1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Heur.Backdoor.Generic

Discussion in 'Malware and Virus Removal Archive' started by Fanti86, 2008/02/09.

  1. 2008/02/09
    Fanti86

    Fanti86 Inactive Thread Starter

    Joined:
    2008/02/09
    Messages:
    6
    Likes Received:
    0
    hi, i found with Kaspersky a trojan named Heur.Backdoor.Generic, it gives me problems with the system32 file "svchost.exe" anda i can't delete that virus

    here my log file....thanks for help


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0.56.24, on 10/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Programmi\Executive Software\Diskeeper\DkService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
    C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
    C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
    C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
    C:\Programmi\Internet Explorer\IEXPLORE.EXE
    C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {42A44A09-3A1E-4BA2-B14C-D8398E0C3317} - C:\WINDOWS\system32\byxxyay.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {ACAB9237-124B-437B-B51E-3E3FC7C4F3DD} - C:\WINDOWS\system32\vtstt.dll (file missing)
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {C8CDF0B6-A3C3-4ABC-BBCA-EA772B562921} - C:\WINDOWS\system32\efcaxww.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Executive Software\Diskeeper\DkIcon.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [PrevxCSI] "C:\Programmi\PrevxCSI\prevxcsi.exe" -boot
    O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe "
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programmi\DAEMON Tools Pro\DTProAgent.exe "
    O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
    O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
    O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Broken Internet access because of LSP provider 'c:\programmi\bonjour\mdnsnsp.dll' missing
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198672302882
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198672275944
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O20 - Winlogon Notify: byxxyay - C:\WINDOWS\
    O20 - Winlogon Notify: byxyyxv - byxyyxv.dll (file missing)
    O20 - Winlogon Notify: efcaxww - C:\WINDOWS\
    O20 - Winlogon Notify: urqqonm - urqqonm.dll (file missing)
    O20 - Winlogon Notify: yaywvuv - yaywvuv.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe

    --
    End of file - 9777 bytes
     
  2. 2008/02/10
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    You've picked up a few nasties. Download ComboFix by sUBs from here, saving the file to your desktop.

    It's best disable realtime protection applications as they sometime interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall


    BTW, svchost.exe is a legit system file. There are some infections that will infect it though, and ComboFix will check it and lets us know.
     

  3. to hide this advert.

  4. 2008/02/10
    Fanti86

    Fanti86 Inactive Thread Starter

    Joined:
    2008/02/09
    Messages:
    6
    Likes Received:
    0
    Thanks for Your attention. I tried to use combofix, but it didn't work, so i reboot in safe mode, and i made the combolog. I don't know if it is the same thing, sorry but i'm not practice of this stuffs. Thanks.

    ComboFix 08-02.05.3 - Administrator 2008-02-10 21:14:47.4 - NTFSx86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.815 [GMT 1:00]
    Eseguito da: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Creati Da 2008-01-10 al 2008-02-10 )))))))))))))))))))))))))))))))))))
    .

    2008-02-10 00:56 . 2008-02-10 00:56 <DIR> d-------- C:\Programmi\Trend Micro
    2008-02-10 00:13 . 2008-02-10 21:12 1,352,992 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-02-10 00:13 . 2008-02-10 00:21 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2008-02-10 00:13 . 2008-02-10 00:21 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2008-02-10 00:13 . 2008-02-10 21:12 12,548 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-02-10 00:12 . 2008-02-10 00:12 <DIR> d-------- C:\Programmi\Kaspersky Lab
    2008-02-10 00:12 . 2008-02-10 21:12 26,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-02-10 00:12 . 2008-02-10 21:12 5,012 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-02-10 00:10 . 2008-02-10 00:10 <DIR> d-------- C:\KAV
    2008-02-09 23:23 . 2008-02-09 23:24 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\RegistrySmart
    2008-02-09 21:41 . 2008-02-09 21:41 <DIR> d-------- C:\Program Files
    2008-02-09 20:23 . 2008-02-09 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
    2008-02-09 14:55 . 2008-02-10 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
    2008-02-09 11:36 . 2008-02-09 12:02 <DIR> d-------- C:\VundoFix Backups
    2008-02-08 16:50 . 2008-02-08 16:50 <DIR> dr------- C:\Documents and Settings\NetworkService\Preferiti
    2008-02-07 11:20 . 2008-02-07 11:20 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\CyberLink
    2008-02-07 10:35 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
    2008-02-07 10:35 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\dllcache\61883.sys
    2008-02-07 10:35 . 2004-08-03 23:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
    2008-02-07 10:35 . 2004-08-03 23:10 38,912 --a------ C:\WINDOWS\system32\dllcache\avc.sys
    2008-02-05 05:04 . 2008-02-05 05:04 244 --ah----- C:\sqmnoopt19.sqm
    2008-02-05 05:04 . 2008-02-05 05:04 232 --ah----- C:\sqmdata19.sqm
    2008-02-05 05:01 . 2008-02-05 05:01 244 --ah----- C:\sqmnoopt18.sqm
    2008-02-05 05:01 . 2008-02-05 05:01 232 --ah----- C:\sqmdata18.sqm
    2008-02-05 04:52 . 2008-02-05 04:52 244 --ah----- C:\sqmnoopt17.sqm
    2008-02-05 04:52 . 2008-02-05 04:52 232 --ah----- C:\sqmdata17.sqm
    2008-02-05 04:39 . 2008-02-05 04:39 244 --ah----- C:\sqmnoopt16.sqm
    2008-02-05 04:39 . 2008-02-05 04:39 232 --ah----- C:\sqmdata16.sqm
    2008-02-05 04:38 . 2008-02-05 04:38 244 --ah----- C:\sqmnoopt15.sqm
    2008-02-05 04:38 . 2008-02-05 04:38 232 --ah----- C:\sqmdata15.sqm
    2008-02-05 04:34 . 2008-02-05 04:34 244 --ah----- C:\sqmnoopt14.sqm
    2008-02-05 04:34 . 2008-02-05 04:34 232 --ah----- C:\sqmdata14.sqm
    2008-02-05 04:21 . 2008-02-05 04:21 244 --ah----- C:\sqmnoopt13.sqm
    2008-02-05 04:21 . 2008-02-05 04:21 232 --ah----- C:\sqmdata13.sqm
    2008-02-05 04:10 . 2008-02-05 04:10 244 --ah----- C:\sqmnoopt12.sqm
    2008-02-05 04:10 . 2008-02-05 04:10 232 --ah----- C:\sqmdata12.sqm
    2008-02-05 03:59 . 2008-02-09 22:49 268 --ah----- C:\sqmdata11.sqm
    2008-02-05 03:59 . 2008-02-09 22:49 244 --ah----- C:\sqmnoopt11.sqm
    2008-02-05 03:43 . 2008-02-05 07:15 244 --ah----- C:\sqmnoopt10.sqm
    2008-02-05 03:43 . 2008-02-05 07:15 232 --ah----- C:\sqmdata10.sqm
    2008-02-05 03:39 . 2008-02-05 07:05 244 --ah----- C:\sqmnoopt09.sqm
    2008-02-05 03:39 . 2008-02-05 07:05 232 --ah----- C:\sqmdata09.sqm
    2008-02-05 03:36 . 2008-02-05 06:37 244 --ah----- C:\sqmnoopt08.sqm
    2008-02-05 03:36 . 2008-02-05 06:37 232 --ah----- C:\sqmdata08.sqm
    2008-02-05 03:10 . 2008-02-05 06:26 244 --ah----- C:\sqmnoopt07.sqm
    2008-02-05 03:10 . 2008-02-05 06:26 232 --ah----- C:\sqmdata07.sqm
    2008-02-05 03:03 . 2008-02-05 06:24 244 --ah----- C:\sqmnoopt06.sqm
    2008-02-05 03:03 . 2008-02-05 06:24 232 --ah----- C:\sqmdata06.sqm
    2008-02-05 01:18 . 2008-02-05 06:09 244 --ah----- C:\sqmnoopt05.sqm
    2008-02-05 01:18 . 2008-02-05 06:09 232 --ah----- C:\sqmdata05.sqm
    2008-02-05 00:15 . 2008-02-10 00:36 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
    2008-02-05 00:15 . 2008-02-05 00:15 37,888 --a------ C:\WINDOWS\system32\rar.exe
    2008-02-05 00:15 . 2008-02-05 05:44 244 --ah----- C:\sqmnoopt04.sqm
    2008-02-05 00:15 . 2008-02-05 05:44 232 --ah----- C:\sqmdata04.sqm
    2008-02-03 20:29 . 2004-08-19 15:39 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2008-02-03 20:29 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-02-03 20:29 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-02-03 20:29 . 2001-08-30 23:07 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2008-02-03 19:21 . 2008-02-05 05:30 244 --ah----- C:\sqmnoopt03.sqm
    2008-02-03 19:21 . 2008-02-05 05:30 232 --ah----- C:\sqmdata03.sqm
    2008-01-30 17:36 . 2008-01-30 17:36 <DIR> d-------- C:\Programmi\Webteh
    2008-01-30 17:36 . 2008-01-30 17:37 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\BSplayer Pro
    2008-01-30 15:36 . 2008-01-30 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\vsosdk
    2008-01-30 14:04 . 2008-01-30 14:04 56 -r-hs---- C:\WINDOWS\system32\FA08B46944.sys
    2008-01-30 13:58 . 2008-01-30 15:52 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Vso
    2008-01-30 13:58 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
    2008-01-30 13:58 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
    2008-01-30 13:58 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
    2008-01-30 13:58 . 2008-01-30 13:58 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
    2008-01-30 13:58 . 2008-01-30 15:52 47,360 --a------ C:\Documents and Settings\Administrator\Dati applicazioni\pcouffin.sys
    2008-01-30 13:57 . 2008-01-30 15:53 <DIR> d-------- C:\Programmi\VSO
    2008-01-29 17:51 . 2008-01-29 17:51 <DIR> d-------- C:\WINDOWS\Samsung
    2008-01-29 17:51 . 2007-04-24 09:53 471,040 --a------ C:\WINDOWS\ssndii.exe
    2008-01-29 17:51 . 2005-01-24 03:15 65,536 --a------ C:\WINDOWS\system32\ssdevm.dll
    2008-01-29 17:51 . 2004-02-04 06:24 49,152 --a------ C:\WINDOWS\system32\ssusbpn.dll
    2008-01-29 17:51 . 2003-04-18 08:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
    2008-01-29 17:51 . 2000-08-03 17:52 21,776 --a------ C:\WINDOWS\system32\msxml2a.dll
    2008-01-29 17:49 . 2006-09-29 07:30 172,032 --a------ C:\WINDOWS\system32\SecSNMP.dll
    2008-01-29 17:49 . 2005-03-03 05:32 151,552 --a------ C:\WINDOWS\system32\SSCoInst.exe
    2008-01-29 17:49 . 2005-12-12 07:56 151,552 --a------ C:\WINDOWS\system32\ml3050ci.exe
    2008-01-29 17:49 . 2004-10-11 13:25 57,344 --a------ C:\WINDOWS\system32\SSCoInst.dll
    2008-01-29 17:49 . 2005-12-12 07:57 57,344 --a------ C:\WINDOWS\system32\ml3050ci.dll
    2008-01-29 17:49 . 2006-01-02 06:26 22,663 --a------ C:\WINDOWS\system32\SUGO1LMK.DLL
    2008-01-29 17:49 . 2006-10-31 02:53 11,502 --------- C:\WINDOWS\Dr. Printer Icon.ico
    2008-01-29 17:49 . 2006-01-18 08:02 555 --a------ C:\WINDOWS\system32\sugo1lmk.smt
    2008-01-29 17:47 . 2008-01-29 17:47 <DIR> d-------- C:\WINDOWS\system32\drivers\Samsung
    2008-01-29 17:47 . 2008-01-29 17:47 <DIR> d-------- C:\Programmi\Samsung
    2008-01-29 17:47 . 2006-06-12 02:06 41,984 --------- C:\WINDOWS\system32\drivers\DGIVECP.SYS
    2008-01-26 11:52 . 2008-01-26 11:54 <DIR> d-------- C:\Programmi\EPSON
    2008-01-26 11:52 . 2008-01-26 11:52 <DIR> d-------- C:\epson
    2008-01-26 11:52 . 2002-10-08 02:34 73,676 --a------ C:\WINDOWS\system32\EBPMON2.DLL
    2008-01-26 11:52 . 2002-07-31 02:25 61,440 --a------ C:\WINDOWS\system32\ECBTEG.DLL
    2008-01-26 11:52 . 2000-06-07 01:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
    2008-01-26 11:52 . 2001-09-04 02:04 182 --a------ C:\WINDOWS\system32\EBPPORT.DAT
    2008-01-26 11:49 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-01-26 11:49 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-01-25 10:54 . 2008-02-05 05:28 244 --ah----- C:\sqmnoopt02.sqm
    2008-01-25 10:54 . 2008-02-05 05:28 232 --ah----- C:\sqmdata02.sqm
    2008-01-25 10:53 . 2008-01-25 10:53 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Enterbrain
    2008-01-25 10:49 . 2004-09-20 03:14 1,468,416 --a------ C:\WINDOWS\system32\RGSS100J.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-08 14:47 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
    2008-02-07 21:23 40,448 ----a-w C:\WINDOWS\system32\NTSpool.exe
    2008-02-07 16:31 --------- d--h--w C:\Programmi\InstallShield Installation Information
    2008-02-07 09:33 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\CyberLink
    2008-02-07 09:26 --------- d-----w C:\Programmi\CyberLink
    2008-02-07 09:23 --------- d-----w C:\Programmi\File comuni\InstallShield
    2008-02-04 16:26 --------- d-----w C:\Programmi\File comuni\Adobe
    2008-02-04 16:12 --------- d-----w C:\Programmi\Corel
    2008-02-04 12:34 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2008-02-03 19:36 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Apple Computer
    2008-01-23 16:59 --------- d-----w C:\Programmi\DivX
    2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-01-01 14:43 --------- d-----w C:\Programmi\Microsoft AutoRoute
    2008-01-01 13:31 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink
    2007-12-31 14:47 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\CyberLink
    2007-12-30 18:05 --------- d-----w C:\Programmi\Java
    2007-12-30 18:04 --------- d-----w C:\Programmi\File comuni\Java
    2007-12-28 20:10 --------- d-----w C:\Programmi\7-Zip
    2007-12-28 08:54 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\DivX
    2007-12-27 17:31 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\InstallShield Installation Information
    2007-12-27 17:19 --------- d-----w C:\Programmi\AGEIA Technologies
    2007-12-27 17:17 --------- d-----w C:\Programmi\DAEMON Tools Pro
    2007-12-27 16:43 --------- d-----w C:\Programmi\Winamp
    2007-12-26 20:26 --------- d-----w C:\Programmi\QuickTime
    2007-12-26 20:26 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
    2007-12-26 20:25 --------- d-----w C:\Programmi\Apple Software Update
    2007-12-26 20:24 --------- d-----w C:\Programmi\File comuni\Apple
    2007-12-26 20:24 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
    2007-12-26 20:05 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Leadertech
    2007-12-26 20:04 --------- d-----w C:\Programmi\Executive Software
    2007-12-26 20:01 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Nero
    2007-12-26 17:21 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-12-26 17:13 --------- d-----w C:\Programmi\Nero
    2007-12-26 17:13 --------- d-----w C:\Programmi\File comuni\Nero
    2007-12-26 17:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
    2007-12-26 17:05 --------- d-----w C:\Programmi\Ahead
    2007-12-26 16:59 --------- d-----w C:\Programmi\MSN Messenger
    2007-12-26 16:52 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\DAEMON Tools Pro
    2007-12-26 16:52 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\DAEMON Tools Pro
    2007-12-26 16:22 --------- d-----w C:\Programmi\Creative
    2007-12-26 16:21 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
    2007-12-26 16:21 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
    2007-12-26 16:21 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Creative
    2007-12-26 16:19 --------- d-----w C:\Programmi\Alice ti aiuta
    2007-12-26 15:40 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\InstallShield
    2007-12-26 15:40 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Corel
    2007-12-26 15:24 --------- d-----w C:\Programmi\MSXML 6.0
    2007-12-26 15:20 --------- d-----w C:\Programmi\MSXML 4.0
    2007-12-26 14:49 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet
    2007-12-26 14:48 --------- d-----w C:\Programmi\File comuni\Macrovision Shared
    2007-12-26 14:33 --------- d-----w C:\Programmi\Microsoft.NET
    2007-12-26 14:01 --------- d-----w C:\Programmi\Alwil Software
    2007-12-26 12:40 --------- d-----w C:\Programmi\ATI Technologies
    2007-12-26 12:19 --------- d-----w C:\Programmi\File comuni\SpeechEngines
    2007-12-26 12:19 --------- d-----w C:\Programmi\File comuni\ODBC
    2007-12-26 11:43 --------- d-----w C:\Programmi\Pirelli
    2007-12-26 11:42 155,995 ----a-w C:\WINDOWS\java\Packages\4MNTB1VZ.ZIP
    2007-12-26 11:42 --------- d-----w C:\Programmi\File comuni\Motive
    2007-12-26 11:42 --------- d-----w C:\Programmi\Common Files
    2007-12-26 11:41 --------- d-----w C:\Programmi\Telecom Italia
    2007-12-26 11:27 --------- d-----w C:\Programmi\Servizi in linea
    2007-12-26 11:26 --------- d-----w C:\Programmi\File comuni\MSSoap
    2007-12-26 11:25 --------- d-----w C:\Programmi\Windows Media Connect 2
    2007-12-05 13:17 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
    2007-12-05 03:05 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
    2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
    2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
    2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
    2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
    2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
    2007-12-05 02:54 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
    2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
    2007-12-05 02:53 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
    2007-12-05 02:48 9,535,488 ----a-w C:\WINDOWS\system32\atioglx2.dll
    2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\system32\ati3duag.dll
    2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll
    2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
    2007-12-05 02:19 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
    2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
    2007-12-05 02:14 180,224 ----a-w C:\WINDOWS\system32\atiok3x2.dll
    2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
    2007-11-29 22:30 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
    .

    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* i valori vuoti & legittimi/default non sono visualizzati.

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42A44A09-3A1E-4BA2-B14C-D8398E0C3317}]
    C:\WINDOWS\system32\byxxyay.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACAB9237-124B-437B-B51E-3E3FC7C4F3DD}]
    C:\WINDOWS\system32\vtstt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8CDF0B6-A3C3-4ABC-BBCA-EA772B562921}]
    C:\WINDOWS\system32\efcaxww.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-10-23 14:18 202024]
    "DAEMON Tools Pro Agent "= "C:\Programmi\DAEMON Tools Pro\DTProAgent.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acrobat Assistant 8.0 "= "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]
    "ISUSPM Startup "= "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
    "ISUSScheduler "= "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
    "CTHelper "= "CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
    "CTxfiHlp "= "CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
    "NeroFilterCheck "= "C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
    "DiskeeperSystray "= "C:\Programmi\Executive Software\Diskeeper\DkIcon.exe" [2004-10-04 19:53 176216]
    "QuickTime Task "= "C:\Programmi\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
    "SunJavaUpdateSched "= "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "RemoteControl "= "C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
    "PrevxCSI "= "C:\Programmi\PrevxCSI\prevxcsi.exe" [ ]
    "AVP "= "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_3 "= "advpack.dll" [2007-10-11 00:49 124928 C:\WINDOWS\system32\advpack.dll]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
    "NTSpool "= NTSpool.exe

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{42A44A09-3A1E-4BA2-B14C-D8398E0C3317} "= C:\WINDOWS\system32\byxxyay.dll [ ]
    "{C8CDF0B6-A3C3-4ABC-BBCA-EA772B562921} "= C:\WINDOWS\system32\efcaxww.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxyay]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyyxv]
    byxyyxv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcaxww]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqonm]
    urqqonm.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywvuv]
    yaywvuv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
    backup=C:\WINDOWS\pss\Alice ti aiuta.lnkCommon Startup
    path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
    C:\Programmi\Spyware Doctor\pctsTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
    --a------ 2007-02-15 03:00 520192 C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

    S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys []
    S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
    S3 usb_rndis;Pirelli Alice Gate 2 plus USB;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 22:04]
    S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    .
    Contenuto della cartella 'Scheduled Tasks'
    "2008-02-09 22:24:05 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job "
    - C:\Programmi\RegistrySmart\RegistrySmart.ex
    - C:\Programmi\RegistrySmart
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-10 21:17:17
    Windows 5.1.2600 Service Pack 2 NTFS

    scansione processi nascosti ...

    scansione entrate autostart nascoste ...

    Scansione files nascosti ...

    Scansione completata con successo
    Files nascosti: 0

    **************************************************************************
    .
    Ora fine scansione: 2008-02-10 21:17:54
    ComboFix-quarantined-files.txt 2008-02-10 20:17:50



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21.21.25, on 10/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Programmi\Executive Software\Diskeeper\DkService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
    C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
    C:\Programmi\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
    C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {42A44A09-3A1E-4BA2-B14C-D8398E0C3317} - C:\WINDOWS\system32\byxxyay.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {ACAB9237-124B-437B-B51E-3E3FC7C4F3DD} - C:\WINDOWS\system32\vtstt.dll (file missing)
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {C8CDF0B6-A3C3-4ABC-BBCA-EA772B562921} - C:\WINDOWS\system32\efcaxww.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Executive Software\Diskeeper\DkIcon.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [PrevxCSI] "C:\Programmi\PrevxCSI\prevxcsi.exe" -boot
    O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe "
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programmi\DAEMON Tools Pro\DTProAgent.exe "
    O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
    O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
    O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198672302882
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198672275944
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O20 - Winlogon Notify: byxxyay - C:\WINDOWS\
    O20 - Winlogon Notify: byxyyxv - byxyyxv.dll (file missing)
    O20 - Winlogon Notify: efcaxww - C:\WINDOWS\
    O20 - Winlogon Notify: urqqonm - urqqonm.dll (file missing)
    O20 - Winlogon Notify: yaywvuv - yaywvuv.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe

    --
    End of file - 9757 bytes
     
  5. 2008/02/12
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    My apologies for the delayed reply. Please look in C: and C:\quoobox for a file named ComboFix-quarantined-files.txt and post it's contents for me.

    Delete the ComboFix.exe file you currently have and download a fresh copy from here, saving it to your desktop.

    Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42A44A09-3A1E-4BA2-B14C-D8398E0C3317}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACAB9237-124B-437B-B51E-3E3FC7C4F3DD}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8CDF0B6-A3C3-4ABC-BBCA-EA772B562921}]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
     "NTSpool "=-
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
     "{42A44A09-3A1E-4BA2-B14C-D8398E0C3317} "=-
     "{C8CDF0B6-A3C3-4ABC-BBCA-EA772B562921} "=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxyay]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyyxv]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcaxww]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqonm]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywvuv]
    
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.
     
  6. 2008/02/13
    Fanti86

    Fanti86 Inactive Thread Starter

    Joined:
    2008/02/09
    Messages:
    6
    Likes Received:
    0
    Thanks again.

    2008-01-16 14:27 37888 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nnliigg.dll.vir
    2008-01-16 14:28 25088 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winahr32.dll.vir
    2008-01-17 17:22 157 --a------ C:\Qoobox\Quarantine\catchme.log
    2008-01-17 17:22 28421 --a------ C:\Qoobox\Quarantine\catchme2008-01-17_172509.62.zip
    2008-01-17 17:23 2801 --a------ C:\Qoobox\Quarantine\C\ComboFix\errdbg.dat.vir
    2008-01-30 15:52 87608 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Dati applicazioni\inst.exe.vir
    2008-02-08 11:00 217176 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\svvwa.ini2.vir
    2008-02-08 17:08 212466 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\aybeg.ini2.vir
    2008-02-08 18:39 233892 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ututv.ini2.vir
    2008-02-09 21:17 215706 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ybeeg.ini.vir
    2008-02-09 21:23 215706 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ybeeg.ini2.vir
    2008-02-10 00:26 473 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ttstv.ini.vir
    2008-02-10 00:28 209565 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ttstv.ini2.vir



    ComboFix 08-02-13.2 - Administrator 2008-02-13 13:16:34.6 - NTFSx86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.809 [GMT 1:00]
    Eseguito da: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Creati Da 2008-01-13 al 2008-02-13 )))))))))))))))))))))))))))))))))))
    .

    2008-02-10 00:56 . 2008-02-10 00:56 <DIR> d-------- C:\Programmi\Trend Micro
    2008-02-10 00:13 . 2008-02-13 13:02 3,229,216 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-02-10 00:13 . 2008-02-10 00:21 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2008-02-10 00:13 . 2008-02-10 00:21 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2008-02-10 00:13 . 2008-02-12 22:13 46,556 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-02-10 00:12 . 2008-02-10 00:12 <DIR> d-------- C:\Programmi\Kaspersky Lab
    2008-02-10 00:12 . 2008-02-13 12:55 70,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-02-10 00:12 . 2008-02-12 22:13 9,044 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-02-10 00:10 . 2008-02-10 00:10 <DIR> d-------- C:\KAV
    2008-02-09 23:23 . 2008-02-09 23:24 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\RegistrySmart
    2008-02-09 21:41 . 2008-02-09 21:41 <DIR> d-------- C:\Program Files
    2008-02-09 20:23 . 2008-02-09 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
    2008-02-09 14:55 . 2008-02-13 13:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
    2008-02-09 11:36 . 2008-02-09 12:02 <DIR> d-------- C:\VundoFix Backups
    2008-02-08 16:50 . 2008-02-08 16:50 <DIR> dr------- C:\Documents and Settings\NetworkService\Preferiti
    2008-02-07 11:20 . 2008-02-07 11:20 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\CyberLink
    2008-02-07 10:35 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
    2008-02-07 10:35 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\dllcache\61883.sys
    2008-02-07 10:35 . 2004-08-03 23:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
    2008-02-07 10:35 . 2004-08-03 23:10 38,912 --a------ C:\WINDOWS\system32\dllcache\avc.sys
    2008-02-05 05:04 . 2008-02-05 05:04 244 --ah----- C:\sqmnoopt19.sqm
    2008-02-05 05:04 . 2008-02-05 05:04 232 --ah----- C:\sqmdata19.sqm
    2008-02-05 05:01 . 2008-02-05 05:01 244 --ah----- C:\sqmnoopt18.sqm
    2008-02-05 05:01 . 2008-02-05 05:01 232 --ah----- C:\sqmdata18.sqm
    2008-02-05 04:52 . 2008-02-05 04:52 244 --ah----- C:\sqmnoopt17.sqm
    2008-02-05 04:52 . 2008-02-05 04:52 232 --ah----- C:\sqmdata17.sqm
    2008-02-05 04:39 . 2008-02-05 04:39 244 --ah----- C:\sqmnoopt16.sqm
    2008-02-05 04:39 . 2008-02-05 04:39 232 --ah----- C:\sqmdata16.sqm
    2008-02-05 04:38 . 2008-02-05 04:38 244 --ah----- C:\sqmnoopt15.sqm
    2008-02-05 04:38 . 2008-02-05 04:38 232 --ah----- C:\sqmdata15.sqm
    2008-02-05 04:34 . 2008-02-05 04:34 244 --ah----- C:\sqmnoopt14.sqm
    2008-02-05 04:34 . 2008-02-05 04:34 232 --ah----- C:\sqmdata14.sqm
    2008-02-05 04:21 . 2008-02-05 04:21 244 --ah----- C:\sqmnoopt13.sqm
    2008-02-05 04:21 . 2008-02-05 04:21 232 --ah----- C:\sqmdata13.sqm
    2008-02-05 04:10 . 2008-02-11 15:00 268 --ah----- C:\sqmdata12.sqm
    2008-02-05 04:10 . 2008-02-11 15:00 244 --ah----- C:\sqmnoopt12.sqm
    2008-02-05 03:59 . 2008-02-09 22:49 268 --ah----- C:\sqmdata11.sqm
    2008-02-05 03:59 . 2008-02-09 22:49 244 --ah----- C:\sqmnoopt11.sqm
    2008-02-05 03:43 . 2008-02-05 07:15 244 --ah----- C:\sqmnoopt10.sqm
    2008-02-05 03:43 . 2008-02-05 07:15 232 --ah----- C:\sqmdata10.sqm
    2008-02-05 03:39 . 2008-02-05 07:05 244 --ah----- C:\sqmnoopt09.sqm
    2008-02-05 03:39 . 2008-02-05 07:05 232 --ah----- C:\sqmdata09.sqm
    2008-02-05 03:36 . 2008-02-05 06:37 244 --ah----- C:\sqmnoopt08.sqm
    2008-02-05 03:36 . 2008-02-05 06:37 232 --ah----- C:\sqmdata08.sqm
    2008-02-05 03:10 . 2008-02-05 06:26 244 --ah----- C:\sqmnoopt07.sqm
    2008-02-05 03:10 . 2008-02-05 06:26 232 --ah----- C:\sqmdata07.sqm
    2008-02-05 03:03 . 2008-02-05 06:24 244 --ah----- C:\sqmnoopt06.sqm
    2008-02-05 03:03 . 2008-02-05 06:24 232 --ah----- C:\sqmdata06.sqm
    2008-02-05 01:18 . 2008-02-05 06:09 244 --ah----- C:\sqmnoopt05.sqm
    2008-02-05 01:18 . 2008-02-05 06:09 232 --ah----- C:\sqmdata05.sqm
    2008-02-05 00:15 . 2008-02-10 00:36 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
    2008-02-05 00:15 . 2008-02-05 00:15 37,888 --a------ C:\WINDOWS\system32\rar.exe
    2008-02-05 00:15 . 2008-02-05 05:44 244 --ah----- C:\sqmnoopt04.sqm
    2008-02-05 00:15 . 2008-02-05 05:44 232 --ah----- C:\sqmdata04.sqm
    2008-02-03 20:29 . 2004-08-19 15:39 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2008-02-03 20:29 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-02-03 20:29 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-02-03 20:29 . 2001-08-30 23:07 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2008-02-03 19:21 . 2008-02-05 05:30 244 --ah----- C:\sqmnoopt03.sqm
    2008-02-03 19:21 . 2008-02-05 05:30 232 --ah----- C:\sqmdata03.sqm
    2008-01-30 17:36 . 2008-01-30 17:36 <DIR> d-------- C:\Programmi\Webteh
    2008-01-30 17:36 . 2008-01-30 17:37 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\BSplayer Pro
    2008-01-30 15:36 . 2008-01-30 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\vsosdk
    2008-01-30 14:04 . 2008-01-30 14:04 56 -r-hs---- C:\WINDOWS\system32\FA08B46944.sys
    2008-01-30 13:58 . 2008-01-30 15:52 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Vso
    2008-01-30 13:58 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
    2008-01-30 13:58 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
    2008-01-30 13:58 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
    2008-01-30 13:58 . 2008-01-30 13:58 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
    2008-01-30 13:58 . 2008-01-30 15:52 47,360 --a------ C:\Documents and Settings\Administrator\Dati applicazioni\pcouffin.sys
    2008-01-30 13:57 . 2008-01-30 15:53 <DIR> d-------- C:\Programmi\VSO
    2008-01-29 17:51 . 2008-01-29 17:51 <DIR> d-------- C:\WINDOWS\Samsung
    2008-01-29 17:51 . 2007-04-24 09:53 471,040 --a------ C:\WINDOWS\ssndii.exe
    2008-01-29 17:51 . 2005-01-24 03:15 65,536 --a------ C:\WINDOWS\system32\ssdevm.dll
    2008-01-29 17:51 . 2004-02-04 06:24 49,152 --a------ C:\WINDOWS\system32\ssusbpn.dll
    2008-01-29 17:51 . 2003-04-18 08:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
    2008-01-29 17:51 . 2000-08-03 17:52 21,776 --a------ C:\WINDOWS\system32\msxml2a.dll
    2008-01-29 17:49 . 2006-09-29 07:30 172,032 --a------ C:\WINDOWS\system32\SecSNMP.dll
    2008-01-29 17:49 . 2005-03-03 05:32 151,552 --a------ C:\WINDOWS\system32\SSCoInst.exe
    2008-01-29 17:49 . 2005-12-12 07:56 151,552 --a------ C:\WINDOWS\system32\ml3050ci.exe
    2008-01-29 17:49 . 2004-10-11 13:25 57,344 --a------ C:\WINDOWS\system32\SSCoInst.dll
    2008-01-29 17:49 . 2005-12-12 07:57 57,344 --a------ C:\WINDOWS\system32\ml3050ci.dll
    2008-01-29 17:49 . 2006-01-02 06:26 22,663 --a------ C:\WINDOWS\system32\SUGO1LMK.DLL
    2008-01-29 17:49 . 2006-10-31 02:53 11,502 --------- C:\WINDOWS\Dr. Printer Icon.ico
    2008-01-29 17:49 . 2006-01-18 08:02 555 --a------ C:\WINDOWS\system32\sugo1lmk.smt
    2008-01-29 17:47 . 2008-01-29 17:47 <DIR> d-------- C:\WINDOWS\system32\drivers\Samsung
    2008-01-29 17:47 . 2008-01-29 17:47 <DIR> d-------- C:\Programmi\Samsung
    2008-01-29 17:47 . 2006-06-12 02:06 41,984 --------- C:\WINDOWS\system32\drivers\DGIVECP.SYS
    2008-01-26 11:52 . 2008-01-26 11:54 <DIR> d-------- C:\Programmi\EPSON
    2008-01-26 11:52 . 2008-01-26 11:52 <DIR> d-------- C:\epson
    2008-01-26 11:52 . 2002-10-08 02:34 73,676 --a------ C:\WINDOWS\system32\EBPMON2.DLL
    2008-01-26 11:52 . 2002-07-31 02:25 61,440 --a------ C:\WINDOWS\system32\ECBTEG.DLL
    2008-01-26 11:52 . 2000-06-07 01:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
    2008-01-26 11:52 . 2001-09-04 02:04 182 --a------ C:\WINDOWS\system32\EBPPORT.DAT
    2008-01-26 11:49 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-01-26 11:49 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-01-25 10:54 . 2008-02-05 05:28 244 --ah----- C:\sqmnoopt02.sqm
    2008-01-25 10:54 . 2008-02-05 05:28 232 --ah----- C:\sqmdata02.sqm
    2008-01-25 10:53 . 2008-01-25 10:53 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Enterbrain
    2008-01-25 10:49 . 2004-09-20 03:14 1,468,416 --a------ C:\WINDOWS\system32\RGSS100J.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-08 14:47 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
    2008-02-07 21:23 40,448 ----a-w C:\WINDOWS\system32\NTSpool.exe
    2008-02-07 16:31 --------- d--h--w C:\Programmi\InstallShield Installation Information
    2008-02-07 09:33 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\CyberLink
    2008-02-07 09:26 --------- d-----w C:\Programmi\CyberLink
    2008-02-07 09:23 --------- d-----w C:\Programmi\File comuni\InstallShield
    2008-02-04 16:26 --------- d-----w C:\Programmi\File comuni\Adobe
    2008-02-04 16:12 --------- d-----w C:\Programmi\Corel
    2008-02-04 12:34 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2008-02-03 19:36 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Apple Computer
    2008-01-23 16:59 --------- d-----w C:\Programmi\DivX
    2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-01-01 14:43 --------- d-----w C:\Programmi\Microsoft AutoRoute
    2008-01-01 13:31 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink
    2007-12-31 14:47 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\CyberLink
    2007-12-30 18:05 --------- d-----w C:\Programmi\Java
    2007-12-30 18:04 --------- d-----w C:\Programmi\File comuni\Java
    2007-12-28 20:10 --------- d-----w C:\Programmi\7-Zip
    2007-12-28 08:54 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\DivX
    2007-12-27 17:31 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\InstallShield Installation Information
    2007-12-27 17:19 --------- d-----w C:\Programmi\AGEIA Technologies
    2007-12-27 17:17 --------- d-----w C:\Programmi\DAEMON Tools Pro
    2007-12-27 16:43 --------- d-----w C:\Programmi\Winamp
    2007-12-26 20:26 --------- d-----w C:\Programmi\QuickTime
    2007-12-26 20:26 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
    2007-12-26 20:25 --------- d-----w C:\Programmi\Apple Software Update
    2007-12-26 20:24 --------- d-----w C:\Programmi\File comuni\Apple
    2007-12-26 20:24 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
    2007-12-26 20:05 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Leadertech
    2007-12-26 20:04 --------- d-----w C:\Programmi\Executive Software
    2007-12-26 20:01 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Nero
    2007-12-26 17:21 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-12-26 17:13 --------- d-----w C:\Programmi\Nero
    2007-12-26 17:13 --------- d-----w C:\Programmi\File comuni\Nero
    2007-12-26 17:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
    2007-12-26 17:05 --------- d-----w C:\Programmi\Ahead
    2007-12-26 16:59 --------- d-----w C:\Programmi\MSN Messenger
    2007-12-26 16:52 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\DAEMON Tools Pro
    2007-12-26 16:52 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\DAEMON Tools Pro
    2007-12-26 16:22 --------- d-----w C:\Programmi\Creative
    2007-12-26 16:21 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
    2007-12-26 16:21 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
    2007-12-26 16:21 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Creative
    2007-12-26 16:19 --------- d-----w C:\Programmi\Alice ti aiuta
    2007-12-26 15:40 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\InstallShield
    2007-12-26 15:40 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Corel
    2007-12-26 15:24 --------- d-----w C:\Programmi\MSXML 6.0
    2007-12-26 15:20 --------- d-----w C:\Programmi\MSXML 4.0
    2007-12-26 14:49 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet
    2007-12-26 14:48 --------- d-----w C:\Programmi\File comuni\Macrovision Shared
    2007-12-26 14:33 --------- d-----w C:\Programmi\Microsoft.NET
    2007-12-26 14:01 --------- d-----w C:\Programmi\Alwil Software
    2007-12-26 12:40 --------- d-----w C:\Programmi\ATI Technologies
    2007-12-26 12:19 --------- d-----w C:\Programmi\File comuni\SpeechEngines
    2007-12-26 12:19 --------- d-----w C:\Programmi\File comuni\ODBC
    2007-12-26 11:43 --------- d-----w C:\Programmi\Pirelli
    2007-12-26 11:42 155,995 ----a-w C:\WINDOWS\java\Packages\4MNTB1VZ.ZIP
    2007-12-26 11:42 --------- d-----w C:\Programmi\File comuni\Motive
    2007-12-26 11:42 --------- d-----w C:\Programmi\Common Files
    2007-12-26 11:41 --------- d-----w C:\Programmi\Telecom Italia
    2007-12-26 11:27 --------- d-----w C:\Programmi\Servizi in linea
    2007-12-26 11:26 --------- d-----w C:\Programmi\File comuni\MSSoap
    2007-12-26 11:25 --------- d-----w C:\Programmi\Windows Media Connect 2
    2007-12-05 13:17 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
    2007-12-05 03:05 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
    2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
    2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
    2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
    2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
    2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
    2007-12-05 02:54 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
    2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
    2007-12-05 02:53 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
    2007-12-05 02:48 9,535,488 ----a-w C:\WINDOWS\system32\atioglx2.dll
    2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\system32\ati3duag.dll
    2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll
    2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
    2007-12-05 02:19 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
    2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
    2007-12-05 02:14 180,224 ----a-w C:\WINDOWS\system32\atiok3x2.dll
    2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
    2007-11-29 22:30 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
    .

    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* i valori vuoti & legittimi/default non sono visualizzati.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-10-23 14:18 202024]
    "DAEMON Tools Pro Agent "= "C:\Programmi\DAEMON Tools Pro\DTProAgent.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acrobat Assistant 8.0 "= "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]
    "ISUSPM Startup "= "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
    "ISUSScheduler "= "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
    "CTHelper "= "CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
    "CTxfiHlp "= "CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
    "NeroFilterCheck "= "C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
    "DiskeeperSystray "= "C:\Programmi\Executive Software\Diskeeper\DkIcon.exe" [2004-10-04 19:53 176216]
    "QuickTime Task "= "C:\Programmi\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
    "SunJavaUpdateSched "= "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "RemoteControl "= "C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
    "PrevxCSI "= "C:\Programmi\PrevxCSI\prevxcsi.exe" [ ]
    "AVP "= "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_3 "= "advpack.dll" [2007-10-11 00:49 124928 C:\WINDOWS\system32\advpack.dll]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
    backup=C:\WINDOWS\pss\Alice ti aiuta.lnkCommon Startup
    path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
    C:\Programmi\Spyware Doctor\pctsTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
    --a------ 2007-02-15 03:00 520192 C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

    S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys []
    S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
    S3 usb_rndis;Pirelli Alice Gate 2 plus USB;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 22:04]
    S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    .
    Contenuto della cartella 'Scheduled Tasks'
    "2008-02-11 02:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job "
    - C:\Programmi\RegistrySmart\RegistrySmart.ex
    - C:\Programmi\RegistrySmart
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-13 13:18:53
    Windows 5.1.2600 Service Pack 2 NTFS

    scansione processi nascosti ...

    scansione entrate autostart nascoste ...

    Scansione files nascosti ...

    Scansione completata con successo
    Files nascosti: 0

    **************************************************************************
    .
    Ora fine scansione: 2008-02-13 13:19:30
    ComboFix-quarantined-files.txt 2008-02-13 12:19:26
     
  7. 2008/02/15
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks great! Please delete the following file.

    C:\WINDOWS\system32\NTSpool.exe

    Now, download Dr.Web CureIt, saving the file to your desktop.
    • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
    • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, mark the drives that you want to scan.
    • Select all drives. A red dot shows which drives have been chosen.
    • Click the green arrow at the right, and the scan will start.
    • Click 'Yes to all' if it asks if you want to cure/move the file.
    • When the scan has finished, in the menu, click file and choose save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.

    Post the contents of the Dr. Web report here please.
     
  8. 2008/02/16
    Fanti86

    Fanti86 Inactive Thread Starter

    Joined:
    2008/02/09
    Messages:
    6
    Likes Received:
    0
    A0008862.bat C:\System Volume Information\_restore{5C3BC51D-7E89-4519-B99D-6B1EF970D01A}\RP11 Probabile BATCH.Virus
    A0008907.bat C:\System Volume Information\_restore{5C3BC51D-7E89-4519-B99D-6B1EF970D01A}\RP11 Probabile BATCH.Virus
    A0004452.bat C:\System Volume Information\_restore{5C3BC51D-7E89-4519-B99D-6B1EF970D01A}\RP8 Probabile BATCH.Virus
    A0004519.bat C:\System Volume Information\_restore{5C3BC51D-7E89-4519-B99D-6B1EF970D01A}\RP8 Probabile BATCH.Virus
    A0004564.bat C:\System Volume Information\_restore{5C3BC51D-7E89-4519-B99D-6B1EF970D01A}\RP8 Probabile BATCH.Virus
    A0004608.bat C:\System Volume Information\_restore{5C3BC51D-7E89-4519-B99D-6B1EF970D01A}\RP8 Probabile BATCH.Virus
    A0003499.exe D:\System Volume Information\_restore{5C3BC51D-7E89-4519-B99D-6B1EF970D01A}\RP7 Trojan.Popuper Cancellato.
    A0003500.exe D:\System Volume Information\_restore{5C3BC51D-7E89-4519-B99D-6B1EF970D01A}\RP7 Trojan.Popuper Cancellato.



    this is the Dr.Web report. Thanks again for your time
     
  9. 2008/02/16
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    That's great! Everything seem to be working properly?

    Lets do an online scan just to make sure we haven't missed anything. Please do an online scan with Kaspersky WebScanner

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.

    Post the Kaspersky log and one more fresh HijackThis log.
     
  10. 2008/02/16
    Fanti86

    Fanti86 Inactive Thread Starter

    Joined:
    2008/02/09
    Messages:
    6
    Likes Received:
    0
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Sunday, February 17, 2008 12:11:00 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 16/02/2008
    Kaspersky Anti-Virus database records: 569028
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\

    Scan Statistics:
    Total number of scanned objects: 103341
    Number of viruses found: 2
    Number of infected objects: 4
    Number of suspicious objects: 0
    Duration of the scan process: 02:44:11

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Impostazioni locali\Cronologia\History.IE5\MSHist012008021620080217\index.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Ahead\Nero Home\bl.db Object is locked skipped
    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Ahead\Nero Home\is2.db Object is locked skipped
    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\marco_fantinati@hotmail.com\SharingMetadata\activitylog.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\marco_fantinati@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\marco_fantinati@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\marco_fantinati@hotmail.com\SharingMetadata\Working\database_1810_B81C_10B7_FF36\dfsr.db Object is locked skipped
    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\marco_fantinati@hotmail.com\SharingMetadata\Working\database_1810_B81C_10B7_FF36\fsr.log Object is locked skipped
    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\marco_fantinati@hotmail.com\SharingMetadata\Working\database_1810_B81C_10B7_FF36\fsrtmp.log Object is locked skipped
    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\marco_fantinati@hotmail.com\SharingMetadata\Working\database_1810_B81C_10B7_FF36\tmp.edb Object is locked skipped
    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\marco_fantinati@hotmail.com\real\members.stg Object is locked skipped
    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\marco_fantinati@hotmail.com\shadow\members.stg Object is locked skipped
    C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF37B2.tmp Object is locked skipped
    C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF37C9.tmp Object is locked skipped
    C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFCE47.tmp Object is locked skipped
    C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFCE5A.tmp Object is locked skipped
    C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\02bf_Anti_Spam_eventlog.rpt Object is locked skipped
    C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\02c2_File_Monitoring_eventlog.rpt Object is locked skipped
    C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\02c3_Mail_Monitoring_eventlog.rpt Object is locked skipped
    C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\02c4_Web_Monitoring_eventlog.rpt Object is locked skipped
    C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\detected.idx Object is locked skipped
    C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked skipped
    C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\eventlog.rpt Object is locked skipped
    C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\report.rpt Object is locked skipped
    C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{5C3BC51D-7E89-4519-B99D-6B1EF970D01A}\RP14\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{F4CD7142-941B-4630-834D-8BB3C5897218}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
    C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
    C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
    C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\TEMP\Perflib_Perfdata_34c.dat Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\Nuovi Entranti\Nero.8.Ultra.Edition.v8.1.1.4.Multilingual.With.KeyGen\Nero-8.1.1.4_all_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
    D:\Nuovi Entranti\Nero.8.Ultra.Edition.v8.1.1.4.Multilingual.With.KeyGen\Nero-8.1.1.4_all_trial.exe 7-Zip: infected - 1 skipped
    D:\Nuovi Entranti\Temp\001.part Object is locked skipped
    D:\Nuovi Entranti\Temp\002.part Object is locked skipped
    D:\Nuovi Entranti\Temp\003.part Object is locked skipped
    D:\Nuovi Entranti\Temp\004.part Object is locked skipped
    D:\Nuovi Entranti\Temp\005.part Object is locked skipped
    D:\Nuovi Entranti\Temp\006.part Object is locked skipped
    D:\Nuovi Entranti\Temp\007.part Object is locked skipped
    D:\Nuovi Entranti\Temp\008.part Object is locked skipped
    D:\Nuovi Entranti\Temp\009.part Object is locked skipped
    D:\Nuovi Entranti\Temp\010.part Object is locked skipped
    D:\Nuovi Entranti\Temp\011.part Object is locked skipped
    D:\Nuovi Entranti\Temp\012.part Object is locked skipped
    D:\Nuovi Entranti\Temp\013.part Object is locked skipped
    D:\Nuovi Entranti\Temp\014.part Object is locked skipped
    D:\Nuovi Entranti\Temp\015.part Object is locked skipped
    D:\Nuovi Entranti\Temp\016.part Object is locked skipped
    D:\Nuovi Entranti\Temp\017.part Object is locked skipped
    D:\Nuovi Entranti\Temp\018.part Object is locked skipped
    D:\Nuovi Entranti\Temp\019.part Object is locked skipped
    D:\Nuovi Entranti\Temp\020.part Object is locked skipped
    D:\Nuovi Entranti\Temp\021.part Object is locked skipped
    D:\Nuovi Entranti\Temp\022.part Object is locked skipped
    D:\Nuovi Entranti\Temp\023.part Object is locked skipped
    D:\Nuovi Entranti\Temp\024.part Object is locked skipped
    D:\Nuovi Entranti\Temp\025.part Object is locked skipped
    D:\Nuovi Entranti\Temp\026.part Object is locked skipped
    D:\Nuovi Entranti\Temp\027.part Object is locked skipped
    D:\Nuovi Entranti\Temp\028.part Object is locked skipped
    D:\Nuovi Entranti\Temp\029.part Object is locked skipped
    D:\Nuovi Entranti\Temp\030.part Object is locked skipped
    D:\Nuovi Entranti\Temp\031.part Object is locked skipped
    D:\Nuovi Entranti\Temp\032.part Object is locked skipped
    D:\Nuovi Entranti\Temp\033.part Object is locked skipped
    D:\Nuovi Entranti\Temp\034.part Object is locked skipped
    D:\Nuovi Entranti\Temp\035.part Object is locked skipped
    D:\Nuovi Entranti\Temp\036.part Object is locked skipped
    D:\Nuovi Entranti\Temp\038.part Object is locked skipped
    D:\Nuovi Entranti\Temp\039.part Object is locked skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    D:\System Volume Information\_restore{5C3BC51D-7E89-4519-B99D-6B1EF970D01A}\RP14\change.log Object is locked skipped
    E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    E:\System Volume Information\_restore{5C3BC51D-7E89-4519-B99D-6B1EF970D01A}\RP12\A0009083.exe/WISE0029.BIN Infected: not-a-virus:AdWare.Win32.Gator.1012 skipped
    E:\System Volume Information\_restore{5C3BC51D-7E89-4519-B99D-6B1EF970D01A}\RP12\A0009083.exe WiseSFX: infected - 1 skipped
    E:\System Volume Information\_restore{5C3BC51D-7E89-4519-B99D-6B1EF970D01A}\RP14\change.log Object is locked skipped

    Scan process completed.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0.11.31, on 17/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Programmi\Executive Software\Diskeeper\DkService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
    C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
    C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
    C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
    C:\Programmi\MSN Messenger\usnsvc.exe
    C:\Programmi\MSN Messenger\msnmsgr.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    E:\Programmi\eMule\emule.exe
    C:\Programmi\Windows Media Player\wmplayer.exe
    C:\WINDOWS\system32\divxsm.exe
    C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Executive Software\Diskeeper\DkIcon.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [PrevxCSI] "C:\Programmi\PrevxCSI\prevxcsi.exe" -boot
    O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe "
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programmi\DAEMON Tools Pro\DTProAgent.exe "
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
    O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
    O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198672302882
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198672275944
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe

    --
    End of file - 9159 bytes
     
  11. 2008/02/16
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing the infected files there as well. The C:\Deckard's folder will be removed as well. You can delete any logs that were created/saved too.

    Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

    That should wrap things up. Your computer is now clean! Geri has posted some very helpful information and recommendations regarding future protection in the following link.

    http://www.windowsbbs.com/showthread.php?t=67958

    Surf safe!
     
  12. 2008/02/17
    Fanti86

    Fanti86 Inactive Thread Starter

    Joined:
    2008/02/09
    Messages:
    6
    Likes Received:
    0
    Thanks a lot for your help.
    I'll ask you the last thing (you told me).....how can i reset the autoplay!?

    thanks for your time
     
  13. 2008/02/17
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please check your private messages in the User Control Panel for instructions.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.