Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help Win32:Delf-IWD [RESOLVED]


  • This topic is locked This topic is locked

#1
Byson78

Byson78

    Member

  • Member
  • PipPip
  • 13 posts
Hi,
avast antivirus found on my pc this troian.
Reeboting system it founds differnt times this virus and eliminated many files.
I ran it many thimes and every time it found many Win32:Delf-IWD viruses, but the problem is still there.
I just run Combofix, what should I do now?
I post the combofix log.
Thanks

ComboFix 08-04-18.3 - Flavio 2008-04-19 20.12.53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1549 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Flavio\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Flavio\Impostazioni locali\Dati applicazioni\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\tmp0_748005806903.bk
C:\WINDOWS\system32\tmp4_351076671561.bk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PERFMONS
-------\Service_perfmons


((((((((((((((((((((((((( Files Creati Da 2008-03-19 al 2008-04-19 )))))))))))))))))))))))))))))))))))
.

2008-04-19 13:34 . 2008-04-19 13:31 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-04-19 13:34 . 2008-04-19 13:31 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-04-19 13:34 . 2008-04-19 13:31 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-04-19 13:31 . 2008-04-19 20:12 <DIR> d-------- C:\Programmi\ESET
2008-04-18 20:15 . 2008-04-18 20:15 <DIR> d-------- C:\Programmi\KONAMI
2008-04-18 19:50 . 2008-04-18 19:50 <DIR> d-------- C:\Programmi\Apple Software Update
2008-04-18 02:29 . 2008-04-18 02:29 <DIR> d-------- C:\WINDOWS\nview
2008-04-18 02:29 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-04-18 02:29 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-04-18 02:29 . 2008-04-18 02:29 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
2008-04-18 02:29 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-04-18 02:28 . 2008-04-18 02:28 <DIR> d-------- C:\NVIDIA
2008-04-18 01:37 . 2008-04-18 01:37 <DIR> d-------- C:\Programmi\File comuni\Adobe
2008-04-18 01:18 . 2008-04-18 01:20 48 --a------ C:\WINDOWS\wpd99.drv
2008-04-18 00:35 . 2008-04-18 00:35 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-18 00:08 . 2008-04-18 00:08 <DIR> d-------- C:\Programmi\Trend Micro
2008-04-18 00:07 . 2008-04-18 00:07 <DIR> d-------- C:\Programmi\Sunbelt Software
2008-04-16 20:41 . 2008-04-16 20:41 <DIR> d-------- C:\Documents and Settings\Flavio\My Games
2008-04-16 20:30 . 2007-06-21 01:53 32,768 --a------ C:\WINDOWS\system32\MF.dll
2008-04-16 20:26 . 2008-04-16 20:26 <DIR> d-------- C:\Programmi\Microsoft Games
2008-04-16 20:26 . 2008-04-16 20:26 <DIR> d-------- C:\Documents and Settings\All Users\Microsoft
2008-04-16 20:26 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-04-16 20:26 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-04-16 20:25 . 2008-04-16 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Games
2008-04-16 20:22 . 2008-04-16 20:22 <DIR> d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Microsoft Game Studios
2008-04-16 20:21 . 2008-04-16 20:21 <DIR> d-------- C:\Programmi\halo
2008-04-16 02:59 . 2008-04-19 20:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-16 02:59 . 2008-04-16 02:59 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-16 02:58 . 2008-04-16 02:58 <DIR> d-------- C:\Programmi\QuickTime
2008-04-16 02:58 . 2008-04-16 02:58 <DIR> d-------- C:\Programmi\iTunes
2008-04-16 02:58 . 2008-04-16 02:58 <DIR> d-------- C:\Programmi\iPod
2008-04-16 02:58 . 2008-04-16 02:58 <DIR> d-------- C:\Programmi\File comuni\Apple
2008-04-16 02:58 . 2008-04-16 02:58 <DIR> d-------- C:\Programmi\Bonjour
2008-04-16 02:58 . 2008-04-16 02:58 <DIR> d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Apple Computer
2008-04-16 02:58 . 2008-04-16 02:58 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-04-16 02:58 . 2008-04-16 02:58 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-04-16 02:58 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-04-16 02:23 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-16 02:23 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-04-16 02:20 . 2008-04-16 02:23 <DIR> d-------- C:\Documents and Settings\Flavio\Dati applicazioni\PC Suite
2008-04-16 02:20 . 2008-04-16 02:23 <DIR> d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Nokia
2008-04-16 02:20 . 2008-04-16 02:20 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2008-04-16 02:19 . 2008-04-16 02:19 <DIR> d-------- C:\Programmi\PC Connectivity Solution
2008-04-16 02:19 . 2008-04-16 02:19 <DIR> d-------- C:\Programmi\Nokia
2008-04-16 02:19 . 2008-04-16 02:19 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-04-16 02:19 . 2008-04-16 02:19 <DIR> d-------- C:\Programmi\File comuni\Nokia
2008-04-16 02:19 . 2008-04-16 02:19 <DIR> d-------- C:\Programmi\DIFX
2008-04-16 02:19 . 2008-04-16 02:19 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-04-16 02:19 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-04-16 02:19 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-04-16 01:28 . 2008-04-16 01:28 <DIR> d-------- C:\Programmi\PowerQuest
2008-04-16 01:04 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-16 01:04 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\dllcache\bthpan.sys
2008-04-15 21:55 . 2008-04-15 21:55 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-04-15 21:46 . 2008-04-16 02:43 <DIR> d-------- C:\morph8_1
2008-04-15 17:28 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-15 17:28 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-15 17:28 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-15 03:21 . 2008-04-15 21:40 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG
2008-04-15 03:20 . 2008-04-15 22:15 <DIR> d-------- C:\Programmi\NeroInstall.bak
2008-04-15 03:20 . 2008-04-15 03:20 <DIR> d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Nero
2008-04-15 03:19 . 2008-04-15 03:19 <DIR> d-------- C:\Programmi\File comuni\Nero
2008-04-15 03:19 . 2008-04-15 03:19 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-04-15 03:16 . 2008-04-15 03:16 <DIR> d-------- C:\Programmi\MagicISO
2008-04-15 03:13 . 2008-02-22 13:30 334,792 --a------ C:\WINDOWS\system32\_AxShlEx.dll
2008-04-15 03:12 . 2008-04-15 03:12 <DIR> d-------- C:\Programmi\Alcohol Soft
2008-04-15 03:04 . 2008-04-15 21:45 <DIR> d-------- C:\0
2008-04-15 03:04 . 2008-04-15 03:04 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-04-15 01:52 . 2008-04-15 01:52 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-15 01:29 . 2008-04-19 12:38 <DIR> d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Azureus
2008-04-15 01:29 . 2008-04-15 01:29 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-04-15 01:26 . 2008-04-17 09:04 <DIR> d-------- C:\Programmi\Azureus
2008-04-15 00:24 . 2008-04-15 00:24 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-04-15 00:24 . 2008-04-15 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-04-14 23:55 . 2008-04-14 23:55 <DIR> d-------- C:\Documents and Settings\Flavio\Contacts
2008-04-14 23:50 . 2008-04-14 23:55 <DIR> d-------- C:\Programmi\Windows Live
2008-04-14 23:50 . 2008-04-14 23:54 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-04-14 23:50 . 2008-04-14 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-04-14 23:39 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-14 23:39 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-14 23:39 . 2007-07-01 05:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-14 23:39 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-14 23:39 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-14 23:39 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-14 23:39 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-14 23:39 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-14 23:39 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-14 23:17 . 2008-04-14 23:17 <DIR> d-------- C:\Programmi\MSXML 4.0
2008-04-14 22:58 . 2008-04-15 00:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-14 22:53 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-04-14 22:53 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-14 22:53 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-14 22:53 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-14 22:53 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-14 21:28 . 2008-04-14 21:28 <DIR> d-------- C:\Programmi\Alwil Software
2008-04-14 21:18 . 2008-04-14 21:18 <DIR> d--hs---- C:\Documents and Settings\Flavio\UserData
2008-04-13 23:15 . 2008-04-19 13:30 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-13 12:31 . 2008-04-18 01:20 <DIR> d-------- C:\pdf995
2008-04-13 12:31 . 2008-04-13 12:32 127,026 --a------ C:\WINDOWS\system32\pdfmona.dll
2008-04-13 12:31 . 2008-04-13 12:32 48,308 --a------ C:\WINDOWS\system32\pdf995mon.dll
2008-04-13 12:30 . 1999-04-01 10:03 135,168 --a------ C:\WINDOWS\system32\l3codecx.acm
2008-04-13 12:30 . 2000-06-26 13:13 94,208 --a------ C:\WINDOWS\system32\mpeg2parser.ax
2008-04-13 12:30 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-04-13 12:30 . 2000-08-21 19:26 3,040 --a------ C:\WINDOWS\system32\Delete.bat
2008-04-13 12:30 . 2000-08-21 19:27 1,538 --a------ C:\WINDOWS\system32\UnReg.bat
2008-04-13 12:27 . 2008-04-13 12:28 <DIR> d-------- C:\agg_office2003
2008-04-13 12:27 . 2008-04-19 18:38 1,105 --a------ C:\WINDOWS\WINCMD.INI
2008-04-13 12:26 . 2008-04-13 12:27 <DIR> d-a------ C:\Programmi\Total Commander
2008-04-13 12:14 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-13 05:43 . 2008-04-13 05:43 <DIR> d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Ahead
2008-04-13 05:43 . 2008-04-13 05:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Ahead
2008-04-13 05:39 . 2008-04-15 03:19 <DIR> d-------- C:\Programmi\Nero
2008-04-13 05:39 . 2008-04-15 03:05 <DIR> d-------- C:\Programmi\File comuni\Ahead
2008-04-13 05:22 . 2008-04-13 05:25 <DIR> d-------- C:\Programmi\ASUS
2008-04-13 05:22 . 2008-04-16 01:10 <DIR> d-------- C:\Program Files
2008-04-13 05:22 . 2006-01-10 10:50 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll
2008-04-13 05:22 . 2006-10-18 21:12 12,664 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys
2008-04-13 05:22 . 2006-10-19 03:11 12,096 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2008-04-13 05:22 . 2006-10-19 03:11 10,304 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2008-04-13 05:19 . 2008-04-13 05:19 <DIR> d-------- C:\Programmi\Marvell
2008-04-13 05:19 . 2008-04-13 05:19 <DIR> d-------- C:\Documents and Settings\Flavio\Dati applicazioni\TMP
2008-04-13 05:18 . 2008-04-13 05:18 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-13 05:18 . 2008-04-13 05:18 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-13 05:18 . 2008-04-13 05:18 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-04-13 05:16 . 2008-04-13 05:16 <DIR> d-------- C:\Programmi\Realtek

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 03:16 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-13 02:55 --------- d-----w C:\Programmi\microsoft frontpage
2008-04-13 02:54 --------- d-----w C:\Programmi\Servizi in linea
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [ ]
"AlcoholAutomount"="C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-04-15 03:13 4608]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 09:21 16384000 C:\WINDOWS\RTHDCPL.exe]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 11:19 1426432]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 11:35 626176]
"Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 10:32 880640]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 15:39 110592 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-04-19 13:31 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Azureus\\Azureus.exe"=
"C:\\morph8_1\\emule\\emule.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Microsoft Games\\Halo 2\\halo2.exe"=
"C:\\Programmi\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1755:TCP"= 1755:TCP:emule2
"1775:UDP"= 1775:UDP:127.0.0.1
"43191:TCP"= 43191:TCP:az

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 12:02]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 12:02]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbf0fcd0-0a88-11dd-ba72-001fc6158930}]
\Shell\AutoRun\command - F:\Startup.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-18 17:52:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 20:18:14
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Programmi\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2008-04-19 20:20:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-19 18:19:56

12 Directory 209,892,978,688 byte disponibili
15 Directory 210,650,443,776 byte disponibili

267 --- E O F --- 2008-04-17 01:29:59
  • 0

Advertisements


#2
Byson78

Byson78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
upppp

Edited by Byson78, 20 April 2008 - 07:41 AM.

  • 0

#3
Byson78

Byson78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Nothing???? :)
  • 0

#4
Byson78

Byson78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks for your replies.........
  • 0

#5
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Byson78

Welcome to G2Go
You were overlooked because you keep bumping your topic we look for topics with no replies.
Plus we are Volunteers just because you ask doesn't always mean you will receive.
Now let's get started.
==================
* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\Hijack This.
  • Click on I agree
  • Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Edited by kahdah, 29 April 2008 - 10:43 AM.

  • 0

#6
Byson78

Byson78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here it is.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2.26.01, on 01/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\ASUS\AI Suite\AiNap\AiNap.exe
C:\Programmi\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Programmi\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Programmi\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Programmi\ASUS\AI Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1208206347843
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D074F89E-F604-476C-B160-BD9451FF0D27}: NameServer = 208.67.222.222,208.67.220.220
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8750 bytes
  • 0

#7
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#8
Byson78

Byson78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks for your help.
Did you find something on previsious log?
I attach the logs you asked for.

main.txt

Deckard's System Scanner v20071014.68
Run by Flavio on 2008-05-01 10:28:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-05-01 08:28:16 UTC - RP1 - Punto di arresto del sistema


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Flavio.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.28.52, on 01/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\ASUS\AI Suite\AiNap\AiNap.exe
C:\Programmi\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Documents and Settings\Flavio\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Flavio.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Programmi\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Programmi\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Programmi\ASUS\AI Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1208206347843
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D074F89E-F604-476C-B160-BD9451FF0D27}: NameServer = 208.67.222.222,208.67.220.220
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8681 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\programmi\file comuni\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - c:\programmi\bonjour\mdnsresponder.exe <Not Verified; Apple Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - c:\programmi\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
R2 StarWindServiceAE (StarWind AE Service) - c:\programmi\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
R3 ServiceLayer - "c:\programmi\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Mouse Microsoft PS/2
Device ID: ACPI\PNP0F03\4&B6AFFD&0
Manufacturer: Microsoft
Name: Mouse Microsoft PS/2
PNP Device ID: ACPI\PNP0F03\4&B6AFFD&0
Service: i8042prt

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: N70 Fla
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: N70 Fla
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2008-04-18 19:52:00 276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-01 and 2008-05-01 -----------------------------

2008-04-30 22:35:35 0 d-------- C:\WINDOWS\LastGood
2008-04-29 21:49:57 0 d-------- C:\Programmi\Windows Media Connect 2
2008-04-29 21:49:08 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-28 01:18:53 96645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-28 01:18:53 87941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-28 01:18:38 183840 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-28 01:18:38 4799008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-28 01:18:38 0 d-------- C:\Programmi\Kaspersky Lab
2008-04-27 23:46:19 0 d-------- C:\WINDOWS\Sun
2008-04-27 17:36:05 0 d-------- C:\Programmi\html2pop3232win32
2008-04-27 17:30:03 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-27 17:30:03 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-27 17:30:02 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-27 17:30:02 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-04-27 17:30:02 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-04-27 17:29:56 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-04-27 17:29:55 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-04-27 17:29:55 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Sistema operativo Microsoft® Windows®>
2008-04-27 17:29:55 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Sistema Operativo Microsoft® Windows®>
2008-04-27 17:29:54 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-27 17:29:54 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-27 17:29:54 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-27 17:29:54 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Sistema operativo Microsoft® Windows®>
2008-04-27 17:29:53 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-27 17:29:53 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-27 17:29:53 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-27 17:29:52 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Sistema operativo Microsoft® Windows®>
2008-04-27 17:29:52 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-26 00:18:46 0 d-------- C:\Programmi\GUILD WARS
2008-04-25 00:27:15 0 d-------- C:\Programmi\Codemasters
2008-04-24 23:44:06 0 d-------- C:\totalcmd
2008-04-24 23:37:14 545 --a------ C:\WINDOWS\UC.PIF
2008-04-24 23:37:14 545 --a------ C:\WINDOWS\RAR.PIF
2008-04-24 23:37:14 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-04-24 23:37:14 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-04-24 23:37:14 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-04-24 23:37:14 545 --a------ C:\WINDOWS\LHA.PIF
2008-04-24 23:37:14 545 --a------ C:\WINDOWS\ARJ.PIF
2008-04-23 07:28:24 0 d-------- C:\Programmi\EA SPORTS
2008-04-21 01:50:42 0 d-------- C:\WINDOWS\system32\URTTemp
2008-04-21 01:48:54 669184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-04-21 01:48:54 0 d-------- C:\WINDOWS\system32\LogFiles
2008-04-21 01:09:15 0 d-------- C:\Programmi\Java
2008-04-21 01:08:22 0 d-------- C:\Programmi\File comuni\Java
2008-04-20 17:02:29 98304 --a------ C:\WINDOWS\system32CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-04-20 16:46:12 0 d-------- C:\Programmi\Electronic Arts
2008-04-20 15:39:04 0 d-------- C:\Programmi\SpywareGuard
2008-04-20 15:26:55 0 d-------- C:\Programmi\SpywareBlaster
2008-04-19 20:11:58 68096 --a------ C:\WINDOWS\zip.exe
2008-04-19 20:11:58 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-19 20:11:58 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-19 20:11:58 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-19 20:11:58 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-19 20:11:58 98816 --a------ C:\WINDOWS\sed.exe
2008-04-19 20:11:58 80412 --a------ C:\WINDOWS\grep.exe
2008-04-19 20:11:58 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-18 20:15:45 0 d-------- C:\Programmi\KONAMI
2008-04-18 19:50:02 0 d-------- C:\Programmi\Apple Software Update
2008-04-18 02:29:28 0 d-------- C:\WINDOWS\nview
2008-04-18 02:28:41 0 d-------- C:\NVIDIA
2008-04-18 01:37:08 0 d-------- C:\Programmi\File comuni\Adobe
2008-04-18 00:35:54 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-18 00:08:26 0 d-------- C:\Programmi\Trend Micro
2008-04-18 00:07:37 0 d-------- C:\Programmi\Sunbelt Software
2008-04-16 20:30:52 32768 --a------ C:\WINDOWS\system32\MF.dll
2008-04-16 20:26:08 0 d-------- C:\Programmi\Microsoft Games
2008-04-16 20:26:03 0 d-------- C:\Documents and Settings\All Users\Microsoft
2008-04-16 20:25:57 0 d-------- C:\Documents and Settings\All Users\Application Data
2008-04-16 20:25:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-16 20:21:57 0 d-------- C:\Programmi\halo
2008-04-16 02:58:32 0 d-------- C:\Programmi\iPod
2008-04-16 02:58:31 0 d-------- C:\Programmi\iTunes
2008-04-16 02:58:26 0 d-------- C:\Programmi\Bonjour
2008-04-16 02:58:16 0 d-------- C:\Programmi\QuickTime
2008-04-16 02:58:04 0 d-------- C:\Programmi\File comuni\Apple
2008-04-16 02:19:57 0 d-------- C:\Programmi\File comuni\PCSuite
2008-04-16 02:19:57 0 d-------- C:\Programmi\File comuni\Nokia
2008-04-16 02:19:54 0 d-------- C:\Programmi\DIFX
2008-04-16 02:19:52 0 d-------- C:\Programmi\PC Connectivity Solution
2008-04-16 02:19:47 0 d-------- C:\Programmi\Nokia
2008-04-16 01:28:48 0 d-------- C:\Programmi\PowerQuest
2008-04-15 21:55:12 0 d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-04-15 21:46:48 0 d-------- C:\morph8_1
2008-04-15 03:20:52 0 d-------- C:\Programmi\NeroInstall.bak
2008-04-15 03:19:22 0 d-------- C:\Programmi\File comuni\Nero
2008-04-15 03:16:36 0 d-------- C:\Programmi\MagicISO
2008-04-15 03:12:13 0 d-------- C:\Programmi\Alcohol Soft
2008-04-15 03:06:02 0 d-------- C:\WINDOWS\system32\appmgmt
2008-04-15 03:04:11 0 d-------- C:\0
2008-04-15 01:52:05 716272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-15 01:26:47 0 d-------- C:\Programmi\Azureus
2008-04-14 23:50:26 0 d--hs--c- C:\Programmi\File comuni\WindowsLiveInstaller
2008-04-14 23:50:22 0 d-------- C:\Programmi\Windows Live
2008-04-14 23:40:36 0 d-------- C:\WINDOWS\network diagnostic
2008-04-14 23:26:08 0 d-------- C:\WINDOWS\system32\it-it
2008-04-14 23:17:25 0 d-------- C:\Programmi\MSXML 4.0
2008-04-14 22:58:14 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-14 22:58:13 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-14 22:53:07 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-14 21:28:46 0 d-------- C:\Programmi\Alwil Software
2008-04-13 12:31:20 0 d-------- C:\pdf995
2008-04-13 12:31:07 127026 --a------ C:\WINDOWS\system32\pdfmona.dll
2008-04-13 12:31:07 48308 --a------ C:\WINDOWS\system32\pdf995mon.dll
2008-04-13 12:30:38 1538 --a------ C:\WINDOWS\system32\UnReg.bat
2008-04-13 12:30:38 3040 --a------ C:\WINDOWS\system32\Delete.bat
2008-04-13 12:27:19 0 d-------- C:\agg_office2003
2008-04-13 06:49:17 0 d--hs---- C:\WINDOWS\Installer
2008-04-13 06:49:17 0 d-------- C:\Programmi\File comuni\ODBC
2008-04-13 06:49:15 0 dr------- C:\Programmi
2008-04-13 06:49:15 0 d-------- C:\Programmi\File comuni
2008-04-13 06:49:15 0 d-------- C:\Programmi\File comuni\SpeechEngines
2008-04-13 06:49:01 0 d-------- C:\Documents and Settings\All Users\Preferiti
2008-04-13 06:49:01 0 d--h----- C:\Documents and Settings\All Users\Modelli
2008-04-13 06:49:01 0 dr------- C:\Documents and Settings\All Users\Menu Avvio
2008-04-13 06:49:01 0 dr------- C:\Documents and Settings\All Users\Documenti
2008-04-13 06:49:01 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-04-13 06:48:52 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-13 06:48:52 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-13 06:48:47 0 dr-h----- C:\Documents and Settings\All Users\Dati applicazioni
2008-04-13 06:48:34 0 d-------- C:\Documents and Settings
2008-04-13 06:48:33 0 d--hs---- C:\System Volume Information
2008-04-13 06:44:35 0 d-------- C:\WINDOWS\OemDir
2008-04-13 06:44:34 0 d-------- C:\WINDOWS
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\WinSxS
2008-04-13 06:44:34 0 dr------- C:\WINDOWS\Web
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\twain_32
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\wins
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\wbem
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\usmt
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\spool
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\Setup
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\ras
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\oobe
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\npp
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\mui
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\IME
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\ias
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\export
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\drivers
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-13 06:44:34 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\config
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\3076
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\2052
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\1054
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\1042
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\1041
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\1040
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\1037
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\1033
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\1031
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\1028
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system32\1025
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\system
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\security
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\Resources
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\repair
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\Provisioning
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\PeerNet
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\pchealth
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\mui
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\msapps
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\msagent
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\Media
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\java
2008-04-13 06:44:34 0 d--h----- C:\WINDOWS\inf
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\ime
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\Help
2008-04-13 06:44:34 0 dr--s---- C:\WINDOWS\Fonts
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\ehome
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\Driver Cache
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\Debug
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\Cursors
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\Connection Wizard
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\Config
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\AppPatch
2008-04-13 06:44:34 0 d-------- C:\WINDOWS\addins
2008-04-13 05:39:33 0 d-------- C:\Programmi\Nero
2008-04-13 05:39:33 0 d-------- C:\Programmi\File comuni\Ahead
2008-04-13 05:39:02 0 d-------- C:\WINDOWS\RegisteredPackages
2008-04-13 05:22:36 24576 -ra------ C:\WINDOWS\system32\AsIO.dll <Not Verified; ; AsIO Dynamic Link Library>
2008-04-13 05:22:35 0 d-------- C:\Programmi\ASUS
2008-04-13 05:22:34 0 d-------- C:\Program Files
2008-04-13 05:19:13 0 d-------- C:\Programmi\Marvell
2008-04-13 05:18:01 0 d-------- C:\WINDOWS\system32\Lang
2008-04-13 05:16:57 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-04-13 05:16:52 0 d-------- C:\WINDOWS\system32\RTCOM
2008-04-13 05:16:17 0 d-------- C:\Programmi\Realtek
2008-04-13 05:16:15 520192 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-04-13 05:16:15 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-13 05:16:13 0 d-------- C:\Programmi\File comuni\InstallShield
2008-04-13 05:13:18 0 d-------- C:\WINDOWS\system32\ITA
2008-04-13 05:13:18 126976 --a------ C:\WINDOWS\system32\Imsmudlg.exe <Not Verified; Intel® Corporation; Uninstset Installation Utility>
2008-04-13 05:13:08 0 d--h----- C:\Programmi\InstallShield Installation Information
2008-04-13 05:11:28 0 d-------- C:\WINDOWS\ASUSInstAll
2008-04-13 05:05:02 0 d-------- C:\WINDOWS\system32\drivers\system32
2008-04-13 05:05:02 0 d-------- C:\WINDOWS\system32\drivers\INF
2008-04-13 05:04:53 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-13 05:04:53 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-13 05:04:52 0 d-------- C:\Programmi\Intel
2008-04-13 05:04:47 0 d-------- C:\Intel
2008-04-13 05:04:05 10288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-04-13 05:02:46 0 d-------- C:\Programmi\Microsoft.NET
2008-04-13 05:02:35 0 d-------- C:\WINDOWS\SHELLNEW
2008-04-13 05:00:06 0 dr-h----- C:\MSOCache
2008-04-13 04:57:20 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-13 04:57:19 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-13 04:57:19 0 d-------- C:\WINDOWS\Prefetch
2008-04-13 04:55:09 0 d-------- C:\WINDOWS\system32\xircom
2008-04-13 04:55:09 0 d-------- C:\Programmi\microsoft frontpage
2008-04-13 04:55:03 0 -rahs---- C:\MSDOS.SYS
2008-04-13 04:55:03 0 -rahs---- C:\IO.SYS
2008-04-13 04:55:03 0 --a------ C:\CONFIG.SYS
2008-04-13 04:55:03 0 --a------ C:\AUTOEXEC.BAT
2008-04-13 04:54:38 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-13 04:54:33 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-13 04:54:33 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-13 04:54:28 0 d--h----- C:\Programmi\WindowsUpdate
2008-04-13 04:54:27 0 d-------- C:\Programmi\Servizi in linea
2008-04-13 04:54:19 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-13 04:53:57 0 d---s---- C:\WINDOWS\Tasks
2008-04-13 04:53:57 0 d-------- C:\Programmi\File comuni\MSSoap
2008-04-13 04:53:54 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-13 04:53:54 0 d-------- C:\WINDOWS\srchasst
2008-04-13 04:53:48 0 d-------- C:\Programmi\Movie Maker
2008-04-13 04:53:43 0 d-------- C:\WINDOWS\system32\Restore
2008-04-13 04:53:22 21840 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-13 04:53:21 0 d-------- C:\WINDOWS\Registration
2008-04-13 04:53:18 0 d-------- C:\Programmi\Messenger
2008-04-13 04:53:15 0 d-------- C:\Programmi\MSN Gaming Zone
2008-04-13 04:52:58 0 d-------- C:\Programmi\Windows NT
2008-04-13 04:52:56 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-13 04:52:55 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-05-01 10:24:57 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Azureus
2008-04-30 19:47:58 428660 --a------ C:\WINDOWS\system32\perfh010.dat
2008-04-30 19:47:58 64378 --a------ C:\WINDOWS\system32\perfc010.dat
2008-04-28 02:10:17 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Nokia Multimedia Player
2008-04-27 23:46:19 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Sun
2008-04-20 17:04:03 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Command & Conquer 3 Tiberium Wars
2008-04-20 17:02:29 0 dr-h----- C:\Documents and Settings\Flavio\Dati applicazioni\SecuROM
2008-04-18 01:38:26 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Adobe
2008-04-18 00:35:53 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Mozilla
2008-04-16 20:22:59 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Microsoft Game Studios
2008-04-16 02:58:36 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Apple Computer
2008-04-16 02:23:30 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\PC Suite
2008-04-16 02:23:15 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Nokia
2008-04-15 22:44:03 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\WinRAR
2008-04-15 03:20:15 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Nero
2008-04-14 21:21:56 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Macromedia
2008-04-13 06:49:01 62 --ahs---- C:\Documents and Settings\Flavio\Dati applicazioni\desktop.ini
2008-04-13 05:43:54 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Ahead
2008-04-13 05:19:19 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\TMP
2008-04-13 05:13:07 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\InstallShield
2008-04-13 04:59:05 0 d-------- C:\Documents and Settings\Flavio\Dati applicazioni\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [21/03/2007 13.00]
"RTHDCPL"="RTHDCPL.EXE" [10/08/2007 09.21 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [28/02/2008 09.59]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [18/02/2008 16.29]
"BluetoothAuthenticationAgent"="bthprops.cpl" [19/08/2004 15.39 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [28/03/2008 23.37]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [30/03/2008 10.36]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22.16]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 01.41]
"nwiz"="nwiz.exe" [05/12/2007 01.41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/12/2007 01.41]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04.25]
"Ai Nap"="C:\Programmi\ASUS\AI Suite\AiNap\AiNap.exe" [10/12/2007 21.49]
"CPU Power Monitor"="C:\Programmi\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [16/10/2007 11.35]
"Cpu Level Up help"="C:\Programmi\ASUS\AI Suite\CpuLevelUpHelp.exe" [30/11/2007 20.03]
"AVP"="C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [08/02/2008 18.36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 15.39]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" []
"AlcoholAutomount"="C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" [15/04/2008 03.13]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" [26/03/2008 18.41]
"PC Suite Tray"="C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [28/03/2008 11.20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbf0fcd0-0a88-11dd-ba72-001fc6158930}]
AutoRun\command- F:\autorun.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8300 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-01 10:29:50 ------------


extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Italian

CPU 0: Processore Intel Pentium III Xeon
CPU 1: Processore Intel Pentium III Xeon
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 2047.01 MiB / 1476.92 MiB
Pagefile Memory (total/avail): 3938.55 MiB / 3520.38 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1898.98 MiB

C: is Fixed (NTFS) - 270.44 GiB total, 189.89 GiB free.
D: is CDROM (UDF)
E: is Fixed (NTFS) - 195.32 GiB total, 154.95 GiB free.
F: is CDROM (CDFS)
G: is Removable (FAT32)
H: is Fixed (NTFS) - 151.6 GiB total, 30.45 GiB free.
I: is Fixed (NTFS) - 146.49 GiB total, 133.95 GiB free.

\\.\PHYSICALDRIVE0 - Speed - 465.76 GiB - 2 partitions
\PARTITION0 (bootable) - File system installabile - 270.44 GiB - C:
\PARTITION1 - Esteso con INT 13 esteso - 195.32 GiB - E:

\\.\PHYSICALDRIVE1 - MAXTOR STM332062 USB Device - 298.09 GiB - 2 partitions
\PARTITION0 (bootable) - File system installabile - 151.6 GiB - H:
\PARTITION1 - Esteso con INT 13 esteso - 146.49 GiB - I:

\\.\PHYSICALDRIVE2 - Eutron PicoFlash USB Device - 1929.68 MiB - 1 partition
\PARTITION0 (bootable) - Unknown - 1935.48 MiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Kaspersky Internet Security v7.0.1.325 (Kaspersky Lab)
AV: Kaspersky Internet Security v7.0.1.325 (Kaspersky Lab)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmi\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmi\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Programmi\\Azureus\\Azureus.exe"="C:\\Programmi\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\morph8_1\\emule\\emule.exe"="C:\\morph8_1\\emule\\emule.exe:*:Enabled:eMule"
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"="C:\\Programmi\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Programmi\\iTunes\\iTunes.exe"="C:\\Programmi\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programmi\\Microsoft Games\\Halo 2\\halo2.exe"="C:\\Programmi\\Microsoft Games\\Halo 2\\halo2.exe:*:Enabled:Halo 2"
"C:\\Programmi\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Programmi\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"C:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Italian\\setup.exe"="C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Italian\\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Flavio\Dati applicazioni
CLASSPATH=.;C:\Programmi\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programmi\File comuni
COMPUTERNAME=BYSON
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Flavio
LOGONSERVER=\\BYSON
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Programmi\PC Connectivity Solution;C:\Programmi\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1706
ProgramFiles=C:\Programmi
PROMPT=$P$G
QTJAVA=C:\Programmi\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Flavio\IMPOST~1\Temp
TMP=C:\DOCUME~1\Flavio\IMPOST~1\Temp
USERDOMAIN=BYSON
USERNAME=Flavio
USERPROFILE=C:\Documents and Settings\Flavio
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Flavio (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Programmi\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Italiano --> MsiExec.exe /I{AC76BA86-7AD7-1040-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Aggiornamento della protezione per Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB944338) --> "C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\

Edited by Byson78, 01 May 2008 - 02:38 AM.

  • 0

#9
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
===============================================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as button:
  • Save the file in txt format to your desktop.
  • Post that information in your next post.

  • 0

#10
Byson78

Byson78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
edit:sent by mail

Edited by Byson78, 02 May 2008 - 04:05 AM.

  • 0

Advertisements


#11
Byson78

Byson78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
edit:sent by mail

Edited by Byson78, 02 May 2008 - 04:08 AM.

  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi if it is easier or if there is a lot left of the log you can just e-mail it to me >kahdah at aol.com replace at with @
  • 0

#13
Byson78

Byson78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I sent you the report by mail.
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Looks like you had some cracked software on your computer.
One of which is delf.
This is a sure way to get infected.
Plus it is illegal.
==============
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    H:\backup\e\download\prog\Advanced Password Recovery - (Ace,Excel,Pdf,Zip,Icq,Rar,Access,Office,Outlook) + CRACK.zip
    H:\backup\c\Total Commander\Tweak\FTP.Password\Windows_Commander_FTP_Password_RIPPER.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
============
AFter that let me know if everything is back to normal.
  • 0

#15
Byson78

Byson78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I'll apply your instructions this evening.

H:\backup\e\download\prog\Advanced Password Recovery - (Ace,Excel,Pdf,Zip,Icq,Rar,Access,Office,Outlook) + CRACK.zip
H:\backup\c\Total Commander\Tweak\FTP.Password\Windows_Commander_FTP_Password_RIPPER.exe

This software is not installed. It is a backup of an old sistem copied in a external hd. Shuold be the couse of my problems?

And what about the other infected files?Some of them has been Installed.

I unlocked some photos so if you want I run again kaspersky and I send you the new log more clear then the old one.

Sorry for my english I'm sure that's full of errors.

Edited by Byson78, 02 May 2008 - 04:48 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP