Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win XP SP2 won't boot


  • This topic is locked This topic is locked

#1
iggyboy

iggyboy

    Member

  • Member
  • PipPip
  • 26 posts
I was fighting with an explorer.exe trojan with no success and after several attempts,switched off.Next morning XP couldn't boot,stopping just after BIOS with blinking cursor on black screen.Using the installation CD (where I don't have the option R) the message was "no volume is present".The only way to solve part of my problem was to start with an USB floppy with NTDETECT,NTLDR,BOOT.INI.
Starting this way,I can just run like normal but cannot access to any network(even if looking into connections "LAN is connected")and the booting at the end is very slow.I was happy because all my files and programs are present,but any other attempt following the many proposals found,didn't solve the main problem.By the way scanning with some antivirus seems that explorer.exe and winlogon.exe are still infected,but this happens even after overwriting those files with clean ones directlty with SATA 2,5" box.
  • 0

Advertisements


#2
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

I am still a trainee so all my posts will be checked by an Expert. It's your advantage that there are two people looking at your log but responses may be a little delayed so please be patient.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.


Lets see some logs.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    drivers32
    /md5start
    winlogon.exe
    explorer.exe
    svchost.exe
    csrss.exe
    wininit.exe
    /md5stop
    msconfig
    safebootminimal
    safebootnetwork
    activex
    c:\system volume information|_REGISTRY_MACHINE_SYSTEM;true;true;true /FP
    c:\system volume information|_REGISTRY_MACHINE_SOFTWARE;true;true;true /FP

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, on your next reply.

  • 0

#3
iggyboy

iggyboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Hi

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

Thank you my friend,I'm Italian,so my english is very poor! I followed your suggestion and you will find the two logs hereinafter

OTL logfile created on: 09/01/2011 9.41.08 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Iggy\Desktop\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 53,71 Gb Total Space | 1,77 Gb Free Space | 3,29% Space Free | Partition Type: NTFS
Drive D: | 95,33 Gb Total Space | 0,50 Gb Free Space | 0,53% Space Free | Partition Type: NTFS
Drive F: | 3,73 Gb Total Space | 2,47 Gb Free Space | 66,23% Space Free | Partition Type: FAT32

Computer Name: IGGY10 | User Name: Iggy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/09 08.57.54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Iggy\Desktop\OTL\OTL.exe
PRC - [2010/11/18 18.53.15 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/05 17.53.56 | 000,327,000 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programmi\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2010/02/02 17.31.56 | 000,279,296 | ---- | M] (Motorola) -- C:\Programmi\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/01/27 11.37.22 | 000,091,392 | ---- | M] () -- C:\Programmi\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2008/03/18 11.27.12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/09/06 12.26.20 | 000,221,184 | ---- | M] (SafeBoot International) -- c:\Programmi\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2007/07/24 07.22.02 | 000,185,624 | ---- | M] (Infineon Technologies AG) -- c:\Programmi\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2007/07/24 07.21.48 | 000,140,568 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IfxPsdSv.exe
PRC - [2007/03/07 05.19.00 | 000,066,048 | R--- | M] (Bioscrypt Inc.) -- c:\Programmi\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2007/01/24 13.28.58 | 000,124,928 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2007/01/19 11.49.26 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
PRC - [2007/01/09 14.52.32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programmi\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2006/12/04 15.13.16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Programmi\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
PRC - [2006/05/16 11.58.18 | 000,213,936 | ---- | M] (Macrovision Corporation) -- C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/05/12 12.33.22 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
PRC - [2006/05/12 12.27.16 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
PRC - [2004/08/19 09.00.00 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/12/05 10.25.28 | 000,798,772 | ---- | M] (AHEAD Software) -- C:\Programmi\Ahead\InCD\incdsrv.exe
PRC - [2003/09/11 04.00.00 | 000,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0F2.EXE
PRC - [2003/05/28 18.11.02 | 000,200,704 | ---- | M] (Symantec Corporation) -- C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe


========== Modules (SafeList) ==========

MOD - [2011/01/09 08.57.54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Iggy\Desktop\OTL\OTL.exe
MOD - [2007/02/26 03.49.00 | 000,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll
MOD - [2004/08/19 14.37.42 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Programmi\Movie Maker\wxfcwve.dll -- (ydgjf)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\wxfcwve.dll -- (goxcqg)
SRV - [2010/11/05 17.53.56 | 000,327,000 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programmi\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/09/07 16.11.59 | 000,040,384 | ---- | M] (AVAST Software) [Disabled | Stopped] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 16.11.59 | 000,040,384 | ---- | M] (AVAST Software) [Disabled | Stopped] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 16.11.59 | 000,040,384 | ---- | M] (AVAST Software) [Disabled | Stopped] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/25 18.07.20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programmi\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/01/27 11.37.22 | 000,091,392 | ---- | M] () [Auto | Running] -- C:\Programmi\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/03/05 23.04.30 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/11/03 15.15.34 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programmi\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/03/18 11.27.12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/09/06 12.26.20 | 000,221,184 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Programmi\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2007/07/24 07.21.48 | 000,140,568 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2007/06/08 08.06.42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007/03/14 05.03.00 | 000,074,752 | R--- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/01/19 11.49.26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Running] -- C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006/12/04 15.13.16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto | Running] -- C:\Programmi\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI)
SRV - [2006/06/22 05.14.00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Programmi\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2006/05/12 12.27.16 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe -- (btwdins)
SRV - [2003/12/05 10.25.28 | 000,798,772 | ---- | M] (AHEAD Software) [Auto | Running] -- C:\Programmi\Ahead\InCD\incdsrv.exe -- (InCDsrv)
SRV - [2003/07/28 19.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/05/28 18.11.02 | 000,200,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ivusb.sys -- (ivusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programmi\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Iggy\IMPOST~1\Temp\catchme.sys -- (catchme)
DRV - [2011/01/05 16.20.56 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010/09/07 15.52.25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 15.52.03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 15.47.46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 15.47.19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 15.47.07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 15.46.51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/25 18.07.14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/10/27 12.02.14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2008/10/31 15.28.26 | 000,022,432 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programmi\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/09/11 09.52.48 | 006,047,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/08/28 22.34.30 | 003,632,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/04/28 14.22.10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/03/21 11.13.00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/05 12.38.22 | 000,281,600 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/01/31 12.05.34 | 000,142,976 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx02.sys -- (SWUMX02) HP hs2300 USB MUX Driver (#02)
DRV - [2008/01/31 12.04.40 | 000,165,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC8U02.sys -- (SWNC8U02) HP hs2300 MUX NDIS Driver (#02)
DRV - [2008/01/18 09.49.24 | 000,220,640 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/15 21.50.52 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2008/01/10 15.59.56 | 000,044,160 | ---- | M] (Sierra Wireless ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scrswi.sys -- (scrswi)
DRV - [2007/08/28 14.47.36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/08/14 16.59.52 | 000,005,840 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2007/08/14 16.59.44 | 000,101,167 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2007/07/24 07.21.52 | 000,038,816 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2007/07/24 07.21.46 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/07/12 15.35.02 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/06/18 16.12.04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/06/14 15.22.58 | 000,013,184 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2007/06/08 07.49.46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2006/12/15 13.44.42 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/10/19 00.23.00 | 000,033,024 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X)
DRV - [2006/10/09 12.31.46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2006/07/23 23.00.04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/07/23 23.00.04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2006/05/12 12.21.22 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/12 12.19.04 | 001,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/12 12.17.18 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/12 12.16.44 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/12 12.13.46 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/12/11 11.55.38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/01/07 16.07.18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/11/18 10.21.00 | 000,084,480 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U81xmdm.sys -- (U81xmdm)
DRV - [2004/11/18 10.21.00 | 000,077,472 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U81xmgmt.sys -- (U81xmgmt) LGE U8XXX USB WMC Device Management Drivers (WDM)
DRV - [2004/11/18 10.21.00 | 000,075,456 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U81xobex.sys -- (U81xobex)
DRV - [2004/11/18 10.21.00 | 000,052,352 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U81xbus.sys -- (U81xbus) LGE U8XXX driver (WDM)
DRV - [2004/11/18 10.21.00 | 000,006,064 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U81xmdfl.sys -- (U81xmdfl)
DRV - [2003/12/05 10.27.40 | 000,028,592 | ---- | M] (Ahead Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2003/12/05 10.27.24 | 000,089,168 | ---- | M] (Ahead Software) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
DRV - [2003/08/21 15.56.36 | 000,025,520 | ---- | M] (Ahead Software AG) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2003/05/28 18.01.06 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programmi\Symantec\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan)
DRV - [2003/05/28 17.53.46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/18 18.53.36 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/01/05 17.15.58 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programmi\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programmi\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programmi\FlashGet\getflash.dll (www.flashget.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CognizanceTS] c:\Programmi\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe File not found
O4 - HKLM..\Run: [ISUSPM] C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PTHOSTTR] c:\Programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SpyStopper] D:\Files programmi\spystopper.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\programmi\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [NBJ] C:\Programmi\Ahead\Nero BackItUp\NBJ .exe (Ahead Software AG)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk = C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\LG SyncManager.lnk = C:\h7??\LGSyncManager.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O8 - Extra context menu item: &Scarica con FlashGet - C:\Programmi\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Scarica tutto con FlashGet - C:\Programmi\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmi\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmi\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2C546582-48CE-4890-9C88-B2665B125E15} http://www.registryw...om/RWOnline.cab (RWOnline Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.3.1)
O16 - DPF: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} http://java.sun.com/...-131_01-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-9600-000000000000} http://download.macr...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\APSHook.dll) - C:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\OneCard: DllName - c:\Programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - c:\Programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/26 09.19.34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/20 10.38.59 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/07/20 10.38.59 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: goxcqg - C:\WINDOWS\System32\wxfcwve.dll File not found
NetSvcs: ydgjf - C:\Programmi\Movie Maker\wxfcwve.dll File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.at3 - C:\WINDOWS\System32\atrac3.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\LameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Programmi\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.hfyu - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.PIM1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems)
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

MsConfig - StartUpReg: avast5 - hkey= - key= - C:\Programmi\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - File not found
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendering grafica vettoriale (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Binding dati Dynamic HTML per Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Modulo ricerca non in linea
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Creazione avanzata
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Guida di Internet Explorer
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classi Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Strumenti di installazione di Internet Explorer
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Miglioramenti sfoglia
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Accesso sito MSN
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Binding dati Dynamic HTML
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Font principali di Internet Explorer
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Utilità di pianificazione
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - Guida HTML
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

========== Files/Folders - Created Within 30 Days ==========

[2011/01/09 09.38.55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iggy\Desktop\OTL
[2011/01/08 21.42.20 | 000,000,000 | ---D | C] -- C:\Programmi\Pc Optimizer 360
[2011/01/07 19.42.30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/01/05 17.31.13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/05 17.31.13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes' Anti-Malware
[2011/01/05 17.31.10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/05 17.31.10 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2011/01/05 17.18.42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/01/05 17.01.37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/05 17.01.37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/05 17.01.37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/05 17.01.37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/05 17.01.19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/05 17.01.03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/05 16.58.32 | 000,000,000 | ---D | C] -- C:\Programmi\CCleaner
[2011/01/03 19.10.28 | 000,000,000 | ---D | C] -- C:\Venus11
[2010/12/27 12.06.31 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010/12/27 12.06.28 | 000,000,000 | ---D | C] -- C:\Programmi\Enigma Software Group
[2010/12/25 18.41.00 | 000,000,000 | ---D | C] -- C:\WINDOWS\3636C9237AD64DE3978A09609AEE8ECF.TMP
[2010/12/25 17.47.51 | 000,000,000 | ---D | C] -- C:\WINDOWS\41EBC322660F4D16A0DF53147210CBDB.TMP
[2010/12/25 17.47.49 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Wise Installation Wizard
[2010/12/24 16.48.01 | 000,020,480 | ---- | C] (NT Kernel Resources) -- C:\WINDOWS\System32\drivers\ndisrd.sys
[2010/12/24 16.44.01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iggy\Dati applicazioni\tfrwuvfjyhllnngdyue2jxnqoggqjlz2
[2010/12/23 10.27.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Super Mp3 Recorder Professional
[2010/12/23 10.27.40 | 000,000,000 | ---D | C] -- C:\Programmi\Admiresoft
[2010/12/22 19.50.39 | 000,000,000 | ---D | C] -- C:\Bilan11
[2010/12/17 12.29.05 | 000,000,000 | ---D | C] -- C:\Programmi\Hide IP NG
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Documents and Settings\Iggy\Documenti\*.tmp files -> C:\Documents and Settings\Iggy\Documenti\*.tmp -> ]
[11 C:\Documents and Settings\All Users\Dati applicazioni\*.tmp files -> C:\Documents and Settings\All Users\Dati applicazioni\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/09 09.38.05 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/09 09.36.18 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/01/09 09.33.53 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/09 09.33.53 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1078145449-682003330-1003.job
[2011/01/09 09.33.51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/08 22.06.30 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/01/08 21.38.54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/06 12.19.06 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/01/05 23.23.01 | 000,508,156 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2011/01/05 23.23.01 | 000,459,256 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/05 23.23.01 | 000,091,988 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2011/01/05 23.23.01 | 000,076,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/05 18.05.34 | 000,199,693 | ---- | M] () -- C:\Documents and Settings\Iggy\Documenti\Desktop HP 5.01.jpg
[2011/01/05 17.31.13 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/05 17.15.58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/25 19.44.31 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1078145449-682003330-1003.job
[2010/12/24 22.47.12 | 000,000,332 | ---- | M] () -- C:\WINDOWS\ULead32.ini
[2010/12/24 22.47.12 | 000,000,052 | ---- | M] () -- C:\WINDOWS\Pex.INI
[2010/12/24 16.48.01 | 000,020,480 | ---- | M] (NT Kernel Resources) -- C:\WINDOWS\System32\drivers\ndisrd.sys
[2010/12/24 16.38.17 | 000,246,272 | ---- | M] () -- C:\Documents and Settings\Iggy\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/23 23.20.44 | 000,000,240 | ---- | M] () -- C:\WINDOWS\smrpro.INI
[2010/12/23 15.49.44 | 010,161,067 | ---- | M] () -- C:\Documents and Settings\Iggy\Desktop\Jone Cacciagli - Notte e Dì- ( Night and Day) 1943.flv
[2010/12/23 12.38.12 | 000,000,188 | ---- | M] () -- C:\WINDOWS\ae_mini.INI
[2010/12/23 10.27.41 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\Iggy\Desktop\Super Mp3 Recorder Professional.lnk
[2010/12/22 19.48.07 | 000,213,148 | ---- | M] () -- C:\Documents and Settings\Iggy\Documenti\Fattura Telecom 1-11.pdf
[2010/12/20 18.09.00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18.08.40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 09.32.06 | 000,000,239 | ---- | M] () -- C:\Documents and Settings\Iggy\default.pls
[2010/12/19 09.32.06 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/18 23.30.48 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Iggy\Desktop\mobmeter.exe.lnk
[2010/12/18 19.23.15 | 000,045,529 | ---- | M] () -- C:\Documents and Settings\Iggy\Documenti\Agenda.doc
[2010/12/17 12.45.55 | 000,096,917 | ---- | M] () -- C:\Documents and Settings\Iggy\Documenti\Hotel Jolly Ambasciatori TO.jpg
[2010/12/12 17.12.06 | 000,063,698 | ---- | M] () -- C:\Documents and Settings\Iggy\Documenti\Casa Elena 4 Novembre 38 Vimodrone.jpg
[2010/12/12 10.45.08 | 003,538,525 | ---- | M] () -- C:\Documents and Settings\Iggy\Desktop\E' facile smettere di fumare! - Seminario Easyway (1).flv
[2010/12/11 23.42.58 | 000,272,187 | ---- | M] () -- C:\Documents and Settings\Iggy\Documenti\STP40NF10.pdf
[2010/12/11 23.06.36 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Iggy\Documenti\Bonifico.doc
[2010/12/11 18.04.18 | 020,205,809 | ---- | M] () -- C:\Documents and Settings\Iggy\Desktop\china.rm
[2010/12/11 17.58.41 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2010/12/11 17.48.57 | 000,108,410 | ---- | M] () -- C:\Documents and Settings\Iggy\Documenti\Enel ottobre-novembre 2010.pdf
[2010/12/10 11.55.43 | 000,007,183 | ---- | M] () -- C:\Documents and Settings\Iggy\Documenti\Codici Banca ed altri.doc
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Documents and Settings\Iggy\Documenti\*.tmp files -> C:\Documents and Settings\Iggy\Documenti\*.tmp -> ]
[11 C:\Documents and Settings\All Users\Dati applicazioni\*.tmp files -> C:\Documents and Settings\All Users\Dati applicazioni\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/05 18.05.34 | 000,199,693 | ---- | C] () -- C:\Documents and Settings\Iggy\Documenti\Desktop HP 5.01.jpg
[2011/01/05 17.31.13 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/05 17.01.37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/05 17.01.37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/05 17.01.37 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/05 17.01.37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/05 17.01.37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/05 16.58.33 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/12/24 22.37.15 | 000,000,080 | ---- | C] () -- C:\WINDOWS\Esplora risorse.scf
[2010/12/23 15.49.44 | 010,161,067 | ---- | C] () -- C:\Documents and Settings\Iggy\Desktop\Jone Cacciagli - Notte e Dì- ( Night and Day) 1943.flv
[2010/12/23 12.31.35 | 000,000,188 | ---- | C] () -- C:\WINDOWS\ae_mini.INI
[2010/12/23 10.28.20 | 000,000,240 | ---- | C] () -- C:\WINDOWS\smrpro.INI
[2010/12/23 10.27.41 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\Iggy\Desktop\Super Mp3 Recorder Professional.lnk
[2010/12/22 19.48.07 | 000,213,148 | ---- | C] () -- C:\Documents and Settings\Iggy\Documenti\Fattura Telecom 1-11.pdf
[2010/12/18 23.30.48 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\Iggy\Desktop\mobmeter.exe.lnk
[2010/12/17 12.45.55 | 000,096,917 | ---- | C] () -- C:\Documents and Settings\Iggy\Documenti\Hotel Jolly Ambasciatori TO.jpg
[2010/12/12 17.12.06 | 000,063,698 | ---- | C] () -- C:\Documents and Settings\Iggy\Documenti\Casa Elena 4 Novembre 38 Vimodrone.jpg
[2010/12/12 10.45.07 | 003,538,525 | ---- | C] () -- C:\Documents and Settings\Iggy\Desktop\E' facile smettere di fumare! - Seminario Easyway (1).flv
[2010/12/11 23.42.58 | 000,272,187 | ---- | C] () -- C:\Documents and Settings\Iggy\Documenti\STP40NF10.pdf
[2010/12/11 23.06.36 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Iggy\Documenti\Bonifico.doc
[2010/12/11 18.04.18 | 020,205,809 | ---- | C] () -- C:\Documents and Settings\Iggy\Desktop\china.rm
[2010/12/11 17.48.57 | 000,108,410 | ---- | C] () -- C:\Documents and Settings\Iggy\Documenti\Enel ottobre-novembre 2010.pdf
[2010/08/09 14.34.58 | 005,710,010 | ---- | C] () -- C:\Programmi\Untitled_1.flv
[2010/07/17 11.22.43 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\0kO712W4.dat
[2010/06/25 18.03.12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/04/14 08.48.32 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\Delphimm.dll
[2010/01/28 11.33.57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Iggy\Impostazioni locali\Dati applicazioni\FnF4.txt
[2009/12/13 22.27.53 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\WlanApp.dll
[2009/12/13 22.27.53 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009/08/01 07.54.38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER300Euro.ini
[2009/07/29 18.56.57 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2009/07/29 18.55.30 | 000,000,332 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2009/07/29 15.11.10 | 000,128,000 | ---- | C] () -- C:\Programmi\UNWISE.EXE
[2009/07/29 10.39.34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/28 23.09.22 | 008,101,888 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\sandra.mda
[2009/07/26 19.17.01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Iggy\Impostazioni locali\Dati applicazioni\QSwitch.txt
[2009/07/26 19.17.01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Iggy\Impostazioni locali\Dati applicazioni\DSwitch.txt
[2009/07/26 19.17.01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Iggy\Impostazioni locali\Dati applicazioni\AtStart.txt
[2009/07/26 16.02.26 | 000,000,526 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/26 12.34.18 | 000,246,272 | ---- | C] () -- C:\Documents and Settings\Iggy\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/26 11.59.45 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2009/07/26 11.54.15 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4873.dll
[2009/07/26 11.54.14 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2009/07/26 11.54.14 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2009/07/26 11.10.08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/14 16.59.44 | 000,101,167 | ---- | C] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys
[2007/06/08 08.05.38 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll
[2006/05/12 12.23.22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/05/12 10.09.38 | 000,579,602 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006/05/07 19.26.58 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2006/05/07 19.24.54 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2006/05/07 19.24.42 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2006/05/07 19.24.30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2006/05/07 19.24.16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2006/05/07 19.24.04 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2006/05/07 19.23.46 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2006/05/07 19.23.42 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2006/04/18 23.30.56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/12/30 21.18.26 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/12/30 21.10.30 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/11/29 21.14.42 | 002,675,712 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2005/11/29 21.11.30 | 000,371,200 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2005/11/29 21.10.46 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2005/11/29 21.10.10 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2005/11/29 21.10.06 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2005/11/29 21.09.54 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2005/11/29 21.09.50 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2005/11/29 21.09.30 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2005/11/29 21.09.24 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2005/11/29 21.09.14 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2005/11/29 21.09.06 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2005/11/29 21.09.04 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2005/11/29 21.09.00 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2005/11/29 21.09.00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2004/08/19 14.39.30 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\ms.dll
[2004/08/19 14.39.14 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 10.36.38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/04/01 10.49.16 | 000,005,360 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/17 23.18.30 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2001/11/14 12.56.00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998/05/07 02.10.00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== LOP Check ==========

[2010/07/30 18.58.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software
[2009/10/10 11.59.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\BVRP Software
[2009/07/26 12.08.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Infineon
[2009/07/30 17.14.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Pegasys Inc
[2009/09/09 23.22.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Socusoft
[2009/09/09 23.22.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
[2009/08/01 07.57.49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\UDL
[2009/08/12 11.31.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/07/26 23.08.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Amvyqu
[2010/10/12 15.22.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\download
[2009/07/27 18.37.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\FreshDiagnose
[2010/12/17 12.30.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Hide IP NG
[2010/09/19 08.03.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Ilxyse
[2009/07/26 12.08.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Infineon
[2009/07/30 17.15.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\LEAPS
[2009/10/10 11.55.39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\LG Electronics
[2010/09/17 21.20.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Liobw
[2010/07/30 19.49.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Nowan
[2010/12/08 17.07.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Orbit
[2010/11/25 22.34.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Ovuqwy
[2009/07/30 17.50.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Pegasys Inc
[2010/12/08 17.03.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\ProgSense
[2010/10/08 23.14.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Quewyc
[2010/08/30 11.47.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Tema
[2011/01/03 17.46.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\tfrwuvfjyhllnngdyue2jxnqoggqjlz2
[2010/11/25 18.31.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Ukma
[2010/07/03 19.07.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Uniblue
[2010/10/07 23.00.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Vaiwuh
[2010/02/20 23.28.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\VSO
[2010/12/22 22.33.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Vuiwg
[2010/12/23 09.16.39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Ybto
[2010/08/27 23.30.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Zamano

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: CSRSS.EXE >
[2004/08/19 14.39.36 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=2B511A5438308A1AC8D48482279810E6 -- C:\Documents and Settings\Iggy\Dati applicazioni\tfrwuvfjyhllnngdyue2jxnqoggqjlz2\csrss.exe
[2004/08/19 14.39.36 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=2B511A5438308A1AC8D48482279810E6 -- C:\WINDOWS\system32\csrss.exe
[2004/08/19 14.39.36 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=2B511A5438308A1AC8D48482279810E6 -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: EXPLORER.EXE >
[2004/08/19 09.00.00 | 001,034,752 | ---- | M] (Microsoft Corporation) MD5=99E565820F997CA518557FCABC79EF47 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2004/08/19 14.39.46 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=73955B04F209D8A1C633867841267A96 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004/08/19 14.39.46 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=73955B04F209D8A1C633867841267A96 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004/08/19 14.39.46 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=73955B04F209D8A1C633867841267A96 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: WINLOGON.EXE >
[2004/08/19 14.39.46 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=ECD9912DB223499932E444E13CD0991C -- C:\WINDOWS\system32\winlogon.exe

< c:\system volume information|_REGISTRY_MACHINE_SYSTEM;true;true;true /FP >
[2011/01/05 17.01.33 | 007,520,256 | ---- | M] () -- c:\System Volume Information\_restore{187DBEC2-1C28-4DBE-BCCC-4456A43FA671}\RP1\snapshot\_REGISTRY_MACHINE_SYSTEM
[2011/01/08 21.42.20 | 007,524,352 | ---- | M] () -- c:\System Volume Information\_restore{187DBEC2-1C28-4DBE-BCCC-4456A43FA671}\RP2\snapshot\_REGISTRY_MACHINE_SYSTEM
[2011/01/08 21.47.06 | 007,524,352 | ---- | M] () -- c:\System Volume Information\_restore{187DBEC2-1C28-4DBE-BCCC-4456A43FA671}\RP3\snapshot\_REGISTRY_MACHINE_SYSTEM

< c:\system volume information|_REGISTRY_MACHINE_SOFTWARE;true;true;true /FP >
[2011/01/05 17.01.32 | 027,865,088 | ---- | M] () -- c:\System Volume Information\_restore{187DBEC2-1C28-4DBE-BCCC-4456A43FA671}\RP1\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/08 21.42.19 | 027,865,088 | ---- | M] () -- c:\System Volume Information\_restore{187DBEC2-1C28-4DBE-BCCC-4456A43FA671}\RP2\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/08 21.47.06 | 027,865,088 | ---- | M] () -- c:\System Volume Information\_restore{187DBEC2-1C28-4DBE-BCCC-4456A43FA671}\RP3\snapshot\_REGISTRY_MACHINE_SOFTWARE

< >

========== Files - Unicode (All) ==========
[2010/12/25 10.30.08 | 000,470,366 | ---- | M] ()(C:\Documents and Settings\Iggy\Desktop\?????????.mp3) -- C:\Documents and Settings\Iggy\Desktop\предатель.mp3
[2010/12/25 10.27.10 | 000,470,366 | ---- | C] ()(C:\Documents and Settings\Iggy\Desktop\?????????.mp3) -- C:\Documents and Settings\Iggy\Desktop\предатель.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\Iggy\Desktop\Io.jpg:VsoSummaryInformation

< End of report >




OTL Extras logfile created on: 09/01/2011 9.41.08 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Iggy\Desktop\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 53,71 Gb Total Space | 1,77 Gb Free Space | 3,29% Space Free | Partition Type: NTFS
Drive D: | 95,33 Gb Total Space | 0,50 Gb Free Space | 0,53% Space Free | Partition Type: NTFS
Drive F: | 3,73 Gb Total Space | 2,47 Gb Free Space | 66,23% Space Free | Partition Type: FAT32

Computer Name: IGGY10 | User Name: Iggy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"7401:TCP" = 7401:TCP:*:Enabled:ctsmuat

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmi\eMule\emule.exe" = C:\Programmi\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Programmi\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1\RpcAgentSrv.exe" = C:\Programmi\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Programmi\iTunes\iTunes.exe" = C:\Programmi\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programmi\FlashGet\FlashGet.exe" = C:\Programmi\FlashGet\FlashGet.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Programmi\Motorola\RSD Lite\SDL.exe" = C:\Programmi\Motorola\RSD Lite\SDL.exe:*:Enabled:SDL -- (Motorola)
"C:\Programmi\Motorola\Software Update\msu.exe" = C:\Programmi\Motorola\Software Update\msu.exe:*:Enabled:msu -- (Motorola)
"C:\Programmi\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1\WNt500x86\RpcSandraSrv.exe" = C:\Programmi\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Programmi\Port Forwarding Wizard\bin\Port Forwarding Wizard.exe" = C:\Programmi\Port Forwarding Wizard\bin\Port Forwarding Wizard.exe:*:Enabled:Port Forwarding Wizard -- (upRedSun)
"C:\Programmi\QuickTime\QuickTimePlayer.exe" = C:\Programmi\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Programmi\Real\RealPlayer\realplay.exe" = C:\Programmi\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Documents and Settings\Iggy\Dati applicazioni\tfrwuvfjyhllnngdyue2jxnqoggqjlz2\csrss.exe" = C:\Documents and Settings\Iggy\Dati applicazioni\tfrwuvfjyhllnngdyue2jxnqoggqjlz2\csrss.exe:*:Enabled:ldrsoft -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B59B9F-C360-11D7-875B-0090CC005647}" = PIF DESIGNER2.1
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{24B3DF86-75B9-4DBD-AC39-C0C041583E6F}" = HP PCMCIA Smart Card Reader
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{2870C757-99AF-4E59-A853-1E274C5E67E4}" = Embedded Security for HP ProtectTools
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus XtremeG DWL-G122
"{2DA701B1-5597-44BA-BA96-ED6A737CCA57}" = Playlist Management
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.8.2
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{429E92A4-159F-4AEC-85A1-D693E1E4274D}" = HP 3D DriveGuard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5C9440EC-5BAD-435F-8DE4-2B7A11C7B43E}" = TMPGEnc MPEG Editor
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{720DCEC1-BD81-4AC8-ADE5-D408EC730E38}" = RSDLite
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77A1AE2C-C17A-405C-91C0-8FB90144D7C3}" = MotoConnect
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84310138-0535-441C-86D5-89396869F65D}" = Drive Encryption for HP ProtectTools
"{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{930D4C7E-A794-4C15-84FB-A4D51D81E752}" = Motorola Phone Tools
"{9A6F0720-739C-408B-966F-93091631A918}" =
"{A0673E9E-4510-4AA0-B860-58FD5A7212A1}" = Motorola Driver Installation 4.5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0CBF76-BD8E-48C0-AE32-31684A629836}" = HP Broadband Wireless Modules
"{AA4D4EE3-0195-49F6-B0BF-C2789FD9C582}_is1" = TubeMaster++ versione 2.0
"{AB212B59-FF45-4C18-B369-F630CB268DAF}" = TMPGEnc 4.0 XPress
"{AC76BA86-7AD7-1040-7B44-A94000000001}" = Adobe Reader 9.4.1 - Italiano
"{B24F3E2E-1B87-49EF-9317-5BAE1286ECA1}" = BIOS Configuration for HP ProtectTools
"{B83245C1-AB8A-40C1-91C0-CEDBDB84255D}" = LG PhoneManager
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BBAAACFA-B012-4367-ADDA-4DDCDFD48F96}" = Norton Ghost
"{BBCD4B06-8B96-48E9-869D-8DE8FBDB6B19}" = Motorola Software Update
"{C15F7F16-941E-414B-A676-40190CD621D5}" = Credential Manager for HP ProtectTools
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Professional Business 2009.SP1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom NetXtreme Ethernet Controller
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F5F5ABB8-87EA-47A7-8CC6-E68AFC2D3BC0}" = TMPGEnc Sound Player
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"ACDSee 32" = ACDSee 32
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Antioch" = Antioch
"Audacity_is1" = Audacity 1.2.6
"AutocompletePro3_is1" = AutocompletePro
"avast5" = avast! Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"BobCal_is1" = BobCal ver. 2.0
"Boilsoft ASF Converter_is1" = Boilsoft ASF Converter 2.68
"Broadcom 802.11b Network Adapter" = Scheda LAN wireless Broadcom 802.11
"CCleaner" = CCleaner
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DVD Shrink_is1" = DVD Shrink 3.1.7
"DVDInfoPro" = DVDInfoPro
"eMule" = eMule
"EPSON Printer and Utilities" = Software per stampante EPSON
"FlashGet" = FlashGet 1.9.6.1073
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"InCD!UninstallKey" = InCD
"JRE 1.3.1_01" = Java 2 Runtime Environment Standard Edition v1.3.1_01
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"MWSnap 3" = MWSnap 3
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = Nero Digital
"NMPUninstallKey" = Nero Media Player
"Pinnacle MPEG Realtime Codec" = Pinnacle MPEG Realtime Codec
"Port Forwarding Wizard_is1" = Port Forwarding Wizard 4.0
"RealPlayer 12.0" = RealPlayer
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"Riva FLV Player_is1" = Riva FLV Player
"SpyBotSnD" = SpyBot - Search & Destroy 1.1
"Super Mp3 Recorder Professional_is1" = Super Mp3 Recorder Professional v6.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR gestione archivi

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 30/07/2010 12.56.38 | Computer Name = IGGY9 | Source = avast! | ID = 33554522
Description =

Error - 30/07/2010 13.27.23 | Computer Name = IGGY9 | Source = avast! | ID = 33554522
Description =

Error - 30/07/2010 13.31.40 | Computer Name = IGGY9 | Source = avast! | ID = 33554522
Description =

Error - 30/07/2010 13.34.06 | Computer Name = IGGY9 | Source = avast! | ID = 33554522
Description =

Error - 30/07/2010 13.34.37 | Computer Name = IGGY9 | Source = avast! | ID = 33554522
Description =

Error - 30/07/2010 13.36.51 | Computer Name = IGGY9 | Source = avast! | ID = 33554522
Description =

Error - 30/07/2010 13.37.54 | Computer Name = IGGY9 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 05/01/2011 12.57.11 | Computer Name = IGGY10 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 05/01/2011 14.08.06 | Computer Name = IGGY10 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 05/01/2011 18.18.55 | Computer Name = IGGY10 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 06/01/2011 7.09.46 | Computer Name = IGGY10 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 06/01/2011 7.23.50 | Computer Name = IGGY10 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 07/01/2011 14.40.48 | Computer Name = IGGY10 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 07/01/2011 14.52.30 | Computer Name = IGGY10 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 08/01/2011 16.41.11 | Computer Name = IGGY10 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 08/01/2011 17.04.07 | Computer Name = IGGY10 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 09/01/2011 4.36.09 | Computer Name = IGGY10 | Source = JavaQuickStarterService | ID = 1
Description =

[ Application Events ]
Error - 05/01/2011 12.57.11 | Computer Name = IGGY10 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 05/01/2011 14.08.06 | Computer Name = IGGY10 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 05/01/2011 18.18.55 | Computer Name = IGGY10 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 06/01/2011 7.09.46 | Computer Name = IGGY10 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 06/01/2011 7.23.50 | Computer Name = IGGY10 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 07/01/2011 14.40.48 | Computer Name = IGGY10 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 07/01/2011 14.52.30 | Computer Name = IGGY10 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 08/01/2011 16.41.11 | Computer Name = IGGY10 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 08/01/2011 17.04.07 | Computer Name = IGGY10 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 09/01/2011 4.36.09 | Computer Name = IGGY10 | Source = JavaQuickStarterService | ID = 1
Description =

[ System Events ]
Error - 08/01/2011 16.41.09 | Computer Name = IGGY10 | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio BITS con gli argomenti "" per eseguire il server {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 08/01/2011 16.41.20 | Computer Name = IGGY10 | Source = Service Control Manager | ID = 7003
Description = Il servizio Client DHCP dipende dal servizio Tcpip che non esiste.

Error - 08/01/2011 16.41.20 | Computer Name = IGGY10 | Source = Service Control Manager | ID = 7003
Description = Il servizio Client DNS dipende dal servizio Tcpip che non esiste.

Error - 08/01/2011 16.41.20 | Computer Name = IGGY10 | Source = Service Control Manager | ID = 7003
Description = Il servizio Apple Mobile Device dipende dal servizio Tcpip che non
esiste.

Error - 08/01/2011 16.41.20 | Computer Name = IGGY10 | Source = Service Control Manager | ID = 7003
Description = Il servizio Bonjour Service dipende dal servizio Tcpip che non esiste.

Error - 08/01/2011 16.41.20 | Computer Name = IGGY10 | Source = Service Control Manager | ID = 7023
Description = Servizio Image Driver terminato con l'errore: %%126

Error - 08/01/2011 16.41.20 | Computer Name = IGGY10 | Source = Service Control Manager | ID = 7003
Description = Il servizio Servizi IPSEC dipende dal servizio Tcpip che non esiste.

Error - 08/01/2011 16.41.20 | Computer Name = IGGY10 | Source = Service Control Manager | ID = 7023
Description = Servizio stoggmj terminato con l'errore: %%126

Error - 08/01/2011 16.41.20 | Computer Name = IGGY10 | Source = Service Control Manager | ID = 7026
Description = All'avvio non è stato possibile caricare i seguenti driver: SASKUTIL

Error - 08/01/2011 16.41.20 | Computer Name = IGGY10 | Source = Service Control Manager | ID = 7023
Description = Servizio Windows Firewall / Condivisione connessione Internet (ICS)
terminato con l'errore: %%2


< End of report >



Hope this will help you and me.
Thank you,
Iggy
  • 0

#4
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi iggyboy,

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Jotti

Please visit Jotti
Copy/paste the the following file path into the window

C:\windows\explorer.exe
C:\Windows\system32\winlogon.exe


Click Submit/Send File
Please post back, to let me know the results.
  • 0

#5
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
And please post the Combofix log (since you just ran it recently). It can be found at c:\combofix.txt :D

Edited by Salagubang, 09 January 2011 - 03:57 AM.

  • 0

#6
iggyboy

iggyboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Can't go to Jotti with the infected notebook because I cannot access to Internet (you have seen that TCPIP is not present).For Combo OK. Thanks
  • 0

#7
iggyboy

iggyboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Here is the Combofix log

ComboFix 11-01-02.03 - Iggy 05/01/2011 17.04.37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2039.1607 [GMT 1:00]
Eseguito da: F:\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Documenti\Settings
c:\documents and settings\All Users\Documenti\Settings\cbss.dll
c:\documents and settings\Iggy\Dati applicazioni\Bitrix Security
c:\documents and settings\Iggy\Dati applicazioni\Bitrix Security\falqlt4_shrd
c:\documents and settings\Iggy\Dati applicazioni\download2
c:\documents and settings\Iggy\Dati applicazioni\Ephy
c:\documents and settings\Iggy\Dati applicazioni\Ephy\oxyb.tmp
c:\documents and settings\Iggy\Dati applicazioni\Ephy\oxyb.vuu
c:\documents and settings\Iggy\Dati applicazioni\Ovuqwy\heebl.exe
c:\documents and settings\Iggy\Dati applicazioni\Vuiwg\qilo.exe
c:\documents and settings\Iggy\Dati applicazioni\wiaservg.log
c:\documents and settings\Iggy\Dati applicazioni\Zamano\azukh.exe
c:\documents and settings\Iggy\secupdat.dat
c:\documents and settings\NetworkService\Dati applicazioni\Bitrix Security
c:\documents and settings\NetworkService\Dati applicazioni\Bitrix Security\falqlt4_shrd
c:\documents and settings\NetworkService\Dati applicazioni\Bitrix Security\qnf.txt
c:\documents and settings\NetworkService\Dati applicazioni\Bitrix Security\vhrqg
C:\khq
c:\programmi\INSTALL.LOG
c:\windows\system32\drivers\srenum.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\msrun.exe
c:\windows\system32\secupdat.dat

c:\windows\regedit.exe . . . è infetto!!

c:\windows\explorer.exe . . . è infetto!!

c:\windows\system32\winlogon.exe . . . è infetto!!

c:\windows\system32\grpconv.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Creati Da 2010-12-05 al 2011-01-05 )))))))))))))))))))))))))))))))))))
.

2011-01-05 15:58 . 2011-01-05 15:58 -------- d-----w- c:\programmi\CCleaner
2011-01-04 22:07 . 2004-08-19 08:00 1034752 ----a-w- c:\windows\explorer.exe
2011-01-03 18:10 . 2011-01-03 18:10 -------- d-----w- C:\Venus11
2011-01-01 18:26 . 2011-01-01 18:26 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-27 15:29 . 2010-12-27 15:29 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Identities
2010-12-27 11:06 . 2010-12-27 11:06 -------- d-----w- C:\sh4ldr
2010-12-27 11:06 . 2010-12-27 11:06 -------- d-----w- c:\programmi\Enigma Software Group
2010-12-25 19:45 . 2010-12-25 19:45 110080 ----a-r- c:\documents and settings\Iggy\Dati applicazioni\Microsoft\Installer\{3636C923-7AD6-4DE3-978A-09609AEE8ECF}\IconF7A21AF7.exe
2010-12-25 19:45 . 2010-12-25 19:45 110080 ----a-r- c:\documents and settings\Iggy\Dati applicazioni\Microsoft\Installer\{3636C923-7AD6-4DE3-978A-09609AEE8ECF}\IconD7F16134.exe
2010-12-25 17:41 . 2010-12-25 22:37 -------- d-----w- c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP
2010-12-25 16:47 . 2010-12-25 19:44 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2010-12-25 16:47 . 2010-12-25 17:38 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-12-24 15:48 . 2010-12-24 15:48 20480 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2010-12-24 15:44 . 2011-01-03 16:46 -------- d-----w- c:\documents and settings\Iggy\Dati applicazioni\tfrwuvfjyhllnngdyue2jxnqoggqjlz2
2010-12-23 09:27 . 2010-12-23 09:27 -------- d-----w- c:\programmi\Admiresoft
2010-12-22 18:50 . 2010-12-22 18:51 -------- d-----w- C:\Bilan11
2010-12-17 11:29 . 2010-12-17 11:30 -------- d-----w- c:\programmi\Hide IP NG
2010-12-09 14:52 . 2010-12-09 14:57 -------- d-----w- c:\programmi\WinPcap
2010-12-09 14:37 . 2010-12-09 14:37 -------- d-----w- c:\programmi\Riva
2010-12-09 09:36 . 2010-12-09 14:52 -------- d-----w- c:\programmi\AutocompletePro
2010-12-09 09:34 . 2010-12-13 17:50 -------- d-----w- c:\programmi\TubeMaster++
2010-12-08 16:03 . 2010-12-08 16:03 -------- d-----w- c:\documents and settings\Iggy\Dati applicazioni\ProgSense
2010-12-08 16:03 . 2010-12-08 16:07 -------- d-----w- c:\documents and settings\Iggy\Dati applicazioni\Orbit
2010-12-08 15:36 . 2010-12-08 15:36 73728 ----a-w- c:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-05 15:20 . 2009-07-26 10:49 1391104 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2010-12-08 15:36 . 2010-05-04 09:45 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-17 16:20 . 2010-10-17 16:20 40960 ----a-r- c:\documents and settings\Iggy\Dati applicazioni\Microsoft\Installer\{2DA701B1-5597-44BA-BA96-ED6A737CCA57}\NewShortcut1_9873BD74E565483399E18668472BEA7F.exe
2010-10-11 22:00 . 2010-10-11 22:00 138 ----a-w- c:\documents and settings\Iggy\Dati applicazioni\dsfsds.bat
1998-02-10 16:34 . 2009-07-29 14:11 128000 ----a-w- c:\programmi\UNWISE.EXE
.
<pre>
c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\programmi\Ahead\InCD\InCD .exe
c:\programmi\Ahead\Nero BackItUp\NBJ                                                                                                                                                                                                                           .exe
c:\programmi\Analog Devices\Core\smax4pnp .exe
c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2 .exe
c:\programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG .exe
c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM .exe
c:\programmi\File comuni\Java\Java Update\jusched .exe
c:\programmi\File comuni\Real\Update_OB\realsched .exe
c:\programmi\iTunes\iTunesHelper .exe
c:\programmi\QuickTime\qttask                                                                                                                                                                                                                               .exe
c:\programmi\Skype\Phone\Skype .exe
c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware .exe
c:\programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp .exe
c:\programmi\Synaptics\SynTP\SynTPEnh .exe
</pre>

------- Sigcheck -------

[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2004-08-19 . ECD9912DB223499932E444E13CD0991C . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2004-08-19 . 99E565820F997CA518557FCABC79EF47 . 1034752 . . [6.00.2900.2180] . . c:\windows\explorer.exe

c:\windows\System32\drivers\tcpip.sys ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ .exe" [2005-09-16 1961984]
"{DB2E07C2-51F0-4EAB-9030-C65C9C99B3CC}"="c:\documents and settings\Iggy\Dati applicazioni\Ovuqwy\heebl.exe" [N/A]
"{A54B111A-CADA-3D91-FB37-77E739936ABC}"="c:\documents and settings\Iggy\Dati applicazioni\Vuiwg\qilo.exe" [N/A]
"{4CED7A26-C94F-1428-ABC4-920C22C005B3}"="c:\documents and settings\Iggy\Dati applicazioni\Zamano\azukh.exe" [N/A]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"userini"="c:\windows\explorer.exe:userini.exe" [N/A]
"TkBellExe"="c:\programmi\real\realplayer\update\realsched.exe" [2010-11-18 274608]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [N/A]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QlbCtrl.exe"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"PTHOSTTR"="c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-09 150040]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"mumservice"="c:\program files\Motorola\Software Update\mumservice.exe" [N/A]
"InCD"="c:\programmi\Ahead\InCD\InCD.exe" [N/A]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-09 150040]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-07-24 677144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-09 178712]
"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE" [2003-09-11 99840]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"SpyStopper"="d:\files programmi\spystopper.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"userini"="c:\windows\explorer.exe:userini.exe" [N/A]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2006-5-12 581693]
LG SyncManager.lnk - c:\h7??\LGSyncManager.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 07:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-03-14 04:03 74752 ----a-r- c:\programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2010-09-07 15:12 2838912 ----a-w- c:\progra~1\ALWILS~1\Avast5\AvastUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ydgjf"=2 (0x2)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"SWIHPWMI"=2 (0x2)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"SpyHunter 4 Service"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=2 (0x2)
"SandraAgentSrv"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"rpcapd"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"PersonalSecureDriveService"=2 (0x2)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"MotoConnect Service"=2 (0x2)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"InCDsrv"=2 (0x2)
"ImapiService"=3 (0x3)
"IFXTCS"=2 (0x2)
"IFXSpMgtSrv"=2 (0x2)
"HTTPFilter"=3 (0x3)
"hpqwmiex"=2 (0x2)
"HpFkCryptService"=2 (0x2)
"helpsvc"=2 (0x2)
"gusvc"=2 (0x2)
"gupdate1ca0e044ffa000"=2 (0x2)
"goxcqg"=2 (0x2)
"GhostStartService"=2 (0x2)
"FLCDLOCK"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"Com4QLBEx"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"btwdins"=2 (0x2)
"Browser"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"ASChannel"=2 (0x2)
"ASBroker"=2 (0x2)
"AppMgmt"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"ANIWZCSdService"=2 (0x2)
"ALG"=3 (0x3)
"AgereModemAudio"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP1\\RpcAgentSrv.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\FlashGet\\FlashGet.exe"=
"c:\\Programmi\\Motorola\\RSD Lite\\SDL.exe"=
"c:\\Programmi\\Motorola\\Software Update\\msu.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP1\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Programmi\\Port Forwarding Wizard\\bin\\Port Forwarding Wizard.exe"=
"c:\\Programmi\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Iggy\\Dati applicazioni\\tfrwuvfjyhllnngdyue2jxnqoggqjlz2\\csrss.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7401:TCP"= 7401:TCP:ctsmuat

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [14/08/2007 16.59.44 101167]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [09/10/2006 12.31.46 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [14/06/2007 15.22.58 13184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30/07/2010 18.58.41 165584]
R1 GhPciScan;GhostPciScanner;c:\programmi\Symantec\Norton Ghost 2003\GhPciScan.sys [28/05/2003 18.01.06 5632]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [24/07/2007 7.21.52 38816]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [14/08/2007 16.59.52 5840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/07/2010 18.58.41 17744]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/06/2010 18.07.14 35088]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [24/07/2007 7.21.46 41216]
S1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.sys --> c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [26/07/2009 12.08.05 30008]
S3 esgiguard;esgiguard; [x]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [26/07/2009 11.50.37 33024]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 scrswi;Sierra Wireless Smart Card Reader;c:\windows\system32\drivers\scrswi.sys [10/01/2008 15.59.56 44160]
S3 SWNC8U02;HP hs2300 MUX NDIS Driver (#02);c:\windows\system32\drivers\SWNC8U02.sys [31/01/2008 12.04.40 165248]
S3 SWUMX02;HP hs2300 USB MUX Driver (#02);c:\windows\system32\drivers\swumx02.sys [31/01/2008 12.05.34 142976]
S4 ASBroker;Operatore della sessione di accesso;c:\windows\System32\svchost.exe -k Cognizance [19/08/2004 14.39.46 14336]
S4 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe -k Cognizance [19/08/2004 14.39.46 14336]
S4 Com4QLBEx;Com4QLBEx;c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [26/07/2009 19.05.20 193840]
S4 FLCDLOCK;Controllo/blocco dispositivi HP ProtectTools;c:\windows\system32\flcdlock.exe [08/06/2007 8.06.42 172131]
S4 goxcqg;Image Driver;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S4 gupdate1ca0e044ffa000;Servizio di Google Update (gupdate1ca0e044ffa000);c:\programmi\Google\Update\GoogleUpdate.exe [26/07/2009 16.16.13 133104]
S4 HpFkCryptService;Drive Encryption Service;c:\programmi\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [06/09/2007 12.26.20 221184]
S4 MotoConnect Service;MotoConnect Service;c:\programmi\Motorola\MotoConnectService\MotoConnectService.exe [10/10/2009 11.48.16 91392]
S4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programmi\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1\RpcAgentSrv.exe [28/07/2009 23.09.19 98488]
S4 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [05/11/2010 17.53.56 327000]
S4 SWIHPWMI;SWIHPWMI;c:\programmi\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [04/12/2006 15.13.16 292384]
S4 ydgjf;stoggmj;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
goxcqg
ydgjf
.
Contenuto della cartella 'Scheduled Tasks'

2011-01-05 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-26 16:12]

2011-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-26 15:16]

2011-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-26 15:16]

2011-01-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1078145449-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]

2010-12-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1078145449-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: &Scarica con FlashGet - c:\programmi\FlashGet\jc_link.htm
IE: &Scarica tutto con FlashGet - c:\programmi\FlashGet\jc_all.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
DPF: {2C546582-48CE-4890-9C88-B2665B125E15} - hxxp://www.registrywinner.com/RWOnline.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-mnohnpxm.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-05 17:16
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\programmi\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\windows\SbHpNp.DLL
c:\windows\system32\DeviceNP.dll
c:\programmi\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\programmi\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\HPBrand.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\ItMsg.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ASChnl.dll

- - - - - - - > 'explorer.exe'(376)
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2011-01-05 17:18:40 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-01-05 16:18

Pre-Run: 206.118.912 byte disponibili
Post-Run: 1.965.826.048 byte disponibili

- - End Of File - - D87C86F6D5946C942DE9BAB4D0949ABC




Thanks again for helping!
  • 0

#8
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi iggyboy,

Step One

Insert your Windows XP disk in your CD drive
Click Start > Run and type CMD {enter}
Click in the command box and type the following, pressing enter each line:

expand e:\i386\explorer.ex_ c:\explorer.exe
expand e:\i386\winlogon.ex_ c:\winlogon.exe


Note: if your CD is not drive E:, please substitute the actual drive letter.




Step Two

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [SpyStopper] D:\Files programmi\spystopper.exe File not found
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} http://java.sun.com/...-131_01-win.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-9600-000000000000} http://download.macr...ash/swflash.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O32 - AutoRun File - [2010/07/20 10.38.59 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2010/07/20 10.38.59 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
    NetSvcs: goxcqg - C:\WINDOWS\System32\wxfcwve.dll File not found
    NetSvcs: ydgjf - C:\Programmi\Movie Maker\wxfcwve.dll File not found
    [2010/12/24 16.44.01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iggy\Dati applicazioni\tfrwuvfjyhllnngdyue2jxnqoggqjlz2
    [2010/07/17 11.22.43 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\0kO712W4.dat
    [2010/07/26 23.08.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Amvyqu
    [2010/09/19 08.03.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Ilxyse
    [2010/09/17 21.20.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Liobw
    [2010/07/30 19.49.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Nowan
    [2010/11/25 22.34.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Ovuqwy
    [2010/10/08 23.14.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Quewyc
    [2010/08/30 11.47.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Tema
    [2011/01/03 17.46.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\tfrwuvfjyhllnngdyue2jxnqoggqjlz2
    [2010/11/25 18.31.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Ukma
    [2010/10/07 23.00.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Vaiwuh
    [2010/12/22 22.33.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Vuiwg
    [2010/12/23 09.16.39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Ybto
    [2010/08/27 23.30.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Zamano
    @Alternate Data Stream - 85 bytes -> C:\Documents and Settings\Iggy\Desktop\Io.jpg:VsoSummaryInformation
    
    :Services
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "7401:TCP"=-
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Documents and Settings\Iggy\Dati applicazioni\tfrwuvfjyhllnngdyue2jxnqoggqjlz2\csrss.exe"=-
    
    :Files
    ipconfig /flush /c
    type boot.ini /c
    c:\windows\explorer.exe|c:\explorer.exe /replace
    c:\windows\system32\winlogon.exe|c:\winlogon.exe /replace
    C:\WINDOWS\system32\dllcache\explorer.exe|c:\explorer.exe /replace
    C:\WINDOWS\system32\dllcache\winlogon.exe|c:\winlogon.exe /replace
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step Three

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If a Malicious file is detected, the default action will be Cure, click on Continue
  • If a Suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Step Three

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#9
iggyboy

iggyboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
OK Salagubang,but "...Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console..." you remember that this step require an Internet connection not available at the present,beeing TCPIP missing? Or may be will be recovered at that time? I'm gonna try to follow your instructions....
  • 0

#10
iggyboy

iggyboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi| Just finished,but it'still impossible reboot by HDD,impossible connect through LAN nor WLAN and booting with USB floppy takes really a lot.I report all the logs:
1st OTL

All processes killed
Error: Unable to interpret <[resethosts] > in the current context!
Error: Unable to interpret <[emptytemp] > in the current context!
Error: Unable to interpret <[EMPTYFLASH] > in the current context!
Error: Unable to interpret <[CREATERESTOREPOINT] > in the current context!
Error: Unable to interpret <[Reboot]> in the current context!

OTL by OldTimer - Version 3.2.20.1 log created on 01092011_174714

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

2nd OTL

OTL logfile created on: 09/01/2011 17.57.51 - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = F:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 53,71 Gb Total Space | 1,76 Gb Free Space | 3,28% Space Free | Partition Type: NTFS
Drive D: | 95,33 Gb Total Space | 0,50 Gb Free Space | 0,53% Space Free | Partition Type: NTFS
Drive E: | 597,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 3,73 Gb Total Space | 2,47 Gb Free Space | 66,12% Space Free | Partition Type: FAT32

Computer Name: IGGY10 | User Name: Iggy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/09 08.57.54 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010/11/18 18.53.15 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/05 17.53.56 | 000,327,000 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programmi\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2010/02/02 17.31.56 | 000,279,296 | ---- | M] (Motorola) -- C:\Programmi\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/01/27 11.37.22 | 000,091,392 | ---- | M] () -- C:\Programmi\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2008/03/18 11.27.12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/09/06 12.26.20 | 000,221,184 | ---- | M] (SafeBoot International) -- c:\Programmi\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2007/07/24 07.22.02 | 000,185,624 | ---- | M] (Infineon Technologies AG) -- c:\Programmi\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2007/07/24 07.21.48 | 000,140,568 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IfxPsdSv.exe
PRC - [2007/03/07 05.19.00 | 000,066,048 | R--- | M] (Bioscrypt Inc.) -- c:\Programmi\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2007/01/24 13.28.58 | 000,124,928 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2007/01/19 11.49.26 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
PRC - [2007/01/09 14.52.32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programmi\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2006/12/04 15.13.16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Programmi\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
PRC - [2006/05/16 11.58.18 | 000,213,936 | ---- | M] (Macrovision Corporation) -- C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/05/12 12.33.22 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
PRC - [2006/05/12 12.27.16 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
PRC - [2004/08/19 15.39.36 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/12/05 10.25.28 | 000,798,772 | ---- | M] (AHEAD Software) -- C:\Programmi\Ahead\InCD\incdsrv.exe
PRC - [2003/09/11 04.00.00 | 000,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0F2.EXE
PRC - [2003/05/28 18.11.02 | 000,200,704 | ---- | M] (Symantec Corporation) -- C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe


========== Modules (SafeList) ==========

MOD - [2011/01/09 08.57.54 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2007/02/26 03.49.00 | 000,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll
MOD - [2004/08/19 14.37.42 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/11/05 17.53.56 | 000,327,000 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programmi\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/09/07 16.11.59 | 000,040,384 | ---- | M] (AVAST Software) [Disabled | Stopped] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 16.11.59 | 000,040,384 | ---- | M] (AVAST Software) [Disabled | Stopped] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 16.11.59 | 000,040,384 | ---- | M] (AVAST Software) [Disabled | Stopped] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/25 18.07.20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programmi\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/01/27 11.37.22 | 000,091,392 | ---- | M] () [Auto | Running] -- C:\Programmi\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/03/05 23.04.30 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/11/03 15.15.34 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programmi\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/03/18 11.27.12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/09/06 12.26.20 | 000,221,184 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Programmi\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2007/07/24 07.21.48 | 000,140,568 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2007/06/08 08.06.42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007/03/14 05.03.00 | 000,074,752 | R--- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/01/19 11.49.26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Running] -- C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006/12/04 15.13.16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto | Running] -- C:\Programmi\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI)
SRV - [2006/06/22 05.14.00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Programmi\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2006/05/12 12.27.16 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe -- (btwdins)
SRV - [2003/12/05 10.25.28 | 000,798,772 | ---- | M] (AHEAD Software) [Auto | Running] -- C:\Programmi\Ahead\InCD\incdsrv.exe -- (InCDsrv)
SRV - [2003/07/28 19.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/05/28 18.11.02 | 000,200,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ivusb.sys -- (ivusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programmi\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Iggy\IMPOST~1\Temp\catchme.sys -- (catchme)
DRV - [2011/01/05 16.20.56 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010/09/07 15.52.25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 15.52.03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 15.47.46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 15.47.19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 15.47.07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 15.46.51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/25 18.07.14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/10/27 12.02.14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2008/10/31 15.28.26 | 000,022,432 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programmi\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/09/11 09.52.48 | 006,047,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/08/28 22.34.30 | 003,632,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/04/28 14.22.10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/03/21 11.13.00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/05 12.38.22 | 000,281,600 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/01/31 12.05.34 | 000,142,976 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx02.sys -- (SWUMX02) HP hs2300 USB MUX Driver (#02)
DRV - [2008/01/31 12.04.40 | 000,165,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC8U02.sys -- (SWNC8U02) HP hs2300 MUX NDIS Driver (#02)
DRV - [2008/01/18 09.49.24 | 000,220,640 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/15 21.50.52 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2008/01/10 15.59.56 | 000,044,160 | ---- | M] (Sierra Wireless ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scrswi.sys -- (scrswi)
DRV - [2007/08/28 14.47.36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/08/14 16.59.52 | 000,005,840 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2007/08/14 16.59.44 | 000,101,167 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2007/07/24 07.21.52 | 000,038,816 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2007/07/24 07.21.46 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/07/12 15.35.02 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/06/18 16.12.04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/06/14 15.22.58 | 000,013,184 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2007/06/08 07.49.46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2006/12/15 13.44.42 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/10/19 00.23.00 | 000,033,024 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X)
DRV - [2006/10/09 12.31.46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2006/07/23 23.00.04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/07/23 23.00.04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2006/05/12 12.21.22 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/12 12.19.04 | 001,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/12 12.17.18 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/12 12.16.44 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/12 12.13.46 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/12/11 11.55.38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/01/07 16.07.18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/11/18 10.21.00 | 000,084,480 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U81xmdm.sys -- (U81xmdm)
DRV - [2004/11/18 10.21.00 | 000,077,472 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U81xmgmt.sys -- (U81xmgmt) LGE U8XXX USB WMC Device Management Drivers (WDM)
DRV - [2004/11/18 10.21.00 | 000,075,456 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U81xobex.sys -- (U81xobex)
DRV - [2004/11/18 10.21.00 | 000,052,352 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U81xbus.sys -- (U81xbus) LGE U8XXX driver (WDM)
DRV - [2004/11/18 10.21.00 | 000,006,064 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U81xmdfl.sys -- (U81xmdfl)
DRV - [2003/12/05 10.27.40 | 000,028,592 | ---- | M] (Ahead Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2003/12/05 10.27.24 | 000,089,168 | ---- | M] (Ahead Software) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
DRV - [2003/08/21 15.56.36 | 000,025,520 | ---- | M] (Ahead Software AG) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2003/05/28 18.01.06 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programmi\Symantec\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan)
DRV - [2003/05/28 17.53.46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/18 18.53.36 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/01/05 17.15.58 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programmi\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programmi\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programmi\FlashGet\getflash.dll (www.flashget.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CognizanceTS] c:\Programmi\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe File not found
O4 - HKLM..\Run: [ISUSPM] C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PTHOSTTR] c:\Programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\programmi\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [NBJ] C:\Programmi\Ahead\Nero BackItUp\NBJ .exe (Ahead Software AG)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk = C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\LG SyncManager.lnk = C:\h7??\LGSyncManager.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O8 - Extra context menu item: &Scarica con FlashGet - C:\Programmi\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Scarica tutto con FlashGet - C:\Programmi\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmi\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmi\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2C546582-48CE-4890-9C88-B2665B125E15} http://www.registryw...om/RWOnline.cab (RWOnline Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.3.1)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\APSHook.dll) - C:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\OneCard: DllName - c:\Programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - c:\Programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/26 09.19.34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/20 10.38.59 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/07/20 10.38.59 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/08/31 13.00.00 | 000,000,112 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/09 09.38.55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iggy\Desktop\OTL
[2011/01/08 21.42.20 | 000,000,000 | ---D | C] -- C:\Programmi\Pc Optimizer 360
[2011/01/07 19.42.30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/01/05 17.31.13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/05 17.31.13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes' Anti-Malware
[2011/01/05 17.31.10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/05 17.31.10 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2011/01/05 17.18.42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/01/05 17.01.37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/05 17.01.37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/05 17.01.37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/05 17.01.37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/05 17.01.19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/05 17.01.03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/05 16.58.32 | 000,000,000 | ---D | C] -- C:\Programmi\CCleaner
[2011/01/03 19.10.28 | 000,000,000 | ---D | C] -- C:\Venus11
[2010/12/27 12.06.31 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010/12/27 12.06.28 | 000,000,000 | ---D | C] -- C:\Programmi\Enigma Software Group
[2010/12/25 18.41.00 | 000,000,000 | ---D | C] -- C:\WINDOWS\3636C9237AD64DE3978A09609AEE8ECF.TMP
[2010/12/25 17.47.51 | 000,000,000 | ---D | C] -- C:\WINDOWS\41EBC322660F4D16A0DF53147210CBDB.TMP
[2010/12/25 17.47.49 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Wise Installation Wizard
[2010/12/24 16.48.01 | 000,020,480 | ---- | C] (NT Kernel Resources) -- C:\WINDOWS\System32\drivers\ndisrd.sys
[2010/12/23 10.27.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Super Mp3 Recorder Professional
[2010/12/23 10.27.40 | 000,000,000 | ---D | C] -- C:\Programmi\Admiresoft
[2010/12/22 19.50.39 | 000,000,000 | ---D | C] -- C:\Bilan11
[2010/12/17 12.29.05 | 000,000,000 | ---D | C] -- C:\Programmi\Hide IP NG
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Documents and Settings\Iggy\Documenti\*.tmp files -> C:\Documents and Settings\Iggy\Documenti\*.tmp -> ]
[11 C:\Documents and Settings\All Users\Dati applicazioni\*.tmp files -> C:\Documents and Settings\All Users\Dati applicazioni\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/09 17.54.57 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/01/09 17.52.32 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/09 17.52.32 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1078145449-682003330-1003.job
[2011/01/09 17.52.30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/09 17.45.15 | 000,508,156 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2011/01/09 17.45.15 | 000,459,256 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/09 17.45.15 | 000,091,988 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2011/01/09 17.45.15 | 000,076,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/09 17.38.05 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/08 22.06.30 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/01/08 21.38.54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/06 12.19.06 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/01/05 18.05.34 | 000,199,693 | ---- | M] () -- C:\Documents and Settings\Iggy\Documenti\Desktop HP 5.01.jpg
[2011/01/05 17.31.13 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/05 17.15.58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/25 19.44.31 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1078145449-682003330-1003.job
[2010/12/24 22.47.12 | 000,000,332 | ---- | M] () -- C:\WINDOWS\ULead32.ini
[2010/12/24 22.47.12 | 000,000,052 | ---- | M] () -- C:\WINDOWS\Pex.INI
[2010/12/24 16.48.01 | 000,020,480 | ---- | M] (NT Kernel Resources) -- C:\WINDOWS\System32\drivers\ndisrd.sys
[2010/12/24 16.38.17 | 000,246,272 | ---- | M] () -- C:\Documents and Settings\Iggy\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/23 23.20.44 | 000,000,240 | ---- | M] () -- C:\WINDOWS\smrpro.INI
[2010/12/23 15.49.44 | 010,161,067 | ---- | M] () -- C:\Documents and Settings\Iggy\Desktop\Jone Cacciagli - Notte e Dì- ( Night and Day) 1943.flv
[2010/12/23 12.38.12 | 000,000,188 | ---- | M] () -- C:\WINDOWS\ae_mini.INI
[2010/12/23 10.27.41 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\Iggy\Desktop\Super Mp3 Recorder Professional.lnk
[2010/12/22 19.48.07 | 000,213,148 | ---- | M] () -- C:\Documents and Settings\Iggy\Documenti\Fattura Telecom 1-11.pdf
[2010/12/20 18.09.00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18.08.40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 09.32.06 | 000,000,239 | ---- | M] () -- C:\Documents and Settings\Iggy\default.pls
[2010/12/19 09.32.06 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/18 23.30.48 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Iggy\Desktop\mobmeter.exe.lnk
[2010/12/18 19.23.15 | 000,045,529 | ---- | M] () -- C:\Documents and Settings\Iggy\Documenti\Agenda.doc
[2010/12/17 12.45.55 | 000,096,917 | ---- | M] () -- C:\Documents and Settings\Iggy\Documenti\Hotel Jolly Ambasciatori TO.jpg
[2010/12/12 17.12.06 | 000,063,698 | ---- | M] () -- C:\Documents and Settings\Iggy\Documenti\Casa Elena 4 Novembre 38 Vimodrone.jpg
[2010/12/12 10.45.08 | 003,538,525 | ---- | M] () -- C:\Documents and Settings\Iggy\Desktop\E' facile smettere di fumare! - Seminario Easyway (1).flv
[2010/12/11 23.42.58 | 000,272,187 | ---- | M] () -- C:\Documents and Settings\Iggy\Documenti\STP40NF10.pdf
[2010/12/11 23.06.36 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Iggy\Documenti\Bonifico.doc
[2010/12/11 18.04.18 | 020,205,809 | ---- | M] () -- C:\Documents and Settings\Iggy\Desktop\china.rm
[2010/12/11 17.58.41 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2010/12/11 17.48.57 | 000,108,410 | ---- | M] () -- C:\Documents and Settings\Iggy\Documenti\Enel ottobre-novembre 2010.pdf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Documents and Settings\Iggy\Documenti\*.tmp files -> C:\Documents and Settings\Iggy\Documenti\*.tmp -> ]
[11 C:\Documents and Settings\All Users\Dati applicazioni\*.tmp files -> C:\Documents and Settings\All Users\Dati applicazioni\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/05 18.05.34 | 000,199,693 | ---- | C] () -- C:\Documents and Settings\Iggy\Documenti\Desktop HP 5.01.jpg
[2011/01/05 17.31.13 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/05 17.01.37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/05 17.01.37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/05 17.01.37 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/05 17.01.37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/05 17.01.37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/05 16.58.33 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/12/24 22.37.15 | 000,000,080 | ---- | C] () -- C:\WINDOWS\Esplora risorse.scf
[2010/12/23 15.49.44 | 010,161,067 | ---- | C] () -- C:\Documents and Settings\Iggy\Desktop\Jone Cacciagli - Notte e Dì- ( Night and Day) 1943.flv
[2010/12/23 12.31.35 | 000,000,188 | ---- | C] () -- C:\WINDOWS\ae_mini.INI
[2010/12/23 10.28.20 | 000,000,240 | ---- | C] () -- C:\WINDOWS\smrpro.INI
[2010/12/23 10.27.41 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\Iggy\Desktop\Super Mp3 Recorder Professional.lnk
[2010/12/22 19.48.07 | 000,213,148 | ---- | C] () -- C:\Documents and Settings\Iggy\Documenti\Fattura Telecom 1-11.pdf
[2010/12/18 23.30.48 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\Iggy\Desktop\mobmeter.exe.lnk
[2010/12/17 12.45.55 | 000,096,917 | ---- | C] () -- C:\Documents and Settings\Iggy\Documenti\Hotel Jolly Ambasciatori TO.jpg
[2010/12/12 17.12.06 | 000,063,698 | ---- | C] () -- C:\Documents and Settings\Iggy\Documenti\Casa Elena 4 Novembre 38 Vimodrone.jpg
[2010/12/12 10.45.07 | 003,538,525 | ---- | C] () -- C:\Documents and Settings\Iggy\Desktop\E' facile smettere di fumare! - Seminario Easyway (1).flv
[2010/12/11 23.42.58 | 000,272,187 | ---- | C] () -- C:\Documents and Settings\Iggy\Documenti\STP40NF10.pdf
[2010/12/11 23.06.36 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Iggy\Documenti\Bonifico.doc
[2010/12/11 18.04.18 | 020,205,809 | ---- | C] () -- C:\Documents and Settings\Iggy\Desktop\china.rm
[2010/12/11 17.48.57 | 000,108,410 | ---- | C] () -- C:\Documents and Settings\Iggy\Documenti\Enel ottobre-novembre 2010.pdf
[2010/08/09 14.34.58 | 005,710,010 | ---- | C] () -- C:\Programmi\Untitled_1.flv
[2010/06/25 18.03.12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/04/14 08.48.32 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\Delphimm.dll
[2010/01/28 11.33.57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Iggy\Impostazioni locali\Dati applicazioni\FnF4.txt
[2009/12/13 22.27.53 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\WlanApp.dll
[2009/12/13 22.27.53 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009/08/01 07.54.38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER300Euro.ini
[2009/07/29 18.56.57 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2009/07/29 18.55.30 | 000,000,332 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2009/07/29 15.11.10 | 000,128,000 | ---- | C] () -- C:\Programmi\UNWISE.EXE
[2009/07/29 10.39.34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/28 23.09.22 | 008,101,888 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\sandra.mda
[2009/07/26 19.17.01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Iggy\Impostazioni locali\Dati applicazioni\QSwitch.txt
[2009/07/26 19.17.01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Iggy\Impostazioni locali\Dati applicazioni\DSwitch.txt
[2009/07/26 19.17.01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Iggy\Impostazioni locali\Dati applicazioni\AtStart.txt
[2009/07/26 16.02.26 | 000,000,526 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/26 12.34.18 | 000,246,272 | ---- | C] () -- C:\Documents and Settings\Iggy\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/26 11.59.45 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2009/07/26 11.54.15 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4873.dll
[2009/07/26 11.54.14 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2009/07/26 11.54.14 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2009/07/26 11.10.08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/14 16.59.44 | 000,101,167 | ---- | C] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys
[2007/06/08 08.05.38 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll
[2006/05/12 12.23.22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/05/12 10.09.38 | 000,579,602 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006/05/07 19.26.58 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2006/05/07 19.24.54 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2006/05/07 19.24.42 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2006/05/07 19.24.30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2006/05/07 19.24.16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2006/05/07 19.24.04 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2006/05/07 19.23.46 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2006/05/07 19.23.42 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2006/04/18 23.30.56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/12/30 21.18.26 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/12/30 21.10.30 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/11/29 21.14.42 | 002,675,712 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2005/11/29 21.11.30 | 000,371,200 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2005/11/29 21.10.46 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2005/11/29 21.10.10 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2005/11/29 21.10.06 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2005/11/29 21.09.54 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2005/11/29 21.09.50 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2005/11/29 21.09.30 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2005/11/29 21.09.24 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2005/11/29 21.09.14 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2005/11/29 21.09.06 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2005/11/29 21.09.04 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2005/11/29 21.09.00 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2005/11/29 21.09.00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2004/08/19 14.39.30 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\ms.dll
[2004/08/19 14.39.14 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 10.36.38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/04/01 10.49.16 | 000,005,360 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/17 23.18.30 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2001/11/14 12.56.00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998/05/07 02.10.00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== LOP Check ==========

[2010/07/30 18.58.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software
[2009/10/10 11.59.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\BVRP Software
[2009/07/26 12.08.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Infineon
[2009/07/30 17.14.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Pegasys Inc
[2009/09/09 23.22.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Socusoft
[2009/09/09 23.22.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
[2009/08/01 07.57.49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\UDL
[2009/08/12 11.31.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/10/12 15.22.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\download
[2009/07/27 18.37.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\FreshDiagnose
[2010/12/17 12.30.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Hide IP NG
[2009/07/26 12.08.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Infineon
[2009/07/30 17.15.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\LEAPS
[2009/10/10 11.55.39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\LG Electronics
[2010/12/08 17.07.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Orbit
[2009/07/30 17.50.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Pegasys Inc
[2010/12/08 17.03.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\ProgSense
[2010/07/03 19.07.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\Uniblue
[2010/02/20 23.28.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iggy\Dati applicazioni\VSO

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/12/25 10.30.08 | 000,470,366 | ---- | M] ()(C:\Documents and Settings\Iggy\Desktop\?????????.mp3) -- C:\Documents and Settings\Iggy\Desktop\предатель.mp3
[2010/12/25 10.27.10 | 000,470,366 | ---- | C] ()(C:\Documents and Settings\Iggy\Desktop\?????????.mp3) -- C:\Documents and Settings\Iggy\Desktop\предатель.mp3

< End of report >


TDSSkiller
2011/01/09 18:05:41.0046 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/09 18:05:41.0046 ================================================================================
2011/01/09 18:05:41.0046 SystemInfo:
2011/01/09 18:05:41.0046
2011/01/09 18:05:41.0046 OS Version: 5.1.2600 ServicePack: 2.0
2011/01/09 18:05:41.0046 Product type: Workstation
2011/01/09 18:05:41.0046 ComputerName: IGGY10
2011/01/09 18:05:41.0046 UserName: Iggy
2011/01/09 18:05:41.0046 Windows directory: C:\WINDOWS
2011/01/09 18:05:41.0046 System windows directory: C:\WINDOWS
2011/01/09 18:05:41.0046 Processor architecture: Intel x86
2011/01/09 18:05:41.0046 Number of processors: 2
2011/01/09 18:05:41.0046 Page size: 0x1000
2011/01/09 18:05:41.0046 Boot type: Normal boot
2011/01/09 18:05:41.0046 ================================================================================
2011/01/09 18:05:41.0562 Initialize success
2011/01/09 18:05:51.0859 ================================================================================
2011/01/09 18:05:51.0859 Scan started
2011/01/09 18:05:51.0859 Mode: Manual;
2011/01/09 18:05:51.0859 ================================================================================
2011/01/09 18:05:52.0421 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/01/09 18:05:52.0500 Accelerometer (558a0039f0ef634397e1f61055504478) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
2011/01/09 18:05:52.0562 ACPI (ad825cb3397c837d1fb91d566d78de04) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/09 18:05:52.0593 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/01/09 18:05:52.0656 ADIHdAudAddService (4e12c97cbfe99be15d7680918f9899ec) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/01/09 18:05:52.0703 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/01/09 18:05:52.0750 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/01/09 18:05:52.0812 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/01/09 18:05:52.0906 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/01/09 18:05:53.0078 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
2011/01/09 18:05:53.0171 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/09 18:05:53.0296 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/01/09 18:05:53.0359 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/01/09 18:05:53.0390 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/01/09 18:05:53.0421 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/01/09 18:05:53.0468 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2011/01/09 18:05:53.0484 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/01/09 18:05:53.0546 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/09 18:05:53.0593 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/09 18:05:53.0656 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/09 18:05:53.0703 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
2011/01/09 18:05:53.0765 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/09 18:05:53.0843 b57w2k (133ad3794572bce689763a8356c7ed06) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/01/09 18:05:53.0953 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/01/09 18:05:54.0031 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/09 18:05:54.0109 btaudio (3bc0afbd546162fe6ed6ccb15befad73) C:\WINDOWS\system32\drivers\btaudio.sys
2011/01/09 18:05:54.0156 BTDriver (1d25fb8b6b073e6f4fb51034f734ea2c) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/01/09 18:05:54.0234 BTKRNL (9515d10ceaf284ab1a21934e1958d4fd) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/01/09 18:05:54.0312 BTWDNDIS (66bff2643e5f6a0f80208dde1c4b653a) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/01/09 18:05:54.0343 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/01/09 18:05:54.0531 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/09 18:05:54.0578 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/09 18:05:54.0640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/09 18:05:54.0703 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/09 18:05:54.0718 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/09 18:05:54.0812 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/09 18:05:54.0875 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/09 18:05:55.0000 DAMDrv (5d5984255a4bfaa4262fb750df7cd537) C:\WINDOWS\system32\DRIVERS\DAMDrv.sys
2011/01/09 18:05:55.0031 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/09 18:05:55.0109 dmboot (6570b4c952f0d8fee4c6ef2ff5e10c08) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/09 18:05:55.0156 dmio (c57d35621782c7f40770f3e5ca20a182) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/09 18:05:55.0171 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/09 18:05:55.0234 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/09 18:05:55.0296 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/09 18:05:55.0359 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/09 18:05:55.0406 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/09 18:05:55.0421 Fips (333fbbc71bdcbb46c58a3b51b3d51184) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/09 18:05:55.0453 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/09 18:05:55.0500 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/01/09 18:05:55.0546 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/09 18:05:55.0578 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/09 18:05:55.0609 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/09 18:05:55.0703 GhPciScan (ddb5395d3c385b109b7d3ac57c9bd7a6) C:\Programmi\Symantec\Norton Ghost 2003\ghpciscan.sys
2011/01/09 18:05:55.0750 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/09 18:05:55.0796 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2011/01/09 18:05:55.0843 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/09 18:05:55.0890 HP24X (04ebefe45b300a4edee5a38dc2791291) C:\WINDOWS\system32\DRIVERS\HP24X.sys
2011/01/09 18:05:55.0937 hpdskflt (5953c0952e4dd2b25b9adef05ab0285c) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
2011/01/09 18:05:56.0000 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
2011/01/09 18:05:56.0062 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/09 18:05:56.0140 i8042prt (30e64dfa4efaacc8142ea07766181fb4) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/09 18:05:56.0406 ialm (d1359e54d9755d28e56b17a352ab8aae) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/01/09 18:05:56.0625 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/01/09 18:05:56.0687 IFXTPM (667cfdb801df771f47b7c39373c2d850) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
2011/01/09 18:05:56.0750 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/09 18:05:56.0796 InCDfs (17c9b37058f9d15f2e1452026cf786a0) C:\WINDOWS\system32\drivers\InCDfs.sys
2011/01/09 18:05:56.0828 InCDPass (ee4e7dd592a96c9737e843a80322b30b) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
2011/01/09 18:05:56.0859 InCDrec (963e6586da269fba565a9c2a7fcb7ed7) C:\WINDOWS\system32\drivers\InCDrec.sys
2011/01/09 18:05:56.0890 incdrm (c46e8cf2bf9688d5332dd14cf42acd61) C:\WINDOWS\system32\drivers\incdrm.sys
2011/01/09 18:05:57.0000 intelppm (ebc07787034bbe312020d30198a9f362) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/09 18:05:57.0031 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/01/09 18:05:57.0062 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/09 18:05:57.0093 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/09 18:05:57.0125 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/09 18:05:57.0187 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/09 18:05:57.0234 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/09 18:05:57.0296 isapnp (ea3245a8e8758d6b84de189a5caaa75e) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/09 18:05:57.0390 Kbdclass (e883ae6ea0b313e659225aa32e449ce9) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/09 18:05:57.0406 kbdhid (24f4d51e89822c349044c28be255c8a5) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/09 18:05:57.0453 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/09 18:05:57.0515 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/09 18:05:57.0625 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/09 18:05:57.0656 Modem (b30d2db351e3191bd71232036cfe711a) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/09 18:05:57.0703 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/01/09 18:05:57.0765 Mouclass (c458e314b8722253897c94a714c2e0c0) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/09 18:05:57.0781 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/09 18:05:57.0828 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/09 18:05:57.0859 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/09 18:05:57.0890 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/09 18:05:57.0968 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/09 18:05:57.0984 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/09 18:05:58.0000 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/09 18:05:58.0031 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/09 18:05:58.0062 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/09 18:05:58.0109 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/09 18:05:58.0156 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/09 18:05:58.0187 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/09 18:05:58.0218 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/09 18:05:58.0250 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/09 18:05:58.0296 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/09 18:05:58.0328 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/09 18:05:58.0343 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/09 18:05:58.0390 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/09 18:05:58.0406 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/09 18:05:58.0578 NETw5x32 (aa88346ab7849a1cb34bd3424febfece) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2011/01/09 18:05:58.0718 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/09 18:05:58.0765 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys
2011/01/09 18:05:58.0796 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/09 18:05:58.0828 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/09 18:05:58.0890 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/09 18:05:58.0937 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/09 18:05:58.0968 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/09 18:05:59.0015 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/09 18:05:59.0078 Parport (3490ead0612bfd0e7c1b864ee24e6a4a) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/09 18:05:59.0109 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/09 18:05:59.0156 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/09 18:05:59.0203 PCI (91fc1d483d900b1c0600a08b871c39d5) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/09 18:05:59.0234 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/09 18:05:59.0265 Pcmcia (28f3538a2091993a03506311a05053e8) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/01/09 18:05:59.0437 PersonalSecureDrive (f21b077b1fba7aa331fa1087078d92e8) C:\WINDOWS\System32\drivers\psd.sys
2011/01/09 18:05:59.0500 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/09 18:05:59.0515 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/09 18:05:59.0578 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/09 18:05:59.0656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/09 18:05:59.0703 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/09 18:05:59.0718 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/09 18:05:59.0734 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/09 18:05:59.0765 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/09 18:05:59.0781 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/09 18:05:59.0812 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/09 18:05:59.0859 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/09 18:05:59.0890 redbook (a8eee004a16af1d583d9de9f6de250e0) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/09 18:05:59.0968 RsvLock (f646b9d8af6aecd746af13997a29ebe4) C:\WINDOWS\system32\drivers\RsvLock.sys
2011/01/09 18:06:00.0031 RT73 (c7bcf9808e2a1b4cabe16ff7fbce5fab) C:\WINDOWS\system32\DRIVERS\Dr71WU.sys
2011/01/09 18:06:00.0093 SafeBoot (0e448c0306ba36cfd5c2388046e4ace0) C:\WINDOWS\system32\drivers\SafeBoot.sys
2011/01/09 18:06:00.0093 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\SafeBoot.sys. md5: 0e448c0306ba36cfd5c2388046e4ace0
2011/01/09 18:06:00.0109 SafeBoot - detected Locked file (1)
2011/01/09 18:06:00.0218 SANDRA (1644ad672da94378b5564fbac4c7ce28) C:\Programmi\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1\WNt500x86\Sandra.sys
2011/01/09 18:06:00.0375 SbAlg (f6367fb350f8e5d3f6dd8040e4c0e33b) C:\WINDOWS\system32\drivers\SbAlg.sys
2011/01/09 18:06:00.0406 SbFsLock (d48f49ef1cfd73d7371b96839529bc89) C:\WINDOWS\system32\drivers\SbFsLock.sys
2011/01/09 18:06:00.0468 scrswi (5d4115cf30ec35f445fed2aede4a0960) C:\WINDOWS\system32\DRIVERS\scrswi.sys
2011/01/09 18:06:00.0500 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/09 18:06:00.0562 Serial (dbab3260e7eb3398cb87267d1410fad4) C:\WINDOWS\system32\drivers\Serial.sys
2011/01/09 18:06:00.0593 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/01/09 18:06:00.0687 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/09 18:06:00.0750 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/09 18:06:00.0812 sr (896f566afc498077172eae8a50e8baf8) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/09 18:06:00.0890 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/09 18:06:00.0937 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/09 18:06:00.0968 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/09 18:06:01.0046 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/09 18:06:01.0109 SWNC8U02 (8d5abdf236531255fe093f828979e6bf) C:\WINDOWS\system32\DRIVERS\SWNC8U02.sys
2011/01/09 18:06:01.0140 SWUMX02 (4bf7c38e8268ad92a9b20ce620d7c100) C:\WINDOWS\system32\DRIVERS\swumx02.sys
2011/01/09 18:06:01.0265 SynTP (13e0d1974ce03e88c265a68325cb16de) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/01/09 18:06:01.0312 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/09 18:06:01.0375 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/09 18:06:01.0406 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/09 18:06:01.0437 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/09 18:06:01.0531 U81xbus (8452977e2331af70652c3a4c28d2706d) C:\WINDOWS\system32\DRIVERS\U81xbus.sys
2011/01/09 18:06:01.0562 U81xmdfl (e39c410fcd87570e36dcc34f6d2502b7) C:\WINDOWS\system32\DRIVERS\U81xmdfl.sys
2011/01/09 18:06:01.0609 U81xmdm (eb0bbf5d8c53f1abe7911907b276a0b6) C:\WINDOWS\system32\DRIVERS\U81xmdm.sys
2011/01/09 18:06:01.0656 U81xmgmt (f0eea020cc5986260b87cb92050af160) C:\WINDOWS\system32\DRIVERS\U81xmgmt.sys
2011/01/09 18:06:01.0671 U81xobex (aa1eb6bfd8176c25c04b803542bcd7ac) C:\WINDOWS\system32\DRIVERS\U81xobex.sys
2011/01/09 18:06:01.0718 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/09 18:06:01.0796 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/09 18:06:01.0859 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/09 18:06:01.0906 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/09 18:06:01.0968 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/09 18:06:02.0000 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/09 18:06:02.0015 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/09 18:06:02.0062 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/09 18:06:02.0125 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/09 18:06:02.0171 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/01/09 18:06:02.0203 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/01/09 18:06:02.0265 VolSnap (698869e82c57169f2140c04a272bf12b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/09 18:06:02.0312 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/09 18:06:02.0390 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/01/09 18:06:02.0484 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/09 18:06:02.0562 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/01/09 18:06:02.0625 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/09 18:06:02.0796 ================================================================================
2011/01/09 18:06:02.0796 Scan finished
2011/01/09 18:06:02.0796 ================================================================================
2011/01/09 18:06:02.0812 Detected object count: 1
2011/01/09 18:06:48.0937 Locked file(SafeBoot) - User select action: Skip




ComboFix 11-01-02.03 - Iggy 09/01/2011 18.30.20.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2039.1493 [GMT 1:00]
Eseguito da: c:\documents and settings\Iggy\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\explorer.exe

La copia infetta di c:\windows\explorer.exe è stata trovata e disinfettata
ipristinata copia da - c:\system volume information\_restore{187DBEC2-1C28-4DBE-BCCC-4456A43FA671}\RP3\A0002297.exe

c:\windows\system32\winlogon.exe . . . è infetto!!

.
((((((((((((((((((((((((( Files Creati Da 2010-12-09 al 2011-01-09 )))))))))))))))))))))))))))))))))))
.

2011-01-08 20:42 . 2011-01-08 20:42 -------- d-----w- c:\programmi\Pc Optimizer 360
2011-01-05 17:42 . 2004-08-19 08:00 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2011-01-05 17:42 . 2004-08-19 08:00 39424 ----a-w- c:\windows\system32\grpconv.exe
2011-01-05 16:31 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-05 16:31 . 2011-01-05 16:31 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-01-05 16:31 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-05 15:58 . 2011-01-08 21:06 -------- d-----w- c:\programmi\CCleaner
2011-01-04 22:07 . 2004-08-19 14:39 1034752 ----a-w- c:\windows\explorer.exe
2011-01-03 18:10 . 2011-01-03 18:10 -------- d-----w- C:\Venus11
2011-01-01 18:26 . 2011-01-01 18:26 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-27 15:29 . 2010-12-27 15:29 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Identities
2010-12-27 11:06 . 2010-12-27 11:06 -------- d-----w- C:\sh4ldr
2010-12-27 11:06 . 2010-12-27 11:06 -------- d-----w- c:\programmi\Enigma Software Group
2010-12-25 19:45 . 2010-12-25 19:45 110080 ----a-r- c:\documents and settings\Iggy\Dati applicazioni\Microsoft\Installer\{3636C923-7AD6-4DE3-978A-09609AEE8ECF}\IconF7A21AF7.exe
2010-12-25 19:45 . 2010-12-25 19:45 110080 ----a-r- c:\documents and settings\Iggy\Dati applicazioni\Microsoft\Installer\{3636C923-7AD6-4DE3-978A-09609AEE8ECF}\IconD7F16134.exe
2010-12-25 17:41 . 2010-12-25 22:37 -------- d-----w- c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP
2010-12-25 16:47 . 2010-12-25 19:44 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2010-12-25 16:47 . 2010-12-25 17:38 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-12-24 15:48 . 2010-12-24 15:48 20480 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2010-12-23 09:27 . 2010-12-23 09:27 -------- d-----w- c:\programmi\Admiresoft
2010-12-22 18:50 . 2010-12-22 18:51 -------- d-----w- C:\Bilan11
2010-12-17 11:29 . 2010-12-17 11:30 -------- d-----w- c:\programmi\Hide IP NG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-05 15:20 . 2009-07-26 10:49 1391104 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2010-12-08 15:36 . 2010-12-08 15:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-08 15:36 . 2010-05-04 09:45 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-17 16:20 . 2010-10-17 16:20 40960 ----a-r- c:\documents and settings\Iggy\Dati applicazioni\Microsoft\Installer\{2DA701B1-5597-44BA-BA96-ED6A737CCA57}\NewShortcut1_9873BD74E565483399E18668472BEA7F.exe
1998-02-10 16:34 . 2009-07-29 14:11 128000 ----a-w- c:\programmi\UNWISE.EXE
.

------- Sigcheck -------

Cryptography Services Error !!

c:\windows\System32\drivers\tcpip.sys ... è mancante !!
.
((((((((((((((((((((((((((((( [email protected]_16.16.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-09 17:25 . 2011-01-09 17:25 16384 c:\windows\temp\Perflib_Perfdata_8b0.dat
- 2001-08-31 12:00 . 2011-01-05 16:06 91988 c:\windows\system32\perfc010.dat
+ 2001-08-31 12:00 . 2011-01-09 16:45 91988 c:\windows\system32\perfc010.dat
- 2001-08-31 12:00 . 2011-01-05 16:06 76978 c:\windows\system32\perfc009.dat
+ 2001-08-31 12:00 . 2011-01-09 16:45 76978 c:\windows\system32\perfc009.dat
+ 2001-08-31 12:00 . 2011-01-09 16:45 508156 c:\windows\system32\perfh010.dat
- 2001-08-31 12:00 . 2011-01-05 16:06 508156 c:\windows\system32\perfh010.dat
- 2001-08-31 12:00 . 2011-01-05 16:06 459256 c:\windows\system32\perfh009.dat
+ 2001-08-31 12:00 . 2011-01-09 16:45 459256 c:\windows\system32\perfh009.dat
+ 2004-08-19 13:39 . 2004-08-19 08:00 151552 c:\windows\system32\dllcache\regedit.exe
+ 2004-08-19 13:39 . 2004-08-19 08:00 151552 c:\windows\regedit.exe
- 2004-08-19 13:39 . 2004-08-19 13:39 151552 c:\windows\regedit.exe
+ 2011-01-04 22:07 . 2004-08-19 14:39 1034752 c:\windows\temp\explorer.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ .exe" [2005-09-16 1961984]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-11-18 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\programmi\real\realplayer\update\realsched.exe" [2010-11-18 274608]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QlbCtrl.exe"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"PTHOSTTR"="c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-09 150040]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-09 150040]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-07-24 677144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-09 178712]
"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE" [2003-09-11 99840]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2006-5-12 581693]
LG SyncManager.lnk - c:\h7??\LGSyncManager.exe [N/A]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 07:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-03-14 04:03 74752 ----a-r- c:\programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2010-09-07 15:12 2838912 ----a-w- c:\progra~1\ALWILS~1\Avast5\AvastUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP1\\RpcAgentSrv.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\FlashGet\\FlashGet.exe"=
"c:\\Programmi\\Motorola\\RSD Lite\\SDL.exe"=
"c:\\Programmi\\Motorola\\Software Update\\msu.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP1\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Programmi\\Port Forwarding Wizard\\bin\\Port Forwarding Wizard.exe"=
"c:\\Programmi\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [x]
R2 gupdate1ca0e044ffa000;Servizio di Google Update (gupdate1ca0e044ffa000);c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-26 133104]
R2 MotoConnect Service;MotoConnect Service;c:\programmi\Motorola\MotoConnectService\MotoConnectService.exe [2010-01-27 91392]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R2 SWIHPWMI;SWIHPWMI;c:\programmi\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384]
R3 Com4QLBEx;Com4QLBEx;c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
R3 esgiguard;esgiguard; [x]
R3 FLCDLOCK;Controllo/blocco dispositivi HP ProtectTools;c:\windows\system32\flcdlock.exe [2007-06-08 172131]
R3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\DRIVERS\HP24X.sys [2006-10-18 33024]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programmi\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1\RpcAgentSrv.exe [2008-11-03 98488]
R3 scrswi;Sierra Wireless Smart Card Reader;c:\windows\system32\DRIVERS\scrswi.sys [2008-01-10 44160]
R3 SWNC8U02;HP hs2300 MUX NDIS Driver (02);c:\windows\system32\DRIVERS\SWNC8U02.sys [2008-01-31 165248]
R3 SWUMX02;HP hs2300 USB MUX Driver (02);c:\windows\system32\DRIVERS\swumx02.sys [2008-01-31 142976]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSP;aswSP; [x]
S1 GhPciScan;GhostPciScanner;c:\programmi\Symantec\Norton Ghost 2003\ghpciscan.sys [2003-05-28 5632]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-07-24 38816]
S1 RsvLock;RsvLock; [x]
S2 ASBroker;Operatore della sessione di accesso;c:\windows\System32\svchost.exe [2004-08-19 14336]
S2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe [2004-08-19 14336]
S2 aswFsBlk;aswFsBlk; [x]
S2 HpFkCryptService;Drive Encryption Service;c:\programmi\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-09-06 221184]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2007-07-24 41216]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Contenuto della cartella 'Scheduled Tasks'

2011-01-09 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-26 16:12]

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-26 15:16]

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-26 15:16]

2011-01-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1078145449-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]

2010-12-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1078145449-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: &Scarica con FlashGet - c:\programmi\FlashGet\jc_link.htm
IE: &Scarica tutto con FlashGet - c:\programmi\FlashGet\jc_all.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
DPF: {2C546582-48CE-4890-9C88-B2665B125E15} - hxxp://www.registrywinner.com/RWOnline.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-SUPERAntiSpyware - c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKLM-Run-SynTPEnh - c:\programmi\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-mumservice - c:\program files\Motorola\Software Update\mumservice.exe
HKLM-Run-InCD - c:\programmi\Ahead\InCD\InCD.exe
SafeBoot-Wdf01000.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-09 18:40
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\programmi\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\windows\SbHpNp.DLL
c:\windows\system32\DeviceNP.dll
c:\programmi\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\programmi\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\HPBrand.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\ItMsg.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ASChnl.dll

- - - - - - - > 'explorer.exe'(2920)
c:\windows\system32\APSHook.dll
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
c:\windows\System32\SCardSvr.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\agrsmsvc.exe
c:\programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
c:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\IFXTCS.exe
c:\programmi\Ahead\InCD\InCDsrv.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\IfxPsdSv.exe
c:\programmi\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\programmi\Motorola\MotoConnectService\MotoConnect.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
c:\programmi\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2011-01-09 18:41:30 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-01-09 17:41
ComboFix2.txt 2011-01-07 18:59
ComboFix3.txt 2011-01-05 17:55
ComboFix4.txt 2011-01-05 16:18

Pre-Run: 1.862.795.264 byte disponibili
Post-Run: 1.842.790.400 byte disponibili

- - End Of File - - C9143100239EF71FD41E256C1F64E21A


Combofix: it was impossible stop completely avast running in the background even if not started (yes!!!).The recovery console also not installed without connection.


See you soon,
Iggy
  • 0

Advertisements


#11
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi iggyboy,

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image


  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.
  • 0

#12
iggyboy

iggyboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
OK my friend,I did it.I am unable to completly stop avast running in background,because isn't present on the System Tray icon and iws reported as not started and not running!

ComboFix 11-01-08.05 - Iggy 09/01/2011 23.49.36.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2039.1667 [GMT 1:00]
Eseguito da: c:\documents and settings\Iggy\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Iggy\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
/wow section - STAGE 50
Impossibile trovare il percorso specificato.


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

La copia infetta di c:\windows\explorer.exe è stata trovata e disinfettata
ipristinata copia da - c:\system volume information\_restore{187DBEC2-1C28-4DBE-BCCC-4456A43FA671}\RP3\A0002297.exe

c:\windows\system32\winlogon.exe . . . è infetto!!

.
((((((((((((((((((((((((( Files Creati Da 2010-12-09 al 2011-01-09 )))))))))))))))))))))))))))))))))))
.

2011-01-08 20:42 . 2011-01-08 20:42 -------- d-----w- c:\programmi\Pc Optimizer 360
2011-01-05 17:42 . 2004-08-19 08:00 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2011-01-05 17:42 . 2004-08-19 08:00 39424 ----a-w- c:\windows\system32\grpconv.exe
2011-01-05 16:31 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-05 16:31 . 2011-01-05 16:31 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-01-05 16:31 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-05 15:58 . 2011-01-08 21:06 -------- d-----w- c:\programmi\CCleaner
2011-01-04 22:07 . 2004-08-19 14:39 1034752 ----a-w- c:\windows\explorer.exe
2011-01-03 18:10 . 2011-01-03 18:10 -------- d-----w- C:\Venus11
2011-01-01 18:26 . 2011-01-01 18:26 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-27 15:29 . 2010-12-27 15:29 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Identities
2010-12-27 11:06 . 2010-12-27 11:06 -------- d-----w- C:\sh4ldr
2010-12-27 11:06 . 2010-12-27 11:06 -------- d-----w- c:\programmi\Enigma Software Group
2010-12-25 19:45 . 2010-12-25 19:45 110080 ----a-r- c:\documents and settings\Iggy\Dati applicazioni\Microsoft\Installer\{3636C923-7AD6-4DE3-978A-09609AEE8ECF}\IconF7A21AF7.exe
2010-12-25 19:45 . 2010-12-25 19:45 110080 ----a-r- c:\documents and settings\Iggy\Dati applicazioni\Microsoft\Installer\{3636C923-7AD6-4DE3-978A-09609AEE8ECF}\IconD7F16134.exe
2010-12-25 17:41 . 2010-12-25 22:37 -------- d-----w- c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP
2010-12-25 16:47 . 2010-12-25 19:44 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2010-12-25 16:47 . 2010-12-25 17:38 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-12-24 15:48 . 2010-12-24 15:48 20480 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2010-12-23 09:27 . 2010-12-23 09:27 -------- d-----w- c:\programmi\Admiresoft
2010-12-22 18:50 . 2010-12-22 18:51 -------- d-----w- C:\Bilan11
2010-12-17 11:29 . 2010-12-17 11:30 -------- d-----w- c:\programmi\Hide IP NG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-05 15:20 . 2009-07-26 10:49 1391104 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2010-12-08 15:36 . 2010-12-08 15:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-08 15:36 . 2010-05-04 09:45 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-17 16:20 . 2010-10-17 16:20 40960 ----a-r- c:\documents and settings\Iggy\Dati applicazioni\Microsoft\Installer\{2DA701B1-5597-44BA-BA96-ED6A737CCA57}\NewShortcut1_9873BD74E565483399E18668472BEA7F.exe
1998-02-10 16:34 . 2009-07-29 14:11 128000 ----a-w- c:\programmi\UNWISE.EXE
.
<pre>
c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\programmi\Ahead\InCD\InCD .exe
c:\programmi\Ahead\Nero BackItUp\NBJ                                                                                                                                                                                                                           .exe
c:\programmi\Analog Devices\Core\smax4pnp .exe
c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2 .exe
c:\programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG .exe
c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM .exe
c:\programmi\File comuni\Java\Java Update\jusched .exe
c:\programmi\File comuni\Real\Update_OB\realsched .exe
c:\programmi\iTunes\iTunesHelper .exe
c:\programmi\QuickTime\qttask                                                                                                                                                                                                                               .exe
c:\programmi\Skype\Phone\Skype .exe
c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware .exe
c:\programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp .exe
c:\programmi\Synaptics\SynTP\SynTPEnh .exe
</pre>

------- Sigcheck -------

Cryptography Services Error !!

c:\windows\System32\drivers\tcpip.sys ... è mancante !!
.
((((((((((((((((((((((((((((( [email protected]_16.16.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-09 22:48 . 2011-01-09 22:48 16384 c:\windows\temp\Perflib_Perfdata_500.dat
- 2001-08-31 12:00 . 2011-01-05 16:06 91988 c:\windows\system32\perfc010.dat
+ 2001-08-31 12:00 . 2011-01-09 16:45 91988 c:\windows\system32\perfc010.dat
- 2001-08-31 12:00 . 2011-01-05 16:06 76978 c:\windows\system32\perfc009.dat
+ 2001-08-31 12:00 . 2011-01-09 16:45 76978 c:\windows\system32\perfc009.dat
+ 2001-08-31 12:00 . 2011-01-09 16:45 508156 c:\windows\system32\perfh010.dat
- 2001-08-31 12:00 . 2011-01-05 16:06 508156 c:\windows\system32\perfh010.dat
- 2001-08-31 12:00 . 2011-01-05 16:06 459256 c:\windows\system32\perfh009.dat
+ 2001-08-31 12:00 . 2011-01-09 16:45 459256 c:\windows\system32\perfh009.dat
+ 2004-08-19 13:39 . 2004-08-19 08:00 151552 c:\windows\system32\dllcache\regedit.exe
+ 2004-08-19 13:39 . 2004-08-19 08:00 151552 c:\windows\regedit.exe
- 2004-08-19 13:39 . 2004-08-19 13:39 151552 c:\windows\regedit.exe
+ 2011-01-04 22:07 . 2004-08-19 14:39 1034752 c:\windows\temp\explorer.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ .exe" [2005-09-16 1961984]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-11-18 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\programmi\real\realplayer\update\realsched.exe" [2010-11-18 274608]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QlbCtrl.exe"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"PTHOSTTR"="c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-09 150040]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-09 150040]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-07-24 677144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-09 178712]
"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE" [2003-09-11 99840]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2006-5-12 581693]
LG SyncManager.lnk - c:\h7??\LGSyncManager.exe [N/A]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 07:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-03-14 04:03 74752 ----a-r- c:\programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2010-09-07 15:12 2838912 ----a-w- c:\progra~1\ALWILS~1\Avast5\AvastUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP1\\RpcAgentSrv.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\FlashGet\\FlashGet.exe"=
"c:\\Programmi\\Motorola\\RSD Lite\\SDL.exe"=
"c:\\Programmi\\Motorola\\Software Update\\msu.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP1\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Programmi\\Port Forwarding Wizard\\bin\\Port Forwarding Wizard.exe"=
"c:\\Programmi\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [x]
R2 SWIHPWMI;SWIHPWMI;c:\programmi\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384]
R3 Com4QLBEx;Com4QLBEx;c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
R3 esgiguard;esgiguard; [x]
R3 FLCDLOCK;Controllo/blocco dispositivi HP ProtectTools;c:\windows\system32\flcdlock.exe [2007-06-08 172131]
R3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\DRIVERS\HP24X.sys [2006-10-18 33024]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programmi\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1\RpcAgentSrv.exe [2008-11-03 98488]
R3 scrswi;Sierra Wireless Smart Card Reader;c:\windows\system32\DRIVERS\scrswi.sys [2008-01-10 44160]
R3 SWNC8U02;HP hs2300 MUX NDIS Driver (02);c:\windows\system32\DRIVERS\SWNC8U02.sys [2008-01-31 165248]
R3 SWUMX02;HP hs2300 USB MUX Driver (02);c:\windows\system32\DRIVERS\swumx02.sys [2008-01-31 142976]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSP;aswSP; [x]
S1 GhPciScan;GhostPciScanner;c:\programmi\Symantec\Norton Ghost 2003\ghpciscan.sys [2003-05-28 5632]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-07-24 38816]
S1 RsvLock;RsvLock; [x]
S2 ASBroker;Operatore della sessione di accesso;c:\windows\System32\svchost.exe [2004-08-19 14336]
S2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe [2004-08-19 14336]
S2 aswFsBlk;aswFsBlk; [x]
S2 gupdate1ca0e044ffa000;Servizio di Google Update (gupdate1ca0e044ffa000);c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-26 133104]
S2 HpFkCryptService;Drive Encryption Service;c:\programmi\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-09-06 221184]
S2 MotoConnect Service;MotoConnect Service;c:\programmi\Motorola\MotoConnectService\MotoConnectService.exe [2010-01-27 91392]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2007-07-24 41216]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Contenuto della cartella 'Scheduled Tasks'

2011-01-09 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-26 16:12]

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-26 15:16]

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-26 15:16]

2011-01-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1078145449-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]

2010-12-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1078145449-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: &Scarica con FlashGet - c:\programmi\FlashGet\jc_link.htm
IE: &Scarica tutto con FlashGet - c:\programmi\FlashGet\jc_all.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
DPF: {2C546582-48CE-4890-9C88-B2665B125E15} - hxxp://www.registrywinner.com/RWOnline.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-09 23:59
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\documents and settings\Iggy\Dati applicazioni\skypePM\2011-01-07-2.ezlog

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\programmi\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\windows\SbHpNp.DLL
c:\windows\system32\DeviceNP.dll
c:\programmi\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\programmi\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\HPBrand.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\ItMsg.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ASChnl.dll

- - - - - - - > 'explorer.exe'(3272)
c:\windows\system32\APSHook.dll
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
c:\windows\System32\SCardSvr.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\agrsmsvc.exe
c:\programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
c:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\windows\system32\IFXTCS.exe
c:\programmi\Ahead\InCD\InCDsrv.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\IfxPsdSv.exe
c:\programmi\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\programmi\Motorola\MotoConnectService\MotoConnect.exe
c:\windows\system32\wscntfy.exe
c:\programmi\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2011-01-10 00:00:42 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-01-09 23:00
ComboFix2.txt 2011-01-09 17:41
ComboFix3.txt 2011-01-07 18:59
ComboFix4.txt 2011-01-05 17:55
ComboFix5.txt 2011-01-09 22:37

Pre-Run: 1.808.863.232 byte disponibili
Post-Run: 1.792.217.088 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 275728CFA367FC44A2454E4CE21EAE97



I think you went to bed! I'm going too right now.Thank you,thank you for all!
Iggy
  • 0

#13
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi iggyboy,

Step One

We need to access the computer from Recovery Console.

1. To start the Recovery Console directly from the Windows XP CD you would do the following:
  • Insert the Windows XP cd in your computer.
  • Restart your computer so you are booting off of the CD.
  • When the Welcome to Setup screen appears, press the R button on your keyboard to start the Recovery Console.
  • The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press enter.
  • It will then prompt you for the Administrator's password. If there is no password, simply press enter. Otherwise type in the password and then press enter.
  • If you entered the correct password you will now be presented with a C:\Windows> prompt and you can start using the Recovery Console.

2. Type map and press enter.
It will give you the drive letters.
Note down the letter of you CD-ROM.
If it is a letter other than E you should replace the letter E with your CD drive letter when applying the expand command later on if the command is needed to be applied.

Type following commmands in bold, pressing Enter after each one.

expand e:\I386\tcpip.sy_ c:\windows\system32\dllcache\tcpip.sys
expand e:\I386\explorer.ex_ c:\windows\system32\dllcache\explorer.exe
expand e:\I386\winlogon.ex_ c:\windows\system32\dllcache\winlogon.exe
expand e:\I386\tcpip.sy_ c:\windows\system32\drivers\tcpip.sys
expand e:\I386\explorer.ex_ c:\windows\explorer.exe
expand e:\I386\winlogon.ex_ c:\windows\system32\winlogon.exe

(You should be notified that the file expanded with each line. Notify me incase of error messages)
fixmbr
exit
You may remove the CD and let Windows boot normally without the USB stick.

Note: Please get back to me if you encounter any errors performing the instructions above, otherwise proceed to next step.


Step Two

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

RenV::
c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\programmi\Ahead\InCD\InCD .exe
c:\programmi\Ahead\Nero BackItUp\NBJ                                                                                                                                                                                                                           .exe
c:\programmi\Analog Devices\Core\smax4pnp .exe
c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2 .exe
c:\programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG .exe
c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM .exe
c:\programmi\File comuni\Java\Java Update\jusched .exe
c:\programmi\File comuni\Real\Update_OB\realsched .exe
c:\programmi\iTunes\iTunesHelper .exe
c:\programmi\QuickTime\qttask                                                                                                                                                                                                                               .exe
c:\programmi\Skype\Phone\Skype .exe
c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware .exe
c:\programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp .exe
c:\programmi\Synaptics\SynTP\SynTPEnh .exe

File::
c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP
c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
c:\documents and settings\Iggy\Dati applicazioni\skypePM\2011-01-07-2.ezlog

Folder::

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Step Three

We'll reset the tcpip settings for your computer:

Press Start > Run and type cmd, in the command promptm type in the following:

netsh int ip reset c:\resetlog.txt

Restart computer and tell me if that solves the problem.
  • 0

#14
iggyboy

iggyboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Salagubang! sorry for the delay,but I received your messagge around midnight.So I have a big problem.Following your instructions,I can't open the Recovery Console.I tried to reinstall it with Combofix,but the program says that the R.C. is already installed.You know my booting is with USB floppy and it's quite long.I tried R in different moments,just at the first HP logo,then while floppy is working and just before the windows logo.I tried several times,but nothing happened.Please,let me know
Iggy
  • 0

#15
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi iggyboy,

You don't need to reinstall recovery console. Insert the XP installation CD and boot from CD. When the Welcome to Setup screen appears, press the R button on your keyboard to start the Recovery Console. :D

Here is a guide to enter recovery console;

1. Insert your Windows XP CD into your CD and assure that your CD-ROM drive is capable of booting the CD.
2. Once you have booted from CD, do NOT select the option that states: Press F2 to initiate the Automated System Recovery (ASR) tool.
You’re going to proceed until you see the following screen, at which point you will press the “R” key to enter the recovery console:

Posted Image

3. After you have selected the appropriate option from step two, you will be prompted to select a valid Windows installation (typically number “1?).
Select the installation number, and hit Enter.
If there is an administrator password for the administrator account, enter it and hit Enter (if asked for the password, and you don't know it, you're out of luck).
You will be greeted with this screen, which indicates a recovery console at the ready:

Posted Image

Edited by Salagubang, 11 January 2011 - 02:32 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP