EPROCESS Address: 0x8A80CDA0

Process: C:\WINDOWS\system32\csrss.exe
Process Id: 1056
EPROCESS Address: 0x8A836928

Process: C:\WINDOWS\system32\winlogon.exe
Process Id: 1080
EPROCESS Address: 0x8A118DA0

Process: C:\WINDOWS\system32\services.exe
Process Id: 1124
EPROCESS Address: 0x8A0FEDA0

Process: C:\WINDOWS\system32\lsass.exe
Process Id: 1136
EPROCESS Address: 0x8AD248B8

Process: C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
Process Id: 1208
EPROCESS Address: 0x8A7F5310

Process: C:\Programmi\LogMeIn\x86\LMIGuardian.exe
Process Id: 1268
EPROCESS Address: 0x8A7CB338

Process: C:\WINDOWS\system32\nvsvc32.exe
Process Id: 1316
EPROCESS Address: 0x8A7A0DA0

Process: C:\WINDOWS\system32\ctfmon.exe
Process Id: 1376
EPROCESS Address: 0x8A17FDA0

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1392
EPROCESS Address: 0x8A89E788

Process: C:\Programmi\BOINC\boinc.exe
Process Id: 1412
EPROCESS Address: 0x8970B580

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1440
EPROCESS Address: 0x8A82F9D8

Process: C:\Programmi\LogMeIn\x86\LMIGuardian.exe
Process Id: 1488
EPROCESS Address: 0x8AE466A0

Process: C:\Programmi\BOINC\boincmgr.exe
Process Id: 1536
EPROCESS Address: 0x8A7C2458

Process: C:\Programmi\BOINC\boinctray.exe
Process Id: 1548
EPROCESS Address: 0x8A6C2910

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1584
EPROCESS Address: 0x8AD22A08

Process: C:\Programmi\TGTSoft\StyleXP\StyleXP.exe
Process Id: 1604
EPROCESS Address: 0x8A814800

Process: C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
Process Id: 1608
EPROCESS Address: 0x8AD13258

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1668
EPROCESS Address: 0x8A78C270

Process: C:\Programmi\Windows Live\Messenger\msnmsgr.exe
Process Id: 1724
EPROCESS Address: 0x8A7B07D0

Process: C:\Programmi\DesktopEarth\DesktopEarth.exe
Process Id: 1772
EPROCESS Address: 0x8A169DA0

Process: C:\Programmi\FileHippo.com\UpdateChecker.exe
Process Id: 1864
EPROCESS Address: 0x8AD0E340

Process: C:\Programmi\Avira\AntiVir Desktop\avguard.exe
Process Id: 1876
EPROCESS Address: 0x8A6BB278

Process: C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
Process Id: 1968
EPROCESS Address: 0x8A13ADA0

Process: C:\Programmi\UPSilon 2000\Monw32.exe
Process Id: 1976
EPROCESS Address: 0x8A1ECDA0

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 2028
EPROCESS Address: 0x8A3C1750

Process: C:\Documents and Settings\All Users\Dati applicazioni\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_nbody_0.21_windows_intelx86__sse2.exe
Process Id: 2136
EPROCESS Address: 0x89065DA0

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 2416
EPROCESS Address: 0x89999020

Process: C:\Programmi\Skype\Plugin Manager\skypePM.exe
Process Id: 2444
EPROCESS Address: 0x898B9300

Process: C:\WINDOWS\system32\alg.exe
Process Id: 2652
EPROCESS Address: 0x89784DA0

Process: C:\Programmi\Google\Update\GoogleUpdate.exe
Process Id: 2740
EPROCESS Address: 0x899FCDA0

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 2788
EPROCESS Address: 0x8A8FCDA0

Process: C:\Programmi\Google\Update\1.2.183.39\GoogleCrashHandler.exe
Process Id: 2924
EPROCESS Address: 0x8AE71710

Process: C:\Programmi\Windows Live\Contacts\wlcomm.exe
Process Id: 2988
EPROCESS Address: 0x89005918

Process: C:\Programmi\LogMeIn\x86\ramaint.exe
Process Id: 3112
EPROCESS Address: 0x8AA82818

Process: C:\Programmi\UPSilon 2000\usbmate.exe
Process Id: 3344
EPROCESS Address: 0x89968BB0

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 3504
EPROCESS Address: 0x89983DA0

Process: C:\WINDOWS\system32\PSIService.exe
Process Id: 3668
EPROCESS Address: 0x89930918

Process: C:\Programmi\LogMeIn\x86\LogMeIn.exe
Process Id: 3724
EPROCESS Address: 0x89AB5620

Process: C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
Process Id: 3912
EPROCESS Address: 0x89A8BDA0

Process: C:\RkUnhooker\7swpr1WXijq1lU6cjc.exe
Process Id: 3388
EPROCESS Address: 0x8858D710

==============================================
>Drivers
Driver: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB6BD0000
Size: 9625600 bytes

Driver: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBD012000
Size: 6361088 bytes

Driver: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000
Size: 2154496 bytes

Driver: PnpManager
Address: 0x804D7000
Size: 2154496 bytes

Driver: RAW
Address: 0x804D7000
Size: 2154496 bytes

Driver: WMIxWDM
Address: 0x804D7000
Size: 2154496 bytes

Driver: Win32k
Address: 0xBF800000
Size: 1855488 bytes

Driver: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000
Size: 1855488 bytes

Driver: C:\WINDOWS\system32\DRIVERS\sbusb.sys
Address: 0xB411C000
Size: 1695744 bytes

Driver: Ntfs.sys
Address: 0xB7DE5000
Size: 577536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xB4032000
Size: 458752 bytes

Driver: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB6A68000
Size: 385024 bytes

Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xB43D4000
Size: 364544 bytes

Driver: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB2722000
Size: 360448 bytes

Driver: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000
Size: 286720 bytes

Driver: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB1E93000
Size: 266240 bytes

Driver: PCTCore.sys
Address: 0xB7EA0000
Size: 233472 bytes

Driver: C:\WINDOWS\system32\DRIVERS\sis163u.sys
Address: 0xB42BA000
Size: 217088 bytes

Driver: C:\WINDOWS\system32\DRIVERS\b57xp32.sys
Address: 0xB6B8A000
Size: 204800 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
Address: 0xB40C8000
Size: 196608 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB6AC6000
Size: 196608 bytes

Driver: ACPI.sys
Address: 0xB7F59000
Size: 188416 bytes

Driver: NDIS.sys
Address: 0xB7DB8000
Size: 184320 bytes

Driver: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB174D000
Size: 176128 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xB4317000
Size: 176128 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xB43AC000
Size: 163840 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
Address: 0xB40A2000
Size: 155648 bytes

Driver: dmio.sys
Address: 0xB7F03000
Size: 155648 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xB4386000
Size: 155648 bytes

Driver: C:\WINDOWS\system32\DRIVERS\portcls.sys
Address: 0xB40F8000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB6B66000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Address: 0xB400F000
Size: 143360 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB6B1E000
Size: 143360 bytes

Driver: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB4364000
Size: 139264 bytes

Driver: C:\Programmi\SUPERAntiSpyware\SASKUTIL.SYS
Address: 0xB4342000
Size: 139264 bytes

Driver: ACPI_HAL
Address: 0x806E5000
Size: 134400 bytes

Driver: C:\WINDOWS\system32\hal.dll
Address: 0x806E5000
Size: 134400 bytes

Driver: fltmgr.sys
Address: 0xB7F87000
Size: 131072 bytes

Driver: ftdisk.sys
Address: 0xB7F29000
Size: 126976 bytes

Driver: Mup.sys
Address: 0xB7D9E000
Size: 106496 bytes

Driver: atapi.sys
Address: 0xB7EEB000
Size: 98304 bytes

Driver: KSecDD.sys
Address: 0xB7E89000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB6B07000
Size: 94208 bytes

Driver: WudfPf.sys
Address: 0xB7E72000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Address: 0xB3417000
Size: 86016 bytes

Driver: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB301A000
Size: 86016 bytes

Driver: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB6B41000
Size: 81920 bytes

Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB6BBC000
Size: 81920 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xB442D000
Size: 77824 bytes

Driver: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBD000000
Size: 73728 bytes

Driver: sr.sys
Address: 0xB7ED9000
Size: 73728 bytes

Driver: pci.sys
Address: 0xB7F48000
Size: 69632 bytes

Driver: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB6AF6000
Size: 69632 bytes

Driver: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xB6B55000
Size: 69632 bytes

Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xB751E000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xB8278000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rspndr.sys
Address: 0xB8238000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\drmk.sys
Address: 0xB756E000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xB8288000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB3307000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xB8308000
Size: 61440 bytes

Driver: VolSnap.sys
Address: 0xB80C8000
Size: 57344 bytes

Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xB80E8000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xB8258000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xB8298000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xB82B8000
Size: 49152 bytes

Driver: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xB755E000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xB8268000
Size: 45056 bytes

Driver: MountMgr.sys
Address: 0xB80B8000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xB82A8000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xB8248000
Size: 40960 bytes

Driver: isapnp.sys
Address: 0xB80A8000
Size: 40960 bytes

Driver: C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
Address: 0xB32E7000
Size: 40960 bytes

Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xB82E8000
Size: 40960 bytes

Driver: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Address: 0xB2A3A000
Size: 40960 bytes

Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xB82D8000
Size: 40960 bytes

Driver: disk.sys
Address: 0xB80D8000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xB758E000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Address: 0xB21C7000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xB82C8000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xB8318000
Size: 36864 bytes

Driver: PxHelp20.sys
Address: 0xB80F8000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xB757E000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xB83D0000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xB83F8000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xB8368000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xB83F0000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xB8370000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\drivers\npf.sys
Address: 0xB8488000
Size: 28672 bytes

Driver: C:\Programmi\PeerBlock\pbfilter.sys
Address: 0xB8478000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xB8328000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xB8378000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\rkhdrv40.SYS
Address: 0xB8440000
Size: 24576 bytes

Driver: C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xB83E0000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Address: 0xB83D8000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xB8340000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xB83C0000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\ckldrv.sys
Address: 0xB83E8000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\hamachi.sys
Address: 0xB8398000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xB83C8000
Size: 20480 bytes

Driver: PartMgr.sys
Address: 0xB8330000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xB8388000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xB8390000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xB8380000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\watchdog.sys
Address: 0xB8400000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xB8570000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB333B000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\drivers\PfModNT.sys
Address: 0xB2626000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xB7A3B000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xB84B8000
Size: 12288 bytes

Driver: C:\Programmi\DU Meter\DUM_XP32.SYS
Address: 0xB2083000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB7A3F000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xB7D5E000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xB7A33000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xB85A4000
Size: 12288 bytes

Driver: C:\Programmi\TGTSoft\StyleXP\StyleXPHelper.exe
Address: 0xB7D6A000
Size: 12288 bytes

Driver: C:\Programmi\Avira\AntiVir Desktop\avgio.sys
Address: 0xB85F4000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xB85EC000
Size: 8192 bytes

Driver: dmload.sys
Address: 0xB85AC000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xB85EA000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xB85A8000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xB85EE000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xB866C000
Size: 8192 bytes

Driver: C:\Programmi\LogMeIn\x86\RaInfo.sys
Address: 0xB8624000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xB85F0000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xB85E4000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xB85E8000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xB85AA000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xB8784000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xB87A2000
Size: 4096 bytes

Driver: C:\WINDOWS\system32\DRIVERS\lmimirr.sys
Address: 0xB8783000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xB8758000
Size: 4096 bytes

Driver: pciide.sys
Address: 0xB8670000
Size: 4096 bytes

==============================================
>Stealth
==============================================
>Files

Suspect File: C:\Documents and Settings\DByte\Dati applicazioni\Microsoft\MSN Messenger\sqmnoopt00.sqm Status: Hidden


Suspect File: C:\Documents and Settings\DByte\Dati applicazioni\Microsoft\MSN Messenger\sqmnoopt01.sqm Status: Hidden


Suspect File: C:\Documents and Settings\DByte\Dati applicazioni\Skype\dbyte883\bistats.db::$DATA Status: Hidden


Suspect File: C:\Documents and Settings\DByte\Dati applicazioni\Skype\dbyte883\dc.db::$DATA Status: Hidden


Suspect File: C:\Documents and Settings\DByte\Dati applicazioni\Skype\dbyte883\griffin.db::$DATA Status: Hidden


Suspect File: C:\Documents and Settings\DByte\Dati applicazioni\Skype\dbyte883\keyval.db::$DATA Status: Hidden


Suspect File: C:\Documents and Settings\DByte\Dati applicazioni\Skype\dbyte883\main.db::$DATA Status: Hidden


Suspect File: C:\Documents and Settings\DByte\Dati applicazioni\Skype\shared_dynco\dc.db::$DATA Status: Hidden


Suspect File: C:\Documents and Settings\DByte\Dati applicazioni\Skype\shared_httpfe\queue.db::$DATA Status: Hidden


Suspect File: C:\Documents and Settings\DByte\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\{ad5d9f46-6bb8-44ad-a57b-227c428a49e4}\DBStore\contacts.edb::$DATA Status: Hidden


Suspect File: C:\Documents and Settings\DByte\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\{ad5d9f46-6bb8-44ad-a57b-227c428a49e4}\DBStore\LogFiles\edb.log::$DATA Status: Hidden


Suspect File: C:\Documents and Settings\DByte\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\{cb7ea6fc-41b1-4f1c-b22a-3fd7133542f8}\DBStore\contacts.edb::$DATA Status: Hidden


Suspect File: C:\Documents and Settings\DByte\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\{cb7ea6fc-41b1-4f1c-b22a-3fd7133542f8}\DBStore\LogFiles\edb.log::$DATA Status: Hidden


Suspect File: C:\Documents and Settings\DByte\Impostazioni locali\Temporary Internet Files\Content.IE5\O40KY2GF\whatsnewservice[1].asmx Status: Hidden


Suspect File: C:\Documents and Settings\DByte\Impostazioni locali\temp\MessengerCache\IejR38niSVS6y6kb2rC2DohKgA8= Status: Hidden


Suspect File: C:\games\flash\Robokill 2.exe::$DATA Status: Hidden


Suspect File: C:\Qoobox\BackEnv\AppData.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Cache.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Cookies.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Desktop.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Favorites.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\History.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\LocalAppData.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\LocalSettings.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Music.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\NetHood.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Personal.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Pictures.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\PrintHood.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Profiles.Folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Programs.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Recent.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\SendTo.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\SetPath.bat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\StartMenu.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\StartUp.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\SysPath.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Templates.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\VikPev00 Status: Hidden

==============================================
>Hooks

[200]peerblock.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump at address 0x7C84495D hook handler located in [peerblock.exe]
[648]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll]

Attached Files



#7 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:08:58 AM

Posted 01 December 2010 - 12:41 PM

Hello DByte,

Please do not attach logs unless asked to. :)

My default antivirus is Antivir, Spyware Doctor is used only when I need it to do a scan, I keep it always disabled.

It is important that you disable Antivir when doing a scan with SpyWare Doctor.

Also, it appears you might have multiple instances of Antivir running. You might try uninstalling Antivir completely via Add/Remove programs then reinstalling. Sometimes when upgrading to a newer version over the existing application all the components of the previous version are not uninstalled properly.

Step 1.

RKunhooker link was broken, I found the program elsewhere with google.

Sorry about that. I thought I had changed the link.

The version of RKUnhooker you ran is out of date. Please re-run using the following instructions. pay special attention to what should be checked/unchecked. :thumbup2:

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


Step 2.

For information purposes you should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

Please post combofix.txt from the previous run of ComboFix.

Go to Start | My Computer | C:\Qoobox\. In the Qoobox Folder will be up to 4 previous ComboFix.txt reports in the following format:

Example:
C:\qoobox\ComboFix2.txt 2007-12-29 17:07:26
C:\qoobox\ComboFix3.txt 2007-12-27 20:42:53
C:\qoobox\ComboFix4.txt 2007-12-27 15:56:10
C:\qoobox\ComboFix5.txt 2007-12-27 15:33:58

Check the date and time Then post the newest run of Combofix previous to ComboFix 10-11-30.02 - DByte 30/11/2010 23.57.15

Also, please post the dates and times of any earlier ComboFix.txt logs listed.

Step 3.

We need to run a Combofix Script

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <<----Important
3. Open notepad and copy/paste the text in the codebox below into it:

DDS::
DPF: {4819DFDF-ABC4-488C-A323-919848C51175}

Driver:: 
Lbd

Regnull:: 
[HKEY_USERS\S-1-5-21-1292428093-1123561945-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{13A0C87B-6783-7722-EB6D-625687DE3CB0}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{13A0C87B-6783-7722-EB6D-625687DE3CB0}\InProcServer32*]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If Combofix prompts you to update the program please allow it to do so.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

In your next reply please include the following:

RKUnhooker report
Previous Combofix.txt
List of dates and times of previos runs of Combofix.txt
Combofix.txt after running the script.



Please detail any problems you are still having.

Thanks!!
PW

#8 DByte

DByte
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 01 December 2010 - 03:01 PM

Hello pwgib,

I uninstalled and reinstalled antivir, but even if I disabled the guard and terminated all processes and services, combofix said there were 5 scanners active, how can I turn them off for sure?
In folder Qoobox there's only one previous scan with date 16/11/2010 23.34.32.9.2.

RkUnhooker log:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB6C69000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 9625600 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 260.99 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6361088 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 260.99 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, Sistema e kernel NT)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Driver Win32 multiutente)
0xB4185000 C:\WINDOWS\system32\DRIVERS\sbusb.sys 1695744 bytes (Creative Technology Ltd., WDM Audio Miniport)
0xB7DE5000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB4358000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB6B01000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB44AD000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB2A3B000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB20E7000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB7EA0000 PCTCore.sys 233472 bytes (PC Tools, PC Tools KDS Core Driver)
0xB4323000 C:\WINDOWS\system32\DRIVERS\sis163u.sys 217088 bytes (Silicon Integrated Systems Corp., SiS163 USB Wireless LAN Adapter Driver)
0xB6C23000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 204800 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xB4131000 C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 196608 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xB6B5F000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB7F59000 ACPI.sys 188416 bytes (Microsoft Corporation, Driver ACPI per NT)
0xB7DB8000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB1FBC000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB43F0000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB4485000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB410B000 C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 155648 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))
0xB7F03000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, Driver di I/O di Gestione dischi di NT)
0xB445F000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB4161000 C:\WINDOWS\system32\DRIVERS\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB6BFF000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB1FFC000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 143360 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xB6BB7000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB443D000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB441B000 C:\Programmi\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7F87000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F29000 ftdisk.sys 126976 bytes (Microsoft Corporation, Driver FT del disco)
0xB7D9E000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7EEB000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB7E89000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB6BA0000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB7E72000 WudfPf.sys 94208 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xB1FE7000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xB3153000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB6BDA000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Driver della porta parallela)
0xB6C55000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB4506000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7ED9000 sr.sys 73728 bytes (Microsoft Corporation, Driver filtro file system Ripristino configurazione di sistema)
0xB7F48000 pci.sys 69632 bytes (Microsoft Corporation, Enumeratore PCI Plug and Play per NT)
0xB6B8F000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB6BEE000 C:\WINDOWS\system32\DRIVERS\serial.sys 69632 bytes (Microsoft Corporation, Driver della periferica seriale)
0xB7627000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB8218000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB3460000 C:\WINDOWS\system32\DRIVERS\rspndr.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0xB8318000 C:\WINDOWS\system32\DRIVERS\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB8228000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Driver del filtro audio Redbook)
0xB3300000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB82A8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB80C8000 VolSnap.sys 57344 bytes (Microsoft Corporation, Driver copia replicata del volume)
0xB80E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB81F8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, Driver della porta i8042)
0xB8238000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB8258000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB82D8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB8208000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB8248000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB81E8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Driver di periferica processore)
0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, Driver bus PNP ISA)
0xB2BE3000 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0xB8288000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB80F8000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB2AEB000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xB8278000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB80D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB82C8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB2D0B000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xB8268000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB82B8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB20B7000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB82F8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB83B8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB83E0000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB84A8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB83D8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB84B0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Driver classe tastiera)
0xB8480000 C:\WINDOWS\system32\drivers\npf.sys 28672 bytes (CACE Technologies, Inc., npf.sys (NT5/6 x86) Kernel Driver)
0xB8468000 C:\Programmi\PeerBlock\pbfilter.sys 28672 bytes
0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB8340000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Driver Mouse Class)
0xB83C8000 C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xB83C0000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xB84A0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB83A8000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB83D0000 C:\WINDOWS\system32\ckldrv.sys 20480 bytes
0xB8380000 C:\WINDOWS\system32\DRIVERS\hamachi.sys 20480 bytes (LogMeIn, Inc., Hamachi Virtual Network Interface Driver)
0xB83B0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB8370000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB8378000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB8368000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB83F8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB78DA000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB345C000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB2A93000 C:\WINDOWS\system32\drivers\PfModNT.sys 16384 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xB7D42000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB2394000 C:\Programmi\DU Meter\DUM_XP32.SYS 12288 bytes (Hagel Technologies Ltd., DU Meter network traffic accounting driver)
0xB4551000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB859C000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB7D3A000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB857C000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB8590000 C:\Programmi\TGTSoft\StyleXP\StyleXPHelper.exe 12288 bytes (Windows ® 2000 DDK provider, StyleXP)
0xB85D8000 C:\Programmi\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xB85F0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB85EE000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB85F2000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB8654000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xB8610000 C:\Programmi\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)
0xB85F4000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB866C000 C:\WINDOWS\system32\drivers\splitter.sys 8192 bytes (Microsoft Corporation, Microsoft Kernel Audio Splitter)
0xB85E8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB85EC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB8792000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB87C8000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB8791000 C:\WINDOWS\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
0xB875A000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Driver bus PCI IDE generico)
==============================================
>Stealth
==============================================
0x00D30000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x89767828 ] PID: 1972, 307200 bytes

Here's the oldest combofix log:

ComboFix 10-11-12.06 - DByte 16/11/2010 23.34.32.9.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2740 [GMT 1:00]
Eseguito da: c:\documents and settings\DByte\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {0012F2B4-5CE9-7C92-0300-000100000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00200000-EE94-0012-94EE-120094EE1200}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-10-16 al 2010-11-16 )))))))))))))))))))))))))))))))))))
.

2010-11-08 08:42 . 2010-11-08 08:42 -------- d-----w- c:\programmi\Eraser
2010-11-02 12:56 . 2010-11-02 12:56 -------- d-----w- c:\documents and settings\DByte\Dati applicazioni\Ashampoo
2010-11-02 12:56 . 2010-11-02 12:56 -------- d-----w- c:\documents and settings\DByte\Impostazioni locali\Dati applicazioni\ashampoo
2010-11-02 12:56 . 2010-11-02 12:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ashampoo
2010-11-02 12:56 . 2010-11-02 12:56 -------- d-----w- c:\programmi\Ashampoo
2010-10-29 23:26 . 2010-11-01 11:12 -------- d-----w- c:\documents and settings\DByte\.zenmap
2010-10-29 23:25 . 2010-10-29 23:25 -------- d-----w- c:\programmi\Nmap
2010-10-28 15:06 . 2010-07-09 11:18 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys
2010-10-25 16:23 . 2010-10-25 16:23 -------- d-----w- c:\programmi\Foxit Software
2010-10-22 22:19 . 2010-10-22 06:23 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-22 22:19 . 2010-10-22 06:23 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-19 21:52 . 2010-11-02 10:26 -------- d-----w- c:\programmi\JDownloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-16 15:31 . 2008-09-05 18:43 3764 --sha-w- c:\documents and settings\All Users\Dati applicazioni\KGyGaAvL.sys
2010-10-22 06:23 . 2010-04-02 21:36 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-22 06:23 . 2008-05-03 03:46 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-22 06:23 . 2010-04-02 21:36 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-22 06:23 . 2009-03-27 08:03 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-22 06:23 . 2008-05-03 03:46 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-22 06:23 . 2010-04-02 21:36 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-22 06:23 . 2008-05-03 03:46 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-10-22 06:23 . 2008-05-03 03:46 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-22 06:23 . 2008-05-03 03:46 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 10:05 . 2010-10-16 10:05 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 10:05 . 2010-10-16 10:05 335872 ----a-w- c:\windows\system32\nvrsar.dll
2010-10-16 10:05 . 2010-10-16 10:05 331776 ----a-w- c:\windows\system32\nvrshe.dll
2010-10-16 10:05 . 2010-10-16 10:05 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2010-10-16 10:05 . 2010-10-16 10:05 282624 ----a-w- c:\windows\system32\nvrses.dll
2010-10-16 10:05 . 2010-10-16 10:05 282624 ----a-w- c:\windows\system32\nvrsel.dll
2010-10-16 10:05 . 2010-10-16 10:05 278528 ----a-w- c:\windows\system32\nvrsde.dll
2010-10-16 10:05 . 2010-10-16 10:05 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2010-10-16 10:05 . 2010-10-16 10:05 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2010-10-16 10:05 . 2010-10-16 10:05 270336 ----a-w- c:\windows\system32\nvrsru.dll
2010-10-16 10:05 . 2010-10-16 10:05 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2010-10-16 10:05 . 2010-10-16 10:05 266240 ----a-w- c:\windows\system32\nvrsko.dll
2010-10-16 10:05 . 2010-10-16 10:05 262144 ----a-w- c:\windows\system32\nvrshu.dll
2010-10-16 10:05 . 2010-10-16 10:05 258048 ----a-w- c:\windows\system32\nvrstr.dll
2010-10-16 10:05 . 2010-10-16 10:05 258048 ----a-w- c:\windows\system32\nvrssl.dll
2010-10-16 10:05 . 2010-10-16 10:05 258048 ----a-w- c:\windows\system32\nvrssk.dll
2010-10-16 10:05 . 2010-10-16 10:05 253952 ----a-w- c:\windows\system32\nvrsth.dll
2010-10-16 10:05 . 2010-10-16 10:05 253952 ----a-w- c:\windows\system32\nvrssv.dll
2010-10-16 10:05 . 2010-10-16 10:05 253952 ----a-w- c:\windows\system32\nvrsda.dll
2010-10-16 10:05 . 2010-10-16 10:05 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2010-10-16 10:05 . 2010-10-16 10:05 249856 ----a-w- c:\windows\system32\nvrseng.dll
2010-10-16 10:05 . 2010-10-16 10:05 249856 ----a-w- c:\windows\system32\nvrscs.dll
2010-10-16 10:05 . 2010-10-16 10:05 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2010-10-16 10:05 . 2010-10-16 10:05 126976 ----a-w- c:\windows\system32\nvrszht.dll
2010-10-16 10:05 . 2010-10-16 10:05 282624 ----a-w- c:\windows\system32\nvrsit.dll
2010-10-16 10:05 . 2010-10-16 10:05 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 10:05 . 2010-10-16 10:05 274432 ----a-w- c:\windows\system32\nvrspt.dll
2010-10-16 10:05 . 2010-10-16 10:05 270336 ----a-w- c:\windows\system32\nvrsja.dll
2010-10-16 10:05 . 2010-10-16 10:05 258048 ----a-w- c:\windows\system32\nvrspl.dll
2010-10-16 10:05 . 2010-10-16 10:05 253952 ----a-w- c:\windows\system32\nvrsno.dll
2010-10-16 10:05 . 2010-10-16 10:05 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 10:05 . 2010-10-16 10:05 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-10-16 10:05 . 2010-10-16 10:05 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 10:05 . 2010-10-16 10:05 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-15 17:15 . 2010-10-15 17:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-15 17:14 . 2010-04-16 08:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-18 10:23 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-31 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-31 11:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:49 . 2007-01-03 10:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:49 . 2007-01-03 10:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:49 . 2007-01-03 10:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 13:22 . 2009-03-22 21:25 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-01 13:22 . 2009-03-22 21:25 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-01 11:51 . 2004-08-19 13:37 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 2007-01-03 10:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2007-01-03 10:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:58 . 2007-01-03 10:51 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 05:13 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2007-01-03 10:51 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2007-01-03 10:48 617472 ----a-w- c:\windows\system32\comctl32.dll
2007-08-09 11:08 . 2008-06-09 13:44 8784 ----a-w- c:\programmi\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 11:10 . 2008-06-09 13:44 245408 ----a-w- c:\programmi\mozilla firefox\plugins\unicows.dll
2010-05-27 16:09 . 2009-10-29 11:45 119808 ----a-w- c:\programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-11-14_13.34.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-09 11:56 . 2010-11-16 15:59 3504 c:\windows\system32\KGyGaAvL.sys
- 2008-06-09 11:56 . 2010-09-27 07:54 3504 c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\programmi\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"DU Meter"="c:\programmi\DU Meter\DUMeter.exe" [2010-08-31 2941984]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2010-05-22 3872080]
"FileHippo.com"="c:\programmi\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"PeerBlock"="c:\programmi\PeerBlock\peerblock.exe" [2009-09-28 1524824]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\programmi\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"SbUsb AudCtrl"="sbusbdll.dll" [2005-05-26 128000]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]
"Babylon Client"="c:\programmi\Babylon\Babylon.exe" [2009-06-07 4025744]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\programmi\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2010-05-27 30192]
"boincmgr"="c:\programmi\BOINC\boincmgr.exe" [2010-07-01 4862720]
"boinctray"="c:\programmi\BOINC\boinctray.exe" [2010-07-01 58112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\DByte\Menu Avvio\Programmi\Esecuzione automatica\
Collegamento a DesktopEarth.lnk - c:\programmi\DesktopEarth\DesktopEarth.exe [2006-3-10 749568]
DesktopVideoPlayer.LNK - c:\programmi\vghd\vghd.exe [2008-6-9 600904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-06 14:02 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\games\\Multiwinia\\multiwinia.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Programmi\\Hewlett-Packard\\HP Software Update\\hpwucli.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Programmi\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [22/08/2009 15.57.12 218592]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [08/06/2008 15.20.21 215552]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19.25.48 12872]
S1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19.41.30 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [22/03/2009 22.25.09 135336]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\programmi\Spyware Doctor\BDT\BDTUpdateService.exe [10/12/2009 12.42.04 112592]
S2 DUMeterSvc;DU Meter Service;c:\programmi\DU Meter\DUMeterSvc.exe [24/09/2010 11.35.44 1411616]
S2 gupdate1c98d612f8448f4;Google Update Service (gupdate1c98d612f8448f4);c:\programmi\Google\Update\GoogleUpdate.exe [12/02/2009 23.28.09 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\LogMeIn\x86\rainfo.sys [28/02/2008 14.31.52 12856]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/06/2010 18.07.14 35088]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programmi\File comuni\Creative Labs Shared\Service\CTAELicensing.exe [03/05/2009 10.10.16 79360]
S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\programmi\DU Meter\DUM_XP32.sys [24/09/2010 11.35.44 16424]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [29/10/2009 12.45.44 30192]
S3 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\programmi\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 10.16.12 1107336]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [12/08/2010 17.31.55 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [12/08/2010 17.31.58 8320]
S3 pbfilter;pbfilter;c:\programmi\PeerBlock\pbfilter.sys [12/12/2009 16.19.29 14424]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [05/04/2010 9.48.53 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [05/04/2010 9.48.52 11088]
S3 Rx2Agent;Rx2Agent;c:\programmi\Raxco\PerfectSpeed20\Rx2Agent.exe [21/01/2010 9.33.08 779528]
S3 Rx2Engine;Rx2Engine;c:\programmi\Raxco\PerfectSpeed20\Rx2Engine.exe [21/01/2010 9.33.10 947464]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [20/06/2008 14.33.33 1694592]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [18/06/2010 10.38.15 366840]
S3 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 15.41.38 92008]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/06/2008 11.21.23 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-11-16 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-21 22:56]

2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-12 22:28]

2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-12 22:28]

2008-06-08 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\programmi\Microsoft LifeCam\LifeExp.exe [2007-05-17 12:45]
.
.
------- Scansione supplementare -------
.
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Translate this web page with Babylon - c:\programmi\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\Babylon\Utils\BabylonIEPI.dll/Action.htm
TCP: {E4B97E38-87A3-47B1-A79F-D80F6028438E} = 151.99.125.2,151.99.125.3
DPF: {4819DFDF-ABC4-488C-A323-919848C51175}
FF - ProfilePath - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\
FF - prefs.js: browser.search.selectedEngine - Nonciclopedia (Italiano)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\DByte\Dati applicazioni\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DUMeterSvc]
"ImagePath"="c:\programmi\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1292428093-1123561945-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{13A0C87B-6783-7722-EB6D-625687DE3CB0}*]
"jaaofopmhomlhkcpgnnc"=hex:62,61,62,6a,00,00
"jaaofopmhomlhkcpgnjd"=hex:62,61,65,6d,00,00
"iaalbbijlfificiamp"=hex:6b,61,6a,6d,64,6c,67,6b,6f,6e,63,6e,6c,65,6b,70,6d,6d,
6f,69,6d,65,00,00
"haeojbjbcgnodipk"=hex:6f,61,65,6c,67,66,6a,69,6c,68,61,6c,70,70,6f,6e,63,6e,
6f,61,6c,6d,63,6c,6e,69,6c,66,6f,61,00,00
"jahokbnoeonoagfdgbdn"=hex:64,62,6f,6d,64,66,69,64,67,6a,66,6a,61,6f,6b,6d,6e,
61,64,62,61,66,68,6a,6e,69,64,67,63,66,6c,6a,63,64,6b,6f,64,6d,6a,6f,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{13A0C87B-6783-7722-EB6D-625687DE3CB0}\InProcServer32*]
"kaglpgeknjdfpocncledff"=hex:62,61,67,6d,00,8e

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(700)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Ora fine scansione: 2010-11-16 23:47:44
ComboFix-quarantined-files.txt 2010-11-16 22:47
ComboFix2.txt 2010-11-14 13:38

Pre-Run: 78.483.578.880 byte disponibili
Post-Run: 78.530.949.120 byte disponibili

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - BCFFBA00ABB2148932CC4D1658005905

Here's the previous combofix log:

ComboFix 10-11-30.02 - DByte 30/11/2010 23.57.15.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2179 [GMT 1:00]
Eseguito da: c:\documents and settings\DByte\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {0012F2B4-5CE9-7C92-0300-000100000000}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {00000040-005C-0000-2C27-6F6300008871}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00200000-EE94-0012-94EE-120094EE1200}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((( Files Creati Da 2010-10-28 al 2010-11-30 )))))))))))))))))))))))))))))))))))
.

2010-11-30 18:46 . 2010-11-30 18:47 -------- d-----w- C:\RkUnhooker
2010-11-29 09:28 . 2010-11-29 09:28 -------- d-----w- c:\documents and settings\DByte\Impostazioni locali\Dati applicazioni\Adobe
2010-11-25 10:07 . 2010-11-25 10:08 -------- d-----w- c:\programmi\Wireshark
2010-11-19 10:21 . 1997-11-17 03:56 274152 ----a-w- c:\windows\system32\Strip.ocx
2010-11-19 10:21 . 1998-12-05 05:18 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2010-11-19 10:21 . 1997-11-17 03:55 138464 ----a-w- c:\windows\system32\Percent.ocx
2010-11-19 10:21 . 1997-11-17 03:50 130800 ----a-w- c:\windows\system32\AGaugeM.ocx
2010-11-19 10:21 . 2010-11-19 10:42 -------- d-----w- c:\programmi\UPSilon 2000
2010-11-19 10:20 . 2004-10-22 01:17 274432 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2010-11-19 10:20 . 2004-10-22 01:16 180224 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2010-11-19 10:20 . 2004-10-22 01:18 749568 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2010-11-19 10:20 . 2004-10-22 01:17 69715 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2010-11-19 10:20 . 2004-10-22 01:16 5632 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2010-11-19 10:20 . 2010-11-19 10:20 192644 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2010-11-19 10:20 . 2010-11-19 10:20 323716 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2010-11-08 08:42 . 2010-11-08 08:42 -------- d-----w- c:\programmi\Eraser
2010-11-02 12:56 . 2010-11-02 12:56 -------- d-----w- c:\documents and settings\DByte\Dati applicazioni\Ashampoo
2010-11-02 12:56 . 2010-11-02 12:56 -------- d-----w- c:\documents and settings\DByte\Impostazioni locali\Dati applicazioni\ashampoo
2010-11-02 12:56 . 2010-11-02 12:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ashampoo
2010-11-02 12:56 . 2010-11-02 12:56 -------- d-----w- c:\programmi\Ashampoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-16 15:31 . 2008-09-05 18:43 3764 --sha-w- c:\documents and settings\All Users\Dati applicazioni\KGyGaAvL.sys
2010-10-22 06:23 . 2010-04-02 21:36 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-22 06:23 . 2008-05-03 03:46 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-22 06:23 . 2010-10-22 22:19 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-22 06:23 . 2010-10-22 22:19 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-22 06:23 . 2010-04-02 21:36 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-22 06:23 . 2009-03-27 08:03 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-22 06:23 . 2008-05-03 03:46 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-22 06:23 . 2010-04-02 21:36 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-22 06:23 . 2008-05-03 03:46 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-10-22 06:23 . 2008-05-03 03:46 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-22 06:23 . 2008-05-03 03:46 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 11:05 . 2010-10-16 11:05 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 11:05 . 2010-10-16 11:05 335872 ----a-w- c:\windows\system32\nvrsar.dll
2010-10-16 11:05 . 2010-10-16 11:05 331776 ----a-w- c:\windows\system32\nvrshe.dll
2010-10-16 11:05 . 2010-10-16 11:05 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrses.dll
2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrsel.dll
2010-10-16 11:05 . 2010-10-16 11:05 278528 ----a-w- c:\windows\system32\nvrsde.dll
2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsru.dll
2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2010-10-16 11:05 . 2010-10-16 11:05 266240 ----a-w- c:\windows\system32\nvrsko.dll
2010-10-16 11:05 . 2010-10-16 11:05 262144 ----a-w- c:\windows\system32\nvrshu.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrstr.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrssl.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrssk.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsth.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrssv.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsda.dll
2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrseng.dll
2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrscs.dll
2010-10-16 11:05 . 2010-10-16 11:05 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2010-10-16 11:05 . 2010-10-16 11:05 126976 ----a-w- c:\windows\system32\nvrszht.dll
2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrsit.dll
2010-10-16 11:05 . 2010-10-16 11:05 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrspt.dll
2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsja.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrspl.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsno.dll
2010-10-16 11:05 . 2010-10-16 11:05 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 11:05 . 2010-10-16 11:05 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-10-16 11:05 . 2010-10-16 11:05 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 11:05 . 2010-10-16 11:05 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-15 17:15 . 2010-10-15 17:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-15 17:14 . 2010-04-16 08:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-18 10:23 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-31 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-31 11:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:49 . 2007-01-03 10:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:49 . 2007-01-03 10:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:49 . 2007-01-03 10:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2007-08-09 11:08 . 2008-06-09 13:44 8784 ----a-w- c:\programmi\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 11:10 . 2008-06-09 13:44 245408 ----a-w- c:\programmi\mozilla firefox\plugins\unicows.dll
2010-05-27 16:09 . 2009-10-29 11:45 119808 ----a-w- c:\programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\programmi\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"DU Meter"="c:\programmi\DU Meter\DUMeter.exe" [2010-08-31 2941984]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2010-05-22 3872080]
"FileHippo.com"="c:\programmi\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"PeerBlock"="c:\programmi\PeerBlock\peerblock.exe" [2010-11-06 1867888]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\programmi\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"SbUsb AudCtrl"="sbusbdll.dll" [2005-05-26 128000]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]
"Babylon Client"="c:\programmi\Babylon\Babylon.exe" [2009-06-07 4025744]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\programmi\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2010-05-27 30192]
"boincmgr"="c:\programmi\BOINC\boincmgr.exe" [2010-07-01 4862720]
"boinctray"="c:\programmi\BOINC\boinctray.exe" [2010-07-01 58112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\DByte\Menu Avvio\Programmi\Esecuzione automatica\
Collegamento a DesktopEarth.lnk - c:\programmi\DesktopEarth\DesktopEarth.exe [2006-3-10 749568]
DesktopVideoPlayer.LNK - c:\programmi\vghd\vghd.exe [2008-6-9 600904]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Rupsmon Daemon.lnk - c:\programmi\UPSilon 2000\Monw32.exe [2010-11-19 40960]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-06 14:02 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\games\\Multiwinia\\multiwinia.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Programmi\\Hewlett-Packard\\HP Software Update\\hpwucli.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Programmi\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [22/08/2009 15.57.12 218592]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19.25.48 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19.41.30 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [22/03/2009 22.25.09 135336]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programmi\Spyware Doctor\BDT\BDTUpdateService.exe [10/12/2009 12.42.04 112592]
R2 DUMeterSvc;DU Meter Service;c:\programmi\DU Meter\DUMeterSvc.exe [24/09/2010 11.35.44 1411616]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\LogMeIn\x86\rainfo.sys [28/02/2008 14.31.52 12856]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/06/2010 18.07.14 35088]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\programmi\DU Meter\DUM_XP32.sys [24/09/2010 11.35.44 16424]
R3 pbfilter;pbfilter;c:\programmi\PeerBlock\pbfilter.sys [12/12/2009 16.19.29 19056]
R3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [20/06/2008 14.33.33 1694592]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [08/06/2008 15.20.21 215552]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate1c98d612f8448f4;Google Update Service (gupdate1c98d612f8448f4);c:\programmi\Google\Update\GoogleUpdate.exe [12/02/2009 23.28.09 133104]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programmi\File comuni\Creative Labs Shared\Service\CTAELicensing.exe [03/05/2009 10.10.16 79360]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [29/10/2009 12.45.44 30192]
S3 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\programmi\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 10.16.12 1107336]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [12/08/2010 17.31.55 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [12/08/2010 17.31.58 8320]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [05/04/2010 9.48.53 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [05/04/2010 9.48.52 11088]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [18/06/2010 10.38.15 366840]
S3 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 15.41.38 92008]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/06/2008 11.21.23 691696]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - PBFILTER
*NewlyCreated* - RKHDRV40
*Deregistered* - rkhdrv40

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-11-30 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-21 22:56]

2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-12 22:28]

2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-12 22:28]

2008-06-08 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\programmi\Microsoft LifeCam\LifeExp.exe [2007-05-17 12:45]
.
.
------- Scansione supplementare -------
.
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Translate this web page with Babylon - c:\programmi\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\Babylon\Utils\BabylonIEPI.dll/Action.htm
TCP: {E4B97E38-87A3-47B1-A79F-D80F6028438E} = 151.99.125.2,151.99.125.3
DPF: {4819DFDF-ABC4-488C-A323-919848C51175}
FF - ProfilePath - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\
FF - prefs.js: browser.search.selectedEngine - Nonciclopedia (Italiano)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\DByte\Dati applicazioni\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: external IP: externalip@erik.morlin - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\externalip@erik.morlin
FF - Extension: FireGestures: firegestures@xuldev.org - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\firegestures@xuldev.org
FF - Extension: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\LogMeInClient@logmein.com
FF - Extension: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Extension: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF - Extension: FAYT: {c2d0e930-64de-11db-bd13-0800200c9a66} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{c2d0e930-64de-11db-bd13-0800200c9a66}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Extended Statusbar: {daf44bf7-a45e-4450-979c-91cf07434c3d} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Extension: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Extension: QuickRestart: {F645A8C9-E969-42D9-B3F3-F325537222FD} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync
FF - Extension: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-01 00:03
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DUMeterSvc]
"ImagePath"="c:\programmi\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1292428093-1123561945-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{13A0C87B-6783-7722-EB6D-625687DE3CB0}*]
"jaaofopmhomlhkcpgnnc"=hex:62,61,62,6a,00,00
"jaaofopmhomlhkcpgnjd"=hex:62,61,65,6d,00,00
"iaalbbijlfificiamp"=hex:6b,61,6a,6d,64,6c,67,6b,6f,6e,63,6e,6c,65,6b,70,6d,6d,
6f,69,6d,65,00,00
"haeojbjbcgnodipk"=hex:6f,61,65,6c,67,66,6a,69,6c,68,61,6c,70,70,6f,6e,63,6e,
6f,61,6c,6d,63,6c,6e,69,6c,66,6f,61,00,00
"jahokbnoeonoagfdgbdn"=hex:64,62,6f,6d,64,66,69,64,67,6a,66,6a,61,6f,6b,6d,6e,
61,64,62,61,66,68,6a,6e,69,64,67,63,66,6c,6a,63,64,6b,6f,64,6d,6a,6f,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{13A0C87B-6783-7722-EB6D-625687DE3CB0}\InProcServer32*]
"kaglpgeknjdfpocncledff"=hex:62,61,67,6d,00,8e

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(3180)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Ora fine scansione: 2010-12-01 00:09:02
ComboFix-quarantined-files.txt 2010-11-30 23:08
ComboFix2.txt 2010-11-16 22:47

Pre-Run: 75.232.854.016 byte disponibili
Post-Run: 75.245.600.768 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 9C96A6ED10199B9D3DA3340068B2306E

Here's the log of COmbofix with the script:

ComboFix 10-11-30.09 - DByte 01/12/2010 19.59.18.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2227 [GMT 1:00]
Eseguito da: c:\documents and settings\DByte\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\DByte\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {0012F2B4-5CE9-7C92-0300-000100000000}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {00000040-005C-0000-2C27-6F6300008871}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00200000-EE94-0012-94EE-120094EE1200}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LBD
-------\Service_Lbd


((((((((((((((((((((((((( Files Creati Da 2010-11-01 al 2010-12-01 )))))))))))))))))))))))))))))))))))
.

2010-12-01 18:12 . 2010-12-01 18:12 -------- d-----w- c:\documents and settings\DByte\Dati applicazioni\Avira
2010-12-01 18:10 . 2010-09-01 13:22 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-01 18:10 . 2010-09-01 13:22 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-01 18:10 . 2010-06-17 14:28 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-01 18:10 . 2010-06-17 14:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-01 18:10 . 2010-12-01 18:10 -------- d-----w- c:\programmi\Avira
2010-12-01 18:10 . 2010-12-01 18:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-11-30 14:11 . 2010-11-30 14:11 12800 ----a-w- c:\programmi\Mozilla Firefox\plugins\npwachk.dll
2010-11-29 09:28 . 2010-11-29 09:28 -------- d-----w- c:\documents and settings\DByte\Impostazioni locali\Dati applicazioni\Adobe
2010-11-25 10:07 . 2010-11-25 10:08 -------- d-----w- c:\programmi\Wireshark
2010-11-19 10:21 . 1997-11-17 03:56 274152 ----a-w- c:\windows\system32\Strip.ocx
2010-11-19 10:21 . 1998-12-05 05:18 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2010-11-19 10:21 . 1997-11-17 03:55 138464 ----a-w- c:\windows\system32\Percent.ocx
2010-11-19 10:21 . 1997-11-17 03:50 130800 ----a-w- c:\windows\system32\AGaugeM.ocx
2010-11-19 10:21 . 2010-11-19 10:42 -------- d-----w- c:\programmi\UPSilon 2000
2010-11-19 10:20 . 2004-10-22 01:17 274432 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2010-11-19 10:20 . 2004-10-22 01:16 180224 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2010-11-19 10:20 . 2004-10-22 01:18 749568 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2010-11-19 10:20 . 2004-10-22 01:17 69715 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2010-11-19 10:20 . 2004-10-22 01:16 5632 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2010-11-19 10:20 . 2010-11-19 10:20 192644 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2010-11-19 10:20 . 2010-11-19 10:20 323716 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2010-11-08 08:42 . 2010-11-08 08:42 -------- d-----w- c:\programmi\Eraser
2010-11-02 12:56 . 2010-11-02 12:56 -------- d-----w- c:\documents and settings\DByte\Dati applicazioni\Ashampoo
2010-11-02 12:56 . 2010-11-02 12:56 -------- d-----w- c:\documents and settings\DByte\Impostazioni locali\Dati applicazioni\ashampoo
2010-11-02 12:56 . 2010-11-02 12:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ashampoo
2010-11-02 12:56 . 2010-11-02 12:56 -------- d-----w- c:\programmi\Ashampoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 16:42 . 2010-09-06 21:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 16:42 . 2010-09-06 21:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-16 15:31 . 2008-09-05 18:43 3764 --sha-w- c:\documents and settings\All Users\Dati applicazioni\KGyGaAvL.sys
2010-10-22 06:23 . 2010-04-02 21:36 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-22 06:23 . 2008-05-03 03:46 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-22 06:23 . 2010-10-22 22:19 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-22 06:23 . 2010-10-22 22:19 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-22 06:23 . 2010-04-02 21:36 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-22 06:23 . 2009-03-27 08:03 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-22 06:23 . 2008-05-03 03:46 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-22 06:23 . 2010-04-02 21:36 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-22 06:23 . 2008-05-03 03:46 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-10-22 06:23 . 2008-05-03 03:46 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-22 06:23 . 2008-05-03 03:46 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 11:05 . 2010-10-16 11:05 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 11:05 . 2010-10-16 11:05 335872 ----a-w- c:\windows\system32\nvrsar.dll
2010-10-16 11:05 . 2010-10-16 11:05 331776 ----a-w- c:\windows\system32\nvrshe.dll
2010-10-16 11:05 . 2010-10-16 11:05 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrses.dll
2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrsel.dll
2010-10-16 11:05 . 2010-10-16 11:05 278528 ----a-w- c:\windows\system32\nvrsde.dll
2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsru.dll
2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2010-10-16 11:05 . 2010-10-16 11:05 266240 ----a-w- c:\windows\system32\nvrsko.dll
2010-10-16 11:05 . 2010-10-16 11:05 262144 ----a-w- c:\windows\system32\nvrshu.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrstr.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrssl.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrssk.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsth.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrssv.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsda.dll
2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrseng.dll
2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrscs.dll
2010-10-16 11:05 . 2010-10-16 11:05 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2010-10-16 11:05 . 2010-10-16 11:05 126976 ----a-w- c:\windows\system32\nvrszht.dll
2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrsit.dll
2010-10-16 11:05 . 2010-10-16 11:05 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrspt.dll
2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsja.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrspl.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsno.dll
2010-10-16 11:05 . 2010-10-16 11:05 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 11:05 . 2010-10-16 11:05 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-10-16 11:05 . 2010-10-16 11:05 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 11:05 . 2010-10-16 11:05 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-15 17:15 . 2010-10-15 17:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-15 17:14 . 2010-04-16 08:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-18 10:23 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-31 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-31 11:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:49 . 2007-01-03 10:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:49 . 2007-01-03 10:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:49 . 2007-01-03 10:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2007-08-09 11:08 . 2008-06-09 13:44 8784 ----a-w- c:\programmi\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 11:10 . 2008-06-09 13:44 245408 ----a-w- c:\programmi\mozilla firefox\plugins\unicows.dll
2010-05-27 16:09 . 2009-10-29 11:45 119808 ----a-w- c:\programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\programmi\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"DU Meter"="c:\programmi\DU Meter\DUMeter.exe" [2010-08-31 2941984]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2010-05-22 3872080]
"FileHippo.com"="c:\programmi\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"PeerBlock"="c:\programmi\PeerBlock\peerblock.exe" [2010-11-06 1867888]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\programmi\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"SbUsb AudCtrl"="sbusbdll.dll" [2005-05-26 128000]
"Babylon Client"="c:\programmi\Babylon\Babylon.exe" [2009-06-07 4025744]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\programmi\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2010-05-27 30192]
"boincmgr"="c:\programmi\BOINC\boincmgr.exe" [2010-07-01 4862720]
"boinctray"="c:\programmi\BOINC\boinctray.exe" [2010-07-01 58112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\DByte\Menu Avvio\Programmi\Esecuzione automatica\
Collegamento a DesktopEarth.lnk - c:\programmi\DesktopEarth\DesktopEarth.exe [2006-3-10 749568]
DesktopVideoPlayer.LNK - c:\programmi\vghd\vghd.exe [2008-6-9 600904]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Rupsmon Daemon.lnk - c:\programmi\UPSilon 2000\Monw32.exe [2010-11-19 40960]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-06 14:02 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\games\\Multiwinia\\multiwinia.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Programmi\\Hewlett-Packard\\HP Software Update\\hpwucli.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Programmi\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Winamp\\winamp.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [22/08/2009 15.57.12 218592]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19.25.48 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19.41.30 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [01/12/2010 19.10.14 135336]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programmi\Spyware Doctor\BDT\BDTUpdateService.exe [10/12/2009 12.42.04 112592]
R2 DUMeterSvc;DU Meter Service;c:\programmi\DU Meter\DUMeterSvc.exe [24/09/2010 11.35.44 1411616]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\LogMeIn\x86\rainfo.sys [28/02/2008 14.31.52 12856]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/06/2010 18.07.14 35088]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\programmi\DU Meter\DUM_XP32.sys [24/09/2010 11.35.44 16424]
R3 pbfilter;pbfilter;c:\programmi\PeerBlock\pbfilter.sys [12/12/2009 16.19.29 19056]
R3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [20/06/2008 14.33.33 1694592]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [08/06/2008 15.20.21 215552]
S2 gupdate1c98d612f8448f4;Google Update Service (gupdate1c98d612f8448f4);c:\programmi\Google\Update\GoogleUpdate.exe [12/02/2009 23.28.09 133104]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programmi\File comuni\Creative Labs Shared\Service\CTAELicensing.exe [03/05/2009 10.10.16 79360]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [29/10/2009 12.45.44 30192]
S3 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\programmi\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 10.16.12 1107336]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [12/08/2010 17.31.55 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [12/08/2010 17.31.58 8320]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [05/04/2010 9.48.53 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [05/04/2010 9.48.52 11088]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [18/06/2010 10.38.15 366840]
S3 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 15.41.38 92008]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/06/2008 11.21.23 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-12-01 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-21 22:56]

2010-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-12 22:28]

2010-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-12 22:28]

2008-06-08 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\programmi\Microsoft LifeCam\LifeExp.exe [2007-05-17 12:45]
.
.
------- Scansione supplementare -------
.
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Translate this web page with Babylon - c:\programmi\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\Babylon\Utils\BabylonIEPI.dll/Action.htm
TCP: {E4B97E38-87A3-47B1-A79F-D80F6028438E} = 151.99.125.2,151.99.125.3
FF - ProfilePath - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\
FF - prefs.js: browser.search.selectedEngine - Nonciclopedia (Italiano)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\DByte\Dati applicazioni\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: external IP: externalip@erik.morlin - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\externalip@erik.morlin
FF - Extension: FireGestures: firegestures@xuldev.org - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\firegestures@xuldev.org
FF - Extension: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\LogMeInClient@logmein.com
FF - Extension: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Extension: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF - Extension: FAYT: {c2d0e930-64de-11db-bd13-0800200c9a66} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{c2d0e930-64de-11db-bd13-0800200c9a66}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Extended Statusbar: {daf44bf7-a45e-4450-979c-91cf07434c3d} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Extension: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Extension: QuickRestart: {F645A8C9-E969-42D9-B3F3-F325537222FD} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync
FF - Extension: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-01 20:13
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DUMeterSvc]
"ImagePath"="c:\programmi\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(540)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programmi\TGTSoft\StyleXP\StyleXPService.exe
c:\programmi\Creative\Shared Files\CTAudSvc.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\crypserv.exe
c:\programmi\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\programmi\LogMeIn\x86\RaMaint.exe
c:\windows\system32\RunDll32.exe
c:\programmi\LogMeIn\x86\LMIGuardian.exe
c:\programmi\LogMeIn\x86\LogMeIn.exe
c:\programmi\LogMeIn\x86\LMIGuardian.exe
c:\progra~1\DU Meter\DUMeter.exe
c:\windows\system32\PSIService.exe
c:\programmi\File comuni\Protexis\License Service\PsiService_2.exe
c:\programmi\UPSilon 2000\RupsMon.exe
c:\programmi\UPSilon 2000\USBMate.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
c:\programmi\Windows Live\Contacts\wlcomm.exe
c:\programmi\vghd\VirtuaGirl_Downloader.exe
c:\programmi\BOINC\boinc.exe
c:\documents and settings\All Users\Dati applicazioni\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_nbody_0.21_windows_intelx86__sse2.exe
c:\documents and settings\All Users\Dati applicazioni\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_nbody_0.21_windows_intelx86__sse2.exe
.
**************************************************************************
.
Ora fine scansione: 2010-12-01 20:23:12 - Il pc č stato riavviato
ComboFix-quarantined-files.txt 2010-12-01 19:23
ComboFix2.txt 2010-11-30 23:09
ComboFix3.txt 2010-11-16 22:47

Pre-Run: 78.043.865.088 byte disponibili
Post-Run: 77.971.914.752 byte disponibili

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 8B5BB1DB07CE617274FAE48B4D7CE65F

#9 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:08:58 AM

Posted 01 December 2010 - 06:50 PM

Hi DByte,

combofix said there were 5 scanners active,

This could also be caused by the way Windows Management Instrumentation enumerates Avira. If Antivir is working OK I wouldn't worry about it. Avira's solution is to upgrade to the latest version but that may not work either. From what I can find out the fix is sometimes worse than the cure.

Step 1.

I need you to run MBAM.
  • Open MBAM
  • Click on the UpdateTab before performing a scan. Click on the Check for Updates button. If an update is found, the program will automatically update itself. After the update press the OK button to close that box and continue.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Step 2.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Note: If ESET finds nothing there will be no log produced

In your next reply please include the following:

MBAM log
ESET results


What problems are you experiencing with your computer? How is it running?

Thanks!!

Edited by pwgib, 01 December 2010 - 06:51 PM.
syntax

PW

#10 DByte

DByte
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 02 December 2010 - 04:16 AM

Hi pwgib,

after the last reply, I left the pc on and online the whole night, when I woke up I found again the vanishing writings and any program refused to start, so I brutally shutdown, and everything was normal again :blink:
MBAM found nothing, and ESET is stuck immediatly at the beginning of the scan, at file C:\ntldr, so it doesn't advance and can't produce log.

MBAM log:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Versione database: 5232

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/12/2010 9.35.25
mbam-log-2010-12-02 (09-35-25).txt

Tipo di scansione: Scansione veloce
Elementi esaminati: 182194
Tempo trascorso: 7 minuti, 54 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)

#11 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:08:58 AM

Posted 02 December 2010 - 11:43 AM

Hi DByte,

I need to verify your ISP. It is Interbusiness, Italy. Correct? :)

Is this a business computer?

Do you have a Windows installation disk?

You are not experiencing any redirects or pop-ups?

Step 1.

Chkdsk

To check the volume for errors:
  • Click start and then My Computer.
  • Right click the drive C and select Properties.
  • Under Tools tab press Check Now...
  • Put a check mark in both items and press start.
  • If you get a message click Yes to schedule the disk check click OK and then restart your computer to start the disk check. Please be patient and let the system run. In some cases it might take a couple of hours and you don't have to sit there the whole time.

If you can not locate the chkdsk report go to Start > run, and enter eventvwr.msc
Open the Applications log and look for the "winlogon" entry that corresponds to the date and time of the scan. Please post the report in your next reply.

Step 2.

We Need to Diagnose a Possible Problem with WGA
  • Please download MGADiag and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Push Posted Image
  • Push Posted Image
  • Go to Start -> Run and type in "Notepad"
  • Go to Edit -> Paste in notepad.
  • x out all of the numbers and letters in the line beginning with "Windows Product Key:"
  • Copy and paste that log here.

Step 3.

Let's fix those Antivir Security Center Settings.

We will do it different than the suggested fix by Avira.

We need to run a Combofix Script

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <<----Important
3. Open notepad and copy/paste the text in the codebox below into it:

SecCenter::
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {0012F2B4-5CE9-7C92-0300-000100000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00200000-EE94-0012-94EE-120094EE1200}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {00000040-005C-0000-2C27-6F6300008871}

SkipFix::

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If Combofix prompts you to update the program please allow it to do so.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: This line, AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}, is the most recent build of Antivir and should NOT be included.

Step 4.

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

Step 5.

We need to create an OTL Report
  • Please download OTL from the following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


In your next reply please answer my questions and post the following:

chkdsk report
WGA report
ComboFix.txt
BitDefender report
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized



Thanks!!

Edited by pwgib, 02 December 2010 - 11:45 AM.

PW

#12 DByte

DByte
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 03 December 2010 - 06:19 AM

Hi pwgib,

Interbusiness is a part of Telecom Italia, which is my ISP: I use their DNS but I'm not bound: when they don't work I can easily use OpenDNS.
This is my home computer, not business.
I have a windows installation disk, but it's XP SP2.
Nor redirect neither pop-ups, only the previously said behaviour.
IMHO, the only possible problem with WGA is it's cracked long time ago :whistle: (IMHO, doesn't matter with the infection)

When I finished chkdsk scan, I looked into Event Monitor, and it said the Application logs were damaged, so I found the file containing everything (AppEvent.evt), backupped, deleted the logs, and generated a new one, which I posted.

Chkdsk report

Tipo evento: Informazioni
Origine evento: Winlogon
Categoria evento: Nessuno
ID evento: 1001
Data: 03/12/2010
Ora: 11.56.13
Utente: N/D
Computer: DBYTE-DESKTOP
Descrizione:
Controllo in corso del file system su C:.
Il file system è di tipo NTFS.
L'etichetta del volume è NEW160GB.

Il disco sarà ora controllato come pianificato.
Il disco sarà ora controllato.
Pulite incongruenze minime sull'unità.
Pulitura di 12 voci inutilizzate dall'indice $SII del file 0x9.
Pulitura di 12 voci inutilizzate dall'indice $SDH del file 0x9.
Pulitura dei descrittori di protezione inutilizzati 12.
CHKDSK sta verificando il diario USN...
Verifica del diario USN completata.
Verifica dei dati dei file in corso (fase 4 di 5))...
Verifica dei dati del file completata.
CHKDSK sta verificando la spazio libero (fase 5 di 5)...
Verifica dello spazio disponibile completata.

156280288 KB di spazio totale su disco.
76663240 KB in 217907 file.
76068 KB in 18698 indici.
4 KB in settori danneggiati.
424180 KB in uso dal sistema.
65536 KB occupati dal file registro.
79116796 KB disponibili su disco.

4096 byte in ogni unità di allocazione.
39070072 unità totali di allocazione su disco.
19779199 unità di allocazione disponibili su disco.

Informazioni interne:
a0 b3 03 00 48 9c 03 00 ab 29 05 00 00 00 00 00 ....H....)......
1f 05 00 00 02 00 00 00 de 04 00 00 00 00 00 00 ................
ba 39 20 14 00 00 00 00 0a 5e 6f 69 00 00 00 00 .9 ......^oi....
1e 55 79 13 00 00 00 00 8e c3 25 ff 06 00 00 00 .Uy.......%.....
d4 12 49 b3 03 00 00 00 b0 a9 4e 51 0b 00 00 00 ..I.......NQ....
f0 a7 d2 b2 00 00 00 00 70 3a 07 00 33 53 03 00 ........p:..3S..
00 00 00 00 00 20 27 47 12 00 00 00 0a 49 00 00 ..... 'G.....I..

Controllo del disco completato.
Attendere il riavvio del computer.


Per ulteriori informazioni, consultare la Guida in linea e supporto tecnico all'indirizzo http://go.microsoft.com/fwlink/events.asp.

WGA report

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Invalid Product Key
Validation Code: 8
Cached Validation Code: N/A
Windows Product Key: *****-*****-*****-*****-*****
Windows Product Key Hash: zODpcVfli3ZuLvv3ljren6GAces=
Windows Product ID: 55719-645-4529422-23085
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {609D9284-0567-449E-AD98-8F07BCED4B58}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 8
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Programmi\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{609D9284-0567-449E-AD98-8F07BCED4B58}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-DKJ2G</PKey><PID>55719-645-4529422-23085</PID><PIDType>1</PIDType><SID>S-1-5-21-1292428093-1123561945-839522115</SID><SYSTEM><Manufacturer>HP</Manufacturer><Model>ProLiant ML110 G3</Model></SYSTEM><BIOS><Manufacturer>HP</Manufacturer><Version>CPQO6121</Version><SMBIOSVersion major="2" minor="3"/><Date>20060419000000.000000+000</Date></BIOS><HWID>B4C33FFF0184E07C</HWID><UserLCID>0410</UserLCID><SystemLCID>0410</SystemLCID><TimeZone>ora solare Europa occidentale(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1FFEA:Compaq Computer Corporation|1FFEA:Compaq Computer Corporation|1400B:GENUINE C&C INC|1FFEA:Hewlett-Packard Company|16368:Sharp Corp,
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

Combofix.txt

ComboFix 10-12-02.05 - DByte 03/12/2010 10.08.16.12.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2247 [GMT 1:00]
Eseguito da: c:\documents and settings\DByte\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\DByte\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
* Creato nuovo punto di ripristino
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((( Files Creati Da 2010-11-03 al 2010-12-03 )))))))))))))))))))))))))))))))))))
.

2010-12-03 08:57 . 2010-12-03 08:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2010-12-02 08:40 . 2010-12-02 08:40 -------- d-----w- c:\programmi\ESET
2010-12-01 18:12 . 2010-12-01 18:12 -------- d-----w- c:\documents and settings\DByte\Dati applicazioni\Avira
2010-12-01 18:10 . 2010-09-01 13:22 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-01 18:10 . 2010-09-01 13:22 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-01 18:10 . 2010-06-17 14:28 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-01 18:10 . 2010-06-17 14:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-01 18:10 . 2010-12-01 18:10 -------- d-----w- c:\programmi\Avira
2010-12-01 18:10 . 2010-12-01 18:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-11-30 14:11 . 2010-11-30 14:11 12800 ----a-w- c:\programmi\Mozilla Firefox\plugins\npwachk.dll
2010-11-29 09:28 . 2010-11-29 09:28 -------- d-----w- c:\documents and settings\DByte\Impostazioni locali\Dati applicazioni\Adobe
2010-11-25 10:07 . 2010-11-25 10:08 -------- d-----w- c:\programmi\Wireshark
2010-11-19 10:21 . 1997-11-17 03:56 274152 ----a-w- c:\windows\system32\Strip.ocx
2010-11-19 10:21 . 1998-12-05 05:18 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2010-11-19 10:21 . 1997-11-17 03:55 138464 ----a-w- c:\windows\system32\Percent.ocx
2010-11-19 10:21 . 1997-11-17 03:50 130800 ----a-w- c:\windows\system32\AGaugeM.ocx
2010-11-19 10:21 . 2010-11-19 10:42 -------- d-----w- c:\programmi\UPSilon 2000
2010-11-19 10:20 . 2004-10-22 01:17 274432 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2010-11-19 10:20 . 2004-10-22 01:16 180224 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2010-11-19 10:20 . 2004-10-22 01:18 749568 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2010-11-19 10:20 . 2004-10-22 01:17 69715 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2010-11-19 10:20 . 2004-10-22 01:16 5632 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2010-11-19 10:20 . 2010-11-19 10:20 192644 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2010-11-19 10:20 . 2010-11-19 10:20 323716 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2010-11-08 08:42 . 2010-11-08 08:42 -------- d-----w- c:\programmi\Eraser

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 16:42 . 2010-09-06 21:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 16:42 . 2010-09-06 21:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-16 15:31 . 2008-09-05 18:43 3764 --sha-w- c:\documents and settings\All Users\Dati applicazioni\KGyGaAvL.sys
2010-10-22 06:23 . 2010-04-02 21:36 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-22 06:23 . 2008-05-03 03:46 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-22 06:23 . 2010-10-22 22:19 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-22 06:23 . 2010-10-22 22:19 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-22 06:23 . 2010-04-02 21:36 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-22 06:23 . 2009-03-27 08:03 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-22 06:23 . 2008-05-03 03:46 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-22 06:23 . 2010-04-02 21:36 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-22 06:23 . 2008-05-03 03:46 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-10-22 06:23 . 2008-05-03 03:46 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-22 06:23 . 2008-05-03 03:46 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 11:05 . 2010-10-16 11:05 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 11:05 . 2010-10-16 11:05 335872 ----a-w- c:\windows\system32\nvrsar.dll
2010-10-16 11:05 . 2010-10-16 11:05 331776 ----a-w- c:\windows\system32\nvrshe.dll
2010-10-16 11:05 . 2010-10-16 11:05 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrses.dll
2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrsel.dll
2010-10-16 11:05 . 2010-10-16 11:05 278528 ----a-w- c:\windows\system32\nvrsde.dll
2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsru.dll
2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2010-10-16 11:05 . 2010-10-16 11:05 266240 ----a-w- c:\windows\system32\nvrsko.dll
2010-10-16 11:05 . 2010-10-16 11:05 262144 ----a-w- c:\windows\system32\nvrshu.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrstr.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrssl.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrssk.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsth.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrssv.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsda.dll
2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrseng.dll
2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrscs.dll
2010-10-16 11:05 . 2010-10-16 11:05 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2010-10-16 11:05 . 2010-10-16 11:05 126976 ----a-w- c:\windows\system32\nvrszht.dll
2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrsit.dll
2010-10-16 11:05 . 2010-10-16 11:05 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrspt.dll
2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsja.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrspl.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsno.dll
2010-10-16 11:05 . 2010-10-16 11:05 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 11:05 . 2010-10-16 11:05 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-10-16 11:05 . 2010-10-16 11:05 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 11:05 . 2010-10-16 11:05 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-15 17:15 . 2010-10-15 17:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-15 17:14 . 2010-04-16 08:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-18 10:23 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-19 13:39 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-31 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-31 11:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:49 . 2007-01-03 10:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:49 . 2007-01-03 10:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:49 . 2007-01-03 10:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2007-08-09 11:08 . 2008-06-09 13:44 8784 ----a-w- c:\programmi\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 11:10 . 2008-06-09 13:44 245408 ----a-w- c:\programmi\mozilla firefox\plugins\unicows.dll
2010-05-27 16:09 . 2009-10-29 11:45 119808 ----a-w- c:\programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\programmi\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"DU Meter"="c:\programmi\DU Meter\DUMeter.exe" [2010-08-31 2941984]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2010-05-22 3872080]
"FileHippo.com"="c:\programmi\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"PeerBlock"="c:\programmi\PeerBlock\peerblock.exe" [2010-11-06 1867888]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\programmi\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"SbUsb AudCtrl"="sbusbdll.dll" [2005-05-26 128000]
"Babylon Client"="c:\programmi\Babylon\Babylon.exe" [2009-06-07 4025744]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\programmi\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2010-05-27 30192]
"boincmgr"="c:\programmi\BOINC\boincmgr.exe" [2010-07-01 4862720]
"boinctray"="c:\programmi\BOINC\boinctray.exe" [2010-07-01 58112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\DByte\Menu Avvio\Programmi\Esecuzione automatica\
Collegamento a DesktopEarth.lnk - c:\programmi\DesktopEarth\DesktopEarth.exe [2006-3-10 749568]
DesktopVideoPlayer.LNK - c:\programmi\vghd\vghd.exe [2008-6-9 600904]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Rupsmon Daemon.lnk - c:\programmi\UPSilon 2000\Monw32.exe [2010-11-19 40960]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-06 14:02 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\games\\Multiwinia\\multiwinia.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Programmi\\Hewlett-Packard\\HP Software Update\\hpwucli.exe"=
"c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Programmi\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Winamp\\winamp.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [22/08/2009 15.57.12 218592]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19.25.48 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19.41.30 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [01/12/2010 19.10.14 135336]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programmi\Spyware Doctor\BDT\BDTUpdateService.exe [10/12/2009 12.42.04 112592]
R2 DUMeterSvc;DU Meter Service;c:\programmi\DU Meter\DUMeterSvc.exe [24/09/2010 11.35.44 1411616]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\LogMeIn\x86\rainfo.sys [28/02/2008 14.31.52 12856]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/06/2010 18.07.14 35088]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\programmi\DU Meter\DUM_XP32.sys [24/09/2010 11.35.44 16424]
R3 pbfilter;pbfilter;c:\programmi\PeerBlock\pbfilter.sys [12/12/2009 16.19.29 19056]
R3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [20/06/2008 14.33.33 1694592]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [08/06/2008 15.20.21 215552]
S2 gupdate1c98d612f8448f4;Google Update Service (gupdate1c98d612f8448f4);c:\programmi\Google\Update\GoogleUpdate.exe [12/02/2009 23.28.09 133104]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programmi\File comuni\Creative Labs Shared\Service\CTAELicensing.exe [03/05/2009 10.10.16 79360]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [29/10/2009 12.45.44 30192]
S3 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\programmi\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 10.16.12 1107336]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [12/08/2010 17.31.55 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [12/08/2010 17.31.58 8320]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [05/04/2010 9.48.53 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [05/04/2010 9.48.52 11088]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [18/06/2010 10.38.15 366840]
S3 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 15.41.38 92008]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/06/2008 11.21.23 691696]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - PBFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-12-03 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-21 22:56]

2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-12 22:28]

2010-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-12 22:28]

2008-06-08 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\programmi\Microsoft LifeCam\LifeExp.exe [2007-05-17 12:45]
.
.
------- Scansione supplementare -------
.
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Translate this web page with Babylon - c:\programmi\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\Babylon\Utils\BabylonIEPI.dll/Action.htm
TCP: {E4B97E38-87A3-47B1-A79F-D80F6028438E} = 151.99.125.2,151.99.125.3
FF - ProfilePath - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\
FF - prefs.js: browser.search.selectedEngine - Nonciclopedia (Italiano)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\DByte\Dati applicazioni\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: external IP: externalip@erik.morlin - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\externalip@erik.morlin
FF - Extension: FireGestures: firegestures@xuldev.org - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\firegestures@xuldev.org
FF - Extension: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\LogMeInClient@logmein.com
FF - Extension: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Extension: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF - Extension: FAYT: {c2d0e930-64de-11db-bd13-0800200c9a66} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{c2d0e930-64de-11db-bd13-0800200c9a66}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Extended Statusbar: {daf44bf7-a45e-4450-979c-91cf07434c3d} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Extension: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Extension: QuickRestart: {F645A8C9-E969-42D9-B3F3-F325537222FD} - c:\documents and settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync
FF - Extension: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-03 10:10
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DUMeterSvc]
"ImagePath"="c:\programmi\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(2484)
c:\windows\system32\WININET.dll
c:\programmi\Babylon\Captlib.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Ora fine scansione: 2010-12-03 10:17:17
ComboFix-quarantined-files.txt 2010-12-03 09:17
ComboFix2.txt 2010-12-01 19:23
ComboFix3.txt 2010-11-30 23:09
ComboFix4.txt 2010-11-16 22:47

Pre-Run: 80.871.829.504 byte disponibili
Post-Run: 80.877.137.920 byte disponibili

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 2F6E6AECD8691308968524A4642EF9EA

Bitdefender report


QuickScan Beta 32-bit v0.9.9.57
-------------------------------
Data Scansione: Fri Dec 03 10:21:12 2010
ID del PC: B40388E1



Nessuna infezione trovata.
--------------------------



Processi
--------
AntiVir Desktop 1568 C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
AntiVir Desktop 984 C:\Programmi\Avira\AntiVir Desktop\avguard.exe
AntiVir Desktop 336 C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
AntiVir Desktop 632 C:\Programmi\Avira\AntiVir Desktop\sched.exe
Babylon Client 1348 C:\Programmi\Babylon\Babylon.exe
BOINC client 2760 C:\Programmi\BOINC\boinc.exe
BOINC client 1492 C:\Programmi\BOINC\boincmgr.exe
BOINC client 1500 C:\Programmi\BOINC\boinctray.exe
Creative Audio Service 612 C:\Programmi\Creative\Shared Files\CTAudSvc.exe
CrypKey Software Licensing System 872 C:\WINDOWS\system32\Crypserv.exe
DesktopEarth 1036 C:\Programmi\DesktopEarth\DesktopEarth.exe
DU Meter 880 C:\Programmi\DU Meter\DUMeter.exe
DU Meter 908 C:\Programmi\DU Meter\DUMeterSvc.exe
FileHippo.com Update Checker 1952 C:\Programmi\FileHippo.com\UpdateChecker.exe
Gmail 1428 C:\Programmi\Google\Gmail Notifier\gnotify.exe
Google Chrome 800 C:\Programmi\Google\Chrome\Application\chrome.exe
Google Chrome 2056 C:\Programmi\Google\Chrome\Application\chrome.exe
Google Chrome 3108 C:\Programmi\Google\Chrome\Application\chrome.exe
Google Chrome 956 C:\Programmi\Google\Chrome\Application\chrome.exe
Google Chrome 3064 C:\Programmi\Google\Chrome\Application\chrome.exe
Google Chrome 3804 C:\Programmi\Google\Chrome\Application\chrome.exe
Google Chrome 1240 C:\Programmi\Google\Chrome\Application\chrome.exe
Google Chrome 2492 C:\Programmi\Google\Chrome\Application\chrome.exe
Google Chrome 1344 C:\Programmi\Google\Chrome\Application\chrome.exe
Google Chrome 2476 C:\Programmi\Google\Chrome\Application\chrome.exe
Google Chrome 252 C:\Programmi\Google\Chrome\Application\chrome.exe
Google Chrome 3544 C:\Programmi\Google\Chrome\Application\chrome.exe
Google Chrome 3528 C:\Programmi\Google\Chrome\Application\chrome.exe
Google Chrome 3472 C:\Programmi\Google\Chrome\Application\chrome.exe
Google Chrome 1924 C:\Programmi\Google\Chrome\Application\chrome.exe
Google Chrome 3744 C:\Programmi\Google\Chrome\Application\chrome.exe
Google Desktop 1480 C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
Google Update 3084 C:\Programmi\Google\Update\1.2.183.39\GoogleCrashHandler.exe
Google Update 2688 C:\Programmi\Google\Update\GoogleUpdate.exe
LMIGuardian 1808 C:\Programmi\LogMeIn\x86\LMIGuardian.exe
LMIGuardian 1748 C:\Programmi\LogMeIn\x86\LMIGuardian.exe
LogMeIn 3784 C:\Programmi\LogMeIn\x86\LogMeIn.exe
LogMeIn 1260 C:\Programmi\LogMeIn\x86\LogMeInSystray.exe
LogMeIn 2852 C:\Programmi\LogMeIn\x86\ramaint.exe
Mega usb client program 3980 C:\Programmi\UPSilon 2000\usbmate.exe
Microsoft® Windows® Operating System 3244 C:\WINDOWS\system32\alg.exe
Microsoft® Windows® Operating System 1056 C:\WINDOWS\system32\csrss.exe
Microsoft® Windows® Operating System 212 C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System 1136 C:\WINDOWS\system32\lsass.exe
Microsoft® Windows® Operating System 488 C:\WINDOWS\system32\spoolsv.exe
Microsoft® Windows® Operating System 1584 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1392 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1440 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 2724 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 2024 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 3520 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 2204 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 2224 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1656 C:\WINDOWS\system32\svchost.exe
milkyway_0.45_windows_intelx86__sse2.ex 2788 C:\Documents and Settings\All Users\Dati applicazioni\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_0.45_windows_intelx86__sse2.exe
milkyway_nbody_0.21_windows_intelx86__s 3644 C:\Documents and Settings\All Users\Dati applicazioni\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_nbody_0.21_windows_intelx86__sse2.exe
NVIDIA Driver Helper Service, Version 2 1320 C:\WINDOWS\system32\nvsvc32.exe
PeerBlock 1756 C:\Programmi\PeerBlock\peerblock.exe
PSIService 2240 C:\WINDOWS\system32\PSIService.exe
PsiService System Service 2632 C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
Rupsmon Application 2824 C:\Programmi\UPSilon 2000\RupsMon.exe
Sistema operativo Microsoft® Windows® 2484 C:\WINDOWS\explorer.exe
Sistema operativo Microsoft® Windows® 900 C:\WINDOWS\system32\rundll32.exe
Sistema operativo Microsoft® Windows® 1268 C:\WINDOWS\system32\rundll32.exe
Sistema operativo Microsoft® Windows® 1124 C:\WINDOWS\system32\services.exe
Sistema operativo Microsoft® Windows® 736 C:\WINDOWS\system32\smss.exe
Sistema operativo Microsoft® Windows® 1080 C:\WINDOWS\system32\winlogon.exe
Skype 1984 C:\Programmi\Skype\Phone\Skype.exe
Skype Extras Manager 3008 C:\Programmi\Skype\Plugin Manager\skypePM.exe
StyleXP Application 1692 C:\Programmi\TGTSoft\StyleXP\StyleXP.exe
StyleXPService Module 1608 C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
Threat Expert Ltd. Browser Defender 1100 C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe
UPSilon 2000 292 C:\Programmi\UPSilon 2000\Monw32.exe
VirtuaGirl 1944 C:\Programmi\vghd\vghd.exe
VirtuaGirl Downloader 2516 C:\Programmi\vghd\VirtuaGirl_Downloader.exe


Attività rete
-------------
Processi gnotify.exe (1428) connesso alla porta 80 (HTTP) --> 74.125.232.117
Processi Skype.exe (1984) connesso alla porta 12350 --> 213.146.188.13
Processi Skype.exe (1984) connesso alla porta 36948 --> 87.1.171.238
Processi chrome.exe (2476) connesso alla porta 443 (HTTP over SSL) --> 74.125.232.114
Processi chrome.exe (2476) connesso alla porta 80 (HTTP) --> 66.132.220.42
Processi chrome.exe (2476) connesso alla porta 80 (HTTP) --> 95.101.220.20
Processi chrome.exe (2476) connesso alla porta 80 (HTTP) --> 74.125.232.111
Processi chrome.exe (2476) connesso alla porta 443 (HTTP over SSL) --> 72.14.255.132
Processi chrome.exe (2476) connesso alla porta 443 (HTTP over SSL) --> 74.125.232.109
Processi chrome.exe (2476) connesso alla porta 443 (HTTP over SSL) --> 209.85.229.95
Processi chrome.exe (2476) connesso alla porta 80 (HTTP) --> 66.220.147.47
Processi chrome.exe (2476) connesso alla porta 80 (HTTP) --> 95.101.213.115
Processi chrome.exe (2476) connesso alla porta 80 (HTTP) --> 173.194.35.104
Processi chrome.exe (2476) connesso alla porta 80 (HTTP) --> 93.186.135.26
Processi chrome.exe (2476) connesso alla porta 80 (HTTP) --> 93.186.135.26
Processi chrome.exe (2476) connesso alla porta 80 (HTTP) --> 93.186.135.26
Processi chrome.exe (2476) connesso alla porta 80 (HTTP) --> 93.186.135.26
Processi chrome.exe (2476) connesso alla porta 443 (HTTP over SSL) --> 74.125.232.101
Processi chrome.exe (2476) connesso alla porta 80 (HTTP) --> 74.125.232.96
Processi chrome.exe (2476) connesso alla porta 443 (HTTP over SSL) --> 74.125.232.111
Processi chrome.exe (2476) connesso alla porta 80 (HTTP) --> 72.14.255.100
Processi chrome.exe (2476) connesso alla porta 80 (HTTP) --> 66.235.143.118
Processi chrome.exe (2476) connesso alla porta 80 (HTTP) --> 74.125.232.103
Processi chrome.exe (2476) connesso alla porta 80 (HTTP) --> 93.186.135.26
Processi chrome.exe (2476) connesso alla porta 80 (HTTP) --> 74.125.232.113
Processi chrome.exe (2476) connesso alla porta 80 (HTTP) --> 93.186.135.26
Processi LogMeIn.exe (3784) connesso alla porta 443 (HTTP over SSL) --> 212.118.234.165

Processi svchost.exe (1440) Ascolti alle porte: 135 (RPC)
Processi Skype.exe (1984) Ascolti alle porte: 80 (HTTP), 443 (HTTP over SSL), 37942
Processi RupsMon.exe (2824) Ascolti alle porte: 2570
Processi LogMeIn.exe (3784) Ascolti alle porte: 2002 (Cisco ACS)


Autoruns e files critici
------------------------
AntiVir Desktop C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
Babylon Client C:\Programmi\Babylon\Babylon.exe
BOINC client C:\Programmi\BOINC\boincmgr.exe
BOINC client C:\Programmi\BOINC\boinctray.exe
DesktopEarth C:\Programmi\DesktopEarth\DesktopEarth.exe
DU Meter C:\Programmi\DU Meter\DUMeter.exe
FileHippo.com Update Checker C:\Programmi\FileHippo.com\UpdateChecker.exe
Gmail C:\Programmi\Google\Gmail Notifier\gnotify.exe
Google Desktop C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
Google Update C:\Programmi\Google\Update\GoogleUpdate.exe
Google Updater C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
LogMeIn C:\Programmi\LogMeIn\x86\LogMeInSystray.exe
LogMeIn C:\WINDOWS\system32\LMIinit.dll
Microsoft LifeCam C:\Programmi\Microsoft LifeCam\LifeExp.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\wpdshserviceobj.dll
NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\nvcpl.dll
PeerBlock C:\Programmi\PeerBlock\peerblock.exe
Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\browseui.dll
Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\crypt32.dll
Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\cscdll.dll
Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\logonui.exe
Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\sclgntfy.dll
Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\shell32.dll
Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\stobject.dll
Sistema operativo Microsoft® Windows® c:\windows\system32\userinit.exe
Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\wlnotify.dll
Skype C:\Programmi\Skype\Phone\Skype.exe
Sound Blaster USB Audio AudCtrl Module C:\WINDOWS\system32\sbusbdll.dll
StyleXP Application C:\Programmi\TGTSoft\StyleXP\StyleXP.exe
SuperAntiSpyware C:\Programmi\SUPERAntiSpyware\SASSEH.DLL
SUPERAntiSpyware WinLogon Processor C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
VirtuaGirl C:\Programmi\vghd\vghd.exe
Windows Live Messenger C:\Programmi\Windows Live\Messenger\msnmsgr.exe
Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
Babylon IE Addin c:\programmi\babylon\utils\babyloniepi.dll
BitDefender QuickScan C:\Documents and Settings\DByte\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.57_0\npqscan.dll
BitDefender QuickScan C:\Documents and Settings\DByte\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.57_0\npqslauncher.dll
Chrome IE Tab C:\Documents and Settings\DByte\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\1.4.30.4\plugin\blackfishietab.dll
Foxit Reader Plugin for Mozilla C:\Programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
Google Earth Plugin C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll
Google Update C:\Programmi\Google\Update\1.2.183.39\npGoogleOneClick8.dll
Google Updater C:\Programmi\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
HP Smart Web Printing c:\programmi\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll
HP Smart Web Printing c:\programmi\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
i-drop control C:\WINDOWS\Downloaded Program Files\IDrop.ocx
i-drop control C:\WINDOWS\Downloaded Program Files\IDropENU.dll
i-drop control C:\WINDOWS\Downloaded Program Files\IDropITA.dll
Java Deployment Toolkit 6.0.220.4 C:\Programmi\Mozilla Firefox\plugins\npdeployJava1.dll
Java™ Platform SE 6 U22 c:\programmi\java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U22 C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll
Java™ Platform SE 6 U22 c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
LMIGuardian C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe
LMIGuardianDll C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianDll.dll
LMIGuardianEvt C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianEvt.dll
LMIProxyHelper.exe C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
LMIProxyHelper.exe C:\Programmi\Mozilla Firefox\plugins\LMIProxyHelper.exe
Messenger C:\Programmi\Messenger\msmsgs.exe
Microsoft ® Windows ® 95, Windows ( C:\Programmi\Mozilla Firefox\plugins\unicows.dll
Microsoft® Windows Live Login Helper c:\programmi\file comuni\microsoft shared\windows live\windowslivelogin.dll
Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
Mozilla Default Plug-in C:\Programmi\Mozilla Firefox\plugins\npnul32.dll
npRACtrl.dll C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
npRACtrl.dll C:\Programmi\Mozilla Firefox\plugins\npRACtrl.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
QuickTime Plug-in 7.6.8 C:\Programmi\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.8 C:\Programmi\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.8 C:\Programmi\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.8 C:\Programmi\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.8 C:\Programmi\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.8 C:\Programmi\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.8 C:\Programmi\Mozilla Firefox\plugins\npqtplugin7.dll
ractrlkeyhook.dll C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
ractrlkeyhook.dll C:\Programmi\Mozilla Firefox\plugins\ractrlkeyhook.dll
RealPlayer Version Plugin C:\Programmi\Mozilla Firefox\plugins\nprpjplug.dll
RealPlayer Version Plugin C:\Programmi\Real Alternative\browser\plugins\nprpjplug.dll
RealPlayer™ G2 LiveConnect-Enabled P C:\Programmi\Mozilla Firefox\plugins\nppl3260.dll
RealPlayer™ G2 LiveConnect-Enabled P C:\Programmi\Real Alternative\browser\plugins\nppl3260.dll
sdhelper.dll c:\programmi\spybot - search & destroy\sdhelper.dll
Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In C:\Programmi\Microsoft Silverlight\4.0.50917.0\npctrl.dll
Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\mswsock.dll
Threat Expert Ltd. Browser Defender c:\programmi\spyware doctor\bdt\pctbrowserdefender.dll
ToolBand Module c:\programmi\daemon tools toolbar\dttoolbar.dll
Winamp Application Detector C:\Programmi\Mozilla Firefox\plugins\npwachk.dll
Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll


Files persi
-----------
File non trovato: C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
--> HKLM\System\ControlSet001\services\Lavasoft Ad-Aware Service\"ImagePath"

File non trovato: C:\Programmi\Raxco\PerfectDisk10\PDAgent.exe
--> HKLM\System\ControlSet001\services\PDAgent\"ImagePath"

File non trovato: C:\Programmi\Raxco\PerfectDisk10\PDEngine.exe
--> HKLM\System\ControlSet001\services\PDEngine\"ImagePath"

File non trovato: C:\WINDOWS\System32\hidserv.dll
--> HKLM\System\ControlSet001\services\HidServ\Parameters\"ServiceDll"

File non trovato: WgaLogon.dll
--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\"DllName"

File non trovato: system32\DRIVERS\Lbd.sys
--> HKLM\System\ControlSet001\services\Lbd\"ImagePath"


Scansione
---------


Nessun file inviato.

Scan finished - communication took 4 sec
Total traffic - 0.09 MB inviati, 2.76 KB ricevuti
Scanned 1349 files and modules - 71 seconds

==============================================================================

OTL.txt

OTL logfile created on: 03/12/2010 10.24.51 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\DByte\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 149,04 Gb Total Space | 75,35 Gb Free Space | 50,55% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 42,22 Gb Free Space | 56,65% Space Free | Partition Type: NTFS
Drive E: | 74,52 Gb Total Space | 49,42 Gb Free Space | 66,32% Space Free | Partition Type: NTFS

Computer Name: DBYTE-DESKTOP | User Name: DByte | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/03 10.23.45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DByte\Desktop\OTL.exe
PRC - [2010/12/01 00.02.35 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Programmi\Google\Chrome\Application\chrome.exe
PRC - [2010/11/29 09.17.08 | 000,144,896 | ---- | M] () -- C:\Documents and Settings\All Users\Dati applicazioni\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_0.45_windows_intelx86__sse2.exe
PRC - [2010/11/14 22.52.50 | 004,663,855 | ---- | M] () -- C:\Documents and Settings\All Users\Dati applicazioni\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_nbody_0.21_windows_intelx86__sse2.exe
PRC - [2010/11/06 22.24.30 | 001,867,888 | ---- | M] (PeerBlock, LLC) -- C:\Programmi\PeerBlock\peerblock.exe
PRC - [2010/10/13 21.18.15 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Programmi\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/09/24 09.38.17 | 000,196,944 | ---- | M] (Totem Entertainment) -- C:\Programmi\vghd\VirtuaGirl_Downloader.exe
PRC - [2010/09/24 09.38.14 | 000,600,904 | ---- | M] (Totem Entertainment) -- C:\Programmi\vghd\vghd.exe
PRC - [2010/09/01 14.22.13 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\sched.exe
PRC - [2010/09/01 14.22.02 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/09/01 14.22.01 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/31 20.22.31 | 002,941,984 | ---- | M] (Hagel Technologies Ltd.) -- C:\Programmi\DU Meter\DUMeter.exe
PRC - [2010/08/31 08.27.38 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) -- C:\Programmi\DU Meter\DUMeterSvc.exe
PRC - [2010/08/09 13.47.54 | 000,248,832 | ---- | M] (FileHippo.com) -- C:\Programmi\FileHippo.com\UpdateChecker.exe
PRC - [2010/07/01 12.27.06 | 004,862,720 | ---- | M] (Space Sciences Laboratory) -- C:\Programmi\BOINC\boincmgr.exe
PRC - [2010/07/01 12.27.04 | 000,058,112 | ---- | M] (Space Sciences Laboratory) -- C:\Programmi\BOINC\boinctray.exe
PRC - [2010/07/01 12.27.02 | 000,840,448 | ---- | M] (Space Sciences Laboratory) -- C:\Programmi\BOINC\boinc.exe
PRC - [2010/05/27 17.09.57 | 000,030,192 | ---- | M] (Google) -- C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/01/22 08.56.24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/01/14 22.11.21 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/06 15.02.32 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Programmi\LogMeIn\x86\ramaint.exe
PRC - [2009/09/06 15.02.14 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Programmi\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/06/07 14.33.53 | 004,025,744 | ---- | M] (Babylon Ltd.) -- C:\Programmi\Babylon\Babylon.exe
PRC - [2008/07/22 14.52.48 | 000,159,744 | ---- | M] (Mega System Technologies, Inc.) -- C:\Programmi\UPSilon 2000\RupsMon.exe
PRC - [2008/04/30 09.35.20 | 000,425,984 | ---- | M] (Creative Technology Ltd) -- C:\Programmi\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/04/14 03.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/27 11.19.16 | 000,040,960 | ---- | M] (Mega System Technologies, Inc.) -- C:\Programmi\UPSilon 2000\Monw32.exe
PRC - [2008/02/28 14.31.50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Programmi\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/02/28 14.31.50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Programmi\LogMeIn\x86\LogMeIn.exe
PRC - [2007/07/24 10.15.14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
PRC - [2007/06/05 12.20.32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2007/02/01 15.05.30 | 000,106,496 | ---- | M] (Mega Corp.) -- C:\Programmi\UPSilon 2000\usbmate.exe
PRC - [2006/05/24 19.31.39 | 001,372,160 | ---- | M] () -- C:\Programmi\TGTSoft\StyleXP\StyleXP.exe
PRC - [2006/05/24 19.31.06 | 000,372,736 | ---- | M] () -- C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
PRC - [2006/03/10 01.15.02 | 000,749,568 | ---- | M] (CodeFromThe70s.org) -- C:\Programmi\DesktopEarth\DesktopEarth.exe
PRC - [2006/03/01 02.10.18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2005/07/15 22.48.33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Programmi\Google\Gmail Notifier\gnotify.exe


========== Modules (SafeList) ==========

MOD - [2010/12/03 10.23.45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DByte\Desktop\OTL.exe
MOD - [2010/08/23 17.12.14 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/06/04 12.32.10 | 000,208,896 | ---- | M] (Babylon Ltd.) -- C:\Programmi\Babylon\captlib.dll
MOD - [2008/04/14 03.13.46 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/09/01 14.22.13 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/09/01 14.22.02 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/31 08.27.38 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Programmi\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2010/06/25 18.07.20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programmi\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/06/24 15.41.38 | 000,092,008 | ---- | M] (TomTom) [On_Demand | Stopped] -- C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/06/14 14.07.14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/05/27 17.09.57 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/03/30 10.16.12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [On_Demand | Stopped] -- C:\Programmi\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/15 10.50.36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programmi\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 10.09.22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programmi\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 08.56.24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/09/06 15.02.32 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programmi\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/05/03 10.10.16 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programmi\File comuni\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008/07/22 14.52.48 | 000,159,744 | ---- | M] (Mega System Technologies, Inc.) [Auto | Running] -- C:\Programmi\UPSilon 2000\RupsMon.exe -- (Rupsmon)
SRV - [2008/04/30 09.35.20 | 000,425,984 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programmi\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/02/28 14.31.50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programmi\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/11/06 21.16.54 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/11/06 21.16.54 | 000,139,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/07/24 10.15.14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/05 12.20.32 | 000,177,704 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/28 17.57.54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Programmi\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/05/17 13.45.34 | 000,271,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programmi\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/02/01 15.05.30 | 000,106,496 | ---- | M] (Mega Corp.) [Auto | Running] -- C:\Programmi\UPSilon 2000\usbmate.exe -- (USBMate)
SRV - [2006/05/24 19.31.06 | 000,372,736 | ---- | M] () [Auto | Running] -- C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService)
SRV - [2006/03/01 02.10.18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2004/10/22 02.24.18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\DByte\IMPOST~1\Temp\catchme.sys -- (catchme)
DRV - [2010/11/06 22.24.30 | 000,019,056 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programmi\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/10/22 07.23.22 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/09/01 14.22.25 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/09/01 14.22.25 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/08/31 08.27.44 | 000,016,424 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Programmi\DU Meter\DUM_XP32.sys -- (DUMeterDrv)
DRV - [2010/06/25 18.07.14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010/06/19 09.25.47 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/06/17 15.28.21 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15.28.11 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programmi\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/10 19.41.30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programmi\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/29 09.06.14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/26 13.32.58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 13.32.46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 13.32.44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 13.32.44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/26 13.21.22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/02/26 13.21.22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/02/17 19.25.48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programmi\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/21 19.39.14 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2009/12/21 19.39.12 | 000,011,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2009/09/23 09.41.58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/06 15.02.17 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/06/13 13.00.35 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)
DRV - [2008/12/10 12.56.18 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/10/17 16.00.09 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/26 09.26.12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 19.53.09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 19.45.12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Driver audio USB (WDM)
DRV - [2008/02/28 14.31.52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Programmi\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/04/10 13.46.48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2006/01/10 03.47.27 | 000,031,846 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2005/11/02 09.53.40 | 000,215,552 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sis163u.sys -- (SIS163u)
DRV - [2005/10/31 22.44.39 | 000,010,880 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Programmi\TGTSoft\StyleXP\StyleXPHelper.exe -- (StyleXPHelper)
DRV - [2005/06/10 08.39.20 | 001,694,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sbusb.sys -- (sbusb)
DRV - [2005/04/20 08.44.08 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/04/20 08.44.06 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/05 11.19.28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1292428093-1123561945-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1292428093-1123561945-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKU\S-1-5-21-1292428093-1123561945-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A 43 7D 19 55 53 CB 01 [binary data]
IE - HKU\S-1-5-21-1292428093-1123561945-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Nonciclopedia (Italiano)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.it/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {daf44bf7-a45e-4450-979c-91cf07434c3d}:1.5.6
FF - prefs.js..extensions.enabledItems: externalip@erik.morlin:0.9.9.6
FF - prefs.js..extensions.enabledItems: {c2d0e930-64de-11db-bd13-0800200c9a66}:2.0.5
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.496
FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.http: "58.221.41.86"
FF - prefs.js..network.proxy.http_port: 80


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programmi\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/23 19.35.08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programmi\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/08/10 09.17.43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/09/08 11.34.21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2010/10/28 16.21.48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2010/11/29 10.17.41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Programmi\Mozilla Thunderbird\components [2010/10/28 15.58.49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Programmi\Mozilla Thunderbird\plugins [2010/11/29 10.17.41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programmi\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/09/08 11.34.21 | 000,000,000 | ---D | M]

[2010/01/16 11.52.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Extensions
[2010/01/16 11.52.56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/01/15 10.57.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Extensions\home2@tomtom.com
[2010/08/22 10.23.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\fn2yryd7.default\extensions
[2010/11/19 10.02.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions
[2010/11/14 23.06.39 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/04/28 12.43.02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/16 20.23.14 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/09/15 08.58.21 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/02/05 16.00.02 | 000,000,000 | ---D | M] (FAYT) -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{c2d0e930-64de-11db-bd13-0800200c9a66}
[2010/11/14 23.06.40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/16 22.26.59 | 000,000,000 | ---D | M] (Extended Statusbar) -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
[2010/06/04 23.48.29 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/21 16.51.13 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/01/06 00.14.38 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2010/01/28 23.47.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\externalip@erik.morlin
[2010/04/17 23.43.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\firegestures@xuldev.org
[2010/01/29 00.01.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\LogMeInClient@logmein.com
[2010/02/12 19.11.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\extensions\nasanightlaunch@example.com
[2008/04/18 23.52.31 | 000,002,202 | ---- | M] () -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\searchplugins\nonciclopedia-italiano.xml
[2008/04/20 13.44.26 | 000,002,106 | ---- | M] () -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\searchplugins\ricerca-video-di-youtube.xml
[2010/03/13 01.40.59 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\DByte\Dati applicazioni\Mozilla\Firefox\Profiles\vozyza66.default\searchplugins\wikipedia-en.xml
[2010/11/19 10.02.10 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions
[2010/10/15 18.15.22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/15 18.15.01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/01 10.51.31 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2008/01/17 12.17.00 | 002,609,152 | ---- | M] () -- C:\Programmi\Mozilla Firefox\plugins\npRACtrl.dll
[2010/11/30 15.11.52 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npwachk.dll
[2007/08/09 12.08.00 | 000,008,784 | ---- | M] () -- C:\Programmi\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2007/08/09 12.10.00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Mozilla Firefox\plugins\unicows.dll
[2010/07/13 22.29.01 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2010/07/13 22.29.01 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml
[2010/07/13 22.29.01 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2010/07/13 22.29.01 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2010/12/01 20.09.16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programmi\Babylon\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1292428093-1123561945-839522115-1003\..\Toolbar\ShellBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1292428093-1123561945-839522115-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1292428093-1123561945-839522115-1003\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmi\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programmi\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Babylon Client] C:\Programmi\Babylon\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [boincmgr] C:\Programmi\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Programmi\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [Google Desktop Search] C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Programmi\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SbUsb AudCtrl] C:\WINDOWS\System32\sbusbdll.dll (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1292428093-1123561945-839522115-1003..\Run: [DU Meter] C:\Programmi\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)
O4 - HKU\S-1-5-21-1292428093-1123561945-839522115-1003..\Run: [FileHippo.com] C:\Programmi\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-1292428093-1123561945-839522115-1003..\Run: [PeerBlock] C:\Programmi\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-1292428093-1123561945-839522115-1003..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Rupsmon Daemon.lnk = C:\Programmi\UPSilon 2000\Monw32.exe (Mega System Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\DByte\Menu Avvio\Programmi\Esecuzione automatica\Collegamento a DesktopEarth.lnk = C:\Programmi\DesktopEarth\DesktopEarth.exe (CodeFromThe70s.org)
O4 - Startup: C:\Documents and Settings\DByte\Menu Avvio\Programmi\Esecuzione automatica\DesktopVideoPlayer.LNK = C:\Programmi\vghd\vghd.exe (Totem Entertainment)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1292428093-1123561945-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1292428093-1123561945-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1292428093-1123561945-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1292428093-1123561945-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1292428093-1123561945-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &NeoTrace It! - C:\Programmi\NeoTracePro\NTXcontext.htm ()
O8 - Extra context menu item: Translate this web page with Babylon - C:\Programmi\Babylon\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Programmi\Babylon\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Utils\BabylonIEPI.dll (Babylon Ltd.)
O15 - HKU\S-1-5-21-1292428093-1123561945-839522115-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1292428093-1123561945-839522115-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programmi\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/08 15.14.19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 22.43.36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/28 10.53.06 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/03 10.23.41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DByte\Desktop\OTL.exe
[2010/12/03 10.21.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DByte\Dati applicazioni\QuickScan
[2010/12/03 10.18.40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/03 10.17.20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/12/03 09.57.25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
[2010/12/02 09.40.13 | 000,000,000 | ---D | C] -- C:\Programmi\ESET
[2010/12/01 19.12.14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DByte\Dati applicazioni\Avira
[2010/12/01 19.10.10 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/12/01 19.10.10 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/12/01 19.10.10 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/12/01 19.10.10 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/12/01 19.10.09 | 000,000,000 | ---D | C] -- C:\Programmi\Avira
[2010/12/01 19.10.09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Avira
[2010/11/30 23.55.45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/29 10.28.55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DByte\Impostazioni locali\Dati applicazioni\Adobe
[2010/11/29 10.17.36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Adobe
[2010/11/25 11.07.42 | 000,000,000 | ---D | C] -- C:\Programmi\Wireshark
[2010/11/19 11.21.54 | 000,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\WINDOWS\System32\AniGIF.ocx
[2010/11/19 11.21.54 | 000,138,464 | ---- | C] (Global Majic Software, Inc.) -- C:\WINDOWS\System32\Percent.ocx
[2010/11/19 11.21.54 | 000,130,800 | ---- | C] (Global Majic Software, Inc.) -- C:\WINDOWS\System32\AGaugeM.ocx
[2010/11/19 11.21.20 | 000,000,000 | ---D | C] -- C:\Programmi\UPSilon 2000
[2010/11/14 14.20.44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/08 09.42.52 | 000,000,000 | ---D | C] -- C:\Programmi\Eraser
[2008/06/20 14.33.33 | 000,059,392 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/03 10.23.45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DByte\Desktop\OTL.exe
[2010/12/03 10.23.00 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/03 10.03.17 | 003,983,941 | R--- | M] () -- C:\Documents and Settings\DByte\Desktop\ComboFix.exe
[2010/12/03 09.57.25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/03 09.55.14 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\DByte\Desktop\eventi applicazioni.evt
[2010/12/03 09.33.02 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/12/03 09.32.46 | 000,000,007 | ---- | M] () -- C:\WINDOWS\treeskp.sys
[2010/12/03 09.32.45 | 000,000,007 | ---- | M] () -- C:\WINDOWS\sbacknt.bin
[2010/12/03 09.32.30 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/03 09.32.25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/03 09.32.21 | 3220,750,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/01 21.29.04 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\DByte\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/01 20.10.07 | 000,000,045 | ---- | M] () -- C:\TEST.XML
[2010/12/01 20.09.16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/01 18.52.56 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\DByte\Desktop\RKUnhookerLE.EXE
[2010/11/30 23.55.53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/29 23.49.40 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/29 17.42.18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17.42.06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/19 11.28.37 | 000,000,019 | ---- | M] () -- C:\WINDOWS\CLOSEAPP.INI
[2010/11/19 11.21.26 | 000,001,369 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Rupsmon Daemon.lnk
[2010/11/18 07.00.01 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/11/18 07.00.01 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/18 06.59.58 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/11/17 09.17.09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\DByte\defogger_reenable
[2010/11/16 16.59.27 | 000,003,504 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/11/16 16.31.35 | 000,003,764 | -HS- | M] () -- C:\Documents and Settings\All Users\Dati applicazioni\KGyGaAvL.sys
[2010/11/15 18.12.08 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\DByte\Documenti\clienti.xls
[2010/11/08 10.32.38 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\DByte\Desktop\gmer.exe
[2010/11/08 01.20.24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/03 18.23.40 | 000,478,808 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/11/03 18.23.40 | 000,432,664 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/03 18.23.40 | 000,079,292 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/11/03 18.23.40 | 000,067,428 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/03 09.55.14 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\DByte\Desktop\eventi applicazioni.evt
[2010/12/01 18.52.55 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\DByte\Desktop\RKUnhookerLE.EXE
[2010/11/30 23.55.52 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2010/11/30 23.55.49 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2010/11/30 19.45.01 | 003,983,941 | R--- | C] () -- C:\Documents and Settings\DByte\Desktop\ComboFix.exe
[2010/11/30 19.28.17 | 3220,750,336 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/19 11.28.37 | 000,000,019 | ---- | C] () -- C:\WINDOWS\CLOSEAPP.INI
[2010/11/19 11.21.55 | 000,274,152 | ---- | C] () -- C:\WINDOWS\System32\Strip.ocx
[2010/11/19 11.21.26 | 000,001,369 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Rupsmon Daemon.lnk
[2010/11/18 06.59.05 | 000,003,739 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/11/17 09.27.52 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\DByte\Desktop\gmer.exe
[2010/11/17 09.17.09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\DByte\defogger_reenable
[2010/11/14 14.07.05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\DByte\debug.log
[2010/07/27 19.41.27 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/07/27 19.41.23 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/07/27 19.41.23 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/07/27 19.41.22 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/02 16.11.12 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\SE_Filter.sys
[2010/06/25 18.03.12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/04/05 09.48.53 | 000,016,456 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2010/04/05 09.48.52 | 000,011,088 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2010/03/23 00.51.22 | 000,000,007 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2010/01/23 19.33.43 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\hpzinstall.log
[2009/12/21 16.06.01 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2009/12/21 16.05.57 | 000,031,846 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2009/12/21 16.05.57 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2009/12/10 12.42.03 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/11/04 06.41.23 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/10/11 19.02.58 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/10/10 15.30.48 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/10/07 19.34.10 | 000,023,972 | ---- | C] () -- C:\WINDOWS\XSUMLT08.ini
[2009/08/15 17.20.28 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/08/15 17.20.28 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/08/15 17.20.28 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/06/27 14.34.30 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\DByte\Dati applicazioni\$_hpcst$.hpc
[2009/06/13 13.00.35 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2009/05/03 10.09.15 | 000,189,440 | ---- | C] () -- C:\WINDOWS\System32\KSXPPI32.dll
[2009/05/03 10.09.15 | 000,033,126 | ---- | C] () -- C:\WINDOWS\System32\kschimp.ini
[2009/05/03 10.09.15 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/11/28 23.14.38 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/11/28 23.14.36 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/10/01 20.30.15 | 000,000,156 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2008/09/05 19.43.59 | 000,003,764 | -HS- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\KGyGaAvL.sys
[2008/09/05 19.43.59 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\B7E998E822.sys
[2008/09/01 15.44.39 | 000,000,029 | ---- | C] () -- C:\WINDOWS\coolacm.ini
[2008/09/01 12.29.07 | 000,000,047 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2008/09/01 12.23.44 | 000,000,195 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2008/07/04 20.28.02 | 000,000,296 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/06/20 14.33.32 | 000,012,043 | ---- | C] () -- C:\WINDOWS\System32\SBUSB.INI
[2008/06/09 14.17.09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/09 12.56.34 | 000,003,504 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/06/09 12.56.34 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\BB231346B7.sys
[2008/06/08 17.01.06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/08 16.31.27 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\DByte\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/08 16.27.42 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2008/05/03 04.46.00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/03/09 20.31.04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:BC359956
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:A8ADE5D8

< End of report >

Extras.txt

OTL Extras logfile created on: 03/12/2010 10.24.51 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\DByte\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 149,04 Gb Total Space | 75,35 Gb Free Space | 50,55% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 42,22 Gb Free Space | 56,65% Space Free | Partition Type: NTFS
Drive E: | 74,52 Gb Total Space | 49,42 Gb Free Space | 66,32% Space Free | Partition Type: NTFS

Computer Name: DBYTE-DESKTOP | User Name: DByte | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1292428093-1123561945-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Programmi\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Programmi\Hewlett-Packard\HP Software Update\hpwucli.exe" = C:\Programmi\Hewlett-Packard\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programmi\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmi\Microsoft LifeCam\LifeCam.exe" = C:\Programmi\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Programmi\Microsoft LifeCam\LifeExp.exe" = C:\Programmi\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Programmi\eMule\emule.exe" = C:\Programmi\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Programmi\Mozilla Firefox\firefox.exe" = C:\Programmi\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\games\Multiwinia\multiwinia.exe" = C:\games\Multiwinia\multiwinia.exe:*:Enabled:Multiwinia -- (Introversion Software)
"C:\Programmi\File comuni\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programmi\File comuni\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Programmi\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programmi\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:Programma di trasferimento file (FTP) -- (Microsoft Corporation)
"C:\Programmi\Java\jre6\bin\java.exe" = C:\Programmi\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Programmi\Hewlett-Packard\HP Software Update\hpwucli.exe" = C:\Programmi\Hewlett-Packard\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programmi\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Programmi\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Programmi\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Programmi\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 -- (Nokia)
"C:\Programmi\Google\Chrome\Application\chrome.exe" = C:\Programmi\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Programmi\uTorrent\uTorrent.exe" = C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programmi\Google\Google Earth\client\googleearth.exe" = C:\Programmi\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programmi\Java\jre6\bin\javaw.exe" = C:\Programmi\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programmi\Winamp\winamp.exe" = C:\Programmi\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{212D202D-487D-49C4-8A76-4D3BB91B8471}" = BOINC
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{373CDA0D-A5B1-4BCB-8E74-C6337DC4A259}" = Microsoft .NET Framework 2.0 Language Pack - ITA
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{39AE27EE-A148-48A3-B98D-35498C4D9719}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE8-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.3)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{691BD252-796D-4AE3-924C-C48A1CD4BEDF}" = OpenOffice.org 3.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{7239A06F-235B-43B1-970D-7A411FD95683}" = Nokia Software Updater
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C81F94-6510-4EDF-8397-2D0932608F35}_is1" = TOPP Vorlagen-Druckstudio (3560)
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CEB017E-CC16-4C89-B9E4-AAB5A1DD12F9}" = Windows Live Essentials
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 4.2.2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Pannello di controllo NVIDIA 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver grafico 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B32261CD-F1C8-42C3-B507-CB6B87CEC1A8}" = Passware Kit Enterprise 9.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C3C640B8-95B6-40AE-A058-BE4896CD3010}" = Windows Live Call
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{D0A858BE-A665-4C0D-BC5F-C37E534B7669}" = PC Connectivity Solution
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D87176E9-ECD0-48C6-8E8B-B0054781DFB4}" = DesktopEarth
"{D87ED458-C738-42E9-9A6F-961CD715388B}" = Microsoft LifeCam
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1" = Bit Che
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E592E668-89A9-4098-B70C-0C2D59FB15CA}" = UPSilon 2000
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}" = LogMeIn
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Pacchetto driver Windows - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Pacchetto driver Windows - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"A-FF Repair Station_is1" = A-FF Repair Station v4.3
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"AudioCS" = Pannello di controllo audio Creative
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Babylon" = Babylon
"Browser Defender_is1" = Browser Defender 2.0.6.15
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Pacchetto driver Windows - Nokia Modem (05/22/2008 3.8)
"Cartes du Ciel" = Cartes du Ciel
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Pacchetto driver Windows - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Derive 6 Trial Edition" = Derive 6 Trial Edition
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DUMeter3_is1" = DU Meter
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Pacchetto driver Windows - Nokia Modem (03/13/2008 6.86.0.1)
"EEEE705096F837B7907659F100C9FE6DA001970F" = Pacchetto driver Windows - Nokia Modem (06/09/2010 7.01.0.7)
"eMule" = eMule
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.50
"FileHippo.com" = FileHippo.com Update Checker
"FileMenu Tools_is1" = FileMenu Tools
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"GMailFS" = GMail Drive Shell Extension
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Host OpenAL" = Host OpenAL
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ie8" = Windows Internet Explorer 8
"IsoBuster_is1" = IsoBuster 2.8
"JDownloader" = JDownloader
"KeyboardTest_is1" = KeyboardTest V3.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Full)
"LogMeIn Hamachi" = LogMeIn Hamachi
"LoqTTS-Luca_is1" = Loquendo TTS: Luca (Italian)
"LoqTTS-Paola_is1" = Loquendo TTS: Paola (Italian)
"LoqTTS-Roberto_is1" = Loquendo TTS: Roberto (Italian)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR14" = MATLAB Family of Products Release 14
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 2.0 Language Pack - ITA" = Microsoft .NET Framework 2.0 - Language Pack (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"Multiwinia_is1" = Multiwinia v1.0.0
"NeoTrace Pro 3.25" = NeoTrace Pro 3.25
"Nmap" = Nmap 5.21
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"Nokia Series 40 Theme Studio 2.0" = Nokia Series 40 Theme Studio 2.0
"Nokia Update Manager" = Nokia Update Manager 2.0
"Notepad++" = Notepad++
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"pepakura_viewer2" = Pepakura Viewer2
"RealAlt_is1" = Real Alternative 1.7.5
"Recuva" = Recuva
"ScummVM_is1" = ScummVM 0.13.1a
"Security Task Manager" = Security Task Manager 1.7h
"SiS163u" = 802.11g USB 2.0 Wireless LAN Adapter
"Smart Defrag_is1" = Smart Defrag
"Spyware Doctor" = Spyware Doctor 7.0
"Stellar Phoenix Windows Data Recovery_is1" = Stellar Phoenix Windows Data Recovery V3.0
"Stellarium_is1" = Stellarium 0.10.5
"StyleXP" = StyleXP (remove only)
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"System Explorer_is1" = System Explorer 2.3.8
"TeraCopy_is1" = TeraCopy 2.12
"TomTom HOME" = TomTom HOME 2.7.5.2014
"Undelete Plus_is1" = Undelete Plus 2.9
"Uninstall Tool_is1" = Uninstall Tool
"Unlocker" = Unlocker 1.9.0
"Uplink" = Uplink
"uTorrent" = µTorrent
"vghd" = VirtuaGirl
"VirusTotalUploader" = VirusTotal Uploader
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHex" = WinHex
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR gestione archivi
"WinUAE" = WinUAE 1.4.2
"Wireshark" = Wireshark 1.4.2
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1292428093-1123561945-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 01/12/2010 13.19.27 | Computer Name = DBYTE-DESKTOP | Source = Service Control Manager | ID = 7022
Description = Servizio Servizio di rilevamento dispositivi HP CUE bloccato in partenza.

Error - 01/12/2010 13.19.27 | Computer Name = DBYTE-DESKTOP | Source = Service Control Manager | ID = 7026
Description = All'avvio non è stato possibile caricare i seguenti driver: Lbd

Error - 01/12/2010 14.01.19 | Computer Name = DBYTE-DESKTOP | Source = Service Control Manager | ID = 7000
Description = Il servizio Avira AntiVir Scheduler non è stato avviato per il seguente
errore: %%3

Error - 01/12/2010 14.02.38 | Computer Name = DBYTE-DESKTOP | Source = Service Control Manager | ID = 7022
Description = Servizio Servizio di rilevamento dispositivi HP CUE bloccato in partenza.

Error - 01/12/2010 14.02.38 | Computer Name = DBYTE-DESKTOP | Source = Service Control Manager | ID = 7026
Description = All'avvio non è stato possibile caricare i seguenti driver: Lbd

Error - 01/12/2010 15.12.46 | Computer Name = DBYTE-DESKTOP | Source = Service Control Manager | ID = 7022
Description = Servizio Servizio di rilevamento dispositivi HP CUE bloccato in partenza.

Error - 02/12/2010 4.18.35 | Computer Name = DBYTE-DESKTOP | Source = Service Control Manager | ID = 7022
Description = Servizio Servizio di rilevamento dispositivi HP CUE bloccato in partenza.

Error - 02/12/2010 18.11.13 | Computer Name = DBYTE-DESKTOP | Source = Service Control Manager | ID = 7022
Description = Servizio Servizio di rilevamento dispositivi HP CUE bloccato in partenza.

Error - 02/12/2010 20.26.25 | Computer Name = DBYTE-DESKTOP | Source = DCOM | ID = 10010
Description = Il server {06E70011-9765-11D6-819E-005056C00008} non si è registrato
con DCOM entro il tempo d'attesa richiesto.

Error - 03/12/2010 4.35.11 | Computer Name = DBYTE-DESKTOP | Source = Service Control Manager | ID = 7022
Description = Servizio Servizio di rilevamento dispositivi HP CUE bloccato in partenza.


< End of report >

Edited by DByte, 03 December 2010 - 06:55 AM.


#13 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:08:58 AM

Posted 03 December 2010 - 09:59 AM

Hello DByte,

The good news is that I see no signs of infection. :thumbup2:

The bad news is that your computer is using an invalid volume key that was generated with a keygenerator and sadly we have come to the end of the road. :(

Per the Bleeping Computer rules and terms of use:

"No subject matter will be allowed whose purpose is to defeat existing copyright or security measures."

And

"...the use or continued use of pirated software is not permitted,.."



Any problems with your computer that you currently have are more than likely caused by corrupt system files/registry entries, a corrupted program driver or a combination of both.

You can try sfc /scannow to verify the integrity of Windows files or do a Repair Install. If you do a repair install remember to update Windows.
The only way to determine if a program is causing your problems would be a process of elimination by uninstalling and reinstalling each program and determining if the problem persists.

My final suggestion would be to backup all of your important documents then purchase and install a valid copy of Windows sp3.

Note that the files with the following extensions should not be backed up:
.exe
.scr
.htm
.html
.xml
.zip
.rar
.asp
.php


It has been a pleasure working with you. :)
PW

#14 DByte

DByte
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 03 December 2010 - 10:18 AM

Thanks for your patience :clapping:
Unfortunatly, everything is like the beginning, murlo is still there with its registry keys, as Spyware Doctor says, and probably in the future the system will freeze again...
If you wish, I can make you a donation for your efforts.

Thanks again!

Edited by DByte, 03 December 2010 - 10:41 AM.


#15 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:08:58 AM

Posted 03 December 2010 - 11:37 AM

Hello DByte


I don't want to send you off with an infected machine.

Can you post the Spyware Doctor report that identifies the registry keys/files/drivers?

If you could please post it in english to make it easier for me to interpret. :)

Thanks!!

Edited by pwgib, 03 December 2010 - 11:37 AM.

PW




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users