Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

An obviously common trojan - Win32/Rootkit.Agent.ODG trojan


  • Please log in to reply

#1
CHARLITO

CHARLITO

    New Member

  • Member
  • Pip
  • 4 posts
Hi all. I'm new here so please just let me know if I'm screwing things up. :) I went through your intro stuff and downloaded and ran all that I could of the programs you suggested. Malware won't run though. If you need anything else, just let me know. Thanks a million in advance.

OTListIt logfile created on: 17/05/2009 10.59.13 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Charly\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

511,48 Mb Total Physical Memory | 125,04 Mb Available Physical Memory | 24,45% Memory free
1,22 Gb Paging File | 0,83 Gb Available in Paging File | 67,88% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 97,65 Gb Total Space | 61,31 Gb Free Space | 62,79% Space Free | Partition Type: NTFS
Drive D: | 149,01 Gb Total Space | 101,49 Gb Free Space | 68,11% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 200,43 Gb Total Space | 23,44 Gb Free Space | 11,70% Space Free | Partition Type: NTFS

Computer Name: CHARLIEHAMMONDS
Current User Name: Charly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programmi\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\WINDOWS\System32\GEARSec.exe (GEAR Software)
PRC - C:\Programmi\File comuni\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Programmi\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
PRC - C:\Programmi\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Programmi\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programmi\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programmi\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Programmi\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Programmi\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Programmi\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe ()
PRC - C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe (Nokia Corporation)
PRC - C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe ()
PRC - C:\Programmi\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programmi\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Charly\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Programmi\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc [On_Demand | Stopped]) -- C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (GEARSecurity [Auto | Running]) -- C:\WINDOWS\System32\GEARSec.exe (GEAR Software)
SRV - (gupdate1c9b5c88ba90e6e [Auto | Stopped]) -- C:\Programmi\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Programmi\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Programmi\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Norton Ghost [Auto | Running]) -- C:\Programmi\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ServiceLayer [On_Demand | Running]) -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Symantec Core LC [Auto | Running]) -- C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Programmi\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXSENS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (eamon [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\eamon.sys (ESET)
DRV - (ehdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ehdrv.sys (ESET)
DRV - (epfwtdir [System | Running]) -- C:\WINDOWS\system32\DRIVERS\epfwtdir.sys (ESET)
DRV - (GearAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (gmer [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\gmer.sys (GMER)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (nmwcd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pccsmcfd [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys (Nokia)
DRV - (PRISM_USB [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys (Intersil Americas Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys ()
DRV - (SiSide [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.)
DRV - (sisidex [Boot | Running]) -- C:\WINDOWS\system32\drivers\sisidex.sys (Windows ® 2000 DDK provider)
DRV - (SISNIC [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisnic.sys (SiS Corporation)
DRV - (SISNICXP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\sisnicxp.sys (SiS Corporation)
DRV - (sisperf [Boot | Running]) -- C:\WINDOWS\system32\drivers\sisperf.sys (Silicon Integrated Systems Corp.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SymSnap [Boot | Running]) -- C:\WINDOWS\System32\drivers\SymSnap.sys (StorageCraft)
DRV - (upperdev [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbser.sys (Microsoft Corporation)
DRV - (USB_RNDIS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys (Microsoft Corporation)
DRV - (V2IMount [System | Running]) -- C:\WINDOWS\System32\drivers\V2iMount.sys (Symantec Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAMMI\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/06 19.07.55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAMMI\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2009/05/15 12.12.38 | 00,000,000 | ---D | M]


O1 HOSTS File: (768 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Norton Ghost 10.0] "C:\Programmi\Norton Ghost\Agent\GhostTray.exe" (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog (Time Information Services Ltd.)
O4 - HKCU..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia)
O4 - HKCU..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe" (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Charly\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.170,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{2C200C90-532D-4678-A3DB-1F81A4127325}\\NameServer = 85.255.112.170,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{EEF4A304-DAD1-4E8B-872C-8F81EF10F3C0}\\NameServer = 85.255.112.170,85.255.112.235
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/08 12.50.05 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/02/04 09.04.28 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/02/04 08.04.30 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/01/01 02.32.58 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/02/04 09.04.28 | 00,000,000 | RHSD | M] - K:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{c50c6be3-1b9b-11de-a2d7-00115b8015dd}\Shell - "" = AutoRun
O33 - MountPoints2\{c50c6be3-1b9b-11de-a2d7-00115b8015dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{c50c6be4-1b9b-11de-a2d7-00115b8015dd}\Shell - "" = AutoRun
O33 - MountPoints2\{c50c6be4-1b9b-11de-a2d7-00115b8015dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{c50c6be9-1b9b-11de-a2d7-00115b8015dd}\Shell - "" = AutoRun
O33 - MountPoints2\{c50c6be9-1b9b-11de-a2d7-00115b8015dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/17 10.58.22 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/17 10.58.22 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Charly\Desktop\OTListIt2.exe
[2009/05/17 10.55.34 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/17 10.55.13 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Charly\Desktop\Rooter.exe
[2009/05/17 10.43.12 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/05/15 15.19.30 | 00,000,000 | ---D | C] -- C:\Programmi\HDQuality
[2009/05/15 12.25.16 | 94,395,5968 | ---- | C] () -- C:\DOCUME~1\Charly\Desktop\Transformers[2007]DvDrip[Eng]-aXXo.avi
[2009/05/15 12.12.30 | 00,000,000 | ---D | C] -- C:\Programmi\ESET
[2009/04/20 15.15.40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Charly\Dati applicazioni\Yahoo!
[2009/04/20 15.15.40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
[2009/04/20 15.14.42 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/04/20 15.14.42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/04/20 15.14.29 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/04/17 14.10.20 | 00,000,888 | ---- | C] () -- C:\DOCUME~1\Charly\Desktop\101 Dino Pets.lnk
[2009/04/17 14.10.00 | 00,000,000 | ---D | C] -- C:\Programmi\101 Dino Pets
[2009/01/28 00.03.33 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/01/28 00.03.31 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/10/15 10.54.04 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/09/14 09.56.05 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/12 18.11.42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\wunilog.ini
[2008/09/12 01.57.51 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008/09/12 01.57.51 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008/09/08 17.47.42 | 00,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/08 15.19.09 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2008/09/08 15.17.29 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/08/28 14.06.52 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/08/28 14.06.52 | 00,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/03/29 23.00.40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/06/15 17.20.00 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2004/08/19 15.39.16 | 00,169,532 | RHS- | C] () -- C:\WINDOWS\System32\cqqrt.dll
[2004/07/17 11.36.38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/31 17.00.00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/31 17.00.00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/17 10.58.22 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Charly\Desktop\OTListIt2.exe
[2009/05/17 10.55.23 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Charly\Desktop\Rooter.exe
[2009/05/17 10.43.38 | 00,026,682 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/17 10.43.33 | 00,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/05/17 10.43.30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/17 10.43.29 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Charly\Impostazioni locali\desktop.ini
[2009/05/17 10.43.26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/16 23.06.46 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/16 05.53.09 | 94,395,5968 | ---- | M] () -- C:\DOCUME~1\Charly\Desktop\Transformers[2007]DvDrip[Eng]-aXXo.avi
[2009/05/14 23.54.13 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/05 22.25.02 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/20 15.17.59 | 00,000,074 | -HS- | M] () -- C:\DOCUME~1\Charly\Documenti\desktop.ini
[2009/04/17 14.10.20 | 00,000,888 | ---- | M] () -- C:\DOCUME~1\Charly\Desktop\101 Dino Pets.lnk
< End of report >


OTListIt Extras logfile created on: 17/05/2009 10.59.13 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Charly\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

511,48 Mb Total Physical Memory | 125,04 Mb Available Physical Memory | 24,45% Memory free
1,22 Gb Paging File | 0,83 Gb Available in Paging File | 67,88% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 97,65 Gb Total Space | 61,31 Gb Free Space | 62,79% Space Free | Partition Type: NTFS
Drive D: | 149,01 Gb Total Space | 101,49 Gb Free Space | 68,11% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 200,43 Gb Total Space | 23,44 Gb Free Space | 11,70% Space Free | Partition Type: NTFS

Computer Name: CHARLIEHAMMONDS
Current User Name: Charly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Programmi\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"2110:TCP" = 2110:TCP:*:Enabled:dzvyby

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Programmi\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater (Nokia Corporation)
C:\Programmi\File comuni\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process (Nokia Corporation)
C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
C:\Programmi\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Programmi\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Programmi\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary (Sun Microsystems, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0410-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}" = Norton Ghost 10.0
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4C309A0F-B84F-4766-ADF5-DF07EF303D4B}" = USB Remote NDIS Network Device
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90280410-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional con FrontPage
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}" = Nokia PC Suite
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1040-7B44-A91000000001}" = Adobe Reader 9.1 - Italiano
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDF97135-7FD2-4289-96B8-DD4505267ACD}" = ESET NOD32 Antivirus
"{D99C322D-C21B-40C7-AE71-EE51AA096B6E}" = Nokia Flashing Cable Driver
"{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1" = Bit Che
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E9787678-551D-4478-9682-DBB587257110}" = Adobe Help Center 1.0
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EF4F620F-F295-41D7-92C0-6B635709C850}" = Nokia Software Updater
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"101 Dino Pets" = 101 Dino Pets 1.0
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Pacchetto driver Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Pacchetto driver Windows - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0410-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Pacchetto driver Windows - Nokia Modem (05/22/2008 3.8)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 2.1
"Google Chrome" = Google Chrome
"HDQuality" = HDQuality
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"VLC media player" = VLC media player 0.9.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR gestione archivi
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/02/2009 9.36.27 | Computer Name = CHARLIEHAMMONDS | Source = nview_info | ID = 11141121
Description =

Error - 22/02/2009 9.36.27 | Computer Name = CHARLIEHAMMONDS | Source = nview_info | ID = 11141121
Description =

Error - 23/02/2009 5.37.22 | Computer Name = CHARLIEHAMMONDS | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore drwtsn32.exe, versione 5.1.2600.0,
modulo che ha provocato l'errore dbghelp.dll, versione 5.1.2600.2180, indirizzo
errore 0x0001295d.

Error - 24/02/2009 5.22.33 | Computer Name = CHARLIEHAMMONDS | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore explorer.exe, versione 6.0.2900.2180,
modulo che ha provocato l'errore , versione 0.0.0.0, indirizzo errore 0x00000000.

Error - 24/02/2009 6.36.42 | Computer Name = CHARLIEHAMMONDS | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore explorer.exe, versione 6.0.2900.2180,
modulo che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x05611468.

Error - 25/02/2009 5.57.03 | Computer Name = CHARLIEHAMMONDS | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore wmplayer.exe, versione 11.0.5721.5145,
modulo che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x063f1468.

Error - 27/02/2009 14.18.44 | Computer Name = CHARLIEHAMMONDS | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore wmplayer.exe, versione 11.0.5721.5145,
modulo che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x094d1468.

Error - 27/02/2009 14.19.20 | Computer Name = CHARLIEHAMMONDS | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore explorer.exe, versione 6.0.2900.2180,
modulo che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x06f71468.

Error - 27/02/2009 14.19.22 | Computer Name = CHARLIEHAMMONDS | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore wmplayer.exe, versione 11.0.5721.5145,
modulo che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x06da1468.

Error - 27/02/2009 14.20.46 | Computer Name = CHARLIEHAMMONDS | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore explorer.exe, versione 6.0.2900.2180,
modulo che ha provocato l'errore divx.dll, versione 6.8.5.5, indirizzo errore 0x00131468.

[ System Events ]
Error - 17/05/2009 3.29.05 | Computer Name = CHARLIEHAMMONDS | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio BITS con gli argomenti "" per eseguire il server {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 17/05/2009 3.29.05 | Computer Name = CHARLIEHAMMONDS | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio BITS con gli argomenti "" per eseguire il server {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 17/05/2009 4.13.03 | Computer Name = CHARLIEHAMMONDS | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio BITS con gli argomenti "" per eseguire il server {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 17/05/2009 4.30.18 | Computer Name = CHARLIEHAMMONDS | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio wuauserv con gli argomenti "" per eseguire il server {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 17/05/2009 4.32.02 | Computer Name = CHARLIEHAMMONDS | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio BITS con gli argomenti "" per eseguire il server {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 17/05/2009 4.43.35 | Computer Name = CHARLIEHAMMONDS | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio BITS con gli argomenti "" per eseguire il server {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 17/05/2009 4.43.36 | Computer Name = CHARLIEHAMMONDS | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio BITS con gli argomenti "" per eseguire il server {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 17/05/2009 4.43.37 | Computer Name = CHARLIEHAMMONDS | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio BITS con gli argomenti "" per eseguire il server {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 17/05/2009 4.43.37 | Computer Name = CHARLIEHAMMONDS | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio BITS con gli argomenti "" per eseguire il server {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 17/05/2009 4.44.57 | Computer Name = CHARLIEHAMMONDS | Source = Service Control Manager | ID = 7026
Description = All'avvio non č stato possibile caricare i seguenti driver: PCIIde


< End of report >


Microsoft Windows XP Professional (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:99998 Mo/Free:1345 Mo)
D:\ [Fixed] - FAT32 - (Total:152588 Mo/Free:1528 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)
K:\ [Fixed] - NTFS - (Total:205244 Mo/Free:3523 Mo)
L:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

17/05/2009|10.55

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
---------- C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Programmi\Bonjour\mDNSResponder.exe
---------- C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
---------- C:\WINDOWS\system32\RUNDLL32.EXE
---------- C:\WINDOWS\SOUNDMAN.EXE
---------- C:\WINDOWS\AGRSMMSG.exe
---------- C:\WINDOWS\System32\GEARSec.exe
---------- C:\Programmi\File comuni\Symantec Shared\ccApp.exe
---------- C:\Programmi\Norton Ghost\Agent\GhostTray.exe
---------- C:\Programmi\iTunes\iTunesHelper.exe
---------- C:\Programmi\Java\jre6\bin\jusched.exe
---------- C:\Programmi\Google\Update\GoogleUpdate.exe
---------- C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Programmi\Java\jre6\bin\jqs.exe
---------- C:\Programmi\DAEMON Tools Lite\daemon.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\Programmi\Norton Ghost\Agent\VProSvc.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
---------- C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
---------- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
---------- C:\Programmi\iPod\bin\iPodService.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
---------- C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
---------- C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
---------- C:\Programmi\Internet Explorer\iexplore.exe
---------- C:\Programmi\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.170,85.255.112.235
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.170,85.255.112.235
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.170,85.255.112.235
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{2C200C90-532D-4678-A3DB-1F81A4127325}]
NameServer REG_SZ 85.255.112.170,85.255.112.235
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{2C200C90-532D-4678-A3DB-1F81A4127325}]
DhcpNameServer REG_SZ 85.255.112.170,85.255.112.235
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{EEF4A304-DAD1-4E8B-872C-8F81EF10F3C0}]
NameServer REG_SZ 85.255.112.170,85.255.112.235
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{2C200C90-532D-4678-A3DB-1F81A4127325}]
NameServer REG_SZ 85.255.112.170,85.255.112.235
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{2C200C90-532D-4678-A3DB-1F81A4127325}]
DhcpNameServer REG_SZ 85.255.112.170,85.255.112.235
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{EEF4A304-DAD1-4E8B-872C-8F81EF10F3C0}]
NameServer REG_SZ 85.255.112.170,85.255.112.235
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{2C200C90-532D-4678-A3DB-1F81A4127325}]
NameServer REG_SZ 85.255.112.170,85.255.112.235
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{2C200C90-532D-4678-A3DB-1F81A4127325}]
DhcpNameServer REG_SZ 85.255.112.170,85.255.112.235
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{EEF4A304-DAD1-4E8B-872C-8F81EF10F3C0}]
NameServer REG_SZ 85.255.112.170,85.255.112.235
==> WAREOUT <==

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - 17/05/2009|10.56

----------------------\\ Scan completed at 10.56


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "gxvxcserv.sys" found!
ImagePath: \systemroot\system32\drivers\gxvxclkyfuxfmlwvtbwgbopdtrnopyrgikhac.sys
Start Type: 1 (System)

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Charly at 2009-05-17 09:54:18
Microsoft Windows XP Professional Service Pack 2
System drive C: has 63 GB (63%) free of 100 GB
Total RAM: 511 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.54.24, on 17/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Norton Ghost\Agent\GhostTray.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Charly\Desktop\VIRUS STUFF\RSIT.exe
C:\Programmi\Trend Micro\HijackThis\Charly.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Programmi\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C200C90-532D-4678-A3DB-1F81A4127325}: NameServer = 85.255.112.170,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEF4A304-DAD1-4E8B-872C-8F81EF10F3C0}: NameServer = 85.255.112.170,85.255.112.235
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.170,85.255.112.235
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C200C90-532D-4678-A3DB-1F81A4127325}: NameServer = 85.255.112.170,85.255.112.235
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.170,85.255.112.235
O17 - HKLM\System\CS2\Services\Tcpip\..\{2C200C90-532D-4678-A3DB-1F81A4127325}: NameServer = 85.255.112.170,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.170,85.255.112.235
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Servizio di Google Update (gupdate1c9b5c88ba90e6e) (gupdate1c9b5c88ba90e6e) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11449 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll [2008-11-20 911600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 1437696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\programmi\google\googletoolbar1.dll [2008-09-08 2423872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-17 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Programmi\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-11-20 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\programmi\google\googletoolbar1.dll [2008-09-08 2423872]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll [2008-11-20 911600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-06-15 6803456]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-06-15 86016]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-01-09 65536]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"ccApp"=C:\Programmi\File comuni\Symantec Shared\ccApp.exe [2005-01-20 58992]
"Norton Ghost 10.0"=C:\Programmi\Norton Ghost\Agent\GhostTray.exe [2005-09-09 1537648]
"QuickTime Task"=C:\Programmi\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Programmi\iTunes\iTunesHelper.exe [2008-11-20 290088]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Programmi\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"Adobe Reader Speed Launcher"=C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"egui"=C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
"swg"=C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-17 68856]
"uTorrent"=C:\Programmi\uTorrent\uTorrent.exe [2009-04-10 281904]
"Nokia.PCSync"=C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]
"PC Suite Tray"=C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-08-11 1124352]
"MSMSGS"=C:\Programmi\Messenger\msmsgs.exe [2004-08-19 1667584]
"Messenger (Yahoo!)"=C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe [2008-09-19 4347120]
"DAEMON Tools Lite"=C:\Programmi\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Charly\Menu Avvio\Programmi\Esecuzione automatica
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmi\uTorrent\uTorrent.exe"="C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Programmi\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Programmi\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Programmi\File comuni\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Programmi\File comuni\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe"="C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Programmi\Skype\Phone\Skype.exe"="C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programmi\iTunes\iTunes.exe"="C:\Programmi\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programmi\Bonjour\mDNSResponder.exe"="C:\Programmi\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programmi\Java\jre6\bin\java.exe"="C:\Programmi\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c50c6be3-1b9b-11de-a2d7-00115b8015dd}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c50c6be4-1b9b-11de-a2d7-00115b8015dd}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c50c6be9-1b9b-11de-a2d7-00115b8015dd}]
shell\AutoRun\command - F:\AutoRun.exe


======List of files/folders created in the last 1 months======

2009-05-15 15:19:30 ----D---- C:\Programmi\HDQuality
2009-05-15 12:12:30 ----D---- C:\Programmi\ESET
2009-04-20 15:15:40 ----D---- C:\Documents and Settings\Charly\Dati applicazioni\Yahoo!
2009-04-20 15:15:40 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2009-04-20 15:14:42 ----HDC---- C:\WINDOWS\ie8
2009-04-20 15:14:42 ----D---- C:\WINDOWS\system32\en-US
2009-04-20 15:14:29 ----HD---- C:\WINDOWS\msdownld.tmp

======List of files/folders modified in the last 1 months======

2009-05-17 09:29:52 ----D---- C:\WINDOWS\Temp
2009-05-17 09:29:32 ----D---- C:\Documents and Settings\Charly\Dati applicazioni\uTorrent
2009-05-17 01:37:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-16 23:21:51 ----D---- C:\WINDOWS\Prefetch
2009-05-16 23:10:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-16 23:07:12 ----D---- C:\WINDOWS
2009-05-15 15:19:30 ----RD---- C:\Programmi
2009-05-15 15:15:29 ----D---- C:\WINDOWS\system32\drivers
2009-05-15 15:15:29 ----D---- C:\WINDOWS\system32
2009-05-15 12:13:40 ----SHD---- C:\WINDOWS\Installer
2009-05-15 12:13:26 ----HD---- C:\WINDOWS\inf
2009-05-14 23:54:13 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-02 00:35:11 ----SD---- C:\WINDOWS\Tasks
2009-04-25 13:17:25 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Adobe
2009-04-25 13:17:12 ----D---- C:\Programmi\Adobe
2009-04-20 16:34:47 ----D---- C:\WINDOWS\network diagnostic
2009-04-20 15:17:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-20 15:17:50 ----D---- C:\WINDOWS\Media
2009-04-20 15:17:50 ----D---- C:\WINDOWS\Help
2009-04-20 15:17:50 ----D---- C:\Programmi\Internet Explorer
2009-04-20 15:15:43 ----D---- C:\Programmi\Yahoo!
2009-04-20 15:15:43 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo!

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 V2IMount;V2IMount; C:\WINDOWS\system32\drivers\V2IMount.sys [2005-09-09 56192]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-01-09 601100]
R3 Arp1394;Protocollo client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-19 60800]
R3 GearAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Driver di classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-31 9600]
R3 MODEMCSA;Periferica filtro flusso Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Driver di mouse HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-31 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-19 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-06-15 3200256]
R3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys [2003-04-10 636502]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 32768]
R3 usbehci;Driver Miniport controller enhanced host USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Hub abilitato USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Driver miniport per controller open host USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbstor;Driver archiviazione di massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 a57d5nz1;a57d5nz1; C:\WINDOWS\system32\drivers\a57d5nz1.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-28 85969]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 sermouse;Driver del mouse seriale; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-08-30 18176]
S3 SISNIC;Driver per scheda Fast Ethernet PCI SiS; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 USB_RNDIS;DSL Router; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 12672]
S3 usbccgp;Driver principale generico USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WINFLASH;WINFLASH; \??\C:\Documents and Settings\Charly\Desktop\winflash174\WinFlash.sys []
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Ambiente di supporto del provider del Servizio Non-IFS di Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-31 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Programmi\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe [2005-01-20 198256]
R2 ccSetMgr;Symantec Settings Manager; C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe [2005-01-20 165488]
R2 ekrn;ESET Service; C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2005-09-09 53248]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programmi\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 Norton Ghost;Norton Ghost; C:\Programmi\Norton Ghost\Agent\VProSvc.exe [2008-09-08 2066024]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-06-15 127043]
R2 Symantec Core LC;Symantec Core LC; C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-09-08 822424]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
R2 YahooAUService;Yahoo! Updater; C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 iPod Service;Servizio iPod; C:\Programmi\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 ServiceLayer;ServiceLayer; C:\Programmi\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S2 gupdate1c9b5c88ba90e6e;Servizio di Google Update (gupdate1c9b5c88ba90e6e); C:\Programmi\Google\Update\GoogleUpdate.exe [2009-04-05 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-08 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe [2005-01-20 79472]
S3 EhttpSrv;ESET HTTP Server; C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 gusvc;Google Updater Service; C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-08 138168]
S3 WMPNetworkSvc;Servizio di condivisione in rete Windows Media Player; C:\Programmi\Windows Media Player\WMPNetwk.exe [2006-11-02 918528]

-----------------EOF-----------------
  • 0

Advertisements


#2
IndiGenus

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Hello CHARLITO and welcome to the forums here at G2G!

MalwareBytes' is likely being blocked from running by the rootkit you have. You also have a Wareout infection that can infect routers if you have one. Please let me know on that in your next reply. First let's go after the malware on your PC.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new OTListIt log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
  • 0

#3
CHARLITO

CHARLITO

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ciao IndiGenus

Thanks for the reply! I did as you said with combofix and it gave the following report. It cancelled 3 viruses. Whether or not those are the main problems.....? As for the router, I'll let my ignorance show and say I have no idea. If it means what I think it does, I don't have any other computers connected to mine and I'm using a wireless internet connection. If I'm off-base here, you'll need to tell me. :) Thanks again.

ComboFix 09-05-16.05 - Charly 17/05/2009 18.32.16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.511.262 [GMT 2:00]
Eseguito da: c:\documents and settings\Charly\Desktop\Combo-Fix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gxvxclkyfuxfmlwvtbwgbopdtrnopyrgikhac.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcijnqbdrmtmpesbrtwejdservkkwpjupt.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Creati Da 2009-04-17 al 2009-05-17 )))))))))))))))))))))))))))))))))))
.

2009-05-17 08:55 . 2009-05-17 08:56 -------- d-----w C:\Rooter$
2009-05-15 13:19 . 2009-05-15 13:19 -------- d-----w c:\programmi\HDQuality
2009-05-15 10:12 . 2009-05-15 10:12 -------- d-----w c:\programmi\ESET
2009-04-20 14:40 . 2009-04-20 14:40 -------- d-sh--w c:\documents and settings\Charly\IECompatCache
2009-04-20 13:19 . 2009-04-20 13:19 -------- d-sh--w c:\documents and settings\Charly\PrivacIE
2009-04-20 13:17 . 2009-04-20 13:17 -------- d-sh--w c:\documents and settings\Charly\IETldCache
2009-04-20 13:15 . 2009-04-20 13:15 -------- d-----w c:\documents and settings\Charly\Dati applicazioni\Yahoo!
2009-04-20 13:15 . 2009-04-20 13:23 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2009-04-20 13:14 . 2009-04-20 13:14 -------- dc-h--w c:\windows\ie8
2009-04-20 13:14 . 2009-04-20 13:16 -------- d--h--w c:\windows\msdownld.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 08:52 . 2009-01-31 16:19 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-20 13:15 . 2008-10-10 20:33 -------- d-----w c:\programmi\Yahoo!
2009-04-17 12:10 . 2009-04-17 12:10 -------- d-----w c:\programmi\101 Dino Pets
2009-04-11 10:39 . 2009-01-17 14:00 3532 ----a-w C:\drmHeader.bin
2009-04-05 10:05 . 2008-09-20 08:30 -------- d-----w c:\programmi\File comuni\Nokia
2009-04-05 10:05 . 2008-09-20 08:28 -------- d-----w c:\programmi\Nokia
2009-04-05 08:30 . 2008-09-08 16:44 -------- d-----w c:\programmi\Google
2009-04-05 08:30 . 2008-09-14 15:54 -------- d-----w c:\programmi\DivX
2009-04-05 08:29 . 2009-04-05 08:29 -------- d-----w c:\programmi\File comuni\DivX Shared
2009-04-05 08:21 . 2009-02-06 17:07 -------- d-----w c:\programmi\Java
2009-03-29 15:22 . 2001-08-31 15:00 63180 ----a-w c:\windows\system32\perfc010.dat
2009-03-29 15:22 . 2001-08-31 15:00 425432 ----a-w c:\windows\system32\perfh010.dat
2009-03-09 03:19 . 2009-02-06 17:08 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 02:34 . 2004-08-19 13:39 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2004-08-19 13:39 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2004-08-19 13:39 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2004-08-19 13:39 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2004-08-19 13:39 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2004-08-19 13:39 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2004-08-19 13:39 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2004-08-19 13:38 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2004-08-19 13:39 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2001-08-31 15:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2004-08-19 13:39 . 2004-08-19 13:39 169532 --sha-r c:\windows\system32\cqqrt.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-17 68856]
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe" [2009-04-10 281904]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]
"Messenger (Yahoo!)"="c:\programmi\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2005-01-20 58992]
"Norton Ghost 10.0"="c:\programmi\Norton Ghost\Agent\GhostTray.exe" [2005-09-09 1537648]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-06-15 1519616]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-01-09 65536]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Charly\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2110:TCP"= 2110:TCP:dzvyby

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 14.23.18 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06/02/2009 14.24.24 93336]
R2 ekrn;ESET Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 14.23.36 727720]
R2 YahooAUService;Yahoo! Updater;c:\programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe [09/11/2008 22.48.14 602392]
R3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [13/09/2008 0.15.31 636502]
S2 gupdate1c9b5c88ba90e6e;Servizio di Google Update (gupdate1c9b5c88ba90e6e);c:\programmi\Google\Update\GoogleUpdate.exe [05/04/2009 10.28.48 133104]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pzhldim

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\programmi\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contenuto della cartella 'Scheduled Tasks'

2009-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-05-17 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-05 08:28]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 18:33
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-05-17 18.34.48
ComboFix-quarantined-files.txt 2009-05-17 16:34

Pre-Run: 64.329.027.584 byte disponibili
Post-Run: 64.344.772.608 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

166 --- E O F --- 2008-11-02 19:36
  • 0

#4
IndiGenus

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Looking better, but more work to do. Can you first run OTListIt2 again and post the log.
  • 0

#5
CHARLITO

CHARLITO

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks again. You're being a real big help.

OTListIt logfile created on: 17/05/2009 20.16.01 - Run 2
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Charly\Desktop\VIRUS STUFF\VIRUS STUFF 17 MAY
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

511,48 Mb Total Physical Memory | 50,02 Mb Available Physical Memory | 9,78% Memory free
1,22 Gb Paging File | 0,36 Gb Available in Paging File | 29,53% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 97,65 Gb Total Space | 59,88 Gb Free Space | 61,32% Space Free | Partition Type: NTFS
Drive D: | 149,01 Gb Total Space | 101,49 Gb Free Space | 68,11% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 200,43 Gb Total Space | 22,56 Gb Free Space | 11,26% Space Free | Partition Type: NTFS

Computer Name: CHARLIEHAMMONDS
Current User Name: Charly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programmi\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\WINDOWS\System32\GEARSec.exe (GEAR Software)
PRC - C:\Programmi\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Programmi\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Programmi\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programmi\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
PRC - C:\Programmi\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
PRC - C:\Documents and Settings\Charly\Desktop\VIRUS STUFF\VIRUS STUFF 17 MAY\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Programmi\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc [On_Demand | Stopped]) -- C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (GEARSecurity [Auto | Running]) -- C:\WINDOWS\System32\GEARSec.exe (GEAR Software)
SRV - (gupdate1c9b5c88ba90e6e [Auto | Stopped]) -- C:\Programmi\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Programmi\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Programmi\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Norton Ghost [Auto | Running]) -- C:\Programmi\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ServiceLayer [On_Demand | Stopped]) -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Symantec Core LC [Auto | Running]) -- C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Programmi\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXSENS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (catchme [Disabled | Running]) -- File not found
DRV - (eamon [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\eamon.sys (ESET)
DRV - (ehdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ehdrv.sys (ESET)
DRV - (epfwtdir [System | Running]) -- C:\WINDOWS\system32\DRIVERS\epfwtdir.sys (ESET)
DRV - (GearAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (gmer [Unknown | Stopped]) -- C:\WINDOWS\System32\drivers\gmer.sys (GMER)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (nmwcd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pccsmcfd [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys (Nokia)
DRV - (PRISM_USB [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys (Intersil Americas Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys ()
DRV - (SiSide [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.)
DRV - (sisidex [Boot | Running]) -- C:\WINDOWS\system32\drivers\sisidex.sys (Windows ® 2000 DDK provider)
DRV - (SISNIC [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisnic.sys (SiS Corporation)
DRV - (SISNICXP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\sisnicxp.sys (SiS Corporation)
DRV - (sisperf [Boot | Running]) -- C:\WINDOWS\system32\drivers\sisperf.sys (Silicon Integrated Systems Corp.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SymSnap [Boot | Running]) -- C:\WINDOWS\System32\drivers\SymSnap.sys (StorageCraft)
DRV - (upperdev [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbser.sys (Microsoft Corporation)
DRV - (USB_RNDIS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys (Microsoft Corporation)
DRV - (V2IMount [System | Running]) -- C:\WINDOWS\System32\drivers\V2iMount.sys (Symantec Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAMMI\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/06 19.07.55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAMMI\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2009/05/15 12.12.38 | 00,000,000 | ---D | M]


O1 HOSTS File: (768 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Norton Ghost 10.0] "C:\Programmi\Norton Ghost\Agent\GhostTray.exe" (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog (Time Information Services Ltd.)
O4 - HKCU..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia)
O4 - HKCU..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe" (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Charly\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/08 12.50.05 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/02/04 09.04.28 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/02/04 08.04.30 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/01/01 02.32.58 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/02/04 09.04.28 | 00,000,000 | RHSD | M] - K:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/17 20.15.40 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/17 18.34.51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Charly\Impostazioni locali\temp
[2009/05/17 18.29.23 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/17 18.29.20 | 00,261,312 | ---- | C] () -- C:\cmldr
[2009/05/17 18.29.19 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/17 18.27.04 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/17 18.27.04 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/17 18.27.04 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/17 18.27.04 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/17 18.27.04 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/17 18.27.04 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/17 18.27.04 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/17 18.27.04 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/17 18.26.57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/17 18.26.57 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2009/05/17 18.26.47 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/17 10.55.34 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/17 10.43.12 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/05/15 15.19.30 | 00,000,000 | ---D | C] -- C:\Programmi\HDQuality
[2009/05/15 12.12.30 | 00,000,000 | ---D | C] -- C:\Programmi\ESET
[2009/04/20 15.15.40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Charly\Dati applicazioni\Yahoo!
[2009/04/20 15.15.40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
[2009/04/20 15.14.42 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/04/20 15.14.42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/04/20 15.14.29 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/01/28 00.03.33 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/01/28 00.03.31 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/09/14 09.56.05 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/12 18.11.42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\wunilog.ini
[2008/09/12 01.57.51 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008/09/12 01.57.51 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008/09/08 17.47.42 | 00,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/08 15.19.09 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2008/09/08 15.17.29 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/08/28 14.06.52 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/08/28 14.06.52 | 00,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/03/29 23.00.40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/06/15 17.20.00 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2004/08/19 15.39.16 | 00,169,532 | RHS- | C] () -- C:\WINDOWS\System32\cqqrt.dll
[2004/07/17 11.36.38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/31 17.00.00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/31 17.00.00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/17 18.43.59 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/17 18.34.49 | 00,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/05/17 18.34.49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/17 18.33.43 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/17 18.31.36 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Charly\Impostazioni locali\desktop.ini
[2009/05/17 18.31.31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/17 18.29.23 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/17 10.43.38 | 00,026,682 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/16 23.06.46 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/14 17.50.08 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/05 22.25.02 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/20 15.17.59 | 00,000,074 | -HS- | M] () -- C:\Documents and Settings\Charly\Documenti\desktop.ini
[2009/04/20 12.56.28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
< End of report >
  • 0

#6
IndiGenus

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
1. Open Notepad

2. Now copy/paste the entire content of the codebox below into the Notepad window:

NetSvc::
pzhldim

Driver:::
pzhldim

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2110:TCP"=-


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new OTListIt2 log.

  • 0

#7
CHARLITO

CHARLITO

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks!

ComboFix 09-05-17.08 - Charly 18/05/2009 22.14.38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.511.308 [GMT 2:00]
Eseguito da: c:\documents and settings\Charly\Desktop\VIRUS STUFF\VIRUS STUFF 17 MAY\Combo-Fix.exe
Opzioni usate :: c:\documents and settings\Charly\Desktop\CFScript.txt.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PZHLDIM


((((((((((((((((((((((((( Files Creati Da 2009-04-18 al 2009-05-18 )))))))))))))))))))))))))))))))))))
.

2009-05-17 08:55 . 2009-05-17 08:56 -------- d-----w C:\Rooter$
2009-05-15 13:19 . 2009-05-15 13:19 -------- d-----w c:\programmi\HDQuality
2009-05-15 10:12 . 2009-05-15 10:12 -------- d-----w c:\programmi\ESET
2009-04-20 14:40 . 2009-04-20 14:40 -------- d-sh--w c:\documents and settings\Charly\IECompatCache
2009-04-20 13:19 . 2009-04-20 13:19 -------- d-sh--w c:\documents and settings\Charly\PrivacIE
2009-04-20 13:17 . 2009-04-20 13:17 -------- d-sh--w c:\documents and settings\Charly\IETldCache
2009-04-20 13:15 . 2009-04-20 13:15 -------- d-----w c:\documents and settings\Charly\Dati applicazioni\Yahoo!
2009-04-20 13:15 . 2009-04-20 13:23 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2009-04-20 13:14 . 2009-04-20 13:14 -------- dc-h--w c:\windows\ie8
2009-04-20 13:14 . 2009-04-20 13:16 -------- d--h--w c:\windows\msdownld.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 08:52 . 2009-01-31 16:19 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-20 13:15 . 2008-10-10 20:33 -------- d-----w c:\programmi\Yahoo!
2009-04-17 12:10 . 2009-04-17 12:10 -------- d-----w c:\programmi\101 Dino Pets
2009-04-11 10:39 . 2009-01-17 14:00 3532 ----a-w C:\drmHeader.bin
2009-04-05 10:05 . 2008-09-20 08:30 -------- d-----w c:\programmi\File comuni\Nokia
2009-04-05 10:05 . 2008-09-20 08:28 -------- d-----w c:\programmi\Nokia
2009-04-05 08:30 . 2008-09-08 16:44 -------- d-----w c:\programmi\Google
2009-04-05 08:30 . 2008-09-14 15:54 -------- d-----w c:\programmi\DivX
2009-04-05 08:29 . 2009-04-05 08:29 -------- d-----w c:\programmi\File comuni\DivX Shared
2009-04-05 08:21 . 2009-02-06 17:07 -------- d-----w c:\programmi\Java
2009-03-29 15:22 . 2001-08-31 15:00 63180 ----a-w c:\windows\system32\perfc010.dat
2009-03-29 15:22 . 2001-08-31 15:00 425432 ----a-w c:\windows\system32\perfh010.dat
2009-03-09 03:19 . 2009-02-06 17:08 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 02:34 . 2004-08-19 13:39 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2004-08-19 13:39 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2004-08-19 13:39 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2004-08-19 13:39 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2004-08-19 13:39 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2004-08-19 13:39 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2004-08-19 13:39 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2004-08-19 13:38 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2004-08-19 13:39 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2001-08-31 15:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2004-08-19 13:39 . 2004-08-19 13:39 169532 --sha-r c:\windows\system32\cqqrt.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-17_16.33.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-18 20:17 . 2009-05-18 20:17 16384 c:\windows\Temp\Perflib_Perfdata_f0.dat
+ 2009-05-18 20:17 . 2009-05-18 20:17 16384 c:\windows\Temp\Perflib_Perfdata_208.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-17 68856]
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe" [2009-04-10 281904]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]
"Messenger (Yahoo!)"="c:\programmi\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2005-01-20 58992]
"Norton Ghost 10.0"="c:\programmi\Norton Ghost\Agent\GhostTray.exe" [2005-09-09 1537648]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-06-15 1519616]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-01-09 65536]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Charly\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 14.23.18 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06/02/2009 14.24.24 93336]
R2 ekrn;ESET Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 14.23.36 727720]
R2 YahooAUService;Yahoo! Updater;c:\programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe [09/11/2008 22.48.14 602392]
S2 gupdate1c9b5c88ba90e6e;Servizio di Google Update (gupdate1c9b5c88ba90e6e);c:\programmi\Google\Update\GoogleUpdate.exe [05/04/2009 10.28.48 133104]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [13/09/2008 0.15.31 636502]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\programmi\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contenuto della cartella 'Scheduled Tasks'

2009-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-05-18 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-05 08:28]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 22:18
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(4084)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSIT.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Symantec Shared\ccSetMgr.exe
c:\programmi\File comuni\Symantec Shared\ccEvtMgr.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\system32\gearsec.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\programmi\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Ora fine scansione: 2009-05-18 22.20.19 - Il pc č stato riavviato
ComboFix-quarantined-files.txt 2009-05-18 20:20
ComboFix2.txt 2009-05-17 16:34

Pre-Run: 65.026.711.552 byte disponibili
Post-Run: 64.962.953.216 byte disponibili

193 --- E O F --- 2008-11-02 19:36


OTListIt logfile created on: 18/05/2009 22.23.00 - Run 3
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Charly\Desktop\VIRUS STUFF\VIRUS STUFF 17 MAY
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

511,48 Mb Total Physical Memory | 39,79 Mb Available Physical Memory | 7,78% Memory free
1,22 Gb Paging File | 0,71 Gb Available in Paging File | 58,07% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 97,65 Gb Total Space | 60,51 Gb Free Space | 61,97% Space Free | Partition Type: NTFS
Drive D: | 149,01 Gb Total Space | 101,49 Gb Free Space | 68,11% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 200,43 Gb Total Space | 22,56 Gb Free Space | 11,26% Space Free | Partition Type: NTFS

Computer Name: CHARLIEHAMMONDS
Current User Name: Charly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programmi\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\WINDOWS\System32\GEARSec.exe (GEAR Software)
PRC - C:\Programmi\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Programmi\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Programmi\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\Programmi\File comuni\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Programmi\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
PRC - C:\Programmi\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Programmi\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe (Time Information Services Ltd.)
PRC - C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Programmi\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Programmi\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe ()
PRC - C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe (Nokia Corporation)
PRC - C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe ()
PRC - C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programmi\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
PRC - C:\Programmi\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
PRC - C:\Programmi\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
PRC - C:\Documents and Settings\Charly\Desktop\VIRUS STUFF\VIRUS STUFF 17 MAY\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Programmi\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc [On_Demand | Stopped]) -- C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (GEARSecurity [Auto | Running]) -- C:\WINDOWS\System32\GEARSec.exe (GEAR Software)
SRV - (gupdate1c9b5c88ba90e6e [Auto | Stopped]) -- C:\Programmi\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Programmi\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Programmi\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Norton Ghost [Auto | Running]) -- C:\Programmi\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ServiceLayer [On_Demand | Running]) -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Symantec Core LC [Auto | Running]) -- C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Programmi\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXSENS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (catchme [Disabled | Running]) -- File not found
DRV - (eamon [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\eamon.sys (ESET)
DRV - (ehdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ehdrv.sys (ESET)
DRV - (epfwtdir [System | Running]) -- C:\WINDOWS\system32\DRIVERS\epfwtdir.sys (ESET)
DRV - (GearAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (nmwcd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pccsmcfd [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys (Nokia)
DRV - (PRISM_USB [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys (Intersil Americas Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys ()
DRV - (SiSide [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.)
DRV - (sisidex [Boot | Running]) -- C:\WINDOWS\system32\drivers\sisidex.sys (Windows ® 2000 DDK provider)
DRV - (SISNIC [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisnic.sys (SiS Corporation)
DRV - (SISNICXP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\sisnicxp.sys (SiS Corporation)
DRV - (sisperf [Boot | Running]) -- C:\WINDOWS\system32\drivers\sisperf.sys (Silicon Integrated Systems Corp.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SymSnap [Boot | Running]) -- C:\WINDOWS\System32\drivers\SymSnap.sys (StorageCraft)
DRV - (upperdev [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbser.sys (Microsoft Corporation)
DRV - (USB_RNDIS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys (Microsoft Corporation)
DRV - (V2IMount [System | Running]) -- C:\WINDOWS\System32\drivers\V2iMount.sys (Symantec Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAMMI\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/06 19.07.55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAMMI\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2009/05/15 12.12.38 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Norton Ghost 10.0] "C:\Programmi\Norton Ghost\Agent\GhostTray.exe" (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog (Time Information Services Ltd.)
O4 - HKCU..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia)
O4 - HKCU..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe" (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Charly\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/08 12.50.05 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/02/04 09.04.28 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/02/04 08.04.30 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/01/01 02.32.58 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/02/04 09.04.28 | 00,000,000 | RHSD | M] - K:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/18 22.13.34 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/17 18.34.51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Charly\Impostazioni locali\temp
[2009/05/17 18.29.23 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/17 18.29.20 | 00,261,312 | ---- | C] () -- C:\cmldr
[2009/05/17 18.29.19 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/17 18.27.04 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/17 18.27.04 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/17 18.27.04 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/17 18.27.04 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/17 18.27.04 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/17 18.27.04 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/17 18.27.04 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/17 18.27.04 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/17 18.26.57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/17 18.26.47 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/17 10.55.34 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/17 10.43.12 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/05/15 15.19.30 | 00,000,000 | ---D | C] -- C:\Programmi\HDQuality
[2009/05/15 12.12.30 | 00,000,000 | ---D | C] -- C:\Programmi\ESET
[2009/04/20 15.15.40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Charly\Dati applicazioni\Yahoo!
[2009/04/20 15.15.40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
[2009/04/20 15.14.42 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/04/20 15.14.42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/04/20 15.14.29 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/01/28 00.03.33 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/01/28 00.03.31 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/10/15 10.54.04 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/09/14 09.56.05 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/12 18.11.42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\wunilog.ini
[2008/09/12 01.57.51 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008/09/12 01.57.51 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008/09/08 17.47.42 | 00,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/08 15.19.09 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2008/09/08 15.17.29 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/08/28 14.06.52 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/08/28 14.06.52 | 00,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/03/29 23.00.40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/06/15 17.20.00 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2004/08/19 15.39.16 | 00,169,532 | RHS- | C] () -- C:\WINDOWS\System32\cqqrt.dll
[2004/07/17 11.36.38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/31 17.00.00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/31 17.00.00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/18 22.18.40 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/18 22.17.39 | 00,026,682 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/18 22.17.32 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/18 22.17.28 | 00,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/05/18 22.17.25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/18 22.17.23 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Charly\Impostazioni locali\desktop.ini
[2009/05/18 22.17.22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/17 18.43.59 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/17 18.29.23 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/16 23.06.46 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/14 17.50.08 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/05 22.25.02 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/20 15.17.59 | 00,000,074 | -HS- | M] () -- C:\Documents and Settings\Charly\Documenti\desktop.ini
[2009/04/20 12.56.28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
< End of report >
  • 0

#8
IndiGenus

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
First, use Use ATF Cleaner to remove temp files,
cookies, cache, ect...

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~

I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Please do a scan with Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition
    files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run. (At times it may appear to stall)
    * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Once the scan is complete, click on View scan report To obtain the report:
Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobuc...ng/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%
.)
Or use Firefox with IE-Tab plugin
https://addons.mozil...efox/addon/1419

In your next reply post:
Kaspersky log
New OTListIt2 log taken after the above scan has run

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP