Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

explorer.exe winlogon.exe bamital drooptroop

Started by edofal , Mar 29 2011 05:18 AM

  • This topic is locked This topic is locked

#16
edofal
Posted 08 April 2011 - 06:38 AM

edofal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
SystemLook 04.09.10 by jpshortstuff
Log created at 14:30 on 08/04/2011 by ute_E
(Limited User)

========== filefind ==========

Searching for "winlogon.exe"
C:\WINDOWS\system32\winlogon.exe --a---- 510464 bytes [18:31 14/08/2009] [12:00 14/04/2008] 52BAAA70657A30D538767EF9CC273F38

Searching for "explorer.exe"
C:\WINDOWS\explorer.exe --a---- 1036288 bytes [18:31 14/08/2009] [12:00 14/04/2008] 3591C072847BD7826093B6AFEFD78477

-= EOF =-
  • 0

Advertisements

#17
edofal
Posted 08 April 2011 - 06:47 AM

edofal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I have other computers with
-A) windows xp professional SP 2 italian (with disks without SP)
-B) windows xp home SP3 german

Of (A) i have the original CD (year 2002) and the SP 1, 2, 3.
Such computer i use for work and have never seen internet or strange programs. They are trusted.
  • 0

#18
Render
Posted 08 April 2011 - 06:58 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

OK. I will be back to you at around 19:30 CET with further instructions since my teacher have to approve them first.

For now please tell me if it's problem to you to download approximately 300MB large file. I would like you to download Italian SP3 and extract those two system files from there.
  • 0

#19
edofal
Posted 08 April 2011 - 07:51 AM

edofal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
i've got a very speedy internet connection; no problem to download large files.
  • 0

#20
Render
Posted 08 April 2011 - 10:22 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please carefully follow all steps below:

Step 1

  • Please download Windows XP Service Pack 3 from here to your Desktop
  • Open Notepad and copy/paste the text in the codebox below into it:

    @echo Unpacking files ...   
@echo (This window will close when it's done)
@echo off
MKdir C:\SP3
WindowsXP-KB936929-SP3-x86-ITA.exe -x: C:\SP3 /quiet
cd C:\SP3\i386
expand winlogon.ex_ C:\SP3\winlogon.exe
expand explorer.ex_ C:\SP3\explorer.exe
  • Click on File in Notepad menu bar and select Save as...
  • Next to Save as type: choose All Files
  • Next to File name: type extract.bat
  • Save this file to your Desktop
  • Double-click on extract.bat and allow it to run
  • Please wait a few minutes until Command Prompt window closes

Step 2

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::
C:\SP3\explorer.exe | C:\WINDOWS\explorer.exe
C:\SP3\explorer.exe | C:\WINDOWS\system32\dllcache\explorer.exe
C:\SP3\winlogon.exe | C:\WINDOWS\system32\winlogon.exe
C:\SP3\winlogon.exe | C:\WINDOWS\system32\dllcache\winlogon.exe


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 3

Download AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
  • On the first tab select all elements down to Computer and then select start scan
  • Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
  • Select the Manual Disinfection tab
  • Press the Gather System Information button
  • Once done Open the last report saved folder then attach the zip file to your next post zip
  • The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image

How to add an attachment to a new topic or reply

Step 4

Please download and install one of the following free antivirus programs:

When completed the above, please post back the following in the order asked for:
  • Fresh Combofix log
  • AVP Tool scan report and attached avptool_sysinfo.zip file

  • 1

#21
edofal
Posted 09 April 2011 - 05:31 AM

edofal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ComboFix 11-04-08.02 - ute_A 09/04/2011 8.54.44.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1014.379 [GMT 2:00]
Eseguito da: c:\documents and settings\ute_A\Desktop\Combo-Fix.exe
Opzioni usate :: c:\documents and settings\ute_A\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\ms.dll
.
La copia infetta di c:\windows\system32\winlogon.exe č stata trovata e disinfettata
ipristinata copia da - c:\system volume information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP2\A0001183.exe
.
La copia infetta di c:\windows\explorer.exe č stata trovata e disinfettata
ipristinata copia da - c:\system volume information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP2\A0001184.exe
.
.
--------------- FCopy ---------------
.
c:\sp3\explorer.exe --> c:\windows\explorer.exe
c:\sp3\explorer.exe --> c:\windows\system32\dllcache\explorer.exe
c:\sp3\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\sp3\winlogon.exe --> c:\windows\system32\dllcache\winlogon.exe
.
((((((((((((((((((((((((( Files Creati Da 2011-03-09 al 2011-04-09 )))))))))))))))))))))))))))))))))))
.
.
2011-04-09 06:35 . 2011-04-09 06:36 -------- d-----w- C:\SP3
2011-04-08 05:31 . 2011-04-08 06:24 -------- d-----w- C:\ResourceLeveling
2011-04-07 20:23 . 2011-04-07 21:16 -------- d-----w- C:\Combo-Fix
2011-04-06 16:51 . 2011-04-06 16:51 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2011-04-01 14:41 . 2011-04-01 15:01 -------- d-----w- C:\__New
2011-03-31 12:48 . 2011-03-31 12:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-03-31 09:29 . 2011-03-31 09:29 -------- d-sh--w- c:\documents and settings\ute_L\IECompatCache
2011-03-30 05:49 . 2011-03-30 05:49 -------- d-----w- C:\__X_Luigi
2011-03-29 07:06 . 2011-03-29 07:51 -------- d-----w- C:\_____VIRUS
2011-03-29 06:08 . 2011-03-29 06:08 -------- d-----r- c:\documents and settings\NetworkService\Preferiti
2011-03-28 10:47 . 2011-03-28 10:47 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-03-28 10:17 . 2011-03-28 10:17 -------- d-----w- c:\programmi\File comuni\Java
2011-03-28 10:17 . 2011-03-28 10:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-28 10:17 . 2011-03-28 10:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-28 10:17 . 2011-03-28 10:17 472808 ----a-w- c:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-28 10:17 . 2011-03-28 10:17 -------- d-----w- c:\programmi\Java
2011-03-27 22:14 . 2011-03-29 11:41 -------- d-----w- C:\_edo
2011-03-27 17:05 . 2011-03-28 11:07 -------- d-----w- c:\documents and settings\ute_A\Dati applicazioni\Bc
2011-03-27 16:44 . 2004-03-08 20:00 152848 ----a-w- c:\windows\system32\comdlg32.ocx
2011-03-27 16:44 . 2005-04-15 16:58 1071088 ----a-w- c:\windows\system32\mscomctl.ocx
2011-03-27 16:44 . 2004-03-08 21:00 224016 ----a-w- c:\windows\system32\tabctl32.ocx
2011-03-27 16:44 . 2004-03-08 20:00 662288 ----a-w- c:\windows\system32\mscomct2.ocx
2011-03-27 16:44 . 2004-03-08 20:00 132880 ----a-w- c:\windows\system32\msinet.ocx
2011-03-27 16:44 . 2004-02-22 21:00 119808 ----a-w- c:\windows\system32\msstdfmt.dll
2011-03-27 16:44 . 2000-04-05 16:01 90112 ----a-w- c:\windows\system32\URLLabel.ocx
2011-03-27 16:44 . 2008-05-14 07:54 1626112 ----a-w- c:\windows\system32\ChilkatMail_v7_9.dll
2011-03-27 16:44 . 2011-03-27 16:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AuctionSleuth
2011-03-27 16:44 . 2011-03-27 16:49 -------- d-----w- c:\programmi\AuctionSleuthxx
2011-03-26 11:48 . 2011-03-28 07:51 -------- d-----w- C:\__Listen
2011-03-23 08:54 . 2011-03-28 08:17 -------- d-----w- C:\_________ToBeSaved_Used
2011-03-22 12:38 . 2011-03-27 17:52 -------- d-----w- C:\___EXDOC_VIKT
2011-03-21 12:04 . 2011-03-29 07:07 -------- d-----w- C:\__Butta
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-06 09:40 . 2011-03-06 09:40 11793368 ----a-w- c:\windows\system32\xul.dll
2011-03-06 09:40 . 2011-03-06 09:40 492504 ----a-w- c:\windows\system32\sqlite3.dll
2011-03-06 09:40 . 2011-03-06 09:40 19416 ----a-w- c:\windows\system32\xpcom.dll
2011-03-06 09:40 . 2011-03-06 09:40 155648 ----a-w- c:\windows\system32\softokn3.dll
2011-03-06 09:40 . 2011-03-06 09:40 142296 ----a-w- c:\windows\system32\ssl3.dll
2011-03-06 09:40 . 2011-03-06 09:40 105432 ----a-w- c:\windows\system32\smime3.dll
2011-03-06 09:40 . 2011-03-06 09:40 98304 ----a-w- c:\windows\system32\nssdbm3.dll
2011-03-06 09:40 . 2011-03-06 09:40 89048 ----a-w- c:\windows\system32\nssutil3.dll
2011-03-06 09:40 . 2011-03-06 09:40 719832 ----a-w- c:\windows\system32\mozcrt19.dll
2011-03-06 09:40 . 2011-03-06 09:40 646104 ----a-w- c:\windows\system32\nss3.dll
2011-03-06 09:40 . 2011-03-06 09:40 343000 ----a-w- c:\windows\system32\nssckbi.dll
2011-03-06 09:40 . 2011-03-06 09:40 21976 ----a-w- c:\windows\system32\plc4.dll
2011-03-06 09:40 . 2011-03-06 09:40 203736 ----a-w- c:\windows\system32\nspr4.dll
2011-03-06 09:40 . 2011-03-06 09:40 18904 ----a-w- c:\windows\system32\plds4.dll
2011-03-06 09:40 . 2011-03-06 09:40 16856 ----a-w- c:\windows\system32\plugin-container.exe
2011-03-06 09:40 . 2011-03-06 09:39 719832 ----a-w- c:\windows\system32\mozcpp19.dll
2011-03-06 09:39 . 2011-03-06 09:39 912344 ----a-w- c:\windows\system32\firefox.exe.moz-callback
2011-03-06 09:39 . 2011-03-06 09:39 249856 ----a-w- c:\windows\system32\freebl3.dll
2011-03-06 09:39 . 2011-03-06 09:39 107480 ----a-w- c:\windows\system32\crashreporter.exe
2011-03-06 09:39 . 2011-03-06 09:39 1016280 ----a-w- c:\windows\system32\js3250.dll
2011-03-06 09:39 . 2011-03-06 09:39 19416 ----a-w- c:\windows\system32\AccessibleMarshal.dll
2009-08-14 18:31 14336 --sh--r- c:\windows\system32\mswinvks.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-07_21.05.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-09 07:06 . 2011-04-09 07:06 16384 c:\windows\temp\Perflib_Perfdata_1b0.dat
- 2009-08-14 18:32 . 2011-03-28 10:16 75346 c:\windows\system32\perfc010.dat
+ 2009-08-14 18:32 . 2011-04-09 04:57 75346 c:\windows\system32\perfc010.dat
+ 2009-08-14 18:31 . 2011-04-09 04:57 63350 c:\windows\system32\perfc009.dat
- 2009-08-14 18:31 . 2011-03-28 10:16 63350 c:\windows\system32\perfc009.dat
+ 2009-08-14 18:32 . 2011-04-09 04:57 449362 c:\windows\system32\perfh010.dat
- 2009-08-14 18:32 . 2011-03-28 10:16 449362 c:\windows\system32\perfh010.dat
- 2009-08-14 18:31 . 2011-03-28 10:16 402740 c:\windows\system32\perfh009.dat
+ 2009-08-14 18:31 . 2011-04-09 04:57 402740 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\programmi\Packard Bell\SetupmyPC\SmpSys.exe" [2009-03-18 1160736]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-21 39408]
"Google Update"="c:\documents and settings\ute_A\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-12-25 135664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-01 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-01 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-05-01 92696]
"AzMixerSel"="c:\programmi\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-14 24064]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-16 196608]
"Camera Assistant Software"="c:\programmi\Video Web Camera\traybar.exe" [2009-07-27 630784]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
"LManager"="c:\programmi\Launch Manager\LManager.exe" [2009-03-05 805384]
"RemoteControl8"="c:\programmi\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]
"PDVD8LanguageShortcut"="c:\programmi\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"GhostStartTrayApp"="c:\programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 94208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\ute_L\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.1.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\ute_A\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.3.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-04-28 03:44 65536 ----a-w- c:\windows\system32\igdlogin.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\ute_A\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\ute_A\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
.
R1 GhPciScan;GhostPciScanner;c:\programmi\Symantec\Norton Ghost 2003\GhPciScan.sys [14/08/2002 16.11.16 5632]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [14/08/2009 14.28.42 5096544]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [12/02/2010 17.42.42 135664]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [14/08/2009 14.39.46 24064]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-12 15:42]
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-12 15:42]
.
2011-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1392284910-4097411637-2529006832-1006Core.job
- c:\documents and settings\ute_A\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-12-25 17:41]
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1392284910-4097411637-2529006832-1006UA.job
- c:\documents and settings\ute_A\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-12-25 17:41]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=dotm&r=0xph11099706l0383wu65f47l1r461
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=dotm&r=0xph11099706l0383wu65f47l1r461
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\ute_A\Dati applicazioni\Mozilla\Firefox\Profiles\07tfzd58.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-09 09:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(2520)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\OpenOffice.org 3\program\soffice.exe
c:\programmi\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\igfxext.exe
.
**************************************************************************
.
Ora fine scansione: 2011-04-09 09:09:54 - Il pc č stato riavviato
ComboFix-quarantined-files.txt 2011-04-09 07:09
ComboFix2.txt 2011-04-07 21:07
.
Pre-Run: 110.787.276.800 byte disponibili
Post-Run: 110.767.222.784 byte disponibili
.
- - End Of File - - 896CEC74ED9D6692E9B6BB07D8076EEB


============================================================================================================
Autoscan: completed 20 minutes ago (events: 37, objects: 374636, time: 02.22.17)
09/04/2011 9.52.05 Task started
09/04/2011 9.57.57 Detected: Trojan-Downloader.Win32.Agent.doam C:\Programmi\HyperSnap-DX 5\HprSnap5.exe
09/04/2011 10.04.05 Task stopped
09/04/2011 10.27.45 Task started
09/04/2011 11.38.39 Detected: Trojan.Win32.Patched.lp C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir
09/04/2011 11.38.57 Detected: Backdoor.Win32.Shiz.aqc C:\Qoobox\Quarantine\C\WINDOWS\system32\ms.dll.vir
09/04/2011 11.39.21 Detected: Trojan.Win32.Patched.lk C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir
09/04/2011 12.02.17 Untreated: Trojan.Win32.Patched.lp C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir Skipped by user
09/04/2011 12.02.50 Untreated: Trojan.Win32.Patched.lk C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir Skipped by user
09/04/2011 12.03.06 Untreated: Backdoor.Win32.Shiz.aqc C:\Qoobox\Quarantine\C\WINDOWS\system32\ms.dll.vir Skipped by user
09/04/2011 12.05.40 Detected: Trojan.Win32.Patched.lk C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP1\A0000133.exe
09/04/2011 12.05.40 Detected: Trojan.Win32.Patched.lp C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP1\A0000134.exe
09/04/2011 12.06.26 Detected: Trojan.Win32.Patched.lp C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP2\A0001178.exe
09/04/2011 12.10.51 Disinfected: Trojan.Win32.Patched.lk C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP1\A0000133.exe
09/04/2011 12.10.51 Disinfected: Trojan.Win32.Patched.lk C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP1\A0000133.exe
09/04/2011 12.10.52 Disinfected: Trojan.Win32.Patched.lp C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP2\A0001178.exe
09/04/2011 12.10.52 Detected: Trojan.Win32.Patched.lk C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP2\A0001179.exe
09/04/2011 12.10.52 Disinfected: Trojan.Win32.Patched.lp C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP2\A0001178.exe
09/04/2011 12.10.53 Detected: Backdoor.Win32.Shiz.aqc C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP2\A0001188.dll
09/04/2011 12.10.54 Disinfected: Trojan.Win32.Patched.lp C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP1\A0000134.exe
09/04/2011 12.10.54 Disinfected: Trojan.Win32.Patched.lp C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP1\A0000134.exe
09/04/2011 12.10.55 Detected: Trojan.Win32.Patched.lk C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP2\A0001194.exe
09/04/2011 12.11.16 Disinfected: Trojan.Win32.Patched.lk C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP2\A0001179.exe
09/04/2011 12.11.16 Disinfected: Trojan.Win32.Patched.lk C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP2\A0001179.exe
09/04/2011 12.11.18 Detected: Trojan.Win32.Patched.lp C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP2\A0001195.exe
09/04/2011 12.11.40 Disinfected: Trojan.Win32.Patched.lk C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP2\A0001194.exe
09/04/2011 12.11.40 Disinfected: Trojan.Win32.Patched.lk C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP2\A0001194.exe
09/04/2011 12.11.40 Disinfected: Trojan.Win32.Patched.lp C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP2\A0001195.exe
09/04/2011 12.11.40 Disinfected: Trojan.Win32.Patched.lp C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP2\A0001195.exe
09/04/2011 12.11.41 Deleted: Backdoor.Win32.Shiz.aqc C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP2\A0001188.dll
09/04/2011 12.11.44 Detected: Trojan-Downloader.Win32.Agent.doam C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP2\A0001271.exe
09/04/2011 12.11.52 Deleted: Trojan-Downloader.Win32.Agent.doam C:\System Volume Information\_restore{8E09ADC6-B673-4E29-88A9-8649243CF965}\RP2\A0001271.exe
09/04/2011 12.15.27 Detected: Trojan-Dropper.Win32.Agent.dubg C:\WINDOWS\system32\dll
09/04/2011 12.16.44 Deleted: Trojan-Dropper.Win32.Agent.dubg C:\WINDOWS\system32\dll
09/04/2011 12.21.12 Detected: Email-Flooder.Win32.Delf.am C:\_Appl\D7\PROVE\SendMail\MailSenderProject.exe
09/04/2011 12.37.54 Untreated: Email-Flooder.Win32.Delf.am C:\_Appl\D7\PROVE\SendMail\MailSenderProject.exe Skipped by user
09/04/2011 12.50.03 Task completed
Disinfect active threats: completed 2 hours ago (events: 7, objects: 7579, time: 00.15.59)
09/04/2011 10.20.04 Task completed
09/04/2011 10.14.04 Will be deleted on system restart: Rootkit.Win32.TDSS.mbr C:\Documents and Settings\ute_A\Desktop\MBR.dat
09/04/2011 10.14.04 Cannot be deleted: Rootkit.Win32.TDSS.mbr C:\Documents and Settings\ute_A\Desktop\MBR.dat Object is locked
09/04/2011 10.07.30 Detected: Rootkit.Win32.TDSS.mbr C:\Documents and Settings\ute_A\Desktop\MBR.dat
09/04/2011 10.04.22 Deleted: Trojan-Downloader.Win32.Agent.doam C:\Programmi\HyperSnap-DX 5\HprSnap5.exe
09/04/2011 10.04.07 Detected: Trojan-Downloader.Win32.Agent.doam C:\Programmi\HyperSnap-DX 5\HprSnap5.exe
09/04/2011 10.04.05 Task started

Attached Files


  • 0

#22
Render
Posted 09 April 2011 - 05:57 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, edofal

Looks good. Can you please give me an update on how your computer is running?

Let's see how things stand now:

Step 1

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Check the boxes beside LOP Check and Purity Check.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

Step 2

Posted Image Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here and double click on mbam-setup.exe to install the application

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Click on Check for Updates button.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

When completed the above, please post back the following in the order asked for:
  • Fresh OTL log
  • MBAM log

  • 1

#23
edofal
Posted 09 April 2011 - 11:06 AM

edofal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hello!

I made the error of installing MBAM in Italian anyhow it did'nt find aything and it's no problem to understand it.
edoardo

============================================================================================================================


OTL logfile created on: 09/04/2011 18.14.15 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Utilia\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1.014,00 Mb Total Physical Memory | 501,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 139,05 Gb Total Space | 103,06 Gb Free Space | 74,12% Space Free | Partition Type: NTFS

Computer Name: PB | User Name: ute_A | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/29 11.17.25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Utilia\OTL\OTL.exe
PRC - [2011/01/17 19.40.50 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programmi\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19.40.50 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programmi\OpenOffice.org 3\program\soffice.bin
PRC - [2009/07/27 16.08.40 | 000,630,784 | ---- | M] (Chicony) -- C:\Programmi\Video Web Camera\traybar.exe
PRC - [2009/05/01 05.13.34 | 000,092,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\PersistenceThread.exe
PRC - [2009/03/18 10.46.30 | 001,160,736 | ---- | M] (Acer Incorporated) -- C:\Programmi\Packard Bell\SetupMyPC\SmpSys.exe
PRC - [2009/03/05 09.42.08 | 000,805,384 | ---- | M] (Dritek System Inc.) -- C:\Programmi\Launch Manager\LManager.exe
PRC - [2008/10/17 11.44.58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/04/14 14.00.00 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/11 01.45.04 | 000,124,832 | ---- | M] () -- C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2002/08/14 16.21.28 | 000,094,208 | ---- | M] (Symantec Corporation) -- C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
PRC - [2002/08/14 16.21.16 | 000,200,704 | ---- | M] (Symantec Corporation) -- C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe


========== Modules (SafeList) ==========

MOD - [2011/03/29 11.17.25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Utilia\OTL\OTL.exe
MOD - [2008/04/14 14.00.00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2009/08/14 14.46.30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/11 01.45.04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2002/08/14 16.21.16 | 000,200,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService)


========== Driver Services (SafeList) ==========

DRV - [2009/07/29 08.49.04 | 005,870,080 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/16 05.10.06 | 000,132,480 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/20 10.53.18 | 001,952,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/10/01 15.59.46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2002/08/14 16.11.16 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programmi\Symantec\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan)
DRV - [2002/08/14 16.03.36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...83wu65f47l1r461

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...83wu65f47l1r461
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.90
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2011/03/25 11.44.50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2011/03/28 12.17.28 | 000,000,000 | ---D | M]

[2009/11/23 11.20.02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ute_A\Dati applicazioni\Mozilla\Extensions
[2011/04/09 09.15.57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ute_A\Dati applicazioni\Mozilla\Firefox\Profiles\07tfzd58.default\extensions
[2011/04/09 09.15.57 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\ute_A\Dati applicazioni\Mozilla\Firefox\Profiles\07tfzd58.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/04/09 08.07.18 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2011/03/28 12.17.31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/28 12.17.11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMMI\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/28 12.17.10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/12 11.18.20 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2011/03/12 11.18.20 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml
[2011/03/12 11.18.20 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2011/03/12 11.18.20 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2011/04/09 09.06.22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found
O4 - HKLM..\Run: [AzMixerSel] C:\Programmi\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Programmi\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [GhostStartTrayApp] C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Programmi\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Programmi\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RemoteControl8] C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKCU..\Run: [SmpcSys] C:\Programmi\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\ute_A\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.3.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igdlogin: DllName - igdlogin.dll - C:\WINDOWS\System32\igdlogin.dll ()
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/14 11.59.46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/11 11.25.00 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/09 18.09.00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ute_A\Menu Avvio\Programmi\CyberLink PowerDVD 8
[2011/04/09 09.28.36 | 099,346,640 | ---- | C] ( ) -- C:\Documents and Settings\ute_A\Desktop\setup_9.0.0.722_09.04.2011_10-43.exe
[2011/04/09 09.04.29 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/09 08.35.07 | 000,000,000 | ---D | C] -- C:\SP3
[2011/04/09 07.59.07 | 323,000,872 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\ute_A\Desktop\WindowsXP-KB936929-SP3-x86-ITA.exe
[2011/04/08 07.31.46 | 000,000,000 | ---D | C] -- C:\ResourceLeveling
[2011/04/07 22.38.30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/07 22.31.37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/07 22.31.37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/07 22.31.36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/07 22.31.36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/07 22.23.40 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2011/04/07 22.22.54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/07 16.54.32 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\ute_A\Desktop\aswMBR.exe
[2011/04/01 16.41.24 | 000,000,000 | ---D | C] -- C:\__New
[2011/03/30 07.49.15 | 000,000,000 | ---D | C] -- C:\__X_Luigi
[2011/03/29 09.06.53 | 000,000,000 | ---D | C] -- C:\_____VIRUS
[2011/03/28 12.47.47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Macromedia
[2011/03/28 12.47.42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Adobe
[2011/03/28 12.29.51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\sun
[2011/03/28 12.25.52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\OpenOffice.org 3.3
[2011/03/28 12.18.51 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/03/28 12.17.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Sun
[2011/03/28 12.17.39 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Java
[2011/03/28 12.17.28 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/28 12.17.28 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/28 12.17.28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/28 12.17.28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/28 12.17.28 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/03/28 12.17.05 | 000,000,000 | ---D | C] -- C:\Programmi\Java
[2011/03/28 00.14.46 | 000,000,000 | ---D | C] -- C:\_edo
[2011/03/27 19.05.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ute_A\Dati applicazioni\Bc
[2011/03/27 18.44.56 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.ocx
[2011/03/27 18.44.55 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomctl.ocx
[2011/03/27 18.44.55 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomct2.ocx
[2011/03/27 18.44.55 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tabctl32.ocx
[2011/03/27 18.44.55 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.ocx
[2011/03/27 18.44.55 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msstdfmt.dll
[2011/03/27 18.44.55 | 000,090,112 | ---- | C] (FDSoftware) -- C:\WINDOWS\System32\URLLabel.ocx
[2011/03/27 18.44.54 | 001,626,112 | ---- | C] (Chilkat Software, Inc.) -- C:\WINDOWS\System32\ChilkatMail_v7_9.dll
[2011/03/27 18.44.53 | 000,000,000 | ---D | C] -- C:\Programmi\AuctionSleuthxx
[2011/03/27 18.44.53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\AuctionSleuth
[2011/03/26 13.48.03 | 000,000,000 | ---D | C] -- C:\__Listen
[2011/03/23 10.54.08 | 000,000,000 | ---D | C] -- C:\_________ToBeSaved_Used
[2011/03/22 14.38.41 | 000,000,000 | ---D | C] -- C:\___EXDOC_VIKT
[2011/03/21 14.04.10 | 000,000,000 | ---D | C] -- C:\__Butta
[2009/08/19 23.06.54 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/08/19 23.06.48 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2011/04/09 18.08.55 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/09 18.08.15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/09 18.08.12 | 1063,538,688 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/09 17.58.00 | 000,001,240 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1392284910-4097411637-2529006832-1006UA.job
[2011/04/09 17.08.00 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/09 09.45.03 | 099,346,640 | ---- | M] ( ) -- C:\Documents and Settings\ute_A\Desktop\setup_9.0.0.722_09.04.2011_10-43.exe
[2011/04/09 09.06.22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/09 08.50.08 | 004,317,112 | R--- | M] () -- C:\Documents and Settings\ute_A\Desktop\Combo-Fix.exe
[2011/04/09 08.31.46 | 000,000,252 | ---- | M] () -- C:\Documents and Settings\ute_A\Desktop\extract.bat
[2011/04/09 08.29.01 | 323,000,872 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\ute_A\Desktop\WindowsXP-KB936929-SP3-x86-ITA.exe
[2011/04/09 06.57.51 | 000,449,362 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2011/04/09 06.57.51 | 000,402,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/09 06.57.51 | 000,075,346 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2011/04/09 06.57.51 | 000,063,350 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/07 22.38.44 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/07 16.54.32 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\ute_A\Desktop\aswMBR.exe
[2011/04/06 08.58.00 | 000,001,188 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1392284910-4097411637-2529006832-1006Core.job
[2011/04/05 06.49.12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/29 12.29.24 | 000,000,585 | ---- | M] () -- C:\Documents and Settings\ute_A\Desktop\Collegamento a taskmgr.lnk
[2011/03/28 18.32.39 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/28 17.31.46 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\ute_A\NTUSER.bak
[2011/03/28 12.28.02 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\ute_A\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.3.lnk
[2011/03/28 12.25.56 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011/03/28 12.17.10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/28 12.17.10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/28 12.17.10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/28 12.17.10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/28 12.17.10 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/03/26 14.15.04 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\ute_A\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/25 11.43.10 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2011/03/12 12.14.07 | 000,000,170 | ---- | M] () -- C:\test.ini

========== Files Created - No Company Name ==========

[2011/04/09 08.48.14 | 004,317,112 | R--- | C] () -- C:\Documents and Settings\ute_A\Desktop\Combo-Fix.exe
[2011/04/09 08.31.46 | 000,000,252 | ---- | C] () -- C:\Documents and Settings\ute_A\Desktop\extract.bat
[2011/04/07 22.38.43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/07 22.38.37 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011/04/07 22.31.37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/07 22.31.37 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/07 22.31.36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/07 22.31.36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/07 22.31.36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/29 12.29.24 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\ute_A\Desktop\Collegamento a taskmgr.lnk
[2011/03/28 12.28.02 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\ute_A\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.3.lnk
[2011/03/28 12.25.56 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011/03/12 12.13.37 | 000,000,170 | ---- | C] () -- C:\test.ini
[2011/03/06 11.40.01 | 000,000,723 | ---- | C] () -- C:\WINDOWS\System32\updater.ini
[2011/03/06 11.40.00 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\platform.ini
[2011/03/06 11.39.59 | 001,016,280 | ---- | C] () -- C:\WINDOWS\System32\js3250.dll
[2011/03/06 11.39.59 | 000,002,994 | ---- | C] () -- C:\WINDOWS\System32\crashreporter.ini
[2011/03/06 11.39.59 | 000,000,737 | ---- | C] () -- C:\WINDOWS\System32\crashreporter-override.ini
[2011/03/06 11.39.57 | 000,002,129 | ---- | C] () -- C:\WINDOWS\System32\application.ini
[2010/08/09 18.12.38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/07/18 16.17.22 | 000,011,264 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2010/07/13 08.49.09 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\LocalService\Dati applicazioni\hwzypv.dat
[2010/07/09 17.12.37 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Dati applicazioni\hwzypv.dat
[2010/06/27 19.14.57 | 000,000,012 | -H-- | C] () -- C:\WINDOWS\SEE-52.DAT
[2010/03/10 19.04.49 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\ute_A\Impostazioni locali\Dati applicazioni\housecall.guid.cache
[2010/03/08 20.00.09 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2010/01/08 16.21.21 | 000,003,882 | -HS- | C] () -- C:\WINDOWS\System32\mswins.DLL
[2010/01/08 16.21.20 | 000,000,042 | -HS- | C] () -- C:\WINDOWS\System32\mswins.sys
[2009/11/23 11.19.56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/21 20.34.29 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\ute_A\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2009/11/21 18.13.15 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\ute_A\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/19 23.06.54 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/08/19 23.06.53 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/08/19 23.06.53 | 000,000,245 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2009/08/14 20.32.04 | 000,449,362 | ---- | C] () -- C:\WINDOWS\System32\perfh010.dat
[2009/08/14 20.32.04 | 000,300,212 | ---- | C] () -- C:\WINDOWS\System32\perfi010.dat
[2009/08/14 20.32.04 | 000,075,346 | ---- | C] () -- C:\WINDOWS\System32\perfc010.dat
[2009/08/14 20.32.04 | 000,034,004 | ---- | C] () -- C:\WINDOWS\System32\perfd010.dat
[2009/08/14 20.31.49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/14 20.31.46 | 000,402,740 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/14 20.31.46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/14 20.31.46 | 000,063,350 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/14 20.31.46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/14 20.31.45 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/14 20.31.44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/14 20.31.44 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/14 20.31.40 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/14 20.31.40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/14 20.31.34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/14 20.31.30 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/08/14 16.01.23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/14 14.37.12 | 000,000,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/08/14 14.34.16 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/08/14 14.28.52 | 000,004,343 | ---- | C] () -- C:\WINDOWS\System32\lpgun.ini
[2009/08/14 14.28.42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\igdlogin.dll
[2009/08/14 12.50.24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/14 12.49.18 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/14 12.03.44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2009/08/14 12.03.44 | 000,000,544 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/08/14 12.02.34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/14 11.56.59 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/14 11.55.16 | 000,003,476 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/11/29 16.43.20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe

========== LOP Check ==========

[2011/03/27 18.54.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AuctionSleuth
[2010/05/21 10.01.16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJEGV
[2010/05/20 11.57.41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJScan
[2009/08/19 23.12.39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Temp
[2011/03/28 13.07.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Bc
[2010/06/25 20.33.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Canon
[2009/12/25 01.34.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Foxit
[2010/07/09 17.12.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Foxit Software
[2010/08/09 20.37.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\FreeFileSync
[2009/11/23 13.05.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\OpenOffice.org
[2009/11/21 15.23.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Packard Bell
[2010/01/08 18.51.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\QuickScan
[2010/07/11 07.56.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Thinstall

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=70D7F99D95615C3C278367756287DB71 -- C:\SP3\explorer.exe
[2008/04/14 14.00.00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=70D7F99D95615C3C278367756287DB71 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 14.00.00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=70D7F99D95615C3C278367756287DB71 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 14.00.00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BB8363ABEC09AA2F9B363484E282117C -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 14.00.00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BB8363ABEC09AA2F9B363484E282117C -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 14.00.00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BB8363ABEC09AA2F9B363484E282117C -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 14.00.00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=DF69726907357C3ADD243F48902B0331 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 14.00.00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=DF69726907357C3ADD243F48902B0331 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 14.00.00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=DF69726907357C3ADD243F48902B0331 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/13 19.14.26 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=9259170D29B5A256735FCB8B80280857 -- C:\SP3\winlogon.exe
[2008/04/14 14.00.00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=9259170D29B5A256735FCB8B80280857 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 14.00.00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=9259170D29B5A256735FCB8B80280857 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >



==============================================================================================================

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Versione database: 6320

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/04/2011 18.57.13
mbam-log-2011-04-09 (18-57-13).txt

Tipo di scansione: Scansione veloce
Elementi esaminati: 191001
Tempo trascorso: 4 minuti, 8 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)
  • 0

#24
Render
Posted 09 April 2011 - 11:41 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

What problems are still unresolved?

What antivirus programme did you install? I can't see any.
  • 0

#25
edofal
Posted 11 April 2011 - 01:53 AM

edofal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi,

> What problems are still unresolved?

Everithing seems working fine.

> What antivirus programme did you install? I can't see any.
I was thinking to finish the virus elimination, clean a bit the computer (eliminate unused folder / files, file system reordering, etc), make a new backup of the whole system and then install the antivirus.
But probably you are right it's better install the antivirus first. So i installed Avast.

It follows the new OTL log where now you can see it.

=====================================================================================================================

OTL logfile created on: 11/04/2011 8.47.14 - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Utilia\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1.014,00 Mb Total Physical Memory | 477,00 Mb Available Physical Memory | 47,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 139,05 Gb Total Space | 102,20 Gb Free Space | 73,50% Space Free | Partition Type: NTFS

Computer Name: PB | User Name: ute_A | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/29 11.17.25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Utilia\OTL\OTL.exe
PRC - [2011/02/23 16.04.20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Programmi\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 16.04.19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/01/17 19.40.50 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programmi\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19.40.50 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programmi\OpenOffice.org 3\program\soffice.bin
PRC - [2009/07/27 16.08.40 | 000,630,784 | ---- | M] (Chicony) -- C:\Programmi\Video Web Camera\traybar.exe
PRC - [2009/05/01 05.13.34 | 000,092,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\PersistenceThread.exe
PRC - [2009/03/18 10.46.30 | 001,160,736 | ---- | M] (Acer Incorporated) -- C:\Programmi\Packard Bell\SetupMyPC\SmpSys.exe
PRC - [2009/03/05 09.42.08 | 000,805,384 | ---- | M] (Dritek System Inc.) -- C:\Programmi\Launch Manager\LManager.exe
PRC - [2008/10/17 11.44.58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/04/14 14.00.00 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/11 01.45.04 | 000,124,832 | ---- | M] () -- C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2002/08/14 16.21.28 | 000,094,208 | ---- | M] (Symantec Corporation) -- C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
PRC - [2002/08/14 16.21.16 | 000,200,704 | ---- | M] (Symantec Corporation) -- C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe


========== Modules (SafeList) ==========

MOD - [2011/03/29 11.17.25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Utilia\OTL\OTL.exe
MOD - [2011/02/23 16.04.17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Programmi\AVAST Software\Avast\snxhk.dll
MOD - [2008/04/14 14.00.00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/23 16.04.19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/08/14 14.46.30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/11 01.45.04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2002/08/14 16.21.16 | 000,200,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 15.56.55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 15.56.45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 15.55.49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 15.55.47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 15.55.10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 15.54.57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 15.54.55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/07/29 08.49.04 | 005,870,080 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/16 05.10.06 | 000,132,480 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/20 10.53.18 | 001,952,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/10/01 15.59.46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2002/08/14 16.11.16 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programmi\Symantec\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan)
DRV - [2002/08/14 16.03.36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...83wu65f47l1r461

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...83wu65f47l1r461
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:20110101

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Programmi\AVAST Software\Avast\WebRep\FF [2011/04/10 08.00.19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2011/03/25 11.44.50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2011/03/28 12.17.28 | 000,000,000 | ---D | M]

[2009/11/23 11.20.02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ute_A\Dati applicazioni\Mozilla\Extensions
[2011/04/10 08.57.11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ute_A\Dati applicazioni\Mozilla\Firefox\Profiles\07tfzd58.default\extensions
[2011/04/09 09.15.57 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\ute_A\Dati applicazioni\Mozilla\Firefox\Profiles\07tfzd58.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/04/10 08.57.11 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2011/03/28 12.17.31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/10 08.00.19 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAMMI\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/03/28 12.17.11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMMI\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/28 12.17.10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/12 11.18.20 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2011/03/12 11.18.20 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml
[2011/03/12 11.18.20 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2011/03/12 11.18.20 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2011/04/09 09.06.22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll ()
O4 - HKLM..\Run: [avast] C:\Programmi\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Programmi\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Programmi\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [GhostStartTrayApp] C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Programmi\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Programmi\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RemoteControl8] C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKCU..\Run: [SmpcSys] C:\Programmi\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\ute_A\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.3.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igdlogin: DllName - igdlogin.dll - C:\WINDOWS\System32\igdlogin.dll ()
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/14 11.59.46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/11 11.25.00 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/11 08.21.11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ute_A\Menu Avvio\Programmi\CyberLink PowerDVD 8
[2011/04/10 08.00.49 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/10 08.00.49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\avast! Free Antivirus
[2011/04/10 08.00.48 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/10 08.00.45 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/10 08.00.45 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/10 08.00.44 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/10 08.00.43 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/10 08.00.43 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/10 08.00.42 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/10 08.00.17 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/10 08.00.16 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/10 08.00.08 | 000,000,000 | ---D | C] -- C:\Programmi\AVAST Software
[2011/04/10 08.00.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\AVAST Software
[2011/04/09 18.50.01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/09 18.50.01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes' Anti-Malware
[2011/04/09 18.49.57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/09 09.28.36 | 099,346,640 | ---- | C] ( ) -- C:\Documents and Settings\ute_A\Desktop\setup_9.0.0.722_09.04.2011_10-43.exe
[2011/04/09 09.04.29 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/09 08.35.07 | 000,000,000 | ---D | C] -- C:\SP3
[2011/04/09 07.59.07 | 323,000,872 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\ute_A\Desktop\WindowsXP-KB936929-SP3-x86-ITA.exe
[2011/04/08 07.31.46 | 000,000,000 | ---D | C] -- C:\ResourceLeveling
[2011/04/07 22.38.30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/07 22.31.37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/07 22.31.37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/07 22.31.36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/07 22.31.36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/07 22.23.40 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2011/04/07 22.22.54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/07 16.54.32 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\ute_A\Desktop\aswMBR.exe
[2011/04/01 16.41.24 | 000,000,000 | ---D | C] -- C:\__New
[2011/03/30 07.49.15 | 000,000,000 | ---D | C] -- C:\__X_Luigi
[2011/03/29 09.06.53 | 000,000,000 | ---D | C] -- C:\_____VIRUS
[2011/03/28 12.47.47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Macromedia
[2011/03/28 12.47.42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Adobe
[2011/03/28 12.29.51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\sun
[2011/03/28 12.25.52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\OpenOffice.org 3.3
[2011/03/28 12.18.51 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/03/28 12.17.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Sun
[2011/03/28 12.17.39 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Java
[2011/03/28 12.17.28 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/28 12.17.28 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/28 12.17.28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/28 12.17.28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/28 12.17.28 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/03/28 12.17.05 | 000,000,000 | ---D | C] -- C:\Programmi\Java
[2011/03/28 00.14.46 | 000,000,000 | ---D | C] -- C:\_edo
[2011/03/27 19.05.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ute_A\Dati applicazioni\Bc
[2011/03/27 18.44.56 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.ocx
[2011/03/27 18.44.55 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomctl.ocx
[2011/03/27 18.44.55 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomct2.ocx
[2011/03/27 18.44.55 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tabctl32.ocx
[2011/03/27 18.44.55 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.ocx
[2011/03/27 18.44.55 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msstdfmt.dll
[2011/03/27 18.44.55 | 000,090,112 | ---- | C] (FDSoftware) -- C:\WINDOWS\System32\URLLabel.ocx
[2011/03/27 18.44.54 | 001,626,112 | ---- | C] (Chilkat Software, Inc.) -- C:\WINDOWS\System32\ChilkatMail_v7_9.dll
[2011/03/27 18.44.53 | 000,000,000 | ---D | C] -- C:\Programmi\AuctionSleuthxx
[2011/03/27 18.44.53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\AuctionSleuth
[2011/03/26 13.48.03 | 000,000,000 | ---D | C] -- C:\__Listen
[2011/03/23 10.54.08 | 000,000,000 | ---D | C] -- C:\_________ToBeSaved_Used
[2011/03/22 14.38.41 | 000,000,000 | ---D | C] -- C:\___EXDOC_VIKT
[2011/03/21 14.04.10 | 000,000,000 | ---D | C] -- C:\__Butta
[2009/08/19 23.06.54 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/08/19 23.06.48 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2011/04/11 08.20.55 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/11 08.20.20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/11 08.20.17 | 1063,538,688 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/10 16.08.00 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/10 15.58.01 | 000,001,240 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1392284910-4097411637-2529006832-1006UA.job
[2011/04/10 15.55.50 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eBay.lnk
[2011/04/10 08.58.00 | 000,001,188 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1392284910-4097411637-2529006832-1006Core.job
[2011/04/10 08.00.50 | 000,001,655 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/04/10 08.00.43 | 000,002,933 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/09 18.50.02 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/09 09.45.03 | 099,346,640 | ---- | M] ( ) -- C:\Documents and Settings\ute_A\Desktop\setup_9.0.0.722_09.04.2011_10-43.exe
[2011/04/09 09.06.22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/09 08.50.08 | 004,317,112 | R--- | M] () -- C:\Documents and Settings\ute_A\Desktop\Combo-Fix.exe
[2011/04/09 08.31.46 | 000,000,252 | ---- | M] () -- C:\Documents and Settings\ute_A\Desktop\extract.bat
[2011/04/09 08.29.01 | 323,000,872 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\ute_A\Desktop\WindowsXP-KB936929-SP3-x86-ITA.exe
[2011/04/09 06.57.51 | 000,449,362 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2011/04/09 06.57.51 | 000,402,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/09 06.57.51 | 000,075,346 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2011/04/09 06.57.51 | 000,063,350 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/07 22.38.44 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/07 16.54.32 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\ute_A\Desktop\aswMBR.exe
[2011/04/05 06.49.12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/29 12.29.24 | 000,000,585 | ---- | M] () -- C:\Documents and Settings\ute_A\Desktop\Collegamento a taskmgr.lnk
[2011/03/28 18.32.39 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/28 17.31.46 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\ute_A\NTUSER.bak
[2011/03/28 12.28.02 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\ute_A\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.3.lnk
[2011/03/28 12.25.56 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011/03/28 12.17.10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/28 12.17.10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/28 12.17.10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/28 12.17.10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/28 12.17.10 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/03/26 14.15.04 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\ute_A\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/25 11.43.10 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2011/03/12 12.14.07 | 000,000,170 | ---- | M] () -- C:\test.ini

========== Files Created - No Company Name ==========

[2011/04/10 08.00.50 | 000,001,655 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/04/09 18.50.02 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/09 08.48.14 | 004,317,112 | R--- | C] () -- C:\Documents and Settings\ute_A\Desktop\Combo-Fix.exe
[2011/04/09 08.31.46 | 000,000,252 | ---- | C] () -- C:\Documents and Settings\ute_A\Desktop\extract.bat
[2011/04/07 22.38.43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/07 22.38.37 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011/04/07 22.31.37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/07 22.31.37 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/07 22.31.36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/07 22.31.36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/07 22.31.36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/29 12.29.24 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\ute_A\Desktop\Collegamento a taskmgr.lnk
[2011/03/28 12.28.02 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\ute_A\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.3.lnk
[2011/03/28 12.25.56 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011/03/12 12.13.37 | 000,000,170 | ---- | C] () -- C:\test.ini
[2011/03/06 11.40.01 | 000,000,723 | ---- | C] () -- C:\WINDOWS\System32\updater.ini
[2011/03/06 11.40.00 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\platform.ini
[2011/03/06 11.39.59 | 001,016,280 | ---- | C] () -- C:\WINDOWS\System32\js3250.dll
[2011/03/06 11.39.59 | 000,002,994 | ---- | C] () -- C:\WINDOWS\System32\crashreporter.ini
[2011/03/06 11.39.59 | 000,000,737 | ---- | C] () -- C:\WINDOWS\System32\crashreporter-override.ini
[2011/03/06 11.39.57 | 000,002,129 | ---- | C] () -- C:\WINDOWS\System32\application.ini
[2010/08/09 18.12.38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/07/18 16.17.22 | 000,011,264 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2010/07/13 08.49.09 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\LocalService\Dati applicazioni\hwzypv.dat
[2010/07/09 17.12.37 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Dati applicazioni\hwzypv.dat
[2010/06/27 19.14.57 | 000,000,012 | -H-- | C] () -- C:\WINDOWS\SEE-52.DAT
[2010/03/10 19.04.49 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\ute_A\Impostazioni locali\Dati applicazioni\housecall.guid.cache
[2010/03/08 20.00.09 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2010/01/08 16.21.21 | 000,003,882 | -HS- | C] () -- C:\WINDOWS\System32\mswins.DLL
[2010/01/08 16.21.20 | 000,000,042 | -HS- | C] () -- C:\WINDOWS\System32\mswins.sys
[2009/11/23 11.19.56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/21 20.34.29 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\ute_A\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2009/11/21 18.13.15 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\ute_A\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/19 23.06.54 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/08/19 23.06.53 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/08/19 23.06.53 | 000,000,245 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2009/08/14 20.32.04 | 000,449,362 | ---- | C] () -- C:\WINDOWS\System32\perfh010.dat
[2009/08/14 20.32.04 | 000,300,212 | ---- | C] () -- C:\WINDOWS\System32\perfi010.dat
[2009/08/14 20.32.04 | 000,075,346 | ---- | C] () -- C:\WINDOWS\System32\perfc010.dat
[2009/08/14 20.32.04 | 000,034,004 | ---- | C] () -- C:\WINDOWS\System32\perfd010.dat
[2009/08/14 20.31.49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/14 20.31.46 | 000,402,740 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/14 20.31.46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/14 20.31.46 | 000,063,350 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/14 20.31.46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/14 20.31.45 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/14 20.31.44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/14 20.31.44 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/14 20.31.40 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/14 20.31.40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/14 20.31.34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/14 20.31.30 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/08/14 16.01.23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/14 14.37.12 | 000,000,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/08/14 14.34.16 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/08/14 14.28.52 | 000,004,343 | ---- | C] () -- C:\WINDOWS\System32\lpgun.ini
[2009/08/14 14.28.42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\igdlogin.dll
[2009/08/14 12.50.24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/14 12.49.18 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/14 12.03.44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2009/08/14 12.03.44 | 000,000,544 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/08/14 12.02.34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/14 11.56.59 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/14 11.55.16 | 000,003,476 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/11/29 16.43.20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe

========== LOP Check ==========

[2011/03/27 18.54.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AuctionSleuth
[2011/04/10 08.00.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVAST Software
[2010/05/21 10.01.16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJEGV
[2010/05/20 11.57.41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJScan
[2009/08/19 23.12.39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Temp
[2011/03/28 13.07.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Bc
[2010/06/25 20.33.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Canon
[2009/12/25 01.34.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Foxit
[2010/07/09 17.12.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Foxit Software
[2010/08/09 20.37.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\FreeFileSync
[2009/11/23 13.05.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\OpenOffice.org
[2009/11/21 15.23.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Packard Bell
[2010/01/08 18.51.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\QuickScan
[2010/07/11 07.56.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ute_A\Dati applicazioni\Thinstall

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=70D7F99D95615C3C278367756287DB71 -- C:\SP3\explorer.exe
[2008/04/14 14.00.00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=70D7F99D95615C3C278367756287DB71 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 14.00.00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=70D7F99D95615C3C278367756287DB71 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 14.00.00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BB8363ABEC09AA2F9B363484E282117C -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 14.00.00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BB8363ABEC09AA2F9B363484E282117C -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 14.00.00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BB8363ABEC09AA2F9B363484E282117C -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 14.00.00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=DF69726907357C3ADD243F48902B0331 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 14.00.00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=DF69726907357C3ADD243F48902B0331 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 14.00.00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=DF69726907357C3ADD243F48902B0331 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/13 19.14.26 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=9259170D29B5A256735FCB8B80280857 -- C:\SP3\winlogon.exe
[2008/04/14 14.00.00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=9259170D29B5A256735FCB8B80280857 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 14.00.00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=9259170D29B5A256735FCB8B80280857 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >
  • 0

Advertisements

#26
Render
Posted 11 April 2011 - 10:55 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Congratulations, your log shows that your system is clean. If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Removing the tools we used:

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")

Posted Image

  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

NEXT...

OTL Clean-Up:

  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

NEXT...

Using Windows Explorer delete the following:

Folder c:\sp3

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


There are a few things I recommend you to do once your computer is completely clean:

Updates for Windows - One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

How to turn on Automatic Updates for Windows:

Java and Adobe Reader updates

There are certain programs that are security vulnerabilities, it is recommended that you keep everything updated. Two of the main vulnerabilities are Java and Adobe Reader.

Java Updates - Java needs to be regularly updated to fix security vulnerabilities. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uninstall older versions of Java:

  • Click Start
  • Select Control Panel
  • Select Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.

Note:
If the normal uninstallation process (as mentioned above) fails, then please try Microsoft Windows Installer Cleanup Utility. This tool will ensure that all irrelevant Java Runtime Environment Microsoft Installer (msi) registries are removed. Detailed information and download is available at: Description of the Windows Installer CleanUp Utility

Removal instructions:

  • Download the Microsoft Installer Clean Up utility file and save it on your desktop
  • Double click on executable file. The installation process will start. Follow the instructions accordingly
  • Once installation process is over, go to Start -> All Programs -> Run Windows Install Clean Up utility
  • This will launch the Windows Installer Clean Up utility dialog box
  • Under the Installed products list, select Java 2 Runtime Environment v1.5.0_03
  • Click Remove and Exit


Update Adobe Acrobat Reader to latest version. You can download it HERE.

Suggestion:

Foxit is a great free PDF alternative. It uses fewer system resources and is not vulnerable to the exploits affecting Adobe Reader. Providing full PDF functionality, Foxit is rapidly becoming the PDF reader of choice for many. Get it here.


Other Software Updates - Go HERE to scan your computer for any out of date software at least once per week. The vast majority of virus, worm and spyware infections could have been prevented, if the user had kept their software up-to-date. You should do everything you can to keep your software up-to-date. Doing so will help you prevent infections and the headaches that follow them.

Web Browsers - Picking the right internet browser is very important. You need to find one that suits your needs but that is also safe. All browsers listed below are far more secure than Internet Explorer, immune to almost all known browser hijackers, and also have the best built-in pop up blockers.

Although, if you prefer staying with Internet Explorer I highly recommend you do this :

Make Internet Explorer more secure:
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the options Download signed and unsigned ActiveX controls to Prompt, and Initialize and Script ActiveX controls not marked as safe to Disable.
  • Next click OK, then Apply button and then OK to exit the Internet Properties page.

Tips to protect yourself against malware and reduce the potential for re-infection:

Now after all these steps, your PC will be more secure. However it is important to note that you can still get infected if you are not careful. One of the best security programs you can have is common sense. As malware gets more sophisticated, you need to be more wary. If you do get caught though and the above steps can't help fix it, we will be here to help you out.

Stay secure and thank you for choosing GeeksToGo.
  • 0

#27
edofal
Posted 16 April 2011 - 11:36 PM

edofal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Many, many thanks!
Everything works fine now !
edoardo
  • 0

#28
Essexboy
Posted 18 April 2011 - 11:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP