Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i'm infected after open an exe....


  • This topic is locked This topic is locked
25 replies to this topic

#1 koliploik

koliploik

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 01 March 2011 - 08:50 PM

I run windows 7 32 bit (updated) with amd athlon processor and 3 gb of ram ddr2

Hi, I'm italian...
so i'm so sorry for my bad english ;)
I have a problem with my computer..
probably i've been infected by a virus or rootkit by opening a exe file large 93 mb...
I've already try various type of method to resolve the problem...
doing a scan with malwerebytes but he return nothing...
and also with unhackme and a scan with eset... but bothing to do..
the symtoms are: lan didn't work like didn't acquire ip...
and watching the usage of network now it seems that download somethings every some seconds also if disconnected.
I try to run rootrevealer and rootkitunhooker but they didn't work....
they return with error: unable to loading driver.
gmer is working... but I didn't run a full scan.
when I first try to use combofix it has hangs before to start..
to try to make it work i've replace ntkrnlpa.exe and win32k.sys with the original one by the cd
of windows seven... after this combofix start work but while it runs
on the taskbar appear a lot of icons of the application of sidebar.

sorry for run combofix without an assistant, i've read it now...
but usually when I get a simple problem and I run combofix pc start working again...
but not this time... sorry for my errors...
this is my first post on this forum and usually I'm able to repair computer on my own...
I'm sorry for my errors and I hope that you can excuse me. Thanks.

here is my log of combofix:

ComboFix 11-02-28.07 - Luccio 01/03/2011 19:15:44.5.1 - x86
Microsoft Windows 7 Extreme Edition R1 6.1.7601.1.1252.39.1033.18.3070.1738 [GMT 1:00]
Eseguito da: c:\users\Luccio\Downloads\Combrr.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SessionEnv


((((((((((((((((((((((((( Files Creati Da 2011-02-01 al 2011-03-01 )))))))))))))))))))))))))))))))))))
.

2011-03-01 18:34 . 2011-03-01 18:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-03-01 18:34 . 2011-03-01 18:34 -------- d-----w- c:\users\Lux's\AppData\Local\temp
2011-03-01 18:34 . 2011-03-01 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-01 18:34 . 2011-03-01 18:34 -------- d-----w- c:\users\BIRUNG~1\AppData\Local\temp
2011-03-01 17:50 . 2011-03-01 17:50 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1331E5CA-09B7-4A88-BEBF-B70C2DA11F1F}\MpKslfe860be2.sys
2011-03-01 17:50 . 2011-02-23 08:35 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1331E5CA-09B7-4A88-BEBF-B70C2DA11F1F}\mpengine.dll
2011-03-01 15:54 . 2011-03-01 15:54 -------- d-----w- c:\windows\RestoreSafeDeleted
2011-03-01 13:47 . 2011-01-17 15:33 1385240 ----a-w- c:\windows\RunGuard.exe
2011-03-01 13:47 . 2011-01-17 15:33 20248 ----a-w- c:\windows\WinBait.org
2011-03-01 13:47 . 2011-01-17 15:33 20248 ----a-w- c:\windows\WinBait.exe
2011-03-01 13:47 . 2011-03-01 13:47 -------- d-----w- c:\program files\Greatis
2011-03-01 12:12 . 2011-03-01 17:35 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2011-03-01 12:07 . 2011-03-01 12:07 37600 ----a-w- c:\windows\system32\Partizan.exe
2011-03-01 12:07 . 2011-03-01 12:07 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2011-03-01 11:59 . 2011-02-23 08:35 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-01 11:57 . 2011-03-01 13:48 2 --shatr- c:\windows\winstart.bat
2011-03-01 11:57 . 2011-01-18 14:41 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2011-03-01 11:57 . 2011-03-01 15:26 -------- d-----w- c:\program files\UnHackMe
2011-03-01 11:47 . 2011-03-01 11:47 -------- d-----w- c:\windows\system32\SPReview
2011-03-01 11:46 . 2011-03-01 11:46 -------- d-----w- c:\windows\system32\EventProviders
2011-03-01 11:42 . 2010-11-20 10:52 1003008 ----a-w- c:\windows\system32\VMWindow.exe
2011-03-01 11:42 . 2010-11-20 10:52 793600 ----a-w- c:\windows\system32\vmsal.exe
2011-03-01 11:42 . 2010-11-20 12:17 3330560 ----a-w- c:\windows\system32\vpc.exe
2011-03-01 11:42 . 2010-11-20 12:17 2171392 ----a-w- c:\windows\system32\VPCWizard.exe
2011-03-01 11:42 . 2010-11-20 12:17 1260032 ----a-w- c:\windows\system32\VPCSettings.exe
2011-03-01 11:42 . 2010-11-20 10:50 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2011-03-01 11:42 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-01 11:42 . 2010-11-20 12:21 2755072 ----a-w- c:\windows\system32\themeui.dll
2011-03-01 11:40 . 2010-11-20 12:21 560128 ----a-w- c:\windows\system32\wuapi.dll
2011-03-01 11:39 . 2010-11-20 12:07 2048 ----a-w- c:\windows\system32\tzres.dll
2011-03-01 11:39 . 2010-11-20 12:06 69120 ----a-w- c:\windows\system32\nlsbres.dll
2011-03-01 11:39 . 2010-11-20 12:05 35328 ----a-w- c:\windows\system32\pifmgr.dll
2011-03-01 11:39 . 2010-11-20 11:57 2560 ----a-w- c:\windows\system32\dpnaddr.dll
2011-03-01 11:39 . 2010-11-20 11:56 52736 ----a-w- c:\windows\system32\BlbEvents.dll
2011-03-01 11:39 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-01 11:39 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-03-01 11:39 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-03-01 11:39 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-03-01 11:38 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-03-01 11:38 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-03-01 11:38 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-01 11:38 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-03-01 11:37 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-03-01 11:33 . 2011-03-01 17:59 -------- d-----w- c:\program files\Safer Networking
2011-03-01 11:31 . 2011-03-01 11:31 -------- d-----w- c:\program files\Total Uninstall
2011-03-01 11:21 . 2011-03-01 17:58 -------- d-----w- c:\program files\SpyMe Tools
2011-03-01 10:23 . 2011-03-01 12:06 -------- d-----w- c:\users\Luccio\AppData\Local\VirtualStore
2011-03-01 00:27 . 2011-03-01 09:15 24448 ----a-w- c:\windows\system32\drivers\rkhdrv40.sys
2011-03-01 00:26 . 2011-03-01 09:15 -------- d-----w- C:\RkUnhooker
2011-03-01 00:24 . 2010-11-30 09:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73252D3F-92ED-47E5-A724-E16F9F47B72B}\gapaengine.dll
2011-02-28 23:20 . 2010-12-18 03:15 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-28 23:20 . 2010-12-18 03:19 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-28 22:26 . 2011-02-11 06:54 5943120 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{271EF60C-1F30-4BDA-9C60-391144539CF0}\mpengine.dll
2011-02-28 21:40 . 2010-12-17 07:07 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-02-28 21:40 . 2011-01-07 07:45 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-28 21:40 . 2011-01-07 05:43 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-28 21:40 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-02-28 21:40 . 2011-01-07 07:46 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-28 21:40 . 2011-01-07 07:46 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-28 21:40 . 2011-01-05 03:51 2330624 ----a-w- c:\windows\system32\win32k.sys
2011-02-28 21:40 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-28 21:40 . 2010-11-20 12:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-28 21:40 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll
2011-02-28 20:45 . 2011-02-28 20:45 -------- d-----w- c:\users\Luccio\DoctorWeb
2011-02-28 13:11 . 2011-03-01 00:16 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-28 00:27 . 2011-02-28 00:27 -------- d-----w- c:\programdata\PC Tools
2011-02-28 00:25 . 2011-02-28 00:25 -------- d-----w- c:\users\Luccio\AppData\Roaming\SUPERAntiSpyware.com
2011-02-28 00:25 . 2011-02-28 00:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-02-27 21:11 . 2011-02-27 21:11 -------- d-----w- c:\users\Luccio\Pavark
2011-02-07 22:26 . 2011-02-07 22:26 -------- d-----w- c:\users\Luccio\AppData\Roaming\DVDVideoSoftIEHelpers
2011-02-07 22:25 . 2011-02-07 22:26 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-02-07 22:25 . 2011-02-07 22:26 -------- d-----w- c:\program files\DVDVideoSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-01 11:56 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-01-29 18:04 . 2009-12-01 19:25 420920 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-01-11 18:33 . 2010-05-25 14:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-08 03:27 . 2011-01-26 00:43 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2011-01-26 00:43 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27 . 2011-01-26 00:43 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27 . 2011-01-26 00:43 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2011-01-26 00:43 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2011-01-26 00:43 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2011-01-26 00:43 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-08 03:27 . 2011-01-26 00:43 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2011-01-26 00:43 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2011-01-26 00:43 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-08 03:27 . 2009-12-02 16:45 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27 . 2009-06-10 21:19 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 20:06 . 2011-01-07 20:06 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-09-02 09:22 . 2010-09-02 09:23 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 12:20 442880 ----a-w- c:\windows\System32\ntshrui.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-02 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Google Update"="c:\users\Luccio\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-20 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-02 122880]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-02 30192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-06-24 2202704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

c:\users\Luccio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Wuala.lnk - c:\users\Luccio\AppData\Roaming\Wuala\Wuala.exe [2010-8-13 413376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"= "c:\progra~1\Greatis\REGRUN~1\RRShell.dll" [2009-04-06 335943]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2010-11-11 08:27 570688 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2010-06-24 08:27 2202704 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EVGAPrecision]
2008-10-27 16:28 44048 ----a-w- c:\program files\EVGA Precision\EVGAPrecisionWrapper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-20 14:16 133104 ----atw- c:\users\Luccio\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]
2008-02-01 14:11 1607168 ----a-w- c:\program files\HDD Health\hddhealth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-14 15:18 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-14 15:18 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 23:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2003-12-17 08:50 19968 ----a-w- c:\windows\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Backup Premium]
2009-05-12 15:31 165088 ----a-w- c:\program files\Memeo\AutoBackupPro\MemeoLauncher2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:11 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDisp]
2009-08-21 10:36 878080 ----a-w- c:\windows\System32\PrintDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-04-14 10:13 604704 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-12-02 00:09 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uranium]
2010-07-08 15:36 9046200 ----a-w- c:\program files\FreeSoft\Uranium\Uranium.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2010-11-11 12:47 129648 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe

R2 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 BootlogService;BootlogService;c:\program files\Greatis\RegRunSuite\BootLogService.exe [2011-01-17 65304]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 135664]
R2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 20992]
R2 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-11-20 164864]
R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-11-20 10240]
R3 adp94xx;adp94xx;c:\windows\system32\drivers\adp94xx.sys [2009-07-14 422976]
R3 adpahci;adpahci;c:\windows\system32\drivers\adpahci.sys [2009-07-14 297552]
R3 ALSysIO;ALSysIO;c:\users\Luccio\AppData\Local\Temp\ALSysIO.sys [x]
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-11-20 80256]
R3 amdsbs;amdsbs;c:\windows\system32\drivers\amdsbs.sys [2009-07-14 159312]
R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2010-11-20 50176]
R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 arcsas;arcsas;c:\windows\system32\drivers\arcsas.sys [2009-07-14 86608]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\drivers\bxvbdx.sys [2009-07-13 430080]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\drivers\BrFiltLo.sys [2009-07-13 13568]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\drivers\BrFiltUp.sys [2009-07-13 5248]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 circlass;Consumer IR Devices;c:\windows\system32\drivers\circlass.sys [2009-07-13 37888]
R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 E1G60;Intel® PRO/1000 NDIS 6 Adapter Driver;c:\windows\system32\DRIVERS\E1G60I32.sys [2009-07-13 118784]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\drivers\evbdx.sys [2009-07-13 3100160]
R3 elxstor;elxstor;c:\windows\system32\drivers\elxstor.sys [2009-07-14 453712]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]
R3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [2009-07-14 67152]
R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-11-20 332160]
R3 ioatdma;Intel® QuickData Technology device;c:\windows\System32\Drivers\qd26032.sys [2008-01-18 37504]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd16032.sys [2008-01-18 36480]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-11-20 65536]
R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-11-20 233344]
R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [2009-08-04 106512]
R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 LSI_FC;LSI_FC;c:\windows\system32\drivers\lsi_fc.sys [2009-07-14 95824]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\drivers\lsi_sas.sys [2009-07-14 89168]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\drivers\lsi_sas2.sys [2009-07-14 54864]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\drivers\lsi_scsi.sys [2009-07-14 96848]
R3 megasas;megasas;c:\windows\system32\drivers\megasas.sys [2009-07-14 30800]
R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-11-20 130432]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416]
R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-11-20 28032]
R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-11-20 116096]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096]
R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\drivers\MTConfig.sys [2009-07-13 12288]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136]
R3 nfrd960;nfrd960;c:\windows\system32\drivers\nfrd960.sys [2009-07-14 44624]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-11-20 143744]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2009-07-26 47448]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2009-07-26 44064]
R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 ql2300;ql2300;c:\windows\system32\drivers\ql2300.sys [2009-07-14 1383488]
R3 ql40xx;ql40xx;c:\windows\system32\drivers\ql40xx.sys [2009-07-14 106064]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2011-03-01 24416]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-06-30 49152]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400]
R3 rkhdrv40;Rootkit Unhooker Driver; [x]
R3 roeal;roeal;c:\windows\system32\drivers\roeal.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-22 174592]
R3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [2005-05-25 4608]
R3 s3cap;s3cap;c:\windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [2010-11-20 26624]
R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\drivers\sisraid4.sys [2009-07-14 77888]
R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168]
R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 stexstor;stexstor;c:\windows\system32\drivers\stexstor.sys [2009-07-14 21072]
R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2010-11-20 28032]
R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-11-20 31232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 35840]
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424]
R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016]
R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 22528]
R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\drivers\viac7.sys [2009-07-13 52736]
R3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys [2009-10-21 70704]
R3 VMBusHID;VMBusHID;c:\windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys [2009-10-21 11440]
R3 vsmraid;vsmraid;c:\windows\system32\drivers\vsmraid.sys [2009-07-14 141904]
R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [2009-07-13 19968]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2009-07-13 21632]
R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2010-11-20 1203200]
R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Wd;Wd;c:\windows\system32\drivers\wd.sys [2009-07-14 19024]
R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008]
R3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]
R4 ActiveSMART Service;ActiveSMART Service;c:\program files\ActiveSMART 2.8\ASmartService.exe [2009-09-04 586008]
R4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-06-23 322608]
R4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2009-05-12 25824]
R4 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 20992]
R4 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 20992]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2011-01-29 420920]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-11-20 22400]
S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448]
S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [2010-11-20 194800]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-11-20 14208]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200]
S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2011-03-01 35816]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
S0 spldr;Security Processor Loader Driver; [x]
S0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\system32\drivers\vmstorfl.sys [2010-11-20 40704]
S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832]
S0 vmbus;Virtual Machine Bus;c:\windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-11-20 53120]
S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328]
S1 CSC;Offline Files Driver;c:\windows\system32\drivers\csc.sys [2010-11-20 388096]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-11-20 78336]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
S1 MpKslfe860be2;MpKslfe860be2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1331E5CA-09B7-4A88-BEBF-B70C2DA11F1F}\MpKslfe860be2.sys [2011-03-01 28752]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2010-11-20 74752]
S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2010-11-20 63488]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728]
S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 CscService;Offline Files;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-06-24 136120]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-06-24 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-04-28 41312]
S2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-02 30192]
S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128]
S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528]
S2 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752]
S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2009-06-16 77824]
S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-11-20 3179520]
S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-11-20 35328]
S2 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 204800]
S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-11-11 70768]
S2 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 wDokan;wDokan;c:\windows\system32\drivers\wdokan.sys [2010-08-11 72568]
S2 wDokanMounter;wDokanMounter;c:\program files\Wuala Dokan\mounter.exe [2010-08-11 11776]
S2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632]
S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys [2010-11-20 31232]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-11-20 728448]
S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 22528]
S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552]
S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-11-20 223232]
S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-11-20 96768]
S3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264]
S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [2010-11-20 309248]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-11-20 114176]
S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-11-20 108544]
S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-11-20 39936]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
AxInstSVGroup REG_MULTI_SZ AxInstSV
secsvcs REG_MULTI_SZ WinDefend
PeerDist REG_MULTI_SZ PeerDistSvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
winmgmt
browser
Themes
BDESVC
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider

.
Contenuto della cartella 'Scheduled Tasks'

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 01:00]

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 01:00]

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-640380853-2296626815-1824116668-1005Core.job
- c:\users\Luccio\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-02 14:16]

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-640380853-2296626815-1824116668-1005UA.job
- c:\users\Luccio\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-02 14:16]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Luccio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: {AA000B2C-524B-4C44-9668-4F29B0C8D882} = 10.0.0.3
FF - ProfilePath - c:\users\Luccio\AppData\Roaming\Mozilla\Firefox\Profiles\slp48dao.default\
FF - prefs.js: browser.startup.homepage - www.google.it
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-01 19:38
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-01 19:38
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-01 19:38
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-01 19:38
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-01 19:38
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-01 19:38
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-01 19:38
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-01 19:39
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-01 19:39
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-01 19:39
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-01 19:39
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(4508)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Greatis\RegRunSuite\watchdog.exe
c:\program files\UnHackMe\hackmon.exe
c:\windows\system32\conhost.exe
c:\users\Luccio\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Ora fine scansione: 2011-03-01 19:45:25 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-03-01 18:45
ComboFix2.txt 2011-03-01 01:06

Pre-Run: 142.522.085.376 bytes free
Post-Run: 142.383.857.664 bytes free

- - End Of File - - F460D1362721D43365710431AE1AC235


Thank you very much for yours help !!

Edited by koliploik, 02 March 2011 - 07:16 AM.


BC AdBot (Login to Remove)

 


m

#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:16 PM

Posted 10 March 2011 - 04:48 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



Thanks and again sorry for the delay.

Best Regards,
oneof4.


#3 koliploik

koliploik
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 13 March 2011 - 11:29 AM

Hi,
thanks for the reply
unfortunately I haven't resolved the problem...
but in this moment i'm out for work untill
the 15 of this mounth... (i'll be back in 4 days)
as soon as I will be back to home I will post the log
of DDS and the log of GMER... as you described in the reply !!!
thanks again for the replay and sorry for my bad english !
Best regards
Thanks
Lucio

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 PM

Posted 16 March 2011 - 11:24 AM

Hello

My name is gringo and I will be Helping you from this point forward

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes unless I tell you so.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

If you have not done so please Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Here is the first thing I would like you to do.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 koliploik

koliploik
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 16 March 2011 - 08:00 PM

Hi Gringo
Sorry I didn't read the last post from you...
so I've executed the istruction given by oneof4
as soon as I will do also the new istruction that you give me
Thanks
----------------------------------------- modified
Hi,
I'm arrived at home...
I have followed the steps that you told me!
and here I have copy the logs.
I have the original Windows DVD.
and I also attach old logs with other programs...
Thanks you so much.

old logs --- > http://wikisend.com/download/431442/log koliploik.zip

New Logs:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Luccio at 10:05:23,99 on 16/03/2011
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Extreme Edition R1 6.1.7601.1.1252.39.1033.18.3070.1022 [GMT 1:00]

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\PrintCtrl.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Wuala Dokan\mounter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Luccio\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Luccio\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {69D72956-317C-44bd-B369-8E44D4EF9801} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\luccio\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [InstallShieldSetup] c:\progra~1\instal~1\{0db87~1\setup.exe -rebootc:\progra~1\instal~1\{0db87~1\reboot.ini -l0x0410
StartupFolder: c:\users\luccio\appdata\roaming\micros~1\windows\startm~1\programs\startup\wuala.lnk - c:\users\luccio\appdata\roaming\wuala\Wuala.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: E&sporta in Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\luccio\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mife82~1\office12\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {AA000B2C-524B-4C44-9668-4F29B0C8D882} = 10.0.0.3
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~3\googledesktopnetwork3.dll c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\luccio\appdata\roaming\mozilla\firefox\profiles\slp48dao.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\users\luccio\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\luccio\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\luccio\appdata\roaming\facebook\npfbplugin_1_0_3.dll

============= SERVICES / DRIVERS ===============

R2 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-2-17 30192]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2010-1-27 77824]
R2 wDokan;wDokan;c:\windows\system32\drivers\wdokan.sys [2010-8-11 72568]
R2 wDokanMounter;wDokanMounter;c:\program files\wuala dokan\mounter.exe [2010-8-11 11776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Servizio di Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 22528]
S3 ioatdma;Intel® QuickData Technology device;c:\windows\system32\drivers\qd26032.sys [2009-10-23 37504]
S3 ioatdma1;ioatdma1;c:\windows\system32\drivers\qd16032.sys [2009-10-23 36480]
S3 iSSetup;iSSetup;c:\windows\system32\drivers\iSSetup.sys [2009-10-23 106512]
S3 Normandy;Normandy SR2;c:\windows\system32\drivers\Normandy.sys [2011-3-2 34560]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-10-23 47448]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-10-23 44064]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-1 15872]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-10-23 47104]
S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2009-10-23 49152]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-10-23 38400]
S3 rkhdrv40;Rootkit Unhooker Driver;c:\windows\system32\drivers\rkhdrv40.sys [2011-3-2 24448]
S3 rootepeal;rootepeal;c:\windows\system32\drivers\rootepeal.sys [2011-3-2 34816]
S3 rootrel;rootrel;c:\windows\system32\drivers\rootrel.sys [2011-3-2 34816]
S3 rootrepe;rootrepe;c:\windows\system32\drivers\rootrepe.sys [2011-3-2 34816]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-23 174592]
S3 RTCore32;RTCore32;c:\program files\evga precision\RTCore32.sys [2005-5-25 4608]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-1 52224]
S3 vm3dmp;vm3dmp;c:\windows\system32\drivers\vm3dmp.sys [2009-11-8 70704]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2009-11-8 11440]
S4 ActiveSMART Service;ActiveSMART Service;c:\program files\activesmart 2.8\ASmartService.exe [2010-12-21 586008]
S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackuppro\MemeoBackgroundService.exe [2009-5-12 25824]
S4 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2009-12-17 185640]
S4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-11-11 539248]

=============== Created Last 30 ================

2011-03-16 08:44:28 19968 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\cl31cpc.dll
2011-03-16 08:39:17 49152 ----a-w- c:\windows\system32\drivers\DgiVecp.sys
2011-03-16 08:39:12 -------- d-----w- c:\program files\Samsung
2011-03-02 01:49:24 24448 ----a-w- c:\windows\system32\drivers\rkhdrv40.sys
2011-03-02 01:49:16 -------- d-----w- C:\RkUnhooker
2011-03-02 00:46:04 34816 ----a-w- c:\windows\system32\drivers\rootrepe.sys
2011-03-02 00:35:50 160128 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2011-03-02 00:10:36 34816 ----a-w- c:\windows\system32\drivers\rootepeal.sys
2011-03-02 00:09:06 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2011-03-02 00:03:51 34816 ----a-w- c:\windows\system32\drivers\rootrel.sys
2011-03-01 18:38:52 -------- d-----w- C:\$RECYCLE.BIN
2011-03-01 15:54:13 -------- d-----w- c:\windows\RestoreSafeDeleted
2011-03-01 13:47:32 -------- d-----w- c:\program files\Greatis
2011-03-01 11:57:17 2 --shatr- c:\windows\winstart.bat
2011-03-01 11:57:04 -------- d-----w- c:\program files\UnHackMe
2011-03-01 11:47:19 -------- d-----w- c:\windows\system32\SPReview
2011-03-01 11:46:15 -------- d-----w- c:\windows\system32\EventProviders
2011-03-01 11:42:06 793600 ----a-w- c:\windows\system32\vmsal.exe
2011-03-01 11:42:06 1003008 ----a-w- c:\windows\system32\VMWindow.exe
2011-03-01 11:42:05 3330560 ----a-w- c:\windows\system32\vpc.exe
2011-03-01 11:42:04 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2011-03-01 11:42:04 2171392 ----a-w- c:\windows\system32\VPCWizard.exe
2011-03-01 11:42:04 1260032 ----a-w- c:\windows\system32\VPCSettings.exe
2011-03-01 11:42:04 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-01 11:42:00 2755072 ----a-w- c:\windows\system32\themeui.dll
2011-03-01 11:40:59 907776 ----a-w- c:\windows\system32\sdengin2.dll
2011-03-01 11:39:59 69120 ----a-w- c:\windows\system32\nlsbres.dll
2011-03-01 11:39:59 52736 ----a-w- c:\windows\system32\BlbEvents.dll
2011-03-01 11:39:59 35328 ----a-w- c:\windows\system32\pifmgr.dll
2011-03-01 11:39:59 2560 ----a-w- c:\windows\system32\dpnaddr.dll
2011-03-01 11:39:59 2048 ----a-w- c:\windows\system32\tzres.dll
2011-03-01 11:39:07 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-03-01 11:39:07 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-03-01 11:39:07 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-03-01 11:39:07 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-01 11:38:50 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-03-01 11:38:36 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-01 11:38:36 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-03-01 11:38:01 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-03-01 11:37:59 257024 ----a-w- c:\windows\system32\dpx.dll
2011-03-01 11:31:17 -------- d-----w- c:\program files\Total Uninstall
2011-03-01 11:21:38 -------- d-----w- c:\program files\SpyMe Tools
2011-03-01 10:23:54 -------- d-----w- c:\users\luccio\appdata\local\VirtualStore
2011-02-28 23:20:55 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-28 23:20:54 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-28 22:26:13 5943120 ------w- c:\progra~2\microsoft\windows defender\definition updates\{271ef60c-1f30-4bda-9c60-391144539cf0}\mpengine.dll
2011-02-28 22:24:52 5943120 ------w- c:\progra~2\microsoft\windows defender\definition updates\updates\mpengine.dll
2011-02-28 21:51:50 98816 ----a-w- c:\windows\sed.exe
2011-02-28 21:51:50 89088 ----a-w- c:\windows\MBR.exe
2011-02-28 21:51:50 256512 ----a-w- c:\windows\PEV.exe
2011-02-28 21:51:50 161792 ----a-w- c:\windows\SWREG.exe
2011-02-28 21:40:30 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-02-28 21:40:29 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-02-28 21:40:29 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-28 21:40:29 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-28 21:40:25 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-28 21:40:25 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-28 21:40:18 2330624 ----a-w- c:\windows\system32\win32k.sys
2011-02-28 21:40:17 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-28 21:40:17 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-28 21:40:17 107520 ----a-w- c:\windows\system32\cdd.dll
2011-02-28 20:45:15 -------- d-----w- c:\users\luccio\DoctorWeb
2011-02-28 00:27:27 -------- d-----w- c:\progra~2\PC Tools
2011-02-28 00:25:18 -------- d-----w- c:\users\luccio\appdata\roaming\SUPERAntiSpyware.com
2011-02-28 00:25:18 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-02-27 21:11:44 -------- d-----w- c:\users\luccio\Pavark

==================== Find3M ====================

2011-03-01 11:56:53 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-26 01:02:47 1744464 ----a-w- c:\windows\system32\Nlscache.dll
2011-01-08 03:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27:00 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27:00 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27:00 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27:00 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-08 03:27:00 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27:00 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-07 20:06:28 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06:22 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 20:06:14 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 20:06:08 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 20:06:08 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 20:06:08 111208 ----a-w- c:\windows\system32\nvmctray.dll

============= FINISH: 10:05:49,38 ===============

-------------------------------------------------------------------------------------------------------------------


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-17 01:26:43
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000073 ST310005 rev.CC37
Running: gm.exe; Driver: C:\Users\Luccio\AppData\Local\Temp\pxrdafoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 8245A339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82493D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Users\Luccio\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1604] kernel32.dll!CreateThread 754C375D 5 Bytes JMP 65BB476C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!CallNextHookEx 765CABE1 5 Bytes JMP 65BE57ED C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!UnhookWindowsHookEx 765CADF9 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!UnhookWindowsHookEx 765CADF9 5 Bytes JMP 65B4035D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!DefWindowProcA 765CBB1C 7 Bytes JMP 65BBE206 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!CreateWindowExA 765CBF40 5 Bytes JMP 65B8F1B3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!SetWindowsHookExW 765CE30C 5 Bytes JMP 65B8FC44 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!CreateWindowExW 765CEC7C 5 Bytes JMP 65BD44B1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!DefWindowProcW 765D507D 7 Bytes JMP 65BDFC21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!DialogBoxParamW 765E3B9B 5 Bytes JMP 65BD9DCC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!DialogBoxIndirectParamW 765F3B7F 5 Bytes JMP 65CE2DB9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!DialogBoxParamA 7660CF42 5 Bytes JMP 65CE2D56 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!DialogBoxIndirectParamA 7660D274 5 Bytes JMP 65CE2E1C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!MessageBoxIndirectA 7661E869 5 Bytes JMP 65CE2CEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!MessageBoxIndirectW 7661E963 5 Bytes JMP 65CE2C80 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!MessageBoxExA 7661E9C9 5 Bytes JMP 65CE2C1E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1604] USER32.dll!MessageBoxExW 7661E9ED 5 Bytes JMP 65CE2BBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1604] ole32.dll!OleLoadFromStream 76E26143 5 Bytes JMP 65CE2FF2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1604] ole32.dll!CoCreateInstance 76E69D0B 5 Bytes JMP 65BBD438 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2816] USER32.dll!DialogBoxParamW 765E3B9B 5 Bytes JMP 65BD9DCC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2816] USER32.dll!DialogBoxIndirectParamW 765F3B7F 5 Bytes JMP 65CE2DB9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2816] USER32.dll!DialogBoxParamA 7660CF42 5 Bytes JMP 65CE2D56 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2816] USER32.dll!DialogBoxIndirectParamA 7660D274 5 Bytes JMP 65CE2E1C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2816] USER32.dll!MessageBoxIndirectA 7661E869 5 Bytes JMP 65CE2CEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2816] USER32.dll!MessageBoxIndirectW 7661E963 5 Bytes JMP 65CE2C80 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2816] USER32.dll!MessageBoxExA 7661E9C9 5 Bytes JMP 65CE2C1E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2816] USER32.dll!MessageBoxExW 7661E9ED 5 Bytes JMP 65CE2BBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe[3460] ntdll.dll!LdrLoadDll 76FE22B8 5 Bytes JMP 00E41410 C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe[4612] USER32.dll!SetWindowLongA 765C8BA3 5 Bytes JMP 595C8A3E C:\Program Files\Mozilla Firefox 4.0 Beta 8\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe[4612] USER32.dll!SetWindowLongW 765D4449 5 Bytes JMP 595C89D0 C:\Program Files\Mozilla Firefox 4.0 Beta 8\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe[4612] USER32.dll!GetWindowInfo 765D4B5E 5 Bytes JMP 593F2D69 C:\Program Files\Mozilla Firefox 4.0 Beta 8\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe[4612] USER32.dll!TrackPopupMenu 765E2228 5 Bytes JMP 593F3375 C:\Program Files\Mozilla Firefox 4.0 Beta 8\xul.dll (Mozilla Foundation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] kernel32.dll!CreateThread 754C375D 5 Bytes JMP 65BB476C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!CallNextHookEx 765CABE1 5 Bytes JMP 65BE57ED C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!UnhookWindowsHookEx 765CADF9 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!UnhookWindowsHookEx 765CADF9 5 Bytes JMP 65B4035D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!DefWindowProcA 765CBB1C 7 Bytes JMP 65BBE206 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!CreateWindowExA 765CBF40 5 Bytes JMP 65B8F1B3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!SetWindowsHookExW 765CE30C 5 Bytes JMP 65B8FC44 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!CreateWindowExW 765CEC7C 5 Bytes JMP 65BD44B1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!DefWindowProcW 765D507D 7 Bytes JMP 65BDFC21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!DialogBoxParamW 765E3B9B 5 Bytes JMP 65BD9DCC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!DialogBoxIndirectParamW 765F3B7F 5 Bytes JMP 65CE2DB9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!DialogBoxParamA 7660CF42 5 Bytes JMP 65CE2D56 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!DialogBoxIndirectParamA 7660D274 5 Bytes JMP 65CE2E1C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!MessageBoxIndirectA 7661E869 5 Bytes JMP 65CE2CEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!MessageBoxIndirectW 7661E963 5 Bytes JMP 65CE2C80 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!MessageBoxExA 7661E9C9 5 Bytes JMP 65CE2C1E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!MessageBoxExW 7661E9ED 5 Bytes JMP 65CE2BBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] ole32.dll!OleLoadFromStream 76E26143 5 Bytes JMP 65CE2FF2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] ole32.dll!CoCreateInstance 76E69D0B 5 Bytes JMP 65BBD438 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5068] USER32.dll!DialogBoxParamW 765E3B9B 5 Bytes JMP 65BD9DCC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5068] USER32.dll!DialogBoxIndirectParamW 765F3B7F 5 Bytes JMP 65CE2DB9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5068] USER32.dll!DialogBoxParamA 7660CF42 5 Bytes JMP 65CE2D56 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5068] USER32.dll!DialogBoxIndirectParamA 7660D274 5 Bytes JMP 65CE2E1C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5068] USER32.dll!MessageBoxIndirectA 7661E869 5 Bytes JMP 65CE2CEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5068] USER32.dll!MessageBoxIndirectW 7661E963 5 Bytes JMP 65CE2C80 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5068] USER32.dll!MessageBoxExA 7661E9C9 5 Bytes JMP 65CE2C1E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5068] USER32.dll!MessageBoxExW 7661E9ED 5 Bytes JMP 65CE2BBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\usbhub \Device\00000077 hcmon.sys
Device \Driver\ACPI_HAL \Device\0000005e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-1 hcmon.sys

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\003091400014
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\003091400014@0017e3c7ff94 0x09 0x7B 0x5F 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\003091400014@a87e336a64f0 0xA4 0x52 0x11 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\003091400014@0024042d3c32 0x84 0xE4 0xDE 0xBB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\003091400014@0015def0808f 0x5D 0x0A 0x5B 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB5 0x54 0x16 0x61 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xED 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7B 0xF7 0x2E 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBE 0xDA 0x18 0xB2 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\003091400014 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\003091400014@0017e3c7ff94 0x09 0x7B 0x5F 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\003091400014@a87e336a64f0 0xA4 0x52 0x11 0x05 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\003091400014@0024042d3c32 0x84 0xE4 0xDE 0xBB ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\003091400014@0015def0808f 0x5D 0x0A 0x5B 0x5C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB5 0x54 0x16 0x61 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xED 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7B 0xF7 0x2E 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBE 0xDA 0x18 0xB2 ...

----------------------------------------------------------------------------------------------------------

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:00 on 16/03/2011 (Luccio)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-

----------------------------------------------------------

Thank you very much for your help.

Edited by koliploik, 16 March 2011 - 08:08 PM.


#6 koliploik

koliploik
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 16 March 2011 - 09:57 PM

Hi,
I've done the new istruction that you give me!
this is the problem that actually I have:
1) when I connect a usb pen or a new hardware o just when I disable or enable the network adaptor
the screen become black for a few seconds... maybe 2-3 seconds...
2) Internet connection after a scan with combofix stop working (i've attached screen of what happen)
(I've resolved this problem by modifing the settings of TCP/ipv4 protocol by insert the gateway)
3) during and after the scan with combofix the sidebar crash and appear a lot of icons on the application bar
(i've attached the image of the problem)
4) the network card continue to receive data as you can see in the screen...
5) after that i've opened the exe in the hard disk C there is lot of new folder that I have never seen and also the pc
is so much slow than before.. ( it is changed also lot of settings like the viewing of file extension and also search box
in the task bar of google desktop has disappeared)

If you want I have a copy of the file that infected my computer and I can give you the download link if this can help...

here is the download link of the screen that I have done: http://wikisend.com/download/455262/screen of errors.rar

and here is the log of combofix:

ComboFix 11-03-16.01 - Luccio 17/03/2011 3:05.6.1 - x86
Microsoft Windows 7 Extreme Edition R1 6.1.7601.1.1252.39.1033.18.3070.1639 [GMT 1:00]
Eseguito da: c:\users\Luccio\Desktop\CoFx.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_wercplsupport
.
.
((((((((((((((((((((((((( Files Creati Da 2011-02-17 al 2011-03-17 )))))))))))))))))))))))))))))))))))
.
.
2011-03-17 02:14 . 2011-03-17 02:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-03-17 02:14 . 2011-03-17 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-17 02:14 . 2011-03-17 02:14 -------- d-----w- c:\users\BIRUNG~1\AppData\Local\temp
2011-03-17 02:14 . 2011-03-17 02:14 -------- d-----w- c:\users\Lux's\AppData\Local\temp
2011-03-16 08:44 . 2008-09-08 09:19 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\cl31cpc.dll
2011-03-16 08:39 . 2004-10-18 14:02 49152 ----a-w- c:\windows\system32\drivers\DgiVecp.sys
2011-03-16 08:39 . 2011-03-16 08:39 -------- d-----w- c:\program files\Samsung
2011-03-16 08:35 . 2011-03-16 08:35 -------- d-----w- c:\program files\Common Files\Java
2011-03-02 01:49 . 2011-03-03 08:34 24448 ----a-w- c:\windows\system32\drivers\rkhdrv40.sys
2011-03-02 01:49 . 2011-03-02 01:49 -------- d-----w- C:\RkUnhooker
2011-03-02 00:46 . 2011-03-02 00:47 34816 ----a-w- c:\windows\system32\drivers\rootrepe.sys
2011-03-02 00:35 . 2010-11-20 12:30 160128 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2011-03-02 00:10 . 2011-03-02 00:10 34816 ----a-w- c:\windows\system32\drivers\rootepeal.sys
2011-03-02 00:09 . 2011-03-02 00:47 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2011-03-02 00:03 . 2011-03-02 00:09 34816 ----a-w- c:\windows\system32\drivers\rootrel.sys
2011-03-01 15:54 . 2011-03-01 15:54 -------- d-----w- c:\windows\RestoreSafeDeleted
2011-03-01 13:47 . 2011-03-01 13:47 -------- d-----w- c:\program files\Greatis
2011-03-01 11:57 . 2011-03-01 13:48 2 --shatr- c:\windows\winstart.bat
2011-03-01 11:57 . 2011-03-01 23:52 -------- d-----w- c:\program files\UnHackMe
2011-03-01 11:47 . 2011-03-01 11:47 -------- d-----w- c:\windows\system32\SPReview
2011-03-01 11:46 . 2011-03-01 11:46 -------- d-----w- c:\windows\system32\EventProviders
2011-03-01 11:42 . 2010-11-20 10:52 1003008 ----a-w- c:\windows\system32\VMWindow.exe
2011-03-01 11:42 . 2010-11-20 10:52 793600 ----a-w- c:\windows\system32\vmsal.exe
2011-03-01 11:42 . 2010-11-20 12:17 3330560 ----a-w- c:\windows\system32\vpc.exe
2011-03-01 11:42 . 2010-11-20 12:17 2171392 ----a-w- c:\windows\system32\VPCWizard.exe
2011-03-01 11:42 . 2010-11-20 12:17 1260032 ----a-w- c:\windows\system32\VPCSettings.exe
2011-03-01 11:42 . 2010-11-20 10:50 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2011-03-01 11:42 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-01 11:42 . 2010-11-20 12:21 2755072 ----a-w- c:\windows\system32\themeui.dll
2011-03-01 11:40 . 2010-11-20 12:21 560128 ----a-w- c:\windows\system32\wuapi.dll
2011-03-01 11:39 . 2010-11-20 12:07 2048 ----a-w- c:\windows\system32\tzres.dll
2011-03-01 11:39 . 2010-11-20 12:06 69120 ----a-w- c:\windows\system32\nlsbres.dll
2011-03-01 11:39 . 2010-11-20 12:05 35328 ----a-w- c:\windows\system32\pifmgr.dll
2011-03-01 11:39 . 2010-11-20 11:57 2560 ----a-w- c:\windows\system32\dpnaddr.dll
2011-03-01 11:39 . 2010-11-20 11:56 52736 ----a-w- c:\windows\system32\BlbEvents.dll
2011-03-01 11:39 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-01 11:39 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-03-01 11:39 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-03-01 11:39 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-03-01 11:38 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-03-01 11:38 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-03-01 11:38 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-01 11:38 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-03-01 11:37 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-03-01 11:31 . 2011-03-01 11:31 -------- d-----w- c:\program files\Total Uninstall
2011-03-01 11:21 . 2011-03-01 17:58 -------- d-----w- c:\program files\SpyMe Tools
2011-03-01 10:23 . 2011-03-01 12:06 -------- d-----w- c:\users\Luccio\AppData\Local\VirtualStore
2011-02-28 23:20 . 2010-12-18 03:15 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-28 23:20 . 2010-12-18 03:19 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-28 22:26 . 2011-02-11 06:54 5943120 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{271EF60C-1F30-4BDA-9C60-391144539CF0}\mpengine.dll
2011-02-28 21:40 . 2010-12-17 07:07 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-02-28 21:40 . 2011-01-07 07:45 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-28 21:40 . 2011-01-07 05:43 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-28 21:40 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-02-28 21:40 . 2011-01-07 07:46 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-28 21:40 . 2011-01-07 07:46 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-28 21:40 . 2011-01-05 03:51 2330624 ----a-w- c:\windows\system32\win32k.sys
2011-02-28 21:40 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-28 21:40 . 2010-11-20 12:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-28 21:40 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll
2011-02-28 20:45 . 2011-02-28 20:45 -------- d-----w- c:\users\Luccio\DoctorWeb
2011-02-28 00:27 . 2011-02-28 00:27 -------- d-----w- c:\programdata\PC Tools
2011-02-28 00:25 . 2011-02-28 00:25 -------- d-----w- c:\users\Luccio\AppData\Roaming\SUPERAntiSpyware.com
2011-02-28 00:25 . 2011-02-28 00:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-02-27 21:11 . 2011-02-27 21:11 -------- d-----w- c:\users\Luccio\Pavark
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-01 11:56 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-02 20:40 . 2010-05-25 14:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-29 18:04 . 2009-12-01 19:25 420920 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-01-08 03:27 . 2011-01-26 00:43 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2011-01-26 00:43 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27 . 2011-01-26 00:43 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27 . 2011-01-26 00:43 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2011-01-26 00:43 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2011-01-26 00:43 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2011-01-26 00:43 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-08 03:27 . 2011-01-26 00:43 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2011-01-26 00:43 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2011-01-26 00:43 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-08 03:27 . 2009-12-02 16:45 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27 . 2009-06-10 21:19 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 20:06 . 2011-01-07 20:06 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2010-09-02 09:22 . 2010-09-02 09:23 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 12:20 442880 ----a-w- c:\windows\System32\ntshrui.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-02 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Google Update"="c:\users\Luccio\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-20 133104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-02 122880]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-02 30192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\Luccio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Wuala.lnk - c:\users\Luccio\AppData\Roaming\Wuala\Wuala.exe [2010-8-13 413376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootepeal.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrel.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepe.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2010-11-11 08:27 570688 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EVGAPrecision]
2008-10-27 16:28 44048 ----a-w- c:\program files\EVGA Precision\EVGAPrecisionWrapper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-20 14:16 133104 ----atw- c:\users\Luccio\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]
2008-02-01 14:11 1607168 ----a-w- c:\program files\HDD Health\hddhealth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-14 15:18 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-14 15:18 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 23:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2003-12-17 08:50 19968 ----a-w- c:\windows\LOGI_MWX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Backup Premium]
2009-05-12 15:31 165088 ----a-w- c:\program files\Memeo\AutoBackupPro\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:11 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDisp]
2009-08-21 10:36 878080 ----a-w- c:\windows\System32\PrintDisp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-04-14 10:13 604704 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-12-02 00:09 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uranium]
2010-07-08 15:36 9046200 ----a-w- c:\program files\FreeSoft\Uranium\Uranium.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2010-11-11 12:47 129648 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe
.
R2 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 135664]
R2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 20992]
R2 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-11-20 164864]
R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-11-20 10240]
R3 adp94xx;adp94xx;c:\windows\system32\drivers\adp94xx.sys [2009-07-14 422976]
R3 adpahci;adpahci;c:\windows\system32\drivers\adpahci.sys [2009-07-14 297552]
R3 ALSysIO;ALSysIO;c:\users\Luccio\AppData\Local\Temp\ALSysIO.sys [x]
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-11-20 80256]
R3 amdsbs;amdsbs;c:\windows\system32\drivers\amdsbs.sys [2009-07-14 159312]
R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2010-11-20 50176]
R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 arcsas;arcsas;c:\windows\system32\drivers\arcsas.sys [2009-07-14 86608]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\drivers\bxvbdx.sys [2009-07-13 430080]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\drivers\BrFiltLo.sys [2009-07-13 13568]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\drivers\BrFiltUp.sys [2009-07-13 5248]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 circlass;Consumer IR Devices;c:\windows\system32\drivers\circlass.sys [2009-07-13 37888]
R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 E1G60;Intel® PRO/1000 NDIS 6 Adapter Driver;c:\windows\system32\DRIVERS\E1G60I32.sys [2009-07-13 118784]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\drivers\evbdx.sys [2009-07-13 3100160]
R3 elxstor;elxstor;c:\windows\system32\drivers\elxstor.sys [2009-07-14 453712]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]
R3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [2009-07-14 67152]
R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-11-20 332160]
R3 ioatdma;Intel® QuickData Technology device;c:\windows\System32\Drivers\qd26032.sys [2008-01-18 37504]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd16032.sys [2008-01-18 36480]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-11-20 65536]
R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-11-20 233344]
R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [2009-08-04 106512]
R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 LSI_FC;LSI_FC;c:\windows\system32\drivers\lsi_fc.sys [2009-07-14 95824]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\drivers\lsi_sas.sys [2009-07-14 89168]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\drivers\lsi_sas2.sys [2009-07-14 54864]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\drivers\lsi_scsi.sys [2009-07-14 96848]
R3 megasas;megasas;c:\windows\system32\drivers\megasas.sys [2009-07-14 30800]
R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-11-20 130432]
R3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416]
R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-11-20 28032]
R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-11-20 116096]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096]
R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\drivers\MTConfig.sys [2009-07-13 12288]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136]
R3 nfrd960;nfrd960;c:\windows\system32\drivers\nfrd960.sys [2009-07-14 44624]
R3 Normandy;Normandy SR2; [x]
R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-11-20 143744]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2009-07-26 47448]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2009-07-26 44064]
R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 ql2300;ql2300;c:\windows\system32\drivers\ql2300.sys [2009-07-14 1383488]
R3 ql40xx;ql40xx;c:\windows\system32\drivers\ql40xx.sys [2009-07-14 106064]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-06-30 49152]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400]
R3 rkhdrv40;Rootkit Unhooker Driver; [x]
R3 roeal;roeal;c:\windows\system32\drivers\roeal.sys [x]
R3 rootepeal;rootepeal;c:\windows\system32\drivers\rootepeal.sys [2011-03-02 34816]
R3 rootrel;rootrel;c:\windows\system32\drivers\rootrel.sys [2011-03-02 34816]
R3 rootrepe;rootrepe;c:\windows\system32\drivers\rootrepe.sys [2011-03-02 34816]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-22 174592]
R3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [2005-05-25 4608]
R3 s3cap;s3cap;c:\windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [2010-11-20 26624]
R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\drivers\sisraid4.sys [2009-07-14 77888]
R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168]
R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 stexstor;stexstor;c:\windows\system32\drivers\stexstor.sys [2009-07-14 21072]
R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2010-11-20 28032]
R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-11-20 31232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 35840]
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424]
R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016]
R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 22528]
R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\drivers\viac7.sys [2009-07-13 52736]
R3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys [2009-10-21 70704]
R3 VMBusHID;VMBusHID;c:\windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys [2009-10-21 11440]
R3 vsmraid;vsmraid;c:\windows\system32\drivers\vsmraid.sys [2009-07-14 141904]
R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [2009-07-13 19968]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2009-07-13 21632]
R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2010-11-20 1203200]
R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Wd;Wd;c:\windows\system32\drivers\wd.sys [2009-07-14 19024]
R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]
R4 ActiveSMART Service;ActiveSMART Service;c:\program files\ActiveSMART 2.8\ASmartService.exe [2009-09-04 586008]
R4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-06-23 322608]
R4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2009-05-12 25824]
R4 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 20992]
R4 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 20992]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2011-01-29 420920]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-11-20 22400]
S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448]
S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [2010-11-20 194800]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-11-20 14208]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200]
S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
S0 spldr;Security Processor Loader Driver; [x]
S0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\system32\drivers\vmstorfl.sys [2010-11-20 40704]
S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832]
S0 vmbus;Virtual Machine Bus;c:\windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-11-20 53120]
S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328]
S1 CSC;Offline Files Driver;c:\windows\system32\drivers\csc.sys [2010-11-20 388096]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-11-20 78336]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2010-11-20 74752]
S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2010-11-20 63488]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728]
S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 CscService;Offline Files;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-02 30192]
S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128]
S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528]
S2 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752]
S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2009-06-16 77824]
S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-11-20 3179520]
S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-11-20 35328]
S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-11-11 70768]
S2 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 wDokan;wDokan;c:\windows\system32\drivers\wdokan.sys [2010-08-11 72568]
S2 wDokanMounter;wDokanMounter;c:\program files\Wuala Dokan\mounter.exe [2010-08-11 11776]
S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632]
S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys [2010-11-20 31232]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-11-20 728448]
S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 22528]
S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552]
S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-11-20 223232]
S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-11-20 96768]
S3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264]
S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [2010-11-20 309248]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-11-20 114176]
S3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 204800]
S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-11-20 108544]
S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-11-20 39936]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
AxInstSVGroup REG_MULTI_SZ AxInstSV
secsvcs REG_MULTI_SZ WinDefend
PeerDist REG_MULTI_SZ PeerDistSvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
EapHost
ProfSvc
schedule
hkmsvc
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 01:00]
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 01:00]
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-640380853-2296626815-1824116668-1005Core.job
- c:\users\Luccio\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-02 14:16]
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-640380853-2296626815-1824116668-1005UA.job
- c:\users\Luccio\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-02 14:16]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Luccio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: {AA000B2C-524B-4C44-9668-4F29B0C8D882} = 10.0.0.3
FF - ProfilePath - c:\users\Luccio\AppData\Roaming\Mozilla\Firefox\Profiles\slp48dao.default\
FF - prefs.js: browser.startup.homepage - www.google.it
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
MSConfigStartUp-egui - c:\program files\ESET\ESET Smart Security\egui.exe
AddRemove-{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1 - c:\users\Luccio\Desktop\Nuova cartella x lux\MustBeRandomlyNamed\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-17 03:20
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-17 03:20
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-17 03:20
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-17 03:20
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-17 03:20
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-17 03:20
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-17 03:20
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-17 03:20
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-17 03:20
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-17 03:20
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-17 03:20
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti:
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(4244)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\users\Luccio\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Ora fine scansione: 2011-03-17 03:24:17 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-03-17 02:24
ComboFix2.txt 2011-03-01 18:45
ComboFix3.txt 2011-03-01 01:06
.
Pre-Run: 144.772.145.152 bytes free
Post-Run: 144.768.942.080 bytes free
.
- - End Of File - - 330E5895761FD71532E6AD1CC970E0F4

Thank you very much !!!!
Lucio

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 PM

Posted 16 March 2011 - 10:45 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 koliploik

koliploik
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 17 March 2011 - 05:47 AM

7-Zip 9.07 beta
Abbinamenti 1.03
ACDSee Pro 3
ActiveSMART
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
AdunanzA
Advertising Center
Any Video Converter Professional 2.6.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
BenVista PhotoZoom Pro 3.1
Bonjour
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Cheat Engine 5.5
Chiavetta Internet
CoffeeCup HTML Editor
Connect
CPU-Z
Danea Easyfatt 2009 (dimostrativo)
Defraggler
DolbyFiles
Driver Genius Professional Edition
Easy Poster Printer
EasyBCD 2.0
EnhanceMySe7en
Enobiblioteca 01.00
EVGA Precision 1.3.3
Ext Designer
Facebook Plug-In
Feedback Tool
FormatFactory 2.20
Foxit Reader
Free Audio CD Burner version 1.4.7
Free YouTube to MP3 Converter version 3.9.31
GMail Drive Shell Extension
Google Chrome
Google Desktop
Google Earth Plug-in
Google Gears
Google Gmail Notifier
Google Icon Notifier 0.8 (RC1)
Google Toolbar for Internet Explorer
Google Update Helper
GPL Ghostscript 8.71
GPU-Z
GSview 4.9
Halto 2.5.5 FULL
HDD Health v3.2 Beta
HDD Regenerator
HDTune
Homeplug 200 Utility
Hotspot Shield 1.49
HWMonitor
IconPackager
Image Resizer Powertoy Clone for Windows
ImagXpress
Infix 4.08
Inkscape 0.47
iTunes
Java Auto Updater
Java DB 10.5.3.0
Java™ 6 Update 24
Java™ SE Development Kit 6 Update 23
JavaScript Utility Suite v1.0
Joulemeter
JScreenFix deluxe
K-Lite Mega Codec Pack 5.4.0
Keypict Photo Search
KLS Backup 2009 Professional 5.2.0.4
kuler
Logitech MouseWare 9.79.1
Malwarebytes' Anti-Malware
MD5 Hash
Memeo Backup Premium
Memeo LifeAgent Explorer Extension
Menu Templates - Starter Kit
Messenger Plus! Live
MessenTools.com MSN Media and Winks Installer 1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Halo
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Italian) 2007
Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)
Microsoft Office Excel MUI (Italian) 2007
Microsoft Office InfoPath MUI (Italian) 2007
Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677)
Microsoft Office Outlook MUI (Italian) 2007
Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)
Microsoft Office PowerPoint MUI (Italian) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (Italian) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Italian) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Italian) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Word 2007 Help - Aggiornamento (KB963665)
Microsoft Office Word MUI (Italian) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Service Pack 1 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Service Pack 1 Redistributable - x86 9.0.30729.4148
Microsoft Visual J# 2.0 Redistributable Package - SE
Microsoft Visual J# 2.0 Second Editon Redistributable
MobileDVD Converter
Movie Templates - Starter Kit
Mozilla Firefox (3.6.13)
Mozilla Firefox 4.0b12 (x86 it)
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero Disc Copy Gadget
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
Nokia Connectivity Cable Driver
Nokia Map Loader
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia PC Suite
Nokia Software Updater
Notepad++
NVIDIA Control Panel 266.58
NVIDIA Drivers
NVIDIA Graphics Driver 266.58
NVIDIA Install Application
Opera 10.10
Orb
Orb Runtime libraries
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
PC Wizard
PerformanceTest v7.0
Photomatix Pro version 3.2.9
Photoshop Camera Raw
Picasa 3
PlayReady PC Runtime x86
PVSonyDll
QuickTime
Realtek AC'97 Audio
Recuva
Replay Video Capture
rFactor (remove only)
Rootkit Unhooker LE 3.8 SR 2
Rootkit Unhooker Uninstall
SAMSUNG Dr.Printer
SDFormatter
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 4.1
SmartMovie Converter
Soonr Desktop Client
SoundTrax
Speccy
SplitFile 1.8.0
Startup Control Panel
Strumento di caricamento di Windows Live
Suite Shared Configuration CS4
SurfOffline (remove only)
System Requirements Lab
TeamViewer 5
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Total Uninstall 2.35
TVersity Codec Pack 1.4
TVersity Media Server 1.9.2
Ubisoft Game Launcher
UltraISO Premium V9.35
Uniblue SpeedUpMyPC
Uninstall 1.0.0.1
Unity Web Player
Universal Document Converter (Demo)
Universal Extractor 1.6.1
Unlocker 1.8.8
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Outlook 2007 Junk Email Filter (KB2492475)
Uranium Backup
Vector Magic
VLC media player 1.0.5
VMware Workstation
WebReaper v10
Windows 7 Manager
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Media Player Firefox Plugin
WinPcap 4.1.1
WinRAR archiver
Wuala
Wuala Dokan


Thanks !!!!

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 PM

Posted 17 March 2011 - 06:11 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Java DB 10.5.3.0

and click on remove

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 koliploik

koliploik
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 17 March 2011 - 07:34 AM

Hi,
I didn't have any problems in the istruction that you give me...
and the problem that have pc it seems that didn't changed...

here is the log of mbam and of hijackthis:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 6085

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.7930.16406

17/03/2011 13:16:30
mbam-log-2011-03-17 (13-16-30).txt

Tipo di scansione: Scansione veloce
Elementi esaminati: 181884
Tempo trascorso: 6 minuti, 8 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)

-----------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:21:12, on 17/03/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Luccio\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Luccio\AppData\Roaming\Wuala\Wuala.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\Luccio\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {69D72956-317C-44bd-B369-8E44D4EF9801} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Luccio\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Wuala.lnk = Luccio\AppData\Roaming\Wuala\Wuala.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Luccio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIFE82~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA000B2C-524B-4C44-9668-4F29B0C8D882}: NameServer = 10.0.0.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Printer Control - ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM - C:\Windows\system32\PrintCtrl.exe
O23 - Service: wDokanMounter - Unknown owner - C:\Program Files\Wuala Dokan\mounter.exe

--
End of file - 7182 bytes

Thanks for the Help !!!

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 PM

Posted 17 March 2011 - 12:11 PM

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [Google Update] "C:\Users\Luccio\AppData\Local\Google\Update\GoogleUpdate.exe" /c
      O4 - Startup: Wuala.lnk = Luccio\AppData\Roaming\Wuala\Wuala.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brakets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 koliploik

koliploik
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 18 March 2011 - 03:17 AM

C:\LUXnew\Monitoring soft.. pc e cell\Download KGB Spy 4.2.1.804(keylogger)\kgb_setup_421.exe a variant of Win32/RefogFreeKeylogger.AA application
C:\LUXnew\Windows 7 Activators (Optional)\Windows_Loader_4.9.7_-_Activate_Win_7__Server__Vista__XP.rar a variant of Win32/PSW.Tacsasi.AA trojan
C:\Program Files\Any Video Converter Professional\any.video.converter_universal_patch_by_ChupaChu.exe a variant of Win32/HackTool.Patcher.A application
C:\Program Files\Cheat Engine\Cheat Engine.exe a variant of Win32/HackTool.CheatEngine.AA application
C:\Program Files\Cheat Engine\dbk32.dll a variant of Win32/HackTool.CheatEngine.AA application
C:\Program Files\Cheat Engine\dbk32.sys Win32/HackTool.CheatEngine application
C:\Program Files\Cheat Engine\Systemcallretriever.exe a variant of Win32/HackTool.SystemCall.AA application
C:\Program Files\Cheat Engine\systemcallsignal.exe a variant of Win32/HackTool.SystemCall.AA application
C:\Program Files\eMule AdunanzA\Incoming\(2009 Portable) danea easyfatt 2009 enterprise seriale.rar multiple threats
C:\Program Files\eMule AdunanzA\Incoming\Adobe Acrobat 9.0 Pro Extended Multilingual Incl Keymaker-Edge.iso probably a variant of Win32/Agent.DQPHVKD trojan
C:\Program Files\eMule AdunanzA\Incoming\Adobe Illustrator CS4 Crack + Keymaker.{Mono}.rar probably a variant of Win32/Agent.GOGHCID trojan
C:\Program Files\eMule AdunanzA\Incoming\Adobe Photoshop Cs4 Extended - Italiano - Incl Crack.rar a variant of Win32/Keygen.BH application
C:\Program Files\eMule AdunanzA\Incoming\Adobe.Dreamweaver.CS4.ITA.by.ExCaLiBuR.rar a variant of Win32/Keygen.BH application
C:\Program Files\eMule AdunanzA\Incoming\Adobe.Fireworks.CS4.ITA.by.ExCaLiBuR.7z a variant of Win32/Keygen.BH application
C:\Program Files\eMule AdunanzA\Incoming\Danea Easyfatt 2009 Crack(No Cd).rar probably a variant of Win32/Adware.Agent.GMMAFFY application
C:\Program Files\eMule AdunanzA\Incoming\Danea_Easyfatt_2009_Enterprise_rev.11b_Build_6000_ITALIAN_+SETUP&VIETATO+.rar probably a variant of Win32/Agent.CYPPMZS trojan
C:\Program Files\eMule AdunanzA\Incoming\Danea_Easyfatt_2009_Enterprise_rev.11b_Build_6000_ITALIAN_SETUP&CRACK_OK.zip probably a variant of Win32/Agent.CYPPMZS trojan
C:\Program Files\eMule AdunanzA\Incoming\Football Manager 2009 + Patch 9.1.0 + Crack [ITA DUT FRA CZE NORW POR SWE DAN ENG POL SPA].iso probably a variant of Win32/Agent.MDPKGTB trojan
C:\Program Files\eMule AdunanzA\Incoming\licenza uso danea easyfatt 2009 Genuine Licence(1).zip a variant of Win32/Adware.Virtumonde.NEE application
C:\Program Files\eMule AdunanzA\Incoming\Vector.Magic.Desktop.Edition.V1.12-Vectormagic + Crack Ok By Chicco (Vettorizza Immagini).rar a variant of Win32/HackTool.Patcher.A application
C:\Program Files\eMule AdunanzA\Incoming\WD Anywhere Backup 4.00.5239.zip Win32/Bagle.UN worm
C:\Program Files\HDD Regenerator\HDD Regenerator.exe probably a variant of Win32/TrojanDropper.Agent.HGLFPOJ trojan
C:\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe Win32/SpeedUpMyPC application
C:\Program Files\Uniblue\SpeedUpMyPC\sp_track_install.exe Win32/SpeedUpMyPC application
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application
C:\Users\Luccio\Documents\Downloads\AVC.Pro.v2.6.3.incl.Patch_zyberakuma.rar a variant of Win32/HackTool.Patcher.A application
C:\Users\Luccio\Downloads\Adobe_Illustrator_CS3_[Portable].rar probably a variant of Win32/IRCBot.LFSWIOM trojan
C:\Users\Luccio\Downloads\Antiwpa_versions.rar multiple threats
C:\Users\Luccio\Downloads\AntiWPA_x64_x86_SP3_apr09.rar Win32/HackTool.WpaKill.C application
C:\Users\Luccio\Downloads\apt(2).zip Win32/APT application
C:\Users\Luccio\Downloads\apt.zip Win32/APT application
C:\Users\Luccio\Downloads\Bootable_USB_Windows_XP_Vista_Win_7_Maker_2010.rar Win32/PSWTool.ProductKey.126 application
C:\Users\Luccio\Downloads\CheatEngine55.exe multiple threats
C:\Users\Luccio\Downloads\DAEMON.Tools.Pro.4350307.rar a variant of Win32/Packed.Sign0fMisery.A application
C:\Users\Luccio\Downloads\DFDT_Devilsfunhouse.Org.rar a variant of Win32/Packed.Sign0fMisery.A application
C:\Users\Luccio\Downloads\FFSetup220.zip Win32/Adware.ADON application
C:\Users\Luccio\Downloads\GetData.Recover.My.Email.v4.2.1.654.Incl.KeyMaker-DVT.rar.part a variant of Win32/Keygen.BM application
C:\Users\Luccio\Downloads\getdata.recover.my.email.v4.2.1.654.incl.keymakerdvt.rar.part a variant of Win32/Keygen.BM application
C:\Users\Luccio\Downloads\HDDRegenerator1.71.rar probably a variant of Win32/TrojanDropper.Agent.HGLFPOJ trojan
C:\Users\Luccio\Downloads\HeroCraft.Hexxagon.Labs.v1.21.S60v3.SymbianOS9.x.Incl.Keygen-COREPDA.rar probably a variant of Win32/PSW.OnLineGames.EMABVFV trojan
C:\Users\Luccio\Downloads\iSafeCWSetup.exe Win32/KeyLogger.iSafeKeylogger application
C:\Users\Luccio\Downloads\KLS_Backup_2009_tom247_TSBAY.CO.UK.rar Win32/HackTool.Patcher.A application
C:\Users\Luccio\Downloads\mini-KMS_Activator_v1.2_Office2010_VL_ENG.exe a variant of Win32/HackKMS.A application
C:\Users\Luccio\Downloads\MiRROR.ZeNoVa-OFFLiNE.SURF.HeavenWarez.com-FSL.rar Win32/PSW.Fignotok.F trojan
C:\Users\Luccio\Downloads\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application
C:\Users\Luccio\Downloads\Onone.Genuine.Fractals.Professional.v6.05.incl.Keygen-REDT.rar Win32/PSW.Fignotok.B trojan
C:\Users\Luccio\Downloads\speedupmypc.exe Win32/SpeedUpMyPC application
C:\Users\Luccio\Downloads\TCPZ_20090108.zip multiple threats
C:\Users\Luccio\Downloads\tcpz_20090409.7z a variant of Win32/TCPZ.F application
C:\Users\Luccio\Downloads\USB_MultiBoot_10.zip Win32/PSWTool.ProductKey.126 application
C:\Users\Luccio\Downloads\v4.8.210_plus_manual_and_serial_ToM247_Sharingw.org.rar a variant of Win32/KeyLogger.EliteKeylogger.46 application
C:\Users\Luccio\Downloads\Windows 7 Loader eXtreme Edition v3.503.rar a variant of Win32/HackKMS.A application
C:\Users\Luccio\Downloads\wp.rar a variant of Win32/PSWTool.RAS.A application
C:\Users\Luccio\Downloads\WPA Kill 2.1.7.rar a variant of Win32/HackTool.Patcher.O application
C:\Users\Luccio\Downloads\wpa-kill(1).rar a variant of Win32/HackTool.Patcher.O application
C:\Users\Luccio\Downloads\wpa-kill(2).rar a variant of Win32/HackTool.Patcher.O application
C:\Users\Luccio\Downloads\wpa-kill.rar a variant of Win32/HackTool.Patcher.O application
C:\Users\Luccio\Downloads\WPA_Patch__OLD__.rar a variant of Win32/HackTool.Patcher.O application
C:\Users\Luccio\Downloads\wpp_2gb_3.6.zip.part a variant of Win32/Server-Web.HFS.A application
C:\Users\Luccio\Downloads\www.nd-warez.info.DAEM0N.Tools.Pro.4.40.rar probably a variant of Win32/Agent.LTGZEEB trojan
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\astlog.exe Win32/PSWTool.AsteriskLogger.104 application
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\awatch.exe a variant of Win32/NirSoft.AdapterWatch.A application
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\ChromePass.exe Win32/PSWTool.ChromePass.A application
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\Dialupass.exe Win32/PSWTool.Dialupass.F application
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\iepv.exe Win32/PSWTool.IEPassView.117 application
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\LSASecretsView.exe Win32/PSWTool.LsasView application
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\mailpv.exe Win32/PSWTool.MailPassView.E application
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\mspass.exe Win32/MPass.A application
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\netpass.exe a variant of Win32/NetPass.AA application
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\OperaPassView.exe Win32/PSWTool.OperaPassView application
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\PasswordFox.exe Win32/PSWTool.PassFox.A application
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\ProduKey.exe a variant of Win32/PSWTool.ProductKey application
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\pspv.exe Win32/PassView.163 application
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\PstPassword.exe Win32/PSWTool.PstPassword.112 application
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\rdpv.exe Win32/PSWTool.RDPassView.NAA application
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\SniffPass.exe Win32/Sniffer.SniffPass.A application
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\strun.exe Win32/StartupRun.AB application
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\VNCPassView.exe Win32/PSWTool.VNCPassView.102 application
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\WirelessKeyView.exe a variant of Win32/WirelessKeyView.A application
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\WirelessNetView.exe probably a variant of Win32/PSWTool.WirelessNetView.A application
C:\Users\Luccio\Downloads\Windows 7 Loader eXtreme Edition v3.503-NAPALUM~DiBYA\Windows 7 Loader eXtreme Edition v3.503-NAPALUM~DiBYA.rar a variant of Win32/HackKMS.A application
C:\Users\Luccio\Downloads\Windows Activator V 3.9.7.7( Vista , XP )\Windows XP Activator for SP3\Make XP Pro with SP3 Genuine\Activator.exe multiple threats
C:\Users\Luccio\Downloads\Windows Activator V 3.9.7.7( Vista , XP )\Windows XP Activator for SP3\Windows_XP_Activation\Windows Genuine Advantage Fix\KeyChanger.exe Win32/PSWTool.RAS.A application
C:\Users\Luccio\Downloads\Windows Activator V 3.9.7.7( Vista , XP )\Windows XP Activator for SP3\Windows_XP_Activation\Windows Genuine Advantage Fix\KeyGen For Windows.exe probably a variant of Win32/Agent.HYWJTEN trojan
C:\Users\Luccio\Downloads\WPA.and.Windows.Genuine.Advantage.Validation.v1.7.69.2.-SP3-CRACKED-ETH0\ETH0\WPA.Crack\WPA_Kill.exe a variant of Win32/HackTool.Patcher.O application
C:\Users\Luccio\Downloads\[ITA][ENG] Portable Mega Pack - 200 Applicazioni by 4eYeS\Alcohol 120% v1.9.8.7612 Portable ITA + Guida\Alcohol_120_1.9.8.7612.exe a variant of Win32/HackTool.Patcher.N application
C:\Users\Luccio\Downloads\[ITA][ENG] Portable Mega Pack - 200 Applicazioni by 4eYeS\AMS Greeting Card Studio Portable v1.75 ENG\Greeting Card Studio.exe Win32/Induc virus
C:\Users\Luccio\Downloads\[ITA][ENG] Portable Mega Pack - 200 Applicazioni by 4eYeS\Photo Art Studio v2.15 Portable ENG\ArtStudio.exe Win32/Induc virus
C:\Users\Luccio\Downloads\[ITA][ENG] Portable Mega Pack - 200 Applicazioni by 4eYeS\Photo Framer v3.0 Portable ENG\Photo Framer.exe a variant of Win32/Induc.A virus
C:\Users\Luccio\Downloads\[ITA][ENG] Portable Mega Pack - 200 Applicazioni by 4eYeS\Save2pc Pro v3.60.1232 Portable ENG\save2pc.exe probably a variant of Win32/Agent.MIPVWHD trojan
C:\Users\Luccio\Downloads\__soft e driver\megapacknod32.rar multiple threats
C:\Users\Luccio\Downloads\__soft e driver\pinoyWAREZ.net_ess_nt32_enu.rar multiple threats
C:\Windows\System32\hbaapi32.dll.bak a variant of Win32/KeyLogger.EliteKeylogger.46 application
C:\Windows\System32\irclax86.dll a variant of Win32/KeyLogger.EliteKeylogger.46 application
C:\Windows\System32\vmicssvr.exe a variant of Win32/KeyLogger.EliteKeylogger.46 application
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Documents and Settings\All Users\Desktop\System Center.exe multiple threats
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Documents and Settings\All Users\Desktop\Vista Extras plus Bonus Programs\Kaspersky AntiHacker 1.9.4.exe a variant of Win32/HackTool.Patcher.A application
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Documents and Settings\USER\Desktop\ir_ext_temp_0\AutoPlay\Programs\PORTABLE NETWORKING TOOLS\Adapter watch\awatch.exe a variant of Win32/NirSoft.AdapterWatch.A application
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Documents and Settings\USER\Desktop\ir_ext_temp_0\AutoPlay\Programs\PORTABLE NETWORKING TOOLS\HTTP SERVER\hfs.exe a variant of Win32/Server-Web.HFS.A application
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Download from MuTorrent\BioVistaMAX_RTM_Idx64_ES.iso multiple threats
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Download from MuTorrent\Muiz_Vista_Ultimate_32_NL_Unattended_1.8\VUA 1.8.iso multiple threats
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Download from MuTorrent\Updated Portable USB Software Pack For 512MB Stick Gold Edtn\Portable Alcohol 120% v1.9.6.5429.zip a variant of Win32/HackTool.Patcher.N application
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Download from MuTorrent\Updated Portable USB Software Pack For 512MB Stick Gold Edtn\Portable AVG Antivirus v7.5.zip probably a variant of Win32/Bifrose.CALSWKM trojan
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Download from MuTorrent\Updated Portable USB Software Pack For 512MB Stick Gold Edtn\Portable Registry Mechanic v6.0.0.780.zip probably a variant of Win32/Agent.DFEERMB trojan
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\Download_Accelerator-Plus-v8.0.7.0.rar multiple threats
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\HiDownload_Pro_6.9_by_softland.biz_.rar a variant of Win32/Keygen.BH application
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\SpeedHack.zip multiple threats
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\Vanix.Net_Alcohol.120.v1.9.5.4327.Retail.WinALL.Cracked-BLiZZARD.rar a variant of Win32/HackTool.Patcher.A application
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\XPPRESP3V2.part1.rar multiple threats
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\2Fast XP SE\2Fast XP SE.iso Win32/CMDOW.143 application
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\Alcohol.120.v1.9.5.4327.Retail.WinALL.Cracked-BLiZZARD\b-a95421.zip a variant of Win32/HackTool.Patcher.A application
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\Alcohol.120.v1.9.5.4327.Retail.WinALL.Cracked-BLiZZARD\blz-a120_1954327-patch.exe a variant of Win32/HackTool.Patcher.A application
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\giochi\Madden.NFL.06.v1.0.+1.TRAINER.rar a variant of Win32/TrojanClicker.VB.NAW trojan
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\giochi\NFSMW_maniatools_setup_v1.01.zip probably a variant of Win32/Spy.Agent.GRKOFPF trojan
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\giochi\pzn-nfst.exe a variant of Win32/GameHack.S application
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\giochi\New Folder\pzn-nfst.rar a variant of Win32/GameHack.S application
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\24 Games working on Nokia 6680 STE.zip probably a variant of Win32/Stration.GFAHZZS worm
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\430.Nokia.Themes.Symbian.6630.6680.3650.6600.7610.7650.N-Gage.s60.(sis).Mr.Brainz.Repack.rar SymbOS/Skulls virus
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Applicazioni Nokia 6680.rar a variant of Win32/Casino application
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Colorful DVD Creator v3.0.rar a variant of Win32/Keygen.AG application
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\MESSENGER DISCOVERY X2.zip Win32/Adware.VB.C application
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Msn Messenger Hack Utilities.zip multiple threats
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Nokia 6280 - Games,Appz,Themes, Backgrounds, Sounds.zip a variant of Win32/Rbot trojan
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Nokia_6280_Unlocker_(Brand_TRE).zip a variant of Win32/Rbot trojan
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Programas imprescindibles para Pocketpc_ppc_navegador_aplicaciones_juegos.rar probably a variant of Win32/Agent.NGGZSBH trojan
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Programma Universale Per Sbloccare Tutti I Cellulari Nokia 7650 3650 6600 3230 6630 6650 6670 6680 6681 7610 6270 6280 Brandizzati Tre (h3G Codici Sblocco Sim.z a variant of Win32/Rbot trojan
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Rapidshare & Megaupload Killer All In One.rar probably a variant of Win32/Obfuscated.MBRJDXI trojan
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Resco.Explorer.2005.v5.40.MULTILANGUAGE.ARM.XScale.PPC.Incl.Keymaker.Patch-COREPDA updated-fixed 05-2006.rar Win32/Kapucen.B worm
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Resco.Keyboard.Pro.v4.35.All.Ppc.Incl.Keygen.Plus Skins-Rcapda.rar probably a variant of Win32/Agent.MQQGMEU trojan
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Super.DVD.Creator.v8.5.8.0.2005.4.26.Cracked-DVT.rar a variant of Win32/HackTool.Patcher.F application
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Unlock Nokia 6680(1).zip probably a variant of Win32/TrojanDownloader.Agent.MTOPGNS trojan
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Unlock nokia 6680(10).zip probably a variant of Win32/TrojanDownloader.Agent.MTOPGNS trojan
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Unlock Nokia 6680(2).zip probably a variant of Win32/TrojanDownloader.Agent.MTOPGNS trojan
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\NEW INCOMING\Anapod Explorer Universal Edition 8.9.9 Un updated-fixed 10-2006.zip Win32/Kapucen.NAM worm
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\NEW INCOMING\Anapod Explorer Universal Edition 8.9.9 Un.zip Win32/Kapucen.B worm
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\NEW INCOMING\Clone DVD2 + Any DVD+ crack+serial.zip probably a variant of Win32/Adware.Agent.EQTHDWD application
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\NEW INCOMING\CloneCD 5.2.8.1 + Crack - Clone DVD2 2.8.9.2 - Alcohol 120% 1.9.5.3823 + Crack - AnyDVD5631.zip a variant of Win32/HackTool.Patcher.A application
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\NEW INCOMING\iPod Games - Pac-Man, Zuma, & Mini Golf (LEGIT VERSION).zip Win32/Kapucen.B worm
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\NEW INCOMING\Resco Photo Viewer v5.32 With Keygen By Goof.rar probably a variant of Win32/Agent.ELAYVAX trojan
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Program Files\BIOCAPSULACORP.3047.DC®\Bio®™ProccessExplorer\Data.cab a variant of Win32/HackTool.Patcher.A application
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Program Files\BIOCAPSULACORP.3047.DC®\Bio®™ProccessExplorer\RESTORATOR.2007.V3.70.1729.CAB probably a variant of Win32/Hupigon.FVRVMAR trojan
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Program Files\BIOCAPSULACORP.3047.DC®\Bio®™ProccessExplorer\GroovyHexEditor\PATCH.EXE a variant of Win32/HackTool.Patcher.F application
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\___DASALV___\Msn flood.rar probably a variant of Win32/Agent.LNUWKKC trojan
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\___DASALV___\lu\ShortCut.PhotoArtist.v1.04.WinALL.Incl.Patch-EiTheL\ethspa01.zip a variant of Win32/Tool.TPE.A application
C:\_Old 60gb HDD\Xp Gamer edition\WINDOWS\system32\drivers\tcpip.sys Win32/Patched.BG application
C:\___POWER Things\overclock sistema\Bootable USB Windows XP Vista Win 7 Maker 2010\OPTION - 2 for XP and Vista\MULTI_CONTENT\wintools\othertools\ProduKey.exe Win32/PSWTool.ProductKey.126 application
C:\___POWER Things\zzzzzzzPC touch negozio\USB_MultiBoot_10\MULTI_CONTENT\wintools\othertools\ProduKey.exe Win32/PSWTool.ProductKey.126 application
C:\___POWER Things\_.-{[-.__SoftWare!!__.-]}-._\CREARE Macros\Quick_Macro_6.2.rar multiple threats
C:\___POWER Things\_.-{[-.__SoftWare!!__.-]}-._\Portable Alcohol 120% v1.9.6.5429\Portable Alcohol 120% v1.9.6.5429\Alcohol_120.exe a variant of Win32/HackTool.Patcher.N application
C:\___POWER Things\_.-{[-.__SoftWare!!__.-]}-._\Portable Registry Mechanic v6.0.0.780\Portable Registry Mechanic v6.0.0.780\Portable_RegistryMechanic_6.0.0.780.exe probably a variant of Win32/Agent.DFEERMB trojan
C:\___POWER Things\__nok 5800 di lux\app&gam FRA\games\WFINC\WFINC\WFINC\WI_kg.exe probably a variant of Win32/Agent.CLOHRHC trojan
D:\Program Files\ESET\ESET Smart Security\Shahed.exe Win32/Packed.Autoit.D.Gen application
D:\Users\Public\Desktop\Windows7 Activators(optional)\Windows_Loader_4.9.7_-_Activate_Win_7__Server__Vista__XP.rar a variant of Win32/PSW.Tacsasi.AA trojan

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 PM

Posted 18 March 2011 - 03:52 AM

Greetings

There are somethings in the online scan I want to remove so run this scrript for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

File::
C:\LUXnew\Monitoring soft.. pc e cell\Download KGB Spy 4.2.1.804(keylogger)\kgb_setup_421.exe 
C:\LUXnew\Windows 7 Activators (Optional)\Windows_Loader_4.9.7_-_Activate_Win_7__Server__Vista__XP.rar
C:\Program Files\Any Video Converter Professional\any.video.converter_universal_patch_by_ChupaChu.exe 
C:\Program Files\Cheat Engine\Cheat Engine.exe 
C:\Program Files\Cheat Engine\dbk32.dll
C:\Program Files\Cheat Engine\dbk32.sys
C:\Program Files\Cheat Engine\Systemcallretriever.exe 
C:\Program Files\Cheat Engine\systemcallsignal.exe 
C:\Program Files\eMule AdunanzA\Incoming\(2009 Portable) danea easyfatt 2009 enterprise seriale.rar
C:\Program Files\eMule AdunanzA\Incoming\Adobe Acrobat 9.0 Pro Extended Multilingual Incl Keymaker-Edge.iso
C:\Program Files\eMule AdunanzA\Incoming\Adobe Illustrator CS4 Crack + Keymaker.{Mono}.rar
C:\Program Files\eMule AdunanzA\Incoming\Adobe Photoshop Cs4 Extended - Italiano - Incl Crack.rar
C:\Program Files\eMule AdunanzA\Incoming\Adobe.Dreamweaver.CS4.ITA.by.ExCaLiBuR.rar
C:\Program Files\eMule AdunanzA\Incoming\Adobe.Fireworks.CS4.ITA.by.ExCaLiBuR.7z a variant of Win32/Keygen.BH application
C:\Program Files\eMule AdunanzA\Incoming\Danea Easyfatt 2009 Crack(No Cd).rar
C:\Program Files\eMule AdunanzA\Incoming\Danea_Easyfatt_2009_Enterprise_rev.11b_Build_6000_ITALIAN_+SETUP&VIETATO+.rar
C:\Program Files\eMule AdunanzA\Incoming\Danea_Easyfatt_2009_Enterprise_rev.11b_Build_6000_ITALIAN_SETUP&CRACK_OK.zip 
C:\Program Files\eMule AdunanzA\Incoming\Football Manager 2009 + Patch 9.1.0 + Crack [ITA DUT FRA CZE NORW POR SWE DAN ENG POL SPA].iso
C:\Program Files\eMule AdunanzA\Incoming\licenza uso danea easyfatt 2009 Genuine Licence(1).zip 
C:\Program Files\eMule AdunanzA\Incoming\Vector.Magic.Desktop.Edition.V1.12-Vectormagic + Crack Ok By Chicco (Vettorizza Immagini).rar
C:\Program Files\eMule AdunanzA\Incoming\WD Anywhere Backup 4.00.5239.zip 
C:\Program Files\HDD Regenerator\HDD Regenerator.exe 
C:\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe 
C:\Program Files\Uniblue\SpeedUpMyPC\sp_track_install.exe 
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe 
C:\Users\Luccio\Documents\Downloads\AVC.Pro.v2.6.3.incl.Patch_zyberakuma.rar
C:\Users\Luccio\Downloads\Adobe_Illustrator_CS3_[Portable].rar
C:\Users\Luccio\Downloads\Antiwpa_versions.rar
C:\Users\Luccio\Downloads\AntiWPA_x64_x86_SP3_apr09.rar
C:\Users\Luccio\Downloads\apt(2).zip 
C:\Users\Luccio\Downloads\apt.zip 
C:\Users\Luccio\Downloads\Bootable_USB_Windows_XP_Vista_Win_7_Maker_2010.rar
C:\Users\Luccio\Downloads\CheatEngine55.exe 
C:\Users\Luccio\Downloads\DAEMON.Tools.Pro.4350307.rar
C:\Users\Luccio\Downloads\DFDT_Devilsfunhouse.Org.rar
C:\Users\Luccio\Downloads\FFSetup220.zip 
C:\Users\Luccio\Downloads\GetData.Recover.My.Email.v4.2.1.654.Incl.KeyMaker-DVT.rar
C:\Users\Luccio\Downloads\getdata.recover.my.email.v4.2.1.654.incl.keymakerdvt.rar
C:\Users\Luccio\Downloads\HDDRegenerator1.71.rar
C:\Users\Luccio\Downloads\HeroCraft.Hexxagon.Labs.v1.21.S60v3.SymbianOS9.x.Incl.Keygen-COREPDA.rar
C:\Users\Luccio\Downloads\iSafeCWSetup.exe 
C:\Users\Luccio\Downloads\KLS_Backup_2009_tom247_TSBAY.CO.UK.rar
C:\Users\Luccio\Downloads\mini-KMS_Activator_v1.2_Office2010_VL_ENG.exe 
C:\Users\Luccio\Downloads\MiRROR.ZeNoVa-OFFLiNE.SURF.HeavenWarez.com-FSL.rar
C:\Users\Luccio\Downloads\MsgPlusLive-483.exe 
C:\Users\Luccio\Downloads\Onone.Genuine.Fractals.Professional.v6.05.incl.Keygen-REDT.rar
C:\Users\Luccio\Downloads\speedupmypc.exe 
C:\Users\Luccio\Downloads\TCPZ_20090108.zip 
C:\Users\Luccio\Downloads\tcpz_20090409.7z a variant of Win32/TCPZ.F application
C:\Users\Luccio\Downloads\USB_MultiBoot_10.zip 
C:\Users\Luccio\Downloads\v4.8.210_plus_manual_and_serial_ToM247_Sharingw.org.rar
C:\Users\Luccio\Downloads\Windows 7 Loader eXtreme Edition v3.503.rar
C:\Users\Luccio\Downloads\wp.rar
C:\Users\Luccio\Downloads\WPA Kill 2.1.7.rar
C:\Users\Luccio\Downloads\wpa-kill(1).rar
C:\Users\Luccio\Downloads\wpa-kill(2).rar
C:\Users\Luccio\Downloads\wpa-kill.rar
C:\Users\Luccio\Downloads\WPA_Patch__OLD__.rar
C:\Users\Luccio\Downloads\wpp_2gb_3.6.zip.part a variant of Win32/Server-Web.HFS.A application
C:\Users\Luccio\Downloads\www.nd-warez.info.DAEM0N.Tools.Pro.4.40.rar
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\astlog.exe 
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\awatch.exe 
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\ChromePass.exe 
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\Dialupass.exe 
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\iepv.exe 
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\LSASecretsView.exe 
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\mailpv.exe 
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\mspass.exe 
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\netpass.exe 
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\OperaPassView.exe 
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\PasswordFox.exe 
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\ProduKey.exe 
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\pspv.exe 
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\PstPassword.exe 
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\rdpv.exe 
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\SniffPass.exe 
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\strun.exe 
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\VNCPassView.exe 
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\WirelessKeyView.exe 
C:\Users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\WirelessNetView.exe 
C:\Users\Luccio\Downloads\Windows 7 Loader eXtreme Edition v3.503-NAPALUM~DiBYA\Windows 7 Loader eXtreme Edition v3.503-NAPALUM~DiBYA.rar
C:\Users\Luccio\Downloads\Windows Activator V 3.9.7.7( Vista , XP )\Windows XP Activator for SP3\Make XP Pro with SP3 Genuine\Activator.exe 
C:\Users\Luccio\Downloads\Windows Activator V 3.9.7.7( Vista , XP )\Windows XP Activator for SP3\Windows_XP_Activation\Windows Genuine Advantage Fix\KeyChanger.exe 
C:\Users\Luccio\Downloads\Windows Activator V 3.9.7.7( Vista , XP )\Windows XP Activator for SP3\Windows_XP_Activation\Windows Genuine Advantage Fix\KeyGen For Windows.exe 
C:\Users\Luccio\Downloads\WPA.and.Windows.Genuine.Advantage.Validation.v1.7.69.2.-SP3-CRACKED-ETH0\ETH0\WPA.Crack\WPA_Kill.exe 
C:\Users\Luccio\Downloads\[ITA][ENG] Portable Mega Pack - 200 Applicazioni by 4eYeS\Alcohol 120% v1.9.8.7612 Portable ITA + Guida\Alcohol_120_1.9.8.7612.exe 
C:\Users\Luccio\Downloads\[ITA][ENG] Portable Mega Pack - 200 Applicazioni by 4eYeS\AMS Greeting Card Studio Portable v1.75 ENG\Greeting Card Studio.exe 
C:\Users\Luccio\Downloads\[ITA][ENG] Portable Mega Pack - 200 Applicazioni by 4eYeS\Photo Art Studio v2.15 Portable ENG\ArtStudio.exe 
C:\Users\Luccio\Downloads\[ITA][ENG] Portable Mega Pack - 200 Applicazioni by 4eYeS\Photo Framer v3.0 Portable ENG\Photo Framer.exe 
C:\Users\Luccio\Downloads\[ITA][ENG] Portable Mega Pack - 200 Applicazioni by 4eYeS\Save2pc Pro v3.60.1232 Portable ENG\save2pc.exe 
C:\Users\Luccio\Downloads\__soft e driver\megapacknod32.rar
C:\Users\Luccio\Downloads\__soft e driver\pinoyWAREZ.net_ess_nt32_enu.rar
C:\Windows\System32\hbaapi32.dll
C:\Windows\System32\irclax86.dll
C:\Windows\System32\vmicssvr.exe 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Documents and Settings\All Users\Desktop\System Center.exe 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Documents and Settings\All Users\Desktop\Vista Extras plus Bonus Programs\Kaspersky AntiHacker 1.9.4.exe 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Documents and Settings\USER\Desktop\ir_ext_temp_0\AutoPlay\Programs\PORTABLE NETWORKING TOOLS\Adapter watch\awatch.exe 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Documents and Settings\USER\Desktop\ir_ext_temp_0\AutoPlay\Programs\PORTABLE NETWORKING TOOLS\HTTP SERVER\hfs.exe 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Download from MuTorrent\BioVistaMAX_RTM_Idx64_ES.iso
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Download from MuTorrent\Muiz_Vista_Ultimate_32_NL_Unattended_1.8\VUA 1.8.iso
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Download from MuTorrent\Updated Portable USB Software Pack For 512MB Stick Gold Edtn\Portable Alcohol 120% v1.9.6.5429.zip 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Download from MuTorrent\Updated Portable USB Software Pack For 512MB Stick Gold Edtn\Portable AVG Antivirus v7.5.zip 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Download from MuTorrent\Updated Portable USB Software Pack For 512MB Stick Gold Edtn\Portable Registry Mechanic v6.0.0.780.zip 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\Download_Accelerator-Plus-v8.0.7.0.rar
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\HiDownload_Pro_6.9_by_softland.biz_.rar
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\SpeedHack.zip 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\Vanix.Net_Alcohol.120.v1.9.5.4327.Retail.WinALL.Cracked-BLiZZARD.rar
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\XPPRESP3V2.part1.rar
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\2Fast XP SE\2Fast XP SE.iso
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\Alcohol.120.v1.9.5.4327.Retail.WinALL.Cracked-BLiZZARD\b-a95421.zip 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\Alcohol.120.v1.9.5.4327.Retail.WinALL.Cracked-BLiZZARD\blz-a120_1954327-patch.exe 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\giochi\Madden.NFL.06.v1.0.+1.TRAINER.rar
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\giochi\NFSMW_maniatools_setup_v1.01.zip 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\giochi\pzn-nfst.exe 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\DWNLD\giochi\New Folder\pzn-nfst.rar
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\24 Games working on Nokia 6680 STE.zip 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\430.Nokia.Themes.Symbian.6630.6680.3650.6600.7610.7650.N-Gage.s60.(sis).Mr.Brainz.Repack.rar
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Applicazioni Nokia 6680.rar
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Colorful DVD Creator v3.0.rar
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\MESSENGER DISCOVERY X2.zip 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Msn Messenger Hack Utilities.zip 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Nokia 6280 - Games,Appz,Themes, Backgrounds, Sounds.zip 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Nokia_6280_Unlocker_(Brand_TRE).zip 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Programas imprescindibles para Pocketpc_ppc_navegador_aplicaciones_juegos.rar
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Programma Universale Per Sbloccare Tutti I Cellulari Nokia 7650 3650 6600 3230 6630 6650 6670 6680 6681 7610 6270 6280 Brandizzati Tre (h3G Codici Sblocco Sim.z a variant of Win32/Rbot trojan
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Rapidshare & Megaupload Killer All In One.rar
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Resco.Explorer.2005.v5.40.MULTILANGUAGE.ARM.XScale.PPC.Incl.Keymaker.Patch-COREPDA updated-fixed 05-2006.rar
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Resco.Keyboard.Pro.v4.35.All.Ppc.Incl.Keygen.Plus Skins-Rcapda.rar
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Super.DVD.Creator.v8.5.8.0.2005.4.26.Cracked-DVT.rar
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Unlock Nokia 6680(1).zip 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Unlock nokia 6680(10).zip 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\Incoming\Unlock Nokia 6680(2).zip 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\NEW INCOMING\Anapod Explorer Universal Edition 8.9.9 Un updated-fixed 10-2006.zip 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\NEW INCOMING\Anapod Explorer Universal Edition 8.9.9 Un.zip 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\NEW INCOMING\Clone DVD2 + Any DVD+ crack+serial.zip 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\NEW INCOMING\CloneCD 5.2.8.1 + Crack - Clone DVD2 2.8.9.2 - Alcohol 120% 1.9.5.3823 + Crack - AnyDVD5631.zip 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\NEW INCOMING\iPod Games - Pac-Man, Zuma, & Mini Golf (LEGIT VERSION).zip 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\eMule\NEW INCOMING\Resco Photo Viewer v5.32 With Keygen By Goof.rar
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Program Files\BIOCAPSULACORP.3047.DC®\Bio®™ProccessExplorer\Data.cab a variant of Win32/HackTool.Patcher.A application
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Program Files\BIOCAPSULACORP.3047.DC®\Bio®™ProccessExplorer\RESTORATOR.2007.V3.70.1729.CAB probably a variant of Win32/Hupigon.FVRVMAR trojan
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\Program Files\BIOCAPSULACORP.3047.DC®\Bio®™ProccessExplorer\GroovyHexEditor\PATCH.EXE 
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\___DASALV___\Msn flood.rar
C:\_Old 60gb HDD\40XP-NG Linux+MacOs\___DASALV___\lu\ShortCut.PhotoArtist.v1.04.WinALL.Incl.Patch-EiTheL\ethspa01.zip 
C:\_Old 60gb HDD\Xp Gamer edition\WINDOWS\system32\drivers\tcpip.sys
C:\___POWER Things\overclock sistema\Bootable USB Windows XP Vista Win 7 Maker 2010\OPTION - 2 for XP and Vista\MULTI_CONTENT\wintools\othertools\ProduKey.exe 
C:\___POWER Things\zzzzzzzPC touch negozio\USB_MultiBoot_10\MULTI_CONTENT\wintools\othertools\ProduKey.exe 
C:\___POWER Things\_.-{[-.__SoftWare!!__.-]}-._\CREARE Macros\Quick_Macro_6.2.rar
C:\___POWER Things\_.-{[-.__SoftWare!!__.-]}-._\Portable Alcohol 120% v1.9.6.5429\Portable Alcohol 120% v1.9.6.5429\Alcohol_120.exe 
C:\___POWER Things\_.-{[-.__SoftWare!!__.-]}-._\Portable Registry Mechanic v6.0.0.780\Portable Registry Mechanic v6.0.0.780\Portable_RegistryMechanic_6.0.0.780.exe 
C:\___POWER Things\__nok 5800 di lux\app&gam FRA\games\WFINC\WFINC\WFINC\WI_kg.exe 
D:\Program Files\ESET\ESET Smart Security\Shahed.exe 
D:\Users\Public\Desktop\Windows7 Activators(optional)\Windows_Loader_4.9.7_-_Activate_Win_7__Server__Vista__XP.rar



Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 koliploik

koliploik
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 18 March 2011 - 10:13 AM

Hi,
I have executed your istructions
and run the script with combofix...
combo fix asked me to run update and I press Yes...
after combofix has runned correctly but with the advice that: "combo fix is not suitable for my operating system"
but it probably runned correctly..
after the scan combofix has restarted the pc and asked to me to send a file to bleeping computer
but it block to send file at 42% also in the second try...
It is another problem: after restart the windows theme has stop working... so now i see the windows like old theme...
the other problems like the sidebar icons in the application bar while running combofix didn't changed...

here is the log of combofix:

ComboFix 11-03-17.02 - Luccio 18/03/2011 13:48:34.7.1 - x86
Microsoft Windows 7 Extreme Edition R1 6.1.7601.1.1252.39.1033.18.3070.1209 [GMT 1:00]
Eseguito da: c:\users\Luccio\Desktop\CoFx.exe
Opzioni usate :: c:\users\Luccio\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
FILE ::
"c:\___power things\_.-{[-.__SoftWare!!__.-]}-._\CREARE Macros\Quick_Macro_6.2.rar"
"c:\___power things\_.-{[-.__SoftWare!!__.-]}-._\Portable Alcohol 120% v1.9.6.5429\Portable Alcohol 120% v1.9.6.5429\Alcohol_120.exe"
"c:\___power things\_.-{[-.__SoftWare!!__.-]}-._\Portable Registry Mechanic v6.0.0.780\Portable Registry Mechanic v6.0.0.780\Portable_RegistryMechanic_6.0.0.780.exe"
"c:\___power things\__nok 5800 di lux\app&gam FRA\games\WFINC\WFINC\WFINC\WI_kg.exe"
"c:\___power things\overclock sistema\Bootable USB Windows XP Vista Win 7 Maker 2010\OPTION - 2 for XP and Vista\MULTI_CONTENT\wintools\othertools\ProduKey.exe"
"c:\___power things\zzzzzzzPC touch negozio\USB_MultiBoot_10\MULTI_CONTENT\wintools\othertools\ProduKey.exe"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\___DASALV___\lu\ShortCut.PhotoArtist.v1.04.WinALL.Incl.Patch-EiTheL\ethspa01.zip"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\___DASALV___\Msn flood.rar"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\Documents and Settings\All Users\Desktop\System Center.exe"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\Documents and Settings\All Users\Desktop\Vista Extras plus Bonus Programs\Kaspersky AntiHacker 1.9.4.exe"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\Documents and Settings\USER\Desktop\ir_ext_temp_0\AutoPlay\Programs\PORTABLE NETWORKING TOOLS\Adapter watch\awatch.exe"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\Documents and Settings\USER\Desktop\ir_ext_temp_0\AutoPlay\Programs\PORTABLE NETWORKING TOOLS\HTTP SERVER\hfs.exe"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\Download from MuTorrent\BioVistaMAX_RTM_Idx64_ES.iso"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\Download from MuTorrent\Muiz_Vista_Ultimate_32_NL_Unattended_1.8\VUA 1.8.iso"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\Download from MuTorrent\Updated Portable USB Software Pack For 512MB Stick Gold Edtn\Portable Alcohol 120% v1.9.6.5429.zip"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\Download from MuTorrent\Updated Portable USB Software Pack For 512MB Stick Gold Edtn\Portable AVG Antivirus v7.5.zip"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\Download from MuTorrent\Updated Portable USB Software Pack For 512MB Stick Gold Edtn\Portable Registry Mechanic v6.0.0.780.zip"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\2Fast XP SE\2Fast XP SE.iso"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\Alcohol.120.v1.9.5.4327.Retail.WinALL.Cracked-BLiZZARD\b-a95421.zip"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\Alcohol.120.v1.9.5.4327.Retail.WinALL.Cracked-BLiZZARD\blz-a120_1954327-patch.exe"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\Download_Accelerator-Plus-v8.0.7.0.rar"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\giochi\Madden.NFL.06.v1.0.+1.TRAINER.rar"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\giochi\New Folder\pzn-nfst.rar"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\giochi\NFSMW_maniatools_setup_v1.01.zip"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\giochi\pzn-nfst.exe"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\HiDownload_Pro_6.9_by_softland.biz_.rar"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\SpeedHack.zip"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\Vanix.Net_Alcohol.120.v1.9.5.4327.Retail.WinALL.Cracked-BLiZZARD.rar"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\XPPRESP3V2.part1.rar"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\24 Games working on Nokia 6680 STE.zip"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\430.Nokia.Themes.Symbian.6630.6680.3650.6600.7610.7650.N-Gage.s60.(sis).Mr.Brainz.Repack.rar"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Applicazioni Nokia 6680.rar"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Colorful DVD Creator v3.0.rar"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\MESSENGER DISCOVERY X2.zip"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Msn Messenger Hack Utilities.zip"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Nokia 6280 - Games,Appz,Themes, Backgrounds, Sounds.zip"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Nokia_6280_Unlocker_(Brand_TRE).zip"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Programas imprescindibles para Pocketpc_ppc_navegador_aplicaciones_juegos.rar"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Programma Universale Per Sbloccare Tutti I Cellulari Nokia 7650 3650 6600 3230 6630 6650 6670 6680 6681 7610 6270 6280 Brandizzati Tre (h3G Codici Sblocco Sim.z a variant of Win32/Rbot trojan"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Rapidshare & Megaupload Killer All In One.rar"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Resco.Explorer.2005.v5.40.MULTILANGUAGE.ARM.XScale.PPC.Incl.Keymaker.Patch-COREPDA updated-fixed 05-2006.rar"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Resco.Keyboard.Pro.v4.35.All.Ppc.Incl.Keygen.Plus Skins-Rcapda.rar"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Super.DVD.Creator.v8.5.8.0.2005.4.26.Cracked-DVT.rar"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Unlock Nokia 6680(1).zip"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Unlock nokia 6680(10).zip"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Unlock Nokia 6680(2).zip"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\NEW INCOMING\Anapod Explorer Universal Edition 8.9.9 Un updated-fixed 10-2006.zip"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\NEW INCOMING\Anapod Explorer Universal Edition 8.9.9 Un.zip"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\NEW INCOMING\Clone DVD2 + Any DVD+ crack+serial.zip"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\NEW INCOMING\CloneCD 5.2.8.1 + Crack - Clone DVD2 2.8.9.2 - Alcohol 120% 1.9.5.3823 + Crack - AnyDVD5631.zip"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\NEW INCOMING\iPod Games - Pac-Man, Zuma, & Mini Golf (LEGIT VERSION).zip"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\NEW INCOMING\Resco Photo Viewer v5.32 With Keygen By Goof.rar"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\Program Files\BIOCAPSULACORP.3047.DC®\Bio®™ProccessExplorer\Data.cab a variant of Win32/HackTool.Patcher.A application"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\Program Files\BIOCAPSULACORP.3047.DC®\Bio®™ProccessExplorer\GroovyHexEditor\PATCH.EXE"
"c:\_old 60gb hdd\40XP-NG Linux+MacOs\Program Files\BIOCAPSULACORP.3047.DC®\Bio®™ProccessExplorer\RESTORATOR.2007.V3.70.1729.CAB probably a variant of Win32/Hupigon.FVRVMAR trojan"
"c:\_old 60gb hdd\Xp Gamer edition\WINDOWS\system32\drivers\tcpip.sys"
"c:\luxnew\Monitoring soft.. pc e cell\Download KGB Spy 4.2.1.804(keylogger)\kgb_setup_421.exe"
"c:\luxnew\Windows 7 Activators (Optional)\Windows_Loader_4.9.7_-_Activate_Win_7__Server__Vista__XP.rar"
"c:\program files\Any Video Converter Professional\any.video.converter_universal_patch_by_ChupaChu.exe"
"c:\program files\Cheat Engine\Cheat Engine.exe"
"c:\program files\Cheat Engine\dbk32.dll"
"c:\program files\Cheat Engine\dbk32.sys"
"c:\program files\Cheat Engine\Systemcallretriever.exe"
"c:\program files\Cheat Engine\systemcallsignal.exe"
"c:\program files\eMule AdunanzA\Incoming\(2009 Portable) danea easyfatt 2009 enterprise seriale.rar"
"c:\program files\eMule AdunanzA\Incoming\Adobe Acrobat 9.0 Pro Extended Multilingual Incl Keymaker-Edge.iso"
"c:\program files\eMule AdunanzA\Incoming\Adobe Illustrator CS4 Crack + Keymaker.{Mono}.rar"
"c:\program files\eMule AdunanzA\Incoming\Adobe Photoshop Cs4 Extended - Italiano - Incl Crack.rar"
"c:\program files\eMule AdunanzA\Incoming\Adobe.Dreamweaver.CS4.ITA.by.ExCaLiBuR.rar"
"c:\program files\eMule AdunanzA\Incoming\Adobe.Fireworks.CS4.ITA.by.ExCaLiBuR.7z a variant of Win32/Keygen.BH application"
"c:\program files\eMule AdunanzA\Incoming\Danea Easyfatt 2009 Crack(No Cd).rar"
"c:\program files\eMule AdunanzA\Incoming\Danea_Easyfatt_2009_Enterprise_rev.11b_Build_6000_ITALIAN_+SETUP&VIETATO+.rar"
"c:\program files\eMule AdunanzA\Incoming\Danea_Easyfatt_2009_Enterprise_rev.11b_Build_6000_ITALIAN_SETUP&CRACK_OK.zip"
"c:\program files\eMule AdunanzA\Incoming\Football Manager 2009 + Patch 9.1.0 + Crack [ITA DUT FRA CZE NORW POR SWE DAN ENG POL SPA].iso"
"c:\program files\eMule AdunanzA\Incoming\licenza uso danea easyfatt 2009 Genuine Licence(1).zip"
"c:\program files\eMule AdunanzA\Incoming\Vector.Magic.Desktop.Edition.V1.12-Vectormagic + Crack Ok By Chicco (Vettorizza Immagini).rar"
"c:\program files\eMule AdunanzA\Incoming\WD Anywhere Backup 4.00.5239.zip"
"c:\program files\HDD Regenerator\HDD Regenerator.exe"
"c:\program files\Uniblue\SpeedUpMyPC\sp_move_serial.exe"
"c:\program files\Uniblue\SpeedUpMyPC\sp_track_install.exe"
"c:\program files\Uniblue\SpeedUpMyPC\sump.exe"
"c:\users\Luccio\Documents\Downloads\AVC.Pro.v2.6.3.incl.Patch_zyberakuma.rar"
"c:\users\Luccio\Downloads\[ITA][ENG] Portable Mega Pack - 200 Applicazioni by 4eYeS\Alcohol 120% v1.9.8.7612 Portable ITA + Guida\Alcohol_120_1.9.8.7612.exe"
"c:\users\Luccio\Downloads\[ITA][ENG] Portable Mega Pack - 200 Applicazioni by 4eYeS\AMS Greeting Card Studio Portable v1.75 ENG\Greeting Card Studio.exe"
"c:\users\Luccio\Downloads\[ITA][ENG] Portable Mega Pack - 200 Applicazioni by 4eYeS\Photo Art Studio v2.15 Portable ENG\ArtStudio.exe"
"c:\users\Luccio\Downloads\[ITA][ENG] Portable Mega Pack - 200 Applicazioni by 4eYeS\Photo Framer v3.0 Portable ENG\Photo Framer.exe"
"c:\users\Luccio\Downloads\[ITA][ENG] Portable Mega Pack - 200 Applicazioni by 4eYeS\Save2pc Pro v3.60.1232 Portable ENG\save2pc.exe"
"c:\users\Luccio\Downloads\__soft e driver\megapacknod32.rar"
"c:\users\Luccio\Downloads\__soft e driver\pinoyWAREZ.net_ess_nt32_enu.rar"
"c:\users\Luccio\Downloads\Adobe_Illustrator_CS3_[Portable].rar"
"c:\users\Luccio\Downloads\Antiwpa_versions.rar"
"c:\users\Luccio\Downloads\AntiWPA_x64_x86_SP3_apr09.rar"
"c:\users\Luccio\Downloads\apt(2).zip"
"c:\users\Luccio\Downloads\apt.zip"
"c:\users\Luccio\Downloads\Bootable_USB_Windows_XP_Vista_Win_7_Maker_2010.rar"
"c:\users\Luccio\Downloads\CheatEngine55.exe"
"c:\users\Luccio\Downloads\DAEMON.Tools.Pro.4350307.rar"
"c:\users\Luccio\Downloads\DFDT_Devilsfunhouse.Org.rar"
"c:\users\Luccio\Downloads\FFSetup220.zip"
"c:\users\Luccio\Downloads\GetData.Recover.My.Email.v4.2.1.654.Incl.KeyMaker-DVT.rar"
"c:\users\Luccio\Downloads\getdata.recover.my.email.v4.2.1.654.incl.keymakerdvt.rar"
"c:\users\Luccio\Downloads\HDDRegenerator1.71.rar"
"c:\users\Luccio\Downloads\HeroCraft.Hexxagon.Labs.v1.21.S60v3.SymbianOS9.x.Incl.Keygen-COREPDA.rar"
"c:\users\Luccio\Downloads\iSafeCWSetup.exe"
"c:\users\Luccio\Downloads\KLS_Backup_2009_tom247_TSBAY.CO.UK.rar"
"c:\users\Luccio\Downloads\mini-KMS_Activator_v1.2_Office2010_VL_ENG.exe"
"c:\users\Luccio\Downloads\MiRROR.ZeNoVa-OFFLiNE.SURF.HeavenWarez.com-FSL.rar"
"c:\users\Luccio\Downloads\MsgPlusLive-483.exe"
"c:\users\Luccio\Downloads\Onone.Genuine.Fractals.Professional.v6.05.incl.Keygen-REDT.rar"
"c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\astlog.exe"
"c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\awatch.exe"
"c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\ChromePass.exe"
"c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\Dialupass.exe"
"c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\iepv.exe"
"c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\LSASecretsView.exe"
"c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\mailpv.exe"
"c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\mspass.exe"
"c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\netpass.exe"
"c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\OperaPassView.exe"
"c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\PasswordFox.exe"
"c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\ProduKey.exe"
"c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\pspv.exe"
"c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\PstPassword.exe"
"c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\rdpv.exe"
"c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\SniffPass.exe"
"c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\strun.exe"
"c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\VNCPassView.exe"
"c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\WirelessKeyView.exe"
"c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\WirelessNetView.exe"
"c:\users\Luccio\Downloads\speedupmypc.exe"
"c:\users\Luccio\Downloads\TCPZ_20090108.zip"
"c:\users\Luccio\Downloads\tcpz_20090409.7z a variant of Win32/TCPZ.F application"
"c:\users\Luccio\Downloads\USB_MultiBoot_10.zip"
"c:\users\Luccio\Downloads\v4.8.210_plus_manual_and_serial_ToM247_Sharingw.org.rar"
"c:\users\Luccio\Downloads\Windows 7 Loader eXtreme Edition v3.503-NAPALUM~DiBYA\Windows 7 Loader eXtreme Edition v3.503-NAPALUM~DiBYA.rar"
"c:\users\Luccio\Downloads\Windows 7 Loader eXtreme Edition v3.503.rar"
"c:\users\Luccio\Downloads\Windows Activator V 3.9.7.7( Vista , XP )\Windows XP Activator for SP3\Make XP Pro with SP3 Genuine\Activator.exe"
"c:\users\Luccio\Downloads\Windows Activator V 3.9.7.7( Vista , XP )\Windows XP Activator for SP3\Windows_XP_Activation\Windows Genuine Advantage Fix\KeyChanger.exe"
"c:\users\Luccio\Downloads\Windows Activator V 3.9.7.7( Vista , XP )\Windows XP Activator for SP3\Windows_XP_Activation\Windows Genuine Advantage Fix\KeyGen For Windows.exe"
"c:\users\Luccio\Downloads\wp.rar"
"c:\users\Luccio\Downloads\wpa-kill(1).rar"
"c:\users\Luccio\Downloads\wpa-kill(2).rar"
"c:\users\Luccio\Downloads\wpa-kill.rar"
"c:\users\Luccio\Downloads\WPA Kill 2.1.7.rar"
"c:\users\Luccio\Downloads\WPA.and.Windows.Genuine.Advantage.Validation.v1.7.69.2.-SP3-CRACKED-ETH0\ETH0\WPA.Crack\WPA_Kill.exe"
"c:\users\Luccio\Downloads\WPA_Patch__OLD__.rar"
"c:\users\Luccio\Downloads\wpp_2gb_3.6.zip.part a variant of Win32/Server-Web.HFS.A application"
"c:\users\Luccio\Downloads\www.nd-warez.info.DAEM0N.Tools.Pro.4.40.rar"
"c:\windows\System32\hbaapi32.dll"
"c:\windows\System32\irclax86.dll"
"c:\windows\System32\vmicssvr.exe"
"d:\program files\ESET\ESET Smart Security\Shahed.exe"
"d:\users\Public\Desktop\Windows7 Activators(optional)\Windows_Loader_4.9.7_-_Activate_Win_7__Server__Vista__XP.rar"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\___power things\_.-{[-.__SoftWare!!__.-]}-._\CREARE Macros\Quick_Macro_6.2.rar
c:\___power things\_.-{[-.__SoftWare!!__.-]}-._\Portable Alcohol 120% v1.9.6.5429\Portable Alcohol 120% v1.9.6.5429\Alcohol_120.exe
c:\___power things\_.-{[-.__SoftWare!!__.-]}-._\Portable Registry Mechanic v6.0.0.780\Portable Registry Mechanic v6.0.0.780\Portable_RegistryMechanic_6.0.0.780.exe
c:\___power things\__nok 5800 di lux\app&gam FRA\games\WFINC\WFINC\WFINC\WI_kg.exe
c:\___power things\overclock sistema\Bootable USB Windows XP Vista Win 7 Maker 2010\OPTION - 2 for XP and Vista\MULTI_CONTENT\wintools\othertools\ProduKey.exe
c:\___power things\zzzzzzzPC touch negozio\USB_MultiBoot_10\MULTI_CONTENT\wintools\othertools\ProduKey.exe
c:\_old 60gb hdd\40XP-NG Linux+MacOs\___DASALV___\lu\ShortCut.PhotoArtist.v1.04.WinALL.Incl.Patch-EiTheL\ethspa01.zip
c:\_old 60gb hdd\40XP-NG Linux+MacOs\___DASALV___\Msn flood.rar
c:\_old 60gb hdd\40XP-NG Linux+MacOs\Documents and Settings\All Users\Desktop\System Center.exe
c:\_old 60gb hdd\40XP-NG Linux+MacOs\Documents and Settings\All Users\Desktop\Vista Extras plus Bonus Programs\Kaspersky AntiHacker 1.9.4.exe
c:\_old 60gb hdd\40XP-NG Linux+MacOs\Documents and Settings\USER\Desktop\ir_ext_temp_0\AutoPlay\Programs\PORTABLE NETWORKING TOOLS\Adapter watch\awatch.exe
c:\_old 60gb hdd\40XP-NG Linux+MacOs\Documents and Settings\USER\Desktop\ir_ext_temp_0\AutoPlay\Programs\PORTABLE NETWORKING TOOLS\HTTP SERVER\hfs.exe
c:\_old 60gb hdd\40XP-NG Linux+MacOs\Download from MuTorrent\BioVistaMAX_RTM_Idx64_ES.iso
c:\_old 60gb hdd\40XP-NG Linux+MacOs\Download from MuTorrent\Muiz_Vista_Ultimate_32_NL_Unattended_1.8\VUA 1.8.iso
c:\_old 60gb hdd\40XP-NG Linux+MacOs\Download from MuTorrent\Updated Portable USB Software Pack For 512MB Stick Gold Edtn\Portable Alcohol 120% v1.9.6.5429.zip
c:\_old 60gb hdd\40XP-NG Linux+MacOs\Download from MuTorrent\Updated Portable USB Software Pack For 512MB Stick Gold Edtn\Portable AVG Antivirus v7.5.zip
c:\_old 60gb hdd\40XP-NG Linux+MacOs\Download from MuTorrent\Updated Portable USB Software Pack For 512MB Stick Gold Edtn\Portable Registry Mechanic v6.0.0.780.zip
c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\2Fast XP SE\2Fast XP SE.iso
c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\Alcohol.120.v1.9.5.4327.Retail.WinALL.Cracked-BLiZZARD\b-a95421.zip
c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\Alcohol.120.v1.9.5.4327.Retail.WinALL.Cracked-BLiZZARD\blz-a120_1954327-patch.exe
c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\Download_Accelerator-Plus-v8.0.7.0.rar
c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\giochi\Madden.NFL.06.v1.0.+1.TRAINER.rar
c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\giochi\New Folder\pzn-nfst.rar
c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\giochi\NFSMW_maniatools_setup_v1.01.zip
c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\giochi\pzn-nfst.exe
c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\HiDownload_Pro_6.9_by_softland.biz_.rar
c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\SpeedHack.zip
c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\Vanix.Net_Alcohol.120.v1.9.5.4327.Retail.WinALL.Cracked-BLiZZARD.rar
c:\_old 60gb hdd\40XP-NG Linux+MacOs\DWNLD\XPPRESP3V2.part1.rar
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\24 Games working on Nokia 6680 STE.zip
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\430.Nokia.Themes.Symbian.6630.6680.3650.6600.7610.7650.N-Gage.s60.(sis).Mr.Brainz.Repack.rar
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Applicazioni Nokia 6680.rar
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Colorful DVD Creator v3.0.rar
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\MESSENGER DISCOVERY X2.zip
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Msn Messenger Hack Utilities.zip
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Nokia 6280 - Games,Appz,Themes, Backgrounds, Sounds.zip
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Nokia_6280_Unlocker_(Brand_TRE).zip
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Programas imprescindibles para Pocketpc_ppc_navegador_aplicaciones_juegos.rar
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Rapidshare & Megaupload Killer All In One.rar
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Resco.Explorer.2005.v5.40.MULTILANGUAGE.ARM.XScale.PPC.Incl.Keymaker.Patch-COREPDA updated-fixed 05-2006.rar
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Resco.Keyboard.Pro.v4.35.All.Ppc.Incl.Keygen.Plus Skins-Rcapda.rar
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Super.DVD.Creator.v8.5.8.0.2005.4.26.Cracked-DVT.rar
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Unlock Nokia 6680(1).zip
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Unlock nokia 6680(10).zip
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\Incoming\Unlock Nokia 6680(2).zip
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\NEW INCOMING\Anapod Explorer Universal Edition 8.9.9 Un updated-fixed 10-2006.zip
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\NEW INCOMING\Anapod Explorer Universal Edition 8.9.9 Un.zip
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\NEW INCOMING\Clone DVD2 + Any DVD+ crack+serial.zip
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\NEW INCOMING\CloneCD 5.2.8.1 + Crack - Clone DVD2 2.8.9.2 - Alcohol 120% 1.9.5.3823 + Crack - AnyDVD5631.zip
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\NEW INCOMING\iPod Games - Pac-Man, Zuma, & Mini Golf (LEGIT VERSION).zip
c:\_old 60gb hdd\40XP-NG Linux+MacOs\eMule\NEW INCOMING\Resco Photo Viewer v5.32 With Keygen By Goof.rar
c:\_old 60gb hdd\40XP-NG Linux+MacOs\Program Files\BIOCAPSULACORP.3047.DC®\Bio®™ProccessExplorer\GroovyHexEditor\PATCH.EXE
c:\_old 60gb hdd\Xp Gamer edition\WINDOWS\system32\drivers\tcpip.sys
c:\luxnew\Monitoring soft.. pc e cell\Download KGB Spy 4.2.1.804(keylogger)\kgb_setup_421.exe
c:\luxnew\Windows 7 Activators (Optional)\Windows_Loader_4.9.7_-_Activate_Win_7__Server__Vista__XP.rar
c:\program files\Any Video Converter Professional\any.video.converter_universal_patch_by_ChupaChu.exe
c:\program files\Cheat Engine\Cheat Engine.exe
c:\program files\Cheat Engine\dbk32.dll
c:\program files\Cheat Engine\dbk32.sys
c:\program files\Cheat Engine\Systemcallretriever.exe
c:\program files\Cheat Engine\systemcallsignal.exe
c:\program files\eMule AdunanzA\Incoming\(2009 Portable) danea easyfatt 2009 enterprise seriale.rar
c:\program files\eMule AdunanzA\Incoming\Adobe Acrobat 9.0 Pro Extended Multilingual Incl Keymaker-Edge.iso
c:\program files\eMule AdunanzA\Incoming\Adobe Illustrator CS4 Crack + Keymaker.{Mono}.rar
c:\program files\eMule AdunanzA\Incoming\Adobe Photoshop Cs4 Extended - Italiano - Incl Crack.rar
c:\program files\eMule AdunanzA\Incoming\Adobe.Dreamweaver.CS4.ITA.by.ExCaLiBuR.rar
c:\program files\eMule AdunanzA\Incoming\Danea Easyfatt 2009 Crack(No Cd).rar
c:\program files\eMule AdunanzA\Incoming\Danea_Easyfatt_2009_Enterprise_rev.11b_Build_6000_ITALIAN_+SETUP&VIETATO+.rar
c:\program files\eMule AdunanzA\Incoming\Danea_Easyfatt_2009_Enterprise_rev.11b_Build_6000_ITALIAN_SETUP&CRACK_OK.zip
c:\program files\eMule AdunanzA\Incoming\Football Manager 2009 + Patch 9.1.0 + Crack [ITA DUT FRA CZE NORW POR SWE DAN ENG POL SPA].iso
c:\program files\eMule AdunanzA\Incoming\licenza uso danea easyfatt 2009 Genuine Licence(1).zip
c:\program files\eMule AdunanzA\Incoming\Vector.Magic.Desktop.Edition.V1.12-Vectormagic + Crack Ok By Chicco (Vettorizza Immagini).rar
c:\program files\eMule AdunanzA\Incoming\WD Anywhere Backup 4.00.5239.zip
c:\program files\HDD Regenerator\HDD Regenerator.exe
c:\program files\Uniblue\SpeedUpMyPC\sp_move_serial.exe
c:\program files\Uniblue\SpeedUpMyPC\sp_track_install.exe
c:\program files\Uniblue\SpeedUpMyPC\sump.exe
c:\users\Luccio\Documents\Downloads\AVC.Pro.v2.6.3.incl.Patch_zyberakuma.rar
c:\users\Luccio\Downloads\[ITA][ENG] Portable Mega Pack - 200 Applicazioni by 4eYeS\Alcohol 120% v1.9.8.7612 Portable ITA + Guida\Alcohol_120_1.9.8.7612.exe
c:\users\Luccio\Downloads\[ITA][ENG] Portable Mega Pack - 200 Applicazioni by 4eYeS\AMS Greeting Card Studio Portable v1.75 ENG\Greeting Card Studio.exe
c:\users\Luccio\Downloads\[ITA][ENG] Portable Mega Pack - 200 Applicazioni by 4eYeS\Photo Art Studio v2.15 Portable ENG\ArtStudio.exe
c:\users\Luccio\Downloads\[ITA][ENG] Portable Mega Pack - 200 Applicazioni by 4eYeS\Photo Framer v3.0 Portable ENG\Photo Framer.exe
c:\users\Luccio\Downloads\[ITA][ENG] Portable Mega Pack - 200 Applicazioni by 4eYeS\Save2pc Pro v3.60.1232 Portable ENG\save2pc.exe
c:\users\Luccio\Downloads\__soft e driver\megapacknod32.rar
c:\users\Luccio\Downloads\__soft e driver\pinoyWAREZ.net_ess_nt32_enu.rar
c:\users\Luccio\Downloads\Adobe_Illustrator_CS3_[Portable].rar
c:\users\Luccio\Downloads\Antiwpa_versions.rar
c:\users\Luccio\Downloads\AntiWPA_x64_x86_SP3_apr09.rar
c:\users\Luccio\Downloads\apt(2).zip
c:\users\Luccio\Downloads\apt.zip
c:\users\Luccio\Downloads\Bootable_USB_Windows_XP_Vista_Win_7_Maker_2010.rar
c:\users\Luccio\Downloads\CheatEngine55.exe
c:\users\Luccio\Downloads\DAEMON.Tools.Pro.4350307.rar
c:\users\Luccio\Downloads\DFDT_Devilsfunhouse.Org.rar
c:\users\Luccio\Downloads\FFSetup220.zip
c:\users\Luccio\Downloads\GetData.Recover.My.Email.v4.2.1.654.Incl.KeyMaker-DVT.rar
c:\users\Luccio\Downloads\getdata.recover.my.email.v4.2.1.654.incl.keymakerdvt.rar
c:\users\Luccio\Downloads\HDDRegenerator1.71.rar
c:\users\Luccio\Downloads\HeroCraft.Hexxagon.Labs.v1.21.S60v3.SymbianOS9.x.Incl.Keygen-COREPDA.rar
c:\users\Luccio\Downloads\iSafeCWSetup.exe
c:\users\Luccio\Downloads\KLS_Backup_2009_tom247_TSBAY.CO.UK.rar
c:\users\Luccio\Downloads\mini-KMS_Activator_v1.2_Office2010_VL_ENG.exe
c:\users\Luccio\Downloads\MiRROR.ZeNoVa-OFFLiNE.SURF.HeavenWarez.com-FSL.rar
c:\users\Luccio\Downloads\MsgPlusLive-483.exe
c:\users\Luccio\Downloads\Onone.Genuine.Fractals.Professional.v6.05.incl.Keygen-REDT.rar
c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\astlog.exe
c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\awatch.exe
c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\ChromePass.exe
c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\Dialupass.exe
c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\iepv.exe
c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\LSASecretsView.exe
c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\mailpv.exe
c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\mspass.exe
c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\netpass.exe
c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\OperaPassView.exe
c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\PasswordFox.exe
c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\ProduKey.exe
c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\pspv.exe
c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\PstPassword.exe
c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\rdpv.exe
c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\SniffPass.exe
c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\strun.exe
c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\VNCPassView.exe
c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\WirelessKeyView.exe
c:\users\Luccio\Downloads\PortableMoySuite_20100718\nn\PortableApps\WSCCPortable\App\WSCC\NirSoft Utilities\WirelessNetView.exe
c:\users\Luccio\Downloads\speedupmypc.exe
c:\users\Luccio\Downloads\TCPZ_20090108.zip
c:\users\Luccio\Downloads\USB_MultiBoot_10.zip
c:\users\Luccio\Downloads\v4.8.210_plus_manual_and_serial_ToM247_Sharingw.org.rar
c:\users\Luccio\Downloads\Windows 7 Loader eXtreme Edition v3.503-NAPALUM~DiBYA\Windows 7 Loader eXtreme Edition v3.503-NAPALUM~DiBYA.rar
c:\users\Luccio\Downloads\Windows 7 Loader eXtreme Edition v3.503.rar
c:\users\Luccio\Downloads\Windows Activator V 3.9.7.7( Vista , XP )\Windows XP Activator for SP3\Make XP Pro with SP3 Genuine\Activator.exe
c:\users\Luccio\Downloads\Windows Activator V 3.9.7.7( Vista , XP )\Windows XP Activator for SP3\Windows_XP_Activation\Windows Genuine Advantage Fix\KeyChanger.exe
c:\users\Luccio\Downloads\Windows Activator V 3.9.7.7( Vista , XP )\Windows XP Activator for SP3\Windows_XP_Activation\Windows Genuine Advantage Fix\KeyGen For Windows.exe
c:\users\Luccio\Downloads\wp.rar
c:\users\Luccio\Downloads\wpa-kill(1).rar
c:\users\Luccio\Downloads\wpa-kill(2).rar
c:\users\Luccio\Downloads\wpa-kill.rar
c:\users\Luccio\Downloads\WPA Kill 2.1.7.rar
c:\users\Luccio\Downloads\WPA.and.Windows.Genuine.Advantage.Validation.v1.7.69.2.-SP3-CRACKED-ETH0\ETH0\WPA.Crack\WPA_Kill.exe
c:\users\Luccio\Downloads\WPA_Patch__OLD__.rar
c:\users\Luccio\Downloads\www.nd-warez.info.DAEM0N.Tools.Pro.4.40.rar
c:\windows\system32\drivers\tbyqcmg.sys
c:\windows\System32\irclax86.dll
c:\windows\system32\themeservice.dll
c:\windows\System32\vmicssvr.exe
d:\program files\ESET\ESET Smart Security\Shahed.exe
d:\users\Public\Desktop\Windows7 Activators(optional)\Windows_Loader_4.9.7_-_Activate_Win_7__Server__Vista__XP.rar
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Themes
-------\Service_csogw
.
.
((((((((((((((((((((((((( Files Creati Da 2011-02-18 al 2011-03-18 )))))))))))))))))))))))))))))))))))
.
.
2011-03-18 12:58 . 2011-03-18 12:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-03-18 12:58 . 2011-03-18 12:58 -------- d-----w- c:\users\Lux's\AppData\Local\temp
2011-03-18 12:58 . 2011-03-18 12:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-18 12:58 . 2011-03-18 12:58 -------- d-----w- c:\users\BIRUNG~1\AppData\Local\temp
2011-03-17 17:34 . 2011-03-17 17:34 -------- d-----w- c:\program files\ESET
2011-03-17 12:13 . 2011-03-17 12:13 388096 ----a-r- c:\users\Luccio\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-17 12:13 . 2011-03-17 12:13 -------- d-----w- c:\program files\Trend Micro
2011-03-16 08:44 . 2008-09-08 09:19 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\cl31cpc.dll
2011-03-16 08:39 . 2004-10-18 14:02 49152 ----a-w- c:\windows\system32\drivers\DgiVecp.sys
2011-03-16 08:39 . 2011-03-16 08:39 -------- d-----w- c:\program files\Samsung
2011-03-16 08:35 . 2011-03-16 08:35 -------- d-----w- c:\program files\Common Files\Java
2011-03-02 01:49 . 2011-03-03 08:34 24448 ----a-w- c:\windows\system32\drivers\rkhdrv40.sys
2011-03-02 01:49 . 2011-03-02 01:49 -------- d-----w- C:\RkUnhooker
2011-03-02 00:46 . 2011-03-02 00:47 34816 ----a-w- c:\windows\system32\drivers\rootrepe.sys
2011-03-02 00:35 . 2010-11-20 12:30 160128 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2011-03-02 00:10 . 2011-03-02 00:10 34816 ----a-w- c:\windows\system32\drivers\rootepeal.sys
2011-03-02 00:09 . 2011-03-02 00:47 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2011-03-02 00:03 . 2011-03-02 00:09 34816 ----a-w- c:\windows\system32\drivers\rootrel.sys
2011-03-01 15:54 . 2011-03-01 15:54 -------- d-----w- c:\windows\RestoreSafeDeleted
2011-03-01 13:47 . 2011-03-01 13:47 -------- d-----w- c:\program files\Greatis
2011-03-01 11:57 . 2011-03-01 13:48 2 --shatr- c:\windows\winstart.bat
2011-03-01 11:57 . 2011-03-01 23:52 -------- d-----w- c:\program files\UnHackMe
2011-03-01 11:47 . 2011-03-01 11:47 -------- d-----w- c:\windows\system32\SPReview
2011-03-01 11:46 . 2011-03-01 11:46 -------- d-----w- c:\windows\system32\EventProviders
2011-03-01 11:42 . 2010-11-20 10:52 1003008 ----a-w- c:\windows\system32\VMWindow.exe
2011-03-01 11:42 . 2010-11-20 10:52 793600 ----a-w- c:\windows\system32\vmsal.exe
2011-03-01 11:42 . 2010-11-20 12:17 3330560 ----a-w- c:\windows\system32\vpc.exe
2011-03-01 11:42 . 2010-11-20 12:17 2171392 ----a-w- c:\windows\system32\VPCWizard.exe
2011-03-01 11:42 . 2010-11-20 12:17 1260032 ----a-w- c:\windows\system32\VPCSettings.exe
2011-03-01 11:42 . 2010-11-20 10:50 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2011-03-01 11:42 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-01 11:42 . 2010-11-20 12:21 2755072 ----a-w- c:\windows\system32\themeui.dll
2011-03-01 11:40 . 2010-11-20 12:21 560128 ----a-w- c:\windows\system32\wuapi.dll
2011-03-01 11:39 . 2010-11-20 12:07 2048 ----a-w- c:\windows\system32\tzres.dll
2011-03-01 11:39 . 2010-11-20 12:06 69120 ----a-w- c:\windows\system32\nlsbres.dll
2011-03-01 11:39 . 2010-11-20 12:05 35328 ----a-w- c:\windows\system32\pifmgr.dll
2011-03-01 11:39 . 2010-11-20 11:57 2560 ----a-w- c:\windows\system32\dpnaddr.dll
2011-03-01 11:39 . 2010-11-20 11:56 52736 ----a-w- c:\windows\system32\BlbEvents.dll
2011-03-01 11:39 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-01 11:39 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-03-01 11:39 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-03-01 11:39 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-03-01 11:38 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-03-01 11:38 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-03-01 11:38 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-01 11:38 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-03-01 11:37 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-03-01 11:31 . 2011-03-01 11:31 -------- d-----w- c:\program files\Total Uninstall
2011-03-01 11:21 . 2011-03-01 17:58 -------- d-----w- c:\program files\SpyMe Tools
2011-03-01 10:23 . 2011-03-01 12:06 -------- d-----w- c:\users\Luccio\AppData\Local\VirtualStore
2011-02-28 23:20 . 2010-12-18 03:15 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-28 23:20 . 2010-12-18 03:19 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-28 22:26 . 2011-02-11 06:54 5943120 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{271EF60C-1F30-4BDA-9C60-391144539CF0}\mpengine.dll
2011-02-28 21:40 . 2010-12-17 07:07 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-02-28 21:40 . 2011-01-07 07:45 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-28 21:40 . 2011-01-07 05:43 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-28 21:40 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-02-28 21:40 . 2011-01-07 07:46 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-28 21:40 . 2011-01-07 07:46 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-28 21:40 . 2011-01-05 03:51 2330624 ----a-w- c:\windows\system32\win32k.sys
2011-02-28 21:40 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-28 21:40 . 2010-11-20 12:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-28 21:40 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll
2011-02-28 20:45 . 2011-02-28 20:45 -------- d-----w- c:\users\Luccio\DoctorWeb
2011-02-28 00:27 . 2011-02-28 00:27 -------- d-----w- c:\programdata\PC Tools
2011-02-28 00:25 . 2011-02-28 00:25 -------- d-----w- c:\users\Luccio\AppData\Roaming\SUPERAntiSpyware.com
2011-02-28 00:25 . 2011-02-28 00:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-02-27 21:11 . 2011-02-27 21:11 -------- d-----w- c:\users\Luccio\Pavark
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-01 11:56 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-02 20:40 . 2010-05-25 14:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-29 18:04 . 2009-12-01 19:25 420920 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-01-08 03:27 . 2011-01-26 00:43 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2011-01-26 00:43 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27 . 2011-01-26 00:43 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27 . 2011-01-26 00:43 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2011-01-26 00:43 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2011-01-26 00:43 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2011-01-26 00:43 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-08 03:27 . 2011-01-26 00:43 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2011-01-26 00:43 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2011-01-26 00:43 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-08 03:27 . 2009-12-02 16:45 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27 . 2009-06-10 21:19 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 20:06 . 2011-01-07 20:06 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2010-09-02 09:22 . 2010-09-02 09:23 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 12:20 442880 ----a-w- c:\windows\System32\ntshrui.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-02 39408]
"Google Update"="c:\users\Luccio\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-20 133104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-02 122880]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-02 30192]
.
c:\users\Luccio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Wuala.lnk - c:\users\Luccio\AppData\Roaming\Wuala\Wuala.exe [2010-8-13 428224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootepeal.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrel.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepe.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2010-11-11 08:27 570688 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EVGAPrecision]
2008-10-27 16:28 44048 ----a-w- c:\program files\EVGA Precision\EVGAPrecisionWrapper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-20 14:16 133104 ----atw- c:\users\Luccio\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]
2008-02-01 14:11 1607168 ----a-w- c:\program files\HDD Health\hddhealth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-14 15:18 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-14 15:18 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 23:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2003-12-17 08:50 19968 ----a-w- c:\windows\LOGI_MWX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Backup Premium]
2009-05-12 15:31 165088 ----a-w- c:\program files\Memeo\AutoBackupPro\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:11 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDisp]
2009-08-21 10:36 878080 ----a-w- c:\windows\System32\PrintDisp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-04-14 10:13 604704 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-12-02 00:09 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uranium]
2010-07-08 15:36 9046200 ----a-w- c:\program files\FreeSoft\Uranium\Uranium.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2010-11-11 12:47 129648 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe
.
R2 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 135664]
R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-11-20 164864]
R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-11-20 10240]
R3 adp94xx;adp94xx;c:\windows\system32\drivers\adp94xx.sys [2009-07-14 422976]
R3 adpahci;adpahci;c:\windows\system32\drivers\adpahci.sys [2009-07-14 297552]
R3 ALSysIO;ALSysIO;c:\users\Luccio\AppData\Local\Temp\ALSysIO.sys [x]
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-11-20 80256]
R3 amdsbs;amdsbs;c:\windows\system32\drivers\amdsbs.sys [2009-07-14 159312]
R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2010-11-20 50176]
R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 arcsas;arcsas;c:\windows\system32\drivers\arcsas.sys [2009-07-14 86608]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\drivers\bxvbdx.sys [2009-07-13 430080]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\drivers\BrFiltLo.sys [2009-07-13 13568]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\drivers\BrFiltUp.sys [2009-07-13 5248]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 CFcatchme;CFcatchme;c:\users\Luccio\AppData\Local\Temp\CFcatchme.sys [x]
R3 circlass;Consumer IR Devices;c:\windows\system32\drivers\circlass.sys [2009-07-13 37888]
R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 E1G60;Intel® PRO/1000 NDIS 6 Adapter Driver;c:\windows\system32\DRIVERS\E1G60I32.sys [2009-07-13 118784]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\drivers\evbdx.sys [2009-07-13 3100160]
R3 elxstor;elxstor;c:\windows\system32\drivers\elxstor.sys [2009-07-14 453712]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]
R3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [2009-07-14 67152]
R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-11-20 332160]
R3 ioatdma;Intel® QuickData Technology device;c:\windows\System32\Drivers\qd26032.sys [2008-01-18 37504]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd16032.sys [2008-01-18 36480]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-11-20 65536]
R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-11-20 233344]
R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [2009-08-04 106512]
R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 LSI_FC;LSI_FC;c:\windows\system32\drivers\lsi_fc.sys [2009-07-14 95824]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\drivers\lsi_sas.sys [2009-07-14 89168]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\drivers\lsi_sas2.sys [2009-07-14 54864]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\drivers\lsi_scsi.sys [2009-07-14 96848]
R3 megasas;megasas;c:\windows\system32\drivers\megasas.sys [2009-07-14 30800]
R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-11-20 130432]
R3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416]
R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-11-20 28032]
R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-11-20 116096]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096]
R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\drivers\MTConfig.sys [2009-07-13 12288]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136]
R3 nfrd960;nfrd960;c:\windows\system32\drivers\nfrd960.sys [2009-07-14 44624]
R3 Normandy;Normandy SR2; [x]
R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-11-20 143744]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2009-07-26 47448]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2009-07-26 44064]
R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 ql2300;ql2300;c:\windows\system32\drivers\ql2300.sys [2009-07-14 1383488]
R3 ql40xx;ql40xx;c:\windows\system32\drivers\ql40xx.sys [2009-07-14 106064]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-06-30 49152]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400]
R3 rkhdrv40;Rootkit Unhooker Driver; [x]
R3 roeal;roeal;c:\windows\system32\drivers\roeal.sys [x]
R3 rootepeal;rootepeal;c:\windows\system32\drivers\rootepeal.sys [2011-03-02 34816]
R3 rootrel;rootrel;c:\windows\system32\drivers\rootrel.sys [2011-03-02 34816]
R3 rootrepe;rootrepe;c:\windows\system32\drivers\rootrepe.sys [2011-03-02 34816]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-22 174592]
R3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [2005-05-25 4608]
R3 s3cap;s3cap;c:\windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [2010-11-20 26624]
R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\drivers\sisraid4.sys [2009-07-14 77888]
R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168]
R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 stexstor;stexstor;c:\windows\system32\drivers\stexstor.sys [2009-07-14 21072]
R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2010-11-20 28032]
R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-11-20 31232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 35840]
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424]
R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016]
R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 22528]
R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\drivers\viac7.sys [2009-07-13 52736]
R3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys [2009-10-21 70704]
R3 VMBusHID;VMBusHID;c:\windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys [2009-10-21 11440]
R3 vsmraid;vsmraid;c:\windows\system32\drivers\vsmraid.sys [2009-07-14 141904]
R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [2009-07-13 19968]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2009-07-13 21632]
R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2010-11-20 1203200]
R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Wd;Wd;c:\windows\system32\drivers\wd.sys [2009-07-14 19024]
R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]
R4 ActiveSMART Service;ActiveSMART Service;c:\program files\ActiveSMART 2.8\ASmartService.exe [2009-09-04 586008]
R4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-06-23 322608]
R4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2009-05-12 25824]
R4 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 20992]
R4 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 20992]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2011-01-29 420920]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-11-20 22400]
S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448]
S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [2010-11-20 194800]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-11-20 14208]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200]
S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
S0 spldr;Security Processor Loader Driver; [x]
S0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\system32\drivers\vmstorfl.sys [2010-11-20 40704]
S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832]
S0 vmbus;Virtual Machine Bus;c:\windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-11-20 53120]
S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328]
S1 CSC;Offline Files Driver;c:\windows\system32\drivers\csc.sys [2010-11-20 388096]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-11-20 78336]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2010-11-20 74752]
S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2010-11-20 63488]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728]
S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 CscService;Offline Files;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-02 30192]
S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128]
S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528]
S2 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752]
S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2009-06-16 77824]
S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-11-20 3179520]
S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-11-20 35328]
S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-11-11 70768]
S2 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 wDokan;wDokan;c:\windows\system32\drivers\wdokan.sys [2010-08-11 72568]
S2 wDokanMounter;wDokanMounter;c:\program files\Wuala Dokan\mounter.exe [2010-08-11 11776]
S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632]
S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys [2010-11-20 31232]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-11-20 728448]
S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 22528]
S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552]
S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-11-20 223232]
S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-11-20 96768]
S3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264]
S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [2010-11-20 309248]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-11-20 114176]
S3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 204800]
S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-11-20 108544]
S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-11-20 39936]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
AxInstSVGroup REG_MULTI_SZ AxInstSV
secsvcs REG_MULTI_SZ WinDefend
PeerDist REG_MULTI_SZ PeerDistSvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
EapHost
ProfSvc
schedule
hkmsvc
winmgmt
browser
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 01:00]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 01:00]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-640380853-2296626815-1824116668-1005Core.job
- c:\users\Luccio\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-02 14:16]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-640380853-2296626815-1824116668-1005UA.job
- c:\users\Luccio\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-02 14:16]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Luccio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: {AA000B2C-524B-4C44-9668-4F29B0C8D882} = 10.0.0.3
FF - ProfilePath - c:\users\Luccio\AppData\Roaming\Mozilla\Firefox\Profiles\slp48dao.default\
FF - prefs.js: browser.startup.homepage - www.google.it
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 14:00
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 14:00
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 14:00
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 14:00
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 14:00
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 14:00
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 14:00
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 14:00
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 14:00
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 14:00
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 14:00
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti:
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(2336)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\users\Luccio\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Ora fine scansione: 2011-03-18 14:05:54 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-03-18 13:05
ComboFix2.txt 2011-03-17 02:24
ComboFix3.txt 2011-03-01 18:45
ComboFix4.txt 2011-03-01 01:06
.
Pre-Run: 145.225.363.456 bytes free
Post-Run: 145.008.611.328 bytes free
.
- - End Of File - - 981368D0EF46846572EB1D9F8DB0DD17

Thanks a lot for the HELP !!!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 PM

Posted 19 March 2011 - 02:43 AM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:clear system restore points:

This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • choose your root drive (normally C:)
  • after it calculates how much space you will save it will open up a new window
  • Select the More options tab at the top of the window
  • Choose the option to clean up system restore and OK it.
  • go back to the disk clean up tab
  • put a checkmark in all - except compress old files (leave this unchecked)
  • click Ok then click yes
This will remove all restore points except the new one you just created and clean unneeded files


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users