Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan bthser.dll

Started by ahren , Dec 19 2008 04:04 AM

  • Please log in to reply

#1
ahren
Posted 19 December 2008 - 04:04 AM

ahren

    Member

  • Member
  • PipPip
  • 12 posts
Hi everybody I'm in big trouble...yesterday I caught a trojan that Norton calls "bthser.dll". I found that it is located in C:Windows.System32
I've tried to remove it with killbox and with otmoveit but I couldn't. I also tried to remove it with Hijackthis but without success. Meanwhile Norton keeps warning me that the PC is infected with that trojan but I am not able to do anything :) ...Please I need your help.

I post here my Hijackthis report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.03.16, on 19/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Programmi\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe
C:\Programmi\SolidWorks\swScheduler\swBOEngine.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\File comuni\Symantec Shared\ccLgView.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft...p...&ar=msnhome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D309ACE8-2041-44F2-9F28-AEECFAE8B989} - C:\WINDOWS\system32\bthser.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [3COM] C:\Programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Motore SolidWorks Task Scheduler.lnk = C:\Programmi\SolidWorks\swScheduler\swBOEngine.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programmi\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase5036.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://federicomessa...ad/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5883FB41-8934-4C47-9FC0-1B45B5119492}: NameServer = 192.168.1.1
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Programmi\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Programmi\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 10110 bytes
  • 0

Advertisements

#2
kahdah
Posted 19 December 2008 - 07:33 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello ahren

Welcome to G2Go. :)
=====================

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#3
ahren
Posted 19 December 2008 - 07:13 PM

ahren

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
This is the logfile



Logfile of random's system information tool 1.05 (written by random/random)
Run by User at 2008-12-20 02:12:13
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 47 GB (24%) free of 194 GB
Total RAM: 510 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2.12.16, on 20/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Programmi\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe
C:\Programmi\SolidWorks\swScheduler\swBOEngine.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Programmi\Trend Micro\HijackThis\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft...p...&ar=msnhome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D309ACE8-2041-44F2-9F28-AEECFAE8B989} - C:\WINDOWS\system32\bthser.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [3COM] C:\Programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Motore SolidWorks Task Scheduler.lnk = C:\Programmi\SolidWorks\swScheduler\swBOEngine.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programmi\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase5036.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://federicomessa...ad/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5883FB41-8934-4C47-9FC0-1B45B5119492}: NameServer = 192.168.1.1
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Programmi\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Programmi\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 10097 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Esegui scansione completa del sistema - User.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Guida per l'accesso a Windows Live - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
CNavExtBho Class - C:\Programmi\Norton AntiVirus\NavShExt.dll [2007-06-07 140912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D309ACE8-2041-44F2-9F28-AEECFAE8B989}]
C:\WINDOWS\system32\bthser.dll [2008-11-12 100864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus - C:\Programmi\Norton AntiVirus\NavShExt.dll [2007-06-07 140912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"ATIPTA"=C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-09-14 344064]
"ccApp"=C:\Programmi\File comuni\Symantec Shared\ccApp.exe [2008-03-07 53096]
"SunJavaUpdateSched"=C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"QuickTime Task"=C:\Programmi\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Programmi\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
"3COM"=C:\Programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe [2004-10-22 389120]

C:\Documents and Settings\User\Menu Avvio\Programmi\Esecuzione automatica
Motore SolidWorks Task Scheduler.lnk - C:\Programmi\SolidWorks\swScheduler\swBOEngine.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-09-15 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-19 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programmi\LimeWire\LimeWire.exe"="C:\Programmi\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Programmi\Bonjour\mDNSResponder.exe"="C:\Programmi\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programmi\iTunes\iTunes.exe"="C:\Programmi\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.scr - open - "%windir%\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 2 months======

2008-12-20 02:09:54 ----D---- C:\rsit
2008-12-19 10:28:27 ----SHD---- C:\RECYCLER
2008-12-19 10:16:24 ----D---- C:\WINDOWS\temp
2008-12-19 10:16:16 ----A---- C:\ComboFix.txt
2008-12-19 09:59:51 ----A---- C:\WINDOWS\zip.exe
2008-12-19 09:59:51 ----A---- C:\WINDOWS\SWREG.exe
2008-12-19 09:59:51 ----A---- C:\WINDOWS\sed.exe
2008-12-19 09:59:51 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-19 09:59:51 ----A---- C:\WINDOWS\grep.exe
2008-12-19 09:59:51 ----A---- C:\WINDOWS\fdsv.exe
2008-12-19 09:59:50 ----A---- C:\WINDOWS\VFIND.exe
2008-12-19 09:59:50 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-19 09:59:50 ----A---- C:\WINDOWS\SWSC.exe
2008-12-19 09:59:39 ----D---- C:\WINDOWS\ERDNT
2008-12-19 09:59:39 ----D---- C:\Qoobox
2008-12-19 09:50:41 ----D---- C:\_OTMoveIt
2008-12-18 18:32:47 ----D---- C:\WINDOWS\Sun
2008-12-18 18:32:47 ----D---- C:\Documents and Settings\User\Dati applicazioni\Sun
2008-12-17 23:31:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-11 09:55:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 09:55:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 09:53:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-11 09:52:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 09:51:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-09 21:59:28 ----D---- C:\Documents and Settings\User\Dati applicazioni\vlc
2008-12-09 21:56:40 ----D---- C:\Programmi\VideoLAN
2008-12-05 10:34:04 ----D---- C:\Programmi\Lphant
2008-11-27 19:19:11 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-27 19:19:11 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-27 19:19:11 ----A---- C:\WINDOWS\system32\java.exe
2008-11-17 14:13:20 ----D---- C:\Programmi\Spybot - Search & Destroy
2008-11-17 14:13:20 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-11-14 11:48:19 ----D---- C:\Programmi\Trend Micro
2008-11-14 11:35:08 ----D---- C:\WINDOWS\BDOSCAN8
2008-11-14 00:32:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 14:21:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-11 10:33:59 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-11-07 00:35:44 ----D---- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-11-07 00:32:06 ----D---- C:\WINDOWS\SQL9_KB948109_ENU
2008-11-05 21:43:44 ----D---- C:\Programmi\Grafici
2008-11-05 21:43:36 ----N---- C:\WINDOWS\Setup1.exe
2008-11-05 21:43:32 ----A---- C:\WINDOWS\ST6UNST.EXE
2008-10-25 15:51:50 ----A---- C:\WINDOWS\system32\bthser.dll
2008-10-23 23:58:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-22 09:41:35 ----D---- C:\Documents and Settings\User\Dati applicazioni\Ansys
2008-10-22 09:01:47 ----D---- C:\Programmi\Microsoft SQL Server
2008-10-22 09:00:21 ----D---- C:\Programmi\File comuni\Autodesk
2008-10-22 08:49:16 ----D---- C:\Programmi\AOEMView 2008
2008-10-22 08:48:52 ----D---- C:\Programmi\Microsoft WSE
2008-10-22 08:47:05 ----D---- C:\Documents and Settings\User\Dati applicazioni\Autodesk
2008-10-22 08:46:29 ----D---- C:\Programmi\DWG TrueView 2007
2008-10-22 08:46:10 ----D---- C:\Programmi\File comuni\Autodesk Shared
2008-10-22 08:46:10 ----D---- C:\Programmi\Autodesk
2008-10-22 08:46:10 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2008-10-22 08:45:47 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-10-22 08:45:46 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-10-22 08:45:43 ----A---- C:\WINDOWS\system32\RGB9Rast_1.dll

======List of files/folders modified in the last 2 months======

2008-12-20 02:10:01 ----D---- C:\WINDOWS\Prefetch
2008-12-20 01:58:03 ----D---- C:\WINDOWS
2008-12-19 20:45:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-19 11:10:27 ----D---- C:\!KillBox
2008-12-19 10:25:04 ----AD---- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-12-19 10:16:35 ----D---- C:\WINDOWS\system32\drivers
2008-12-19 10:16:35 ----D---- C:\WINDOWS\system32
2008-12-19 10:12:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-19 10:08:07 ----A---- C:\WINDOWS\system.ini
2008-12-19 10:03:32 ----D---- C:\Programmi\File comuni
2008-12-19 10:03:31 ----D---- C:\WINDOWS\AppPatch
2008-12-19 09:59:49 ----SHD---- C:\System Volume Information
2008-12-19 09:59:49 ----D---- C:\WINDOWS\system32\Restore
2008-12-19 09:32:42 ----D---- C:\WINDOWS\Debug
2008-12-17 23:31:57 ----HD---- C:\WINDOWS\inf
2008-12-17 23:31:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-17 23:31:47 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-17 23:31:06 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-14 18:13:05 ----D---- C:\Programmi\Mozilla Firefox
2008-12-13 12:29:08 ----D---- C:\Documents and Settings\User\Dati applicazioni\LimeWire
2008-12-12 18:33:24 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 09:55:29 ----SHD---- C:\WINDOWS\Installer
2008-12-11 09:55:29 ----HD---- C:\Config.Msi
2008-12-11 09:53:45 ----D---- C:\Programmi\Internet Explorer
2008-12-10 23:29:12 ----D---- C:\Programmi\File comuni\Symantec Shared
2008-12-10 00:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 21:56:40 ----RD---- C:\Programmi
2008-12-05 13:13:13 ----D---- C:\WINDOWS\Minidump
2008-12-02 10:38:42 ----D---- C:\Documents and Settings\User\Dati applicazioni\SolidWorks
2008-11-30 20:05:00 ----D---- C:\Programmi\WAR2
2008-11-30 17:46:14 ----D---- C:\Programmi\DAP
2008-11-30 17:44:07 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\SpeedBit
2008-11-27 19:19:09 ----D---- C:\Programmi\Java
2008-11-26 19:43:14 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-26 19:43:14 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-26 19:31:05 ----D---- C:\WINDOWS\Help
2008-11-24 22:56:34 ----D---- C:\Programmi\LimeWire
2008-11-18 21:22:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-12 16:11:46 ----D---- C:\Programmi\Registry Mechanic
2008-11-12 15:57:17 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-12 14:20:37 ----D---- C:\WINDOWS\WinSxS
2008-11-10 16:38:31 ----D---- C:\Documents and Settings\User\Dati applicazioni\uTorrent
2008-11-07 00:36:06 ----D---- C:\WINDOWS\Registration
2008-11-06 20:19:30 ----SD---- C:\Documents and Settings\All Users\Dati applicazioni\Microsoft
2008-11-06 19:22:37 ----A---- C:\WINDOWS\win.ini
2008-11-05 15:46:35 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-05 15:46:32 ----RSD---- C:\WINDOWS\assembly
2008-10-24 07:57:23 ----D---- C:\Frets on Fire SD
2008-10-23 13:59:54 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-22 10:47:07 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-22 09:06:04 ----D---- C:\Programmi\File comuni\Microsoft Shared
2008-10-22 09:05:49 ----D---- C:\Programmi\Microsoft.NET
2008-10-22 09:01:46 ----SD---- C:\Documents and Settings\User\Dati applicazioni\Microsoft
2008-10-22 08:51:52 ----RSD---- C:\WINDOWS\Fonts
2008-10-22 08:45:54 ----HD---- C:\Programmi\Uninstall Information
2008-10-22 08:45:48 ----D---- C:\WINDOWS\system32\DirectX
2008-10-22 08:45:16 ----D---- C:\Programmi\File comuni\DESIGNER
2008-10-22 08:45:14 ----D---- C:\Programmi\Microsoft Office

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Driver processore Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-19 40192]
R1 SAVRTPEL;SAVRTPEL; \??\C:\Programmi\Norton AntiVirus\SAVRTPEL.SYS []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-10-01 189320]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2002-12-17 76288]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-09-14 127872]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-09-15 1339392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FILECO~1\SYMANT~1\VIRUSD~1\20081219.005\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FILECO~1\SYMANT~1\VIRUSD~1\20081219.005\NavEx15.Sys []
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 SAVRT;SAVRT; \??\C:\Programmi\Norton AntiVirus\SAVRT.SYS []
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-09-14 392704]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-10-01 12680]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-10-01 98184]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-10-01 31624]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FILECO~1\SYMANT~1\SymcData\IDS-DI~1\20081210.002\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-10-01 28040]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-10-01 23944]
R3 usbehci;Driver Miniport controller enhanced host USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-19 26624]
R3 usbhub;Hub abilitato USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-19 57600]
R3 usbuhci;Driver Miniport Controller Universal Host USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-19 20480]
R3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-10-06 248320]
R3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDPNDIS5.SYS []
S3 HidUsb;Driver di classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2005-09-14 88960]
S3 mouhid;Driver di mouse HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-30 12160]
S3 rtl8139;Driver NT scheda Fast Ethernet PCI Realtek basata su RTL8139; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 USBSTOR;Driver archiviazione di massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-09-15 376832]
R2 Autodesk Data Management Job Dispatch;Autodesk Data Management Job Dispatch; C:\Programmi\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe [2007-02-13 32768]
R2 Autodesk EDM Server;Autodesk EDM Server; C:\Programmi\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe [2007-02-13 49152]
R2 Bonjour Service;Bonjour Service; C:\Programmi\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe [2008-03-07 191848]
R2 ccSetMgr;Symantec Settings Manager; C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe [2008-03-07 169320]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT); C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 navapsvc;Servizio Auto-Protect di Norton AntiVirus; C:\Programmi\Norton AntiVirus\navapsvc.exe [2007-05-28 139888]
R2 NPFMntor;Norton AntiVirus Firewall Monitor Service; C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe [2007-05-28 46704]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe [2007-10-01 214408]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SPBBCSvc;SPBBCSvc; C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-09-15 1160800]
R2 SQLBrowser;SQL Server Browser; C:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 Symantec Core LC;Symantec Core LC; C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-03-26 1251720]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico; C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
R3 iPod Service;Servizio iPod; C:\Programmi\iPod\bin\iPodService.exe [2008-09-10 536872]
R3 NSCService;Norton Protection Center Service; C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE [2006-12-15 750720]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-09-14 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe [2008-10-22 79360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-03 2119360]
S3 ose;Office Source Engine; C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SAVScan;Symantec AVScan; C:\Programmi\Norton AntiVirus\SAVScan.exe [2005-08-26 198368]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe [2008-10-06 79360]
S3 usnjsvc;Servizio Messenger Sharing Folders USN Journal Reader; C:\Programmi\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programmi\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Servizio di condivisione in rete Windows Media Player; C:\Programmi\Windows Media Player\WMPNetwk.exe [2006-11-02 918528]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Programmi\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-13 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
  • 0

#4
ahren
Posted 19 December 2008 - 07:16 PM

ahren

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
And this is info.txt



info.txt logfile of random's system information tool 1.05 2008-12-20 02:10:05

======Uninstall list======

-->C:\Programmi\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3Com OfficeConnect Wireless 11g Compact USB Adapter -->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{34F0DD54-0220-476D-B14D-96CCD36231A7}\Setup.exe" -l0x9
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Aggiornamento della protezione per Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Aggiornamento della protezione per Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB914882)-->"C:\WINDOWS\$NtUninstallKB914882$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB923845)-->"C:\WINDOWS\$NtUninstallKB923845$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Aggiornamento rapido per Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Aggiornamento rapido per Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Aggiornamento rapido per Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Aggiornamento rapido per Windows XP (KB919880)-->"C:\WINDOWS\$NtUninstallKB919880$\spuninst\spuninst.exe"
Aggiornamento rapido per Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
AOEMView 2008-->C:\Programmi\AOEMView 2008\Setup\Setup.exe /P {6F411DB4-EC41-482B-AD46-384957928F69} /M AOEM
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistente per l'accesso a Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ATI - Software Uninstall Utility-->C:\Programmi\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Autodesk Data Management Server 2008-->C:\Programmi\Autodesk\Data Management Server 2008\Setup\setup.exe /p {5E8ED61B-9027-4EA3-8E5B-BC2A9EE6B020} /M SERVER
Autodesk Data Management Server 2008-->MsiExec.exe /X{5E8ED61B-9027-4EA3-8E5B-BC2A9EE6B020}
Autodesk Design Review 2008-->MsiExec.exe /I{FACF203E-0F4D-489A-B80C-D185253C8FCB}
Autodesk Inventor Professional 2008-->MsiExec.exe /I{7F4DD591-1200-0409-0000-7107D70F3DB4}
Autodesk Vault 2008-->C:\Programmi\Autodesk\Vault 2008\Setup\setup.exe /p {E55B00B0-9DBF-4EE1-AC1D-5DEBE12BD097} /M VAULT
Autodesk Vault 2008-->MsiExec.exe /X{E55B00B0-9DBF-4EE1-AC1D-5DEBE12BD097}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
ccCommon-->MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
CCleaner (remove only)-->"C:\Programmi\CCleaner\uninst.exe"
DivX Codec-->C:\Programmi\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programmi\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programmi\DivX\DivXPlayerUninstall.exe /PLAYER
DWG TrueView 2007-->MsiExec.exe /I{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}
DWGeditor-->MsiExec.exe /X{0686F02A-C7AF-4727-A95B-6581C2E3496D}
eDrawings 2008-->MsiExec.exe /I{0534E2D5-59BA-4CE6-8E6D-0B2CA4BCF0C2}
File di supporto dell'installazione di Microsoft SQL Server (Italiano)-->MsiExec.exe /X{6379FD0A-8964-4A50-80A6-B20B65117905}
FLV Player 2.0, build 24-->C:\Programmi\FLV Player\uninst.exe
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\WINDOWS\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)-->C:\WINDOWS\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
Grafici-->C:\WINDOWS\st6unst.exe -n "C:\Programmi\Grafici\ST6UNST.LOG"
HijackThis 2.0.2-->"C:\Programmi\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
iPod for Windows 2005-10-12-->C:\Programmi\File comuni\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1040
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 4.18.8-->"C:\Programmi\LimeWire\uninstall.exe"
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Programmi\Symantec\LiveUpdate\LSETUP.EXE" /U
Lphant v3.51-->"C:\Programmi\Lphant\unins000.exe"
Messenger Plus! Live-->"C:\Programmi\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0 - Language Pack (italiano)-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - ITA\install.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90120000-00A4-0409-0000-0000000FF1CE}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120410-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)-->MsiExec.exe /I{4D2D9016-70A9-4D91-9AA7-686ACAF056D9}
Microsoft SQL Server 2005-->"c:\Programmi\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BA06B694-0CFE-4A3E-81A7-9CED25B74E2B}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{DCEFDFAB-9543-4F03-ADAE-F6729C2B9966}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (3.0.3)-->C:\Programmi\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
NAVShortcut-->MsiExec.exe /I{F325CF11-27CE-4872-8022-6E9EB27DF24F}
Norton AntiVirus 2006 (Symantec Corporation)-->"C:\Programmi\File comuni\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe" /X
Norton AntiVirus 2006-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI-->MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center-->MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update-->MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
OGA Notifier 1.7.0105.0-->MsiExec.exe /I{F367B304-A928-4A5F-AA9F-8E59FE81DA7A}
PokerStars.net-->"C:\Programmi\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
Protezione da worm Internet-->MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Registry Mechanic 8.0-->"C:\Programmi\Registry Mechanic\unins000.exe" /Log
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sentinel System Driver 5.41.1 (32-bit)-->MsiExec.exe /I{5081528F-5DD5-49BA-8213-9A6A13502497}
Solid Edge ST-->MsiExec.exe /X{D7BCF606-5821-4D1D-889E-76AE9D00E439}
SolidWorks 2008-2009 Student Design Kit-->MsiExec.exe /I{49EC4AAB-8A4B-4758-B3ED-CE1F0A043175}
SoundMAX-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x10 -removeonly
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpeedBit Video Accelerator-->C:\PROGRA~1\SPEEDB~1\UNWISE.EXE C:\PROGRA~1\SPEEDB~1\INSTALL.LOG
Spybot - Search & Destroy-->"C:\Programmi\Spybot - Search & Destroy\unins000.exe"
Strumenti di Microsoft SQL Server 2005 Express Edition-->MsiExec.exe /I{17BBB97A-4AAA-4931-9135-00702AF87A41}
Symantec-->MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
VideoLAN VLC media player 0.8.4a-->C:\Programmi\VideoLAN\VLC\uninstall.exe
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{CD199CDB-00AE-42BB-B6E9-64C69D8730EF}
Windows Live Messenger-->MsiExec.exe /X{518B3E76-4C05-4F30-A802-D87FB2086B67}
Windows Media Format 11 runtime-->"C:\Programmi\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programmi\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR gestione archivi-->C:\Programmi\WinRAR\uninstall.exe

=====HijackThis Backups=====

O2 - BHO: (no name) - {D309ACE8-2041-44F2-9F28-AEECFAE8B989} - C:\WINDOWS\system32\bthser.dll
O2 - BHO: (no name) - {D309ACE8-2041-44F2-9F28-AEECFAE8B989} - C:\WINDOWS\system32\bthser.dll
O2 - BHO: (no name) - {D309ACE8-2041-44F2-9F28-AEECFAE8B989} - C:\WINDOWS\system32\bthser.dll
O2 - BHO: (no name) - {D309ACE8-2041-44F2-9F28-AEECFAE8B989} - C:\WINDOWS\system32\bthser.dll
O2 - BHO: (no name) - {D309ACE8-2041-44F2-9F28-AEECFAE8B989} - C:\WINDOWS\system32\bthser.dll

======Security center information======

AV: Norton AntiVirus 2006
FW: Norton Internet Worm Protection

System event log

Computer Name: MESSANEL-05DF3D
Event Code: 4201
Message: Il sistema ha rilevato che la scheda di rete \DEVICE\TCPIP_{5883FB41-8934-4C47-9FC0-1B45B5119492} è connessa alla rete,
e ha iniziato le normali operazioni sulla scheda di rete.

Record Number: 22589
Source Name: Tcpip
Time Written: 20081124225549.000000+060
Event Type: Informazione
User:

Computer Name: MESSANEL-05DF3D
Event Code: 4201
Message: Il sistema ha rilevato che la scheda di rete \DEVICE\TCPIP_{5883FB41-8934-4C47-9FC0-1B45B5119492} è connessa alla rete,
e ha iniziato le normali operazioni sulla scheda di rete.

Record Number: 22588
Source Name: Tcpip
Time Written: 20081124225534.000000+060
Event Type: Informazione
User:

Computer Name: MESSANEL-05DF3D
Event Code: 7036
Message: Il servizio Host di periferiche Plug and Play universali è ora in modalità esecuzione.

Record Number: 22587
Source Name: Service Control Manager
Time Written: 20081124224455.000000+060
Event Type: Informazione
User:

Computer Name: MESSANEL-05DF3D
Event Code: 7035
Message: Invio di un controllo avvio da parte del servizio Host di periferiche Plug and Play universali riuscito.

Record Number: 22586
Source Name: Service Control Manager
Time Written: 20081124224452.000000+060
Event Type: Informazione
User: NT AUTHORITY\SYSTEM

Computer Name: MESSANEL-05DF3D
Event Code: 4226
Message: È stato raggiunto il limite di protezione imposto sul numero di tentativi temporanei di connessione TCP.

Record Number: 22585
Source Name: Tcpip
Time Written: 20081124224337.000000+060
Event Type: Attenzione
User:

Application event log

Computer Name: MESSANEL-05DF3D
Event Code: 9666
Message: Il trasporto di protocollo Database Mirroring è disattivato o non è configurato.

Record Number: 23174
Source Name: MSSQL$AUTODESKVAULT
Time Written: 20081204075053.000000+060
Event Type: Informazione
User:

Computer Name: MESSANEL-05DF3D
Event Code: 9666
Message: Il trasporto di protocollo Service Broker è disattivato o non è configurato.

Record Number: 23173
Source Name: MSSQL$AUTODESKVAULT
Time Written: 20081204075053.000000+060
Event Type: Informazione
User:

Computer Name: MESSANEL-05DF3D
Event Code: 3408
Message: Recupero completato. Questo è un messaggio informativo. Non è richiesto alcun intervento da parte dell'utente.

Record Number: 23172
Source Name: MSSQL$AUTODESKVAULT
Time Written: 20081204075053.000000+060
Event Type: Informazione
User:

Computer Name: MESSANEL-05DF3D
Event Code: 17137
Message: Avvio del database 'tempdb' in corso.

Record Number: 23171
Source Name: MSSQL$AUTODESKVAULT
Time Written: 20081204075053.000000+060
Event Type: Informazione
User:

Computer Name: MESSANEL-05DF3D
Event Code: 17126
Message: SQL Server è pronto per le connessioni client. Questo è un messaggio informativo. Non è richiesto alcun intervento da parte dell'utente.

Record Number: 23170
Source Name: MSSQL$AUTODESKVAULT
Time Written: 20081204075051.000000+060
Event Type: Informazione
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;Autodesk Shared;C:\Programmi\Autodesk\Data Management Server 2008\Server\Components;C:\Programmi\ATI Technologies\ATI Control Panel;C:\Programmi\QuickTime\QTSystem;C:\Programmi\Autodesk\DWG TrueView;C:\Programmi\Microsoft SQL Server\90\Tools\binn
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programmi\Java\jre1.6.0_04\lib\ext\QTJava.zip
"QTJAVA"=C:\Programmi\Java\jre1.6.0_04\lib\ext\QTJava.zip
"OMP_NUM_THREADS"=2

-----------------EOF-----------------
  • 0

#5
kahdah
Posted 20 December 2008 - 06:32 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#6
ahren
Posted 24 December 2008 - 03:22 AM

ahren

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I post the Comobofix log:


ComboFix 08-12-18.01 - User 2008-12-24 10.07.29.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.510.218 [GMT 1:00]
Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bthser.dll . . . . Eliminazione Fallita

.
((((((((((((((((((((((((( Files Creati Da 2008-11-24 al 2008-12-24 )))))))))))))))))))))))))))))))))))
.

2008-12-20 02:09 . 2008-12-20 02:10 <DIR> d-------- C:\rsit
2008-12-19 09:50 . 2008-12-19 09:50 <DIR> d-------- C:\_OTMoveIt
2008-12-18 18:32 . 2008-12-18 18:32 <DIR> d-------- c:\windows\Sun
2008-12-09 21:59 . 2008-12-09 21:59 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\vlc
2008-12-09 21:56 . 2008-12-09 21:56 <DIR> d-------- c:\programmi\VideoLAN
2008-12-05 10:34 . 2008-12-05 10:34 <DIR> d-------- c:\programmi\Lphant

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-19 09:25 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-13 11:29 --------- d-----w c:\documents and settings\User\Dati applicazioni\LimeWire
2008-12-10 22:29 --------- d-----w c:\programmi\File comuni\Symantec Shared
2008-12-05 12:13 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-02 09:38 --------- d-----w c:\documents and settings\User\Dati applicazioni\SolidWorks
2008-11-30 19:05 --------- d-----w c:\programmi\WAR2
2008-11-30 16:46 --------- d-----w c:\programmi\DAP
2008-11-30 16:44 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\SpeedBit
2008-11-27 18:19 --------- d-----w c:\programmi\Java
2008-11-24 21:56 --------- d-----w c:\programmi\LimeWire
2008-11-17 13:15 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-11-14 10:48 --------- d-----w c:\programmi\Trend Micro
2008-11-11 09:33 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-11-10 15:38 --------- d-----w c:\documents and settings\User\Dati applicazioni\uTorrent
2008-11-06 23:36 --------- d-----w c:\programmi\Microsoft SQL Server
2008-11-05 20:44 --------- d-----w c:\programmi\Grafici
2008-11-05 20:43 74,752 ----a-w c:\windows\ST6UNST.EXE
2008-11-05 20:43 290,816 ------w c:\windows\Setup1.exe
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-19_10.14.28.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-14 08:36:32 84,334 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-19 09:12:41 84,334 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-14 08:36:33 99,006 ----a-w c:\windows\system32\perfc010.dat
+ 2008-12-19 09:12:41 99,006 ----a-w c:\windows\system32\perfc010.dat
- 2008-11-14 08:36:33 474,436 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-19 09:12:41 474,436 ----a-w c:\windows\system32\perfh009.dat
- 2008-11-14 08:36:33 527,624 ----a-w c:\windows\system32\perfh010.dat
+ 2008-12-19 09:12:41 527,624 ----a-w c:\windows\system32\perfh010.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D309ACE8-2041-44F2-9F28-AEECFAE8B989}]
2008-11-12 20:00 100864 --a------ c:\windows\system32\bthser.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"3COM"="c:\programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe" [2004-10-22 389120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 344064]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2008-03-07 53096]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-09-10 289576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\
Motore SolidWorks Task Scheduler.lnk - c:\programmi\SolidWorks\swScheduler\swBOEngine.exe [2008-04-17 488728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Lphant\\eLePhantClient.exe"=

R0 yvowbbxs;yvowbbxs;c:\windows\system32\drivers\yvowbbxs.sys [2004-08-19 23424]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2008-03-25 100032]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]
R3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);c:\windows\system32\DRIVERS\zd1211u.sys [2008-03-25 248320]
.
Contenuto della cartella 'Scheduled Tasks'

2008-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-19 c:\windows\Tasks\Norton AntiVirus - Esegui scansione completa del sistema - User.job
- c:\progra~1\NORTON~1\Navw32.exe [2007-05-28 12:00]
.
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\programmi\PokerStars.NET\PokerStarsUpdate.exe
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\programmi\PokerStars.NET\PokerStarsUpdate.exe -
TCP: {5883FB41-8934-4C47-9FC0-1B45B5119492} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\ncneahdp.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 10:13:31
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execuçăo ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\programmi\File comuni\Symantec Shared\CCSETMGR.EXE
c:\windows\system32\ati2evxx.exe
c:\programmi\File comuni\Symantec Shared\CCEVTMGR.EXE
c:\programmi\File comuni\Symantec Shared\SNDSrvc.exe
c:\programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\programmi\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\programmi\Messenger\msmsgs.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-24 10:18:43 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-24 09:18:38
ComboFix2.txt 2008-12-19 09:16:16

Pre-Run: 47.951.953.920 byte disponibili
Post-Run: 48,088,281,088 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

161 --- E O F --- 2008-12-17 22:31:58
  • 0

#7
kahdah
Posted 24 December 2008 - 06:55 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

http://www.geekstogo.com/forum/Trojan-bthser-dll-t221440.html

Driver::
yvowbbxs

Collect::
c:\windows\system32\drivers\yvowbbxs.sys 
c:\windows\system32\bthser.dll

Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.
============
If it does not open a page for you to upload the files please let me know.
  • 0

#8
ahren
Posted 24 December 2008 - 08:02 AM

ahren

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
It didn't show any message box...
however I post the new log:


ComboFix 08-12-18.01 - User 2008-12-24 14.46.44.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.510.228 [GMT 1:00]
Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe
Interruttori di comando utilizzati :: c:\documents and settings\User\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bthser.dll
c:\windows\system32\drivers\yvowbbxs.sys

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_YVOWBBXS
-------\Service_yvowbbxs


((((((((((((((((((((((((( Files Creati Da 2008-11-24 al 2008-12-24 )))))))))))))))))))))))))))))))))))
.

2008-12-20 02:09 . 2008-12-20 02:10 <DIR> d-------- C:\rsit
2008-12-19 09:50 . 2008-12-19 09:50 <DIR> d-------- C:\_OTMoveIt
2008-12-18 18:32 . 2008-12-18 18:32 <DIR> d-------- c:\windows\Sun
2008-12-09 21:59 . 2008-12-09 21:59 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\vlc
2008-12-09 21:56 . 2008-12-09 21:56 <DIR> d-------- c:\programmi\VideoLAN
2008-12-05 10:34 . 2008-12-05 10:34 <DIR> d-------- c:\programmi\Lphant

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-19 09:25 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-13 11:29 --------- d-----w c:\documents and settings\User\Dati applicazioni\LimeWire
2008-12-10 22:29 --------- d-----w c:\programmi\File comuni\Symantec Shared
2008-12-05 12:13 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-02 09:38 --------- d-----w c:\documents and settings\User\Dati applicazioni\SolidWorks
2008-11-30 19:05 --------- d-----w c:\programmi\WAR2
2008-11-30 16:46 --------- d-----w c:\programmi\DAP
2008-11-30 16:44 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\SpeedBit
2008-11-27 18:19 --------- d-----w c:\programmi\Java
2008-11-24 21:56 --------- d-----w c:\programmi\LimeWire
2008-11-17 13:15 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-11-14 10:48 --------- d-----w c:\programmi\Trend Micro
2008-11-11 09:33 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-11-10 15:38 --------- d-----w c:\documents and settings\User\Dati applicazioni\uTorrent
2008-11-06 23:36 --------- d-----w c:\programmi\Microsoft SQL Server
2008-11-05 20:44 --------- d-----w c:\programmi\Grafici
2008-11-05 20:43 74,752 ----a-w c:\windows\ST6UNST.EXE
2008-11-05 20:43 290,816 ------w c:\windows\Setup1.exe
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-19_10.14.28.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2008-11-14 08:36:32 84,334 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-19 09:12:41 84,334 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-14 08:36:33 99,006 ----a-w c:\windows\system32\perfc010.dat
+ 2008-12-19 09:12:41 99,006 ----a-w c:\windows\system32\perfc010.dat
- 2008-11-14 08:36:33 474,436 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-19 09:12:41 474,436 ----a-w c:\windows\system32\perfh009.dat
- 2008-11-14 08:36:33 527,624 ----a-w c:\windows\system32\perfh010.dat
+ 2008-12-19 09:12:41 527,624 ----a-w c:\windows\system32\perfh010.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"3COM"="c:\programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe" [2004-10-22 389120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 344064]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2008-03-07 53096]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-09-10 289576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\
Motore SolidWorks Task Scheduler.lnk - c:\programmi\SolidWorks\swScheduler\swBOEngine.exe [2008-04-17 488728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Lphant\\eLePhantClient.exe"=

R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2008-03-25 100032]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]
R3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);c:\windows\system32\DRIVERS\zd1211u.sys [2008-03-25 248320]

*Newly Created Service* - YVOWBBXS
.
Contenuto della cartella 'Scheduled Tasks'

2008-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-19 c:\windows\Tasks\Norton AntiVirus - Esegui scansione completa del sistema - User.job
- c:\progra~1\NORTON~1\Navw32.exe [2007-05-28 12:00]
.
- - - - ORFĂOS REMOVIDOS - - - -

BHO-{D309ACE8-2041-44F2-9F28-AEECFAE8B989} - c:\windows\system32\bthser.dll


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\programmi\PokerStars.NET\PokerStarsUpdate.exe
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\programmi\PokerStars.NET\PokerStarsUpdate.exe -
TCP: {5883FB41-8934-4C47-9FC0-1B45B5119492} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\ncneahdp.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 14:54:10
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execuçăo ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\programmi\File comuni\Symantec Shared\CCSETMGR.EXE
c:\windows\system32\ati2evxx.exe
c:\programmi\File comuni\Symantec Shared\CCEVTMGR.EXE
c:\programmi\File comuni\Symantec Shared\SNDSrvc.exe
c:\programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\programmi\Norton AntiVirus\NAVAPSVC.EXE
c:\programmi\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\programmi\Messenger\msmsgs.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-24 14:58:37 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-24 13:58:32
ComboFix2.txt 2008-12-24 09:18:45
ComboFix3.txt 2008-12-19 09:16:16

Pre-Run: 48.149.028.864 byte disponibili
Post-Run: 48,096,522,240 byte disponibili

164 --- E O F --- 2008-12-17 22:31:58
  • 0

#9
kahdah
Posted 24 December 2008 - 08:07 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
PLease go to Start > My Computer and then go to C:\ then navigate to this location:
qoobox\quarantine\Submit.zip then please do the following to upload the .zip folder:
Click Here to upload the files please.

Let me know when that has been done please.
  • 0

#10
ahren
Posted 24 December 2008 - 09:46 AM

ahren

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I uploaded the file...
  • 0

#11
kahdah
Posted 24 December 2008 - 02:54 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

#12
ahren
Posted 26 December 2008 - 03:26 AM

ahren

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I think my Pc is clean now...thank you!!
MBAM said so!!
  • 0

#13
kahdah
Posted 26 December 2008 - 06:40 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok let's see one more hijackthis log and we will wrap it up.
  • 0

#14
ahren
Posted 27 December 2008 - 06:52 AM

ahren

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.52.25, on 27/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Programmi\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe
C:\Programmi\SolidWorks\swScheduler\swBOEngine.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft...p...&ar=msnhome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [3COM] C:\Programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Motore SolidWorks Task Scheduler.lnk = C:\Programmi\SolidWorks\swScheduler\swBOEngine.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programmi\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase5036.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://federicomessa...ad/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5883FB41-8934-4C47-9FC0-1B45B5119492}: NameServer = 192.168.1.1
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Programmi\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Programmi\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 9993 bytes


thank you again!!
  • 0

#15
kahdah
Posted 27 December 2008 - 07:44 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.

======================
Use a Firewall:

Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Sunbelt Free Firewall or Zonealarm
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.


=============================
Delete\uninstall anything else that we have used.

Including this folder C:\Rsit

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingc...143.html#manual
=====================================
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP