Jump to content

mrhorus87

Members
 View Profile  See their activity

  • Posts

    18

  • Joined

  • Last visited

Reputation

0 Neutral
  1. mrhorus87
    One question: If i dont'use internet my pc infected the same the other computers?
  2. mrhorus87
    OH MY GOD that's strange all seems to be fine however thanks for your help
  3. mrhorus87
    damn the kaspersky scanner has found 2700 and more infected objects O_O(i'll hosting that because it was very long)however lately my pc works very good with no spyware or pop-ups windows and it's a bit faster than before ^^ the kaspersky.txt is here http://www.fileshost.com/en/file/18980/kaspersky-txt.html and this is the hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13.10.58, on 29/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Symantec Shared\ccProxy.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Programmi\CyberLink\Shared files\RichVideo.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\PD\shwicon.exe C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programmi\Analog Devices\SoundMAX\Smax4.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Macrogaming\SweetIM\SweetIM.exe D:\Programmi\spfprc.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing) O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [showIcon_The Company_USB Flash HDD Series Driver v1.17r022] C:\Programmi\PD\shwicon.exe -t"The Company\USB Flash HDD Series Driver v1.17r022" O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ClamWin] Z:\Programmi\ClamWin\bin\ClamTray.exe --logon O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [spywarefighterguard] D:\Programmi\spftray.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [bitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BitDefender for MSN Messenger.lnk = ? O4 - Global Startup: BitDefender_P2P_Startup.lnk = C:\WINDOWS\BitDefender_P2P_Startup.exe O4 - Global Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm O8 - Extra context menu item: Stampa ad alta velocit
  4. mrhorus87
    ok here the logs ComboFix 07-11-19.3 - Fujitsu Siemens 2007-11-28 12.41.29.7 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.535 [GMT 1:00] Executed from: C:\Documents and Settings\Fujitsu Siemens\Desktop\ComboFix(1).exe Command switches used :: C:\Documents and Settings\Fujitsu Siemens\Desktop\CFScript.txt * Created new Restore Point FILE C:\WINDOWS\system32\aifsbgrv.ini C:\WINDOWS\system32\cxrxglax.exe C:\WINDOWS\system32\gyailght.ini C:\WINDOWS\system32\mbirxekg.dll C:\WINDOWS\system32\vturspo.dll C:\WINDOWS\system32\wtobxeaa.dll . ((((((((((((((((((((((((((((((((((((( Other removals ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\aifsbgrv.ini C:\WINDOWS\system32\cxrxglax.exe C:\WINDOWS\system32\gyailght.ini C:\WINDOWS\system32\mbirxekg.dll C:\WINDOWS\system32\vturspo.dll C:\WINDOWS\system32\wtobxeaa.dll . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))))))) . 2007-11-28 11:29 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-11-26 10:13 <DIR> d-------- C:\NoLopBackups 2007-11-21 11:23 <DIR> d-------- C:\VundoFix Backups 2007-11-21 11:11 <DIR> d-------- C:\Deckard 2007-11-21 10:43 <DIR> d-------- C:\WINDOWS\ERUNT 2007-11-21 10:30 <DIR> d-------- C:\Programmi\Trend Micro 2007-11-21 09:51 403,968 --a------ C:\HijackThis.exe 2007-11-20 18:16 <DIR> d-------- C:\Downloads 2007-11-20 13:48 <DIR> d-------- C:\Programmi\ProtezionefiData 2007-11-20 13:48 <DIR> d-------- C:\Programmi\File comuni\ProtezionefiData 2007-11-20 13:48 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\ProtezionefiData 2007-11-13 00:07 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Nokia Multimedia Player 2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Phone Browser 2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Datalayer 2007-11-12 22:39 <DIR> d-------- C:\Programmi\DIFX 2007-11-12 22:38 <DIR> d-------- C:\Programmi\File comuni\Nokia 2007-11-12 22:37 <DIR> d-------- C:\Programmi\Nokia 2007-11-12 22:37 <DIR> d-------- C:\Programmi\File comuni\PCSuite 2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\PC Suite 2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite 2007-11-12 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations 2007-11-08 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy 2007-11-07 14:02 <DIR> d-------- C:\Programmi\File comuni\Application 2007-11-06 15:09 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\.clamwin 2007-11-06 15:08 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin 2007-10-30 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-28 11:44 --------- d-----w C:\Programmi\RSSoft 2007-11-27 17:32 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\MegauploadToolbar 2007-11-25 23:05 --------- d-----w C:\Programmi\FlashGet 2007-11-24 21:33 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Vso 2007-11-19 22:31 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Metacafe 2007-11-19 22:31 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Metacafe 2007-11-07 19:43 --------- d-----w C:\Programmi\MSN Messenger 2007-11-06 20:10 --------- d--h--w C:\Programmi\InstallShield Installation Information 2007-11-06 20:10 --------- d-----w C:\Programmi\ATI Technologies 2007-11-06 14:10 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\.clamwin 2007-11-06 12:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7 2007-11-05 14:35 --------- d-----w C:\Programmi\MediaCoder 2007-10-30 21:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion 2007-10-30 10:35 --------- d-----w C:\Programmi\Yahoo! 2007-10-25 21:38 --------- d-----w C:\Programmi\SWFPlayer 2007-10-25 14:48 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Azureus 2007-10-20 11:26 --------- d-----w C:\Programmi\SuperAVConverter 2007-10-07 11:54 --------- d-----w C:\Programmi\Java 2007-09-21 13:13 43,640 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\GDIPFONTCACHEV1.DAT 2007-08-30 21:24 186 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\wklnhst.dat 2007-06-11 10:41 3,655,608 ----a-w C:\Programmi\FLV PlayerRCATSetup.exe 2007-06-11 10:41 25,990,392 ----a-w C:\Programmi\FLV PlayerRCSetup.exe 2007-02-08 19:31 13,195 ----a-w C:\Documents and Settings\Fujitsu Siemens\zguicfgw.dat 2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll 2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll . ((((((((((((((((((((((((((((( snapshot@2007-11-21_23.15.50.92 ))))))))))))))))))))))))))))))))))))))))) . + 2007-02-22 22:41:12 304,544 ----a-w C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll + 2007-02-28 13:21:04 131,472 ----a-w C:\WINDOWS\Downloaded Program Files\msgrchkr.dll - 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE + 2007-03-13 09:57:10 174,080 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE - 2007-11-21 22:14:15 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2007-11-28 11:46:49 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2007-11-21 22:14:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat + 2007-11-28 11:46:49 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat - 2007-11-21 22:14:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat + 2007-11-28 11:46:49 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat + 2005-04-07 18:47:16 58,536 ---ha-w C:\WINDOWS\system32\lssas.exe . ((((((((((((((((((((((((((((((((((((( Points Reg Uploaded )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty values & legitimate / default are not displayed. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{355B9837-EB83-4884-ABE3-ED4384710DF0}] C:\WINDOWS\system32\geedc.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00] "NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" [] "FAST Defrag"="" [] "BitTorrent"="C:\Programmi\BitTorrent\bittorrent.exe" [2006-11-01 01:34] "swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 20:22] "SweetIM"="C:\Programmi\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53] "StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35] "Yahoo! Pager"="~C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" [] "igfxsvc"="C:\WINDOWS\system32\igfxsvc.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2005-05-09 16:57] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10] "iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-02-23 15:45] "ShowIcon_The Company_USB Flash HDD Series Driver v1.17r022"="C:\Programmi\PD\shwicon.exe" [2003-01-27 16:20] "SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11] "SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41] "TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2006-12-08 21:41] "RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57] "LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29] "QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-06-03 13:42] "Red Swoosh"="C:\Programmi\RSSoft\RedSwoosh.exe" [2006-08-14 22:47] "YeppStudioAgent"="C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-10-11 11:11] "DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2005-12-10 15:57] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-18 07:48] "ClamWin"="Z:\Programmi\ClamWin\bin\ClamTray.exe" [] "ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05] "spywarefighterguard"="D:\Programmi\spftray.exe" [2007-06-08 11:52] "PCSuiteTrayApplication"="D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36] "Adobe Photo Downloader"="D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 18:41] "Windows Explorer"="C:\WINDOWS\system32\explorer.exe" [] "405ff918"="C:\WINDOWS\system32\wtobxeaa.dll" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-04-18 07:48] C:\Documents and Settings\Fujitsu Siemens\Menu Avvio\Programmi\Esecuzione automatica\ Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50] Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46] C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-01-20 13:10:36] Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06] BitDefender for MSN Messenger.lnk - C:\Programmi\Softwin\BitDefender for MSN Messenger\msnmon.exe~ [2007-04-01 08:34:45] BitDefender_P2P_Startup.lnk - C:\WINDOWS\BitDefender_P2P_Startup.exe [2007-04-01 08:34:45] Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46] Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcuujcjn] fcuujcjn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igaohzao] igaohzao.dll R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe -k NetworkService R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S3 cusbohcn;cusbohcn;\??\C:\DOCUME~1\FUJITS~1\IMPOST~1\Temp\cusbohcn.sys S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe S3 FreshIO;FreshIO;\??\C:\Programmi\FreshDevices\FreshDiagnose\FreshIO.sys S3 OSCI_DRVNT;OSCI_DRVNT;\??\C:\WINDOWS\System32\Drivers\OSCI_DRVNT.sys S3 SIVDRIVER;SIV Kernel Driver;\??\C:\WINDOWS\system32\Drivers\SIVX32.sys S3 SpyFighter;SpyFighter Guard Device;\??\D:\Programmi\spyfighter.sys S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys S3 Useless;Absolutely Useless LED Keyboard Control;\??\Z:\Programmi\KEngine\Dll\Useless.sys Start Pending3 SPYWAREfighterRP;SPYWAREfighterRP;"D:\Programmi\spfprc.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\autorun.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-28 12:47:23 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile Scanning processes hidden ... Scanning autostart entries hidden ... Scanning files hidden ... Scanning completed successfully Hidden Files: 0 ************************************************************************** . End Time scan: 2007-11-28 12:50:00 - machine was rebooted C:\ComboFix2.txt ... 2007-11-27 19:00 C:\ComboFix3.txt ... 2007-11-26 10:09 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13.01.24, on 28/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccProxy.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Programmi\CyberLink\Shared files\RichVideo.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\PD\shwicon.exe C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programmi\Analog Devices\SoundMAX\Smax4.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe C:\Programmi\RSSoft\RedSwoosh.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\system32\wscntfy.exe D:\Programmi\spfprc.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {355B9837-EB83-4884-ABE3-ED4384710DF0} - C:\WINDOWS\system32\geedc.dll (file missing) O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing) O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [showIcon_The Company_USB Flash HDD Series Driver v1.17r022] C:\Programmi\PD\shwicon.exe -t"The Company\USB Flash HDD Series Driver v1.17r022" O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ClamWin] Z:\Programmi\ClamWin\bin\ClamTray.exe --logon O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [spywarefighterguard] D:\Programmi\spftray.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\system32\explorer.exe O4 - HKLM\..\Run: [405ff918] rundll32.exe "C:\WINDOWS\system32\wtobxeaa.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [bitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BitDefender for MSN Messenger.lnk = ? O4 - Global Startup: BitDefender_P2P_Startup.lnk = C:\WINDOWS\BitDefender_P2P_Startup.exe O4 - Global Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm O8 - Extra context menu item: Stampa ad alta velocit
  5. mrhorus87
    ok these are the logs ComboFix 07-11-19.3 - Fujitsu Siemens 2007-11-27 18.47.49.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.582 [GMT 1:00] Executed from: C:\Documents and Settings\Fujitsu Siemens\Desktop\ComboFix(1).exe Command switches used :: C:\Documents and Settings\Fujitsu Siemens\Desktop\CFScript.txt * Created new Restore Point FILE C:\WINDOWS\system32\arxt.exe C:\WINDOWS\system32\awtuvwu.dll C:\WINDOWS\system32\ayxrdpw.exe C:\WINDOWS\system32\bvlqt.exe C:\WINDOWS\system32\cbxyvtq.dll C:\WINDOWS\system32\cbyyjjw.exe C:\WINDOWS\system32\CmdLineExt03.dll C:\WINDOWS\system32\cuah.exe C:\WINDOWS\system32\cwujlm.exe C:\WINDOWS\system32\cxrxglax.e C:\WINDOWS\system32\cyij.exe C:\WINDOWS\system32\drivers\sptd3661.sys C:\WINDOWS\system32\dtoo.exe C:\WINDOWS\system32\dxasqpx.exe C:\WINDOWS\system32\esqoozjp.exe C:\WINDOWS\system32\ewjsswar.exe C:\WINDOWS\system32\ftbqk.exe C:\WINDOWS\system32\gbziuz.exe C:\WINDOWS\system32\gfxybwy.exe C:\WINDOWS\system32\guqhq.exe C:\WINDOWS\system32\hbmcbgf.exe C:\WINDOWS\system32\hfeb.exe C:\WINDOWS\system32\hggfdbb.dll C:\WINDOWS\system32\hiqp.exe C:\WINDOWS\system32\hjjlm.ini C:\WINDOWS\system32\hjjlm.ini2 C:\WINDOWS\system32\hnaxcq.exe C:\WINDOWS\system32\hpwmvuw.exe C:\WINDOWS\system32\hxyabmd.exe C:\WINDOWS\system32\kdqjcfbu.dll C:\WINDOWS\system32\kxuelypx.dll C:\WINDOWS\system32\legfade.exe C:\WINDOWS\system32\ljjgfgh.dll C:\WINDOWS\system32\lkexkvf.exe C:\WINDOWS\system32\lrrxdcm.exe C:\WINDOWS\system32\lvzv.exe C:\WINDOWS\system32\mbgl.exe C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mhhmzp.exe C:\WINDOWS\system32\mljggge.dll C:\WINDOWS\system32\mljiggh.dll C:\WINDOWS\system32\mljjh.dll C:\WINDOWS\system32\mljkjgh.dll C:\WINDOWS\system32\nrirsro.exe C:\WINDOWS\system32\nxmwxm.exe C:\WINDOWS\system32\oaucn.exe C:\WINDOWS\system32\ofcbaaym.exe C:\WINDOWS\system32\orsad.exe C:\WINDOWS\system32\owtvumxf.exe C:\WINDOWS\system32\pfrviaxv.dll C:\WINDOWS\system32\pmnonll.dll C:\WINDOWS\system32\pvmyh.exe C:\WINDOWS\system32\rthlcdhx.exe C:\WINDOWS\system32\rzyqjex.exe C:\WINDOWS\system32\sbxw.exe C:\WINDOWS\system32\scqqix.exe C:\WINDOWS\system32\syejcby.exe C:\WINDOWS\system32\tcayf.exe C:\WINDOWS\system32\thgliayg.dll C:\WINDOWS\system32\tmkzxd.exe C:\WINDOWS\system32\tmqc.exe C:\WINDOWS\system32\tsxjixbv.exe C:\WINDOWS\system32\tuvwvtq.dll C:\WINDOWS\system32\twxzae.exe C:\WINDOWS\system32\ubfcjqdk.ini C:\WINDOWS\system32\ufxzkg.exe C:\WINDOWS\system32\uhtrebt.exe C:\WINDOWS\system32\unpr.sys C:\WINDOWS\system32\urqqolk.dll C:\WINDOWS\system32\vebejhwv.ini C:\WINDOWS\system32\vsplqhe.exe C:\WINDOWS\system32\vtursp C:\WINDOWS\system32\vtusrsr.dll C:\WINDOWS\system32\vtuttut.dll C:\WINDOWS\system32\vtuvvvu.dll C:\WINDOWS\system32\vtuvvwu.dll C:\WINDOWS\system32\wmezja.exe C:\WINDOWS\system32\wvuttus.dll C:\WINDOWS\system32\wvuvwxu.dll C:\WINDOWS\system32\xfaus.exe C:\WINDOWS\system32\xhfdo.exe C:\WINDOWS\system32\xpxi.exe C:\WINDOWS\system32\ymifpgqf.exe C:\WINDOWS\system32\zerk.exe C:\WINDOWS\system32\zthuwns.exe C:\WINDOWS\system32\zutdqrmk.exe . Unable to gain privileges System ((((((((((((((((((((((((((((((((((((( Other removals ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\__c00EDC9.dat C:\WINDOWS\system32\arxt.exe C:\WINDOWS\system32\awtuvwu.dll C:\WINDOWS\system32\ayxrdpw.exe C:\WINDOWS\system32\bvlqt.exe C:\WINDOWS\system32\cbxyvtq.dll C:\WINDOWS\system32\cbyyjjw.exe C:\WINDOWS\system32\CmdLineExt03.dll C:\WINDOWS\system32\cuah.exe C:\WINDOWS\system32\cwujlm.exe C:\WINDOWS\system32\cyij.exe C:\WINDOWS\system32\drivers\sptd3661.sys C:\WINDOWS\system32\dtoo.exe C:\WINDOWS\system32\dxasqpx.exe C:\WINDOWS\system32\esqoozjp.exe C:\WINDOWS\system32\ewjsswar.exe C:\WINDOWS\system32\ftbqk.exe C:\WINDOWS\system32\gbziuz.exe C:\WINDOWS\system32\gebyy.dll C:\WINDOWS\system32\gfxybwy.exe C:\WINDOWS\system32\guqhq.exe C:\WINDOWS\system32\hbmcbgf.exe C:\WINDOWS\system32\hfeb.exe C:\WINDOWS\system32\hggfdbb.dll C:\WINDOWS\system32\hiqp.exe C:\WINDOWS\system32\hnaxcq.exe C:\WINDOWS\system32\hpwmvuw.exe C:\WINDOWS\system32\hxyabmd.exe C:\WINDOWS\system32\kdqjcfbu.dll C:\WINDOWS\system32\kxuelypx.dll C:\WINDOWS\system32\legfade.exe C:\WINDOWS\system32\lkexkvf.exe C:\WINDOWS\system32\lrrxdcm.exe C:\WINDOWS\system32\lvzv.exe C:\WINDOWS\system32\mbgl.exe C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mhhmzp.exe C:\WINDOWS\system32\mljggge.dll C:\WINDOWS\system32\mljiggh.dll C:\WINDOWS\system32\mljkjgh.dll C:\WINDOWS\system32\mprrtfkp.dll C:\WINDOWS\system32\nrirsro.exe C:\WINDOWS\system32\nxmwxm.exe C:\WINDOWS\system32\oaucn.exe C:\WINDOWS\system32\ofcbaaym.exe C:\WINDOWS\system32\orsad.exe C:\WINDOWS\system32\owtvumxf.exe C:\WINDOWS\system32\pfrviaxv.dll C:\WINDOWS\system32\pmnonll.dll C:\WINDOWS\system32\pvmyh.exe C:\WINDOWS\system32\rthlcdhx.exe C:\WINDOWS\system32\rzyqjex.exe C:\WINDOWS\system32\sbxw.exe C:\WINDOWS\system32\scqqix.exe C:\WINDOWS\system32\syejcby.exe C:\WINDOWS\system32\tcayf.exe C:\WINDOWS\system32\thgliayg.dll C:\WINDOWS\system32\tmkzxd.exe C:\WINDOWS\system32\tmqc.exe C:\WINDOWS\system32\tsxjixbv.exe C:\WINDOWS\system32\twxzae.exe C:\WINDOWS\system32\ubfcjqdk.ini C:\WINDOWS\system32\ufxzkg.exe C:\WINDOWS\system32\uhtrebt.exe C:\WINDOWS\system32\unpr.sys C:\WINDOWS\system32\urqqolk.dll C:\WINDOWS\system32\vebejhwv.ini C:\WINDOWS\system32\vsplqhe.exe C:\WINDOWS\system32\vtuttut.dll C:\WINDOWS\system32\vtuvvvu.dll C:\WINDOWS\system32\wmezja.exe C:\WINDOWS\system32\wvuvwxu.dll C:\WINDOWS\system32\xfaus.exe C:\WINDOWS\system32\xhfdo.exe C:\WINDOWS\system32\xpxi.exe C:\WINDOWS\system32\ymifpgqf.exe C:\WINDOWS\system32\yybeg.ini C:\WINDOWS\system32\yybeg.ini2 C:\WINDOWS\system32\zerk.exe C:\WINDOWS\system32\zthuwns.exe C:\WINDOWS\system32\zutdqrmk.exe . ((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 ))))))))))))))))))))))))))))))))))) . 2007-11-27 10:33 78,912 --a------ C:\WINDOWS\system32\mbirxekg.dll 2007-11-27 10:30 85,056 --a------ C:\WINDOWS\system32\wtobxeaa.dll 2007-11-26 10:13 <DIR> d-------- C:\NoLopBackups 2007-11-26 00:00 777,998 --ahs---- C:\WINDOWS\system32\gyailght.ini 2007-11-24 16:10 11,148 --a------ C:\WINDOWS\system32\cxrxglax.exe 2007-11-23 11:25 35,328 --a------ C:\WINDOWS\system32\vturspo.dll 2007-11-21 11:23 <DIR> d-------- C:\VundoFix Backups 2007-11-21 11:11 <DIR> d-------- C:\Deckard 2007-11-21 10:43 <DIR> d-------- C:\WINDOWS\ERUNT 2007-11-21 10:30 <DIR> d-------- C:\Programmi\Trend Micro 2007-11-21 09:51 403,968 --a------ C:\HijackThis.exe 2007-11-20 18:16 <DIR> d-------- C:\Downloads 2007-11-20 13:48 <DIR> d-------- C:\Programmi\ProtezionefiData 2007-11-20 13:48 <DIR> d-------- C:\Programmi\File comuni\ProtezionefiData 2007-11-20 13:48 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\ProtezionefiData 2007-11-13 00:07 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Nokia Multimedia Player 2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Phone Browser 2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Datalayer 2007-11-12 22:39 <DIR> d-------- C:\Programmi\DIFX 2007-11-12 22:38 <DIR> d-------- C:\Programmi\File comuni\Nokia 2007-11-12 22:37 <DIR> d-------- C:\Programmi\Nokia 2007-11-12 22:37 <DIR> d-------- C:\Programmi\File comuni\PCSuite 2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\PC Suite 2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite 2007-11-12 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations 2007-11-09 10:31 958,204 --ahs---- C:\WINDOWS\system32\aifsbgrv.ini 2007-11-08 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy 2007-11-07 14:02 <DIR> d-------- C:\Programmi\File comuni\Application 2007-11-06 15:09 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\.clamwin 2007-11-06 15:08 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin 2007-11-06 14:12 624,640 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-11-06 14:12 98,304 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-10-30 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-27 17:58 --------- d-----w C:\Programmi\RSSoft 2007-11-27 17:32 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\MegauploadToolbar 2007-11-25 23:05 --------- d-----w C:\Programmi\FlashGet 2007-11-24 21:33 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Vso 2007-11-19 22:31 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Metacafe 2007-11-19 22:31 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Metacafe 2007-11-07 19:43 --------- d-----w C:\Programmi\MSN Messenger 2007-11-06 20:10 --------- d--h--w C:\Programmi\InstallShield Installation Information 2007-11-06 20:10 --------- d-----w C:\Programmi\ATI Technologies 2007-11-06 14:10 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\.clamwin 2007-11-06 12:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7 2007-11-05 14:35 --------- d-----w C:\Programmi\MediaCoder 2007-10-30 21:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion 2007-10-30 10:35 --------- d-----w C:\Programmi\Yahoo! 2007-10-25 21:38 --------- d-----w C:\Programmi\SWFPlayer 2007-10-25 14:48 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Azureus 2007-10-20 11:26 --------- d-----w C:\Programmi\SuperAVConverter 2007-10-07 11:54 --------- d-----w C:\Programmi\Java 2007-09-21 13:13 43,640 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\GDIPFONTCACHEV1.DAT 2007-08-30 21:24 186 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\wklnhst.dat 2007-06-11 10:41 3,655,608 ----a-w C:\Programmi\FLV PlayerRCATSetup.exe 2007-06-11 10:41 25,990,392 ----a-w C:\Programmi\FLV PlayerRCSetup.exe 2007-02-08 19:31 13,195 ----a-w C:\Documents and Settings\Fujitsu Siemens\zguicfgw.dat 2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll 2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll . ((((((((((((((((((((((((((((( snapshot@2007-11-21_23.15.50.92 ))))))))))))))))))))))))))))))))))))))))) . + 2007-02-22 22:41:12 304,544 ----a-w C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll + 2007-02-28 13:21:04 131,472 ----a-w C:\WINDOWS\Downloaded Program Files\msgrchkr.dll - 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE + 2007-03-13 09:57:10 174,080 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE - 2007-11-21 22:14:15 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2007-11-27 17:57:15 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2007-11-21 22:14:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat + 2007-11-27 17:57:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat - 2007-11-21 22:14:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat + 2007-11-27 17:57:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat + 2005-04-07 18:47:16 58,536 ---ha-w C:\WINDOWS\system32\lssas.exe . ((((((((((((((((((((((((((((((((((((( Points Reg Uploaded )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty values & legitimate / default are not displayed. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{355B9837-EB83-4884-ABE3-ED4384710DF0}] C:\WINDOWS\system32\geedc.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9e110fd4-7213-485a-8b49-786d87f6d21b}] 2007-11-27 10:33 78912 --a------ C:\WINDOWS\system32\mbirxekg.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00] "NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" [] "FAST Defrag"="" [] "BitTorrent"="C:\Programmi\BitTorrent\bittorrent.exe" [2006-11-01 01:34] "swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 20:22] "SweetIM"="C:\Programmi\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53] "StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35] "Yahoo! Pager"="~C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" [] "igfxsvc"="C:\WINDOWS\system32\igfxsvc.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2005-05-09 16:57] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10] "iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-02-23 15:45] "ShowIcon_The Company_USB Flash HDD Series Driver v1.17r022"="C:\Programmi\PD\shwicon.exe" [2003-01-27 16:20] "SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11] "SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41] "TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2006-12-08 21:41] "RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57] "LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29] "QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-06-03 13:42] "Red Swoosh"="C:\Programmi\RSSoft\RedSwoosh.exe" [2006-08-14 22:47] "YeppStudioAgent"="C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-10-11 11:11] "DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2005-12-10 15:57] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-18 07:48] "ClamWin"="Z:\Programmi\ClamWin\bin\ClamTray.exe" [] "ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05] "spywarefighterguard"="D:\Programmi\spftray.exe" [2007-06-08 11:52] "PCSuiteTrayApplication"="D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36] "Adobe Photo Downloader"="D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 18:41] "Windows Explorer"="C:\WINDOWS\system32\explorer.exe" [] "405ff918"="C:\WINDOWS\system32\wtobxeaa.dll" [2007-11-27 10:30] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-04-18 07:48] C:\Documents and Settings\Fujitsu Siemens\Menu Avvio\Programmi\Esecuzione automatica\ Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50] Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46] C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-01-20 13:10:36] Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06] BitDefender for MSN Messenger.lnk - C:\Programmi\Softwin\BitDefender for MSN Messenger\msnmon.exe~ [2007-04-01 08:34:45] BitDefender_P2P_Startup.lnk - C:\WINDOWS\BitDefender_P2P_Startup.exe [2007-04-01 08:34:45] Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46] Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcuujcjn] fcuujcjn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igaohzao] igaohzao.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebyy.dll R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe -k NetworkService R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys R3 SpyFighter;SpyFighter Guard Device;\??\D:\Programmi\spyfighter.sys R3 SPYWAREfighterRP;SPYWAREfighterRP;"D:\Programmi\spfprc.exe" R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S3 cusbohcn;cusbohcn;\??\C:\DOCUME~1\FUJITS~1\IMPOST~1\Temp\cusbohcn.sys S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe S3 FreshIO;FreshIO;\??\C:\Programmi\FreshDevices\FreshDiagnose\FreshIO.sys S3 OSCI_DRVNT;OSCI_DRVNT;\??\C:\WINDOWS\System32\Drivers\OSCI_DRVNT.sys S3 SIVDRIVER;SIV Kernel Driver;\??\C:\WINDOWS\system32\Drivers\SIVX32.sys S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys S3 Useless;Absolutely Useless LED Keyboard Control;\??\Z:\Programmi\KEngine\Dll\Useless.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\autorun.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-27 18:57:47 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile Scanning processes hidden ... Scanning autostart entries hidden ... Scanning files hidden ... Scanning completed successfully Hidden Files: 0 ************************************************************************** . End Time scan: 2007-11-27 19:00:03 - machine was rebooted C:\ComboFix2.txt ... 2007-11-26 10:09 C:\ComboFix3.txt ... 2007-11-24 23:42 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19.08.15, on 27/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programmi\File comuni\Symantec Shared\ccProxy.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\PD\shwicon.exe C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programmi\Analog Devices\SoundMAX\Smax4.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe C:\Programmi\RSSoft\RedSwoosh.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\CyberLink\Shared files\RichVideo.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Macrogaming\SweetIM\SweetIM.exe C:\Programmi\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe D:\Programmi\spfprc.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {355B9837-EB83-4884-ABE3-ED4384710DF0} - C:\WINDOWS\system32\geedc.dll (file missing) O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: {b12d6f78-d687-94b8-a584-31274df011e9} - {9e110fd4-7213-485a-8b49-786d87f6d21b} - C:\WINDOWS\system32\mbirxekg.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing) O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [showIcon_The Company_USB Flash HDD Series Driver v1.17r022] C:\Programmi\PD\shwicon.exe -t"The Company\USB Flash HDD Series Driver v1.17r022" O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ClamWin] Z:\Programmi\ClamWin\bin\ClamTray.exe --logon O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [spywarefighterguard] D:\Programmi\spftray.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\system32\explorer.exe O4 - HKLM\..\Run: [405ff918] rundll32.exe "C:\WINDOWS\system32\wtobxeaa.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [bitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BitDefender for MSN Messenger.lnk = ? O4 - Global Startup: BitDefender_P2P_Startup.lnk = C:\WINDOWS\BitDefender_P2P_Startup.exe O4 - Global Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm O8 - Extra context menu item: Stampa ad alta velocit
  6. mrhorus87
    ok but the only antivirus i have is avg i dont'know because i have traces of the other two in my pc however these are the logs ComboFix 07-11-19.3 - Fujitsu Siemens 2007-11-26 9.55.30.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.515 [GMT 1:00] Executed from: C:\Documents and Settings\Fujitsu Siemens\Desktop\ComboFix(1).exe Command switches used :: C:\Documents and Settings\Fujitsu Siemens\Desktop\CFScript.txt * Created new Restore Point . Unable to gain privileges System ((((((((((((((((((((((((((((((((((((( Other removals ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\hjjlm.ini C:\WINDOWS\system32\hjjlm.ini2 C:\WINDOWS\system32\ljjgfgh.dll C:\WINDOWS\system32\mljjh.dll C:\WINDOWS\system32\tuvwvtq.dll C:\WINDOWS\system32\vtusrsr.dll C:\WINDOWS\system32\vtuvvwu.dll C:\WINDOWS\system32\wvuttus.dll . ((((((((((((((((((((((((( Files Created from 2007-10-26 to 2007-11-26 ))))))))))))))))))))))))))))))))))) . 2007-11-25 23:59 85,056 --a------ C:\WINDOWS\system32\thgliayg.dll 2007-11-25 23:59 38,373 --a------ C:\WINDOWS\system32\legfade.exe 2007-11-25 23:59 31,622 --a------ C:\WINDOWS\system32\uhtrebt.exe 2007-11-25 23:59 15,785 --a------ C:\WINDOWS\system32\tmqc.exe 2007-11-25 20:27 39,424 --a------ C:\WINDOWS\system32\cbxyvtq.dll 2007-11-25 20:27 31,622 --a------ C:\WINDOWS\system32\nrirsro.exe 2007-11-25 20:27 15,785 --a------ C:\WINDOWS\system32\cuah.exe 2007-11-25 15:30 38,373 --a------ C:\WINDOWS\system32\mhhmzp.exe 2007-11-25 15:30 31,622 --a------ C:\WINDOWS\system32\zutdqrmk.exe 2007-11-25 11:27 15,785 --a------ C:\WINDOWS\system32\zthuwns.exe 2007-11-25 11:11 15,785 --a------ C:\WINDOWS\system32\dtoo.exe 2007-11-25 11:07 39,424 --a------ C:\WINDOWS\system32\mljiggh.dll 2007-11-25 11:06 38,373 --a------ C:\WINDOWS\system32\esqoozjp.exe 2007-11-25 11:06 31,622 --a------ C:\WINDOWS\system32\tmkzxd.exe 2007-11-25 11:06 31,622 --a------ C:\WINDOWS\system32\tcayf.exe 2007-11-25 11:06 15,785 --a------ C:\WINDOWS\system32\syejcby.exe 2007-11-24 23:45 39,424 --a------ C:\WINDOWS\system32\mljggge.dll 2007-11-24 23:45 38,373 --a------ C:\WINDOWS\system32\cyij.exe 2007-11-24 21:07 39,424 --a------ C:\WINDOWS\system32\awtuvwu.dll 2007-11-24 21:07 15,785 --a------ C:\WINDOWS\system32\hpwmvuw.exe 2007-11-24 17:28 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-11-24 16:34 11,148 --a------ C:\WINDOWS\system32\mbgl.exe 2007-11-24 16:10 38,373 --a------ C:\WINDOWS\system32\bvlqt.exe 2007-11-24 16:10 35,328 --a------ C:\WINDOWS\system32\urqqolk.dll 2007-11-24 16:10 31,622 --a------ C:\WINDOWS\system32\dxasqpx.exe 2007-11-24 16:10 11,148 --a------ C:\WINDOWS\system32\cxrxglax.exe 2007-11-24 12:09 2,417,105 --ahs---- C:\WINDOWS\system32\ubfcjqdk.ini 2007-11-24 12:09 85,056 --a------ C:\WINDOWS\system32\kdqjcfbu.dll 2007-11-24 12:06 81,472 --a------ C:\WINDOWS\system32\kxuelypx.dll 2007-11-23 22:39 11,148 --a------ C:\WINDOWS\system32\hxyabmd.exe 2007-11-23 21:59 39,424 --a------ C:\WINDOWS\system32\mljkjgh.dll 2007-11-23 21:59 31,622 --a------ C:\WINDOWS\system32\ufxzkg.exe 2007-11-23 21:59 31,622 --a------ C:\WINDOWS\system32\cbyyjjw.exe 2007-11-23 21:59 15,785 --a------ C:\WINDOWS\system32\ayxrdpw.exe 2007-11-23 21:59 11,148 --a------ C:\WINDOWS\system32\cwujlm.exe 2007-11-23 21:32 15,785 --a------ C:\WINDOWS\system32\twxzae.exe 2007-11-23 15:42 11,148 --a------ C:\WINDOWS\system32\tsxjixbv.exe 2007-11-23 15:16 15,785 --a------ C:\WINDOWS\system32\lkexkvf.exe 2007-11-23 11:48 1,539 --a------ C:\WINDOWS\system32\lvzv.exe 2007-11-23 11:48 1,539 --a------ C:\WINDOWS\system32\lrrxdcm.exe 2007-11-23 11:25 15,785 --a------ C:\WINDOWS\system32\nxmwxm.exe 2007-11-21 11:23 <DIR> d-------- C:\VundoFix Backups 2007-11-21 11:11 <DIR> d-------- C:\Deckard 2007-11-21 10:43 <DIR> d-------- C:\WINDOWS\ERUNT 2007-11-21 10:30 <DIR> d-------- C:\Programmi\Trend Micro 2007-11-21 09:51 403,968 --a------ C:\HijackThis.exe 2007-11-20 18:16 <DIR> d-------- C:\Downloads 2007-11-20 13:48 <DIR> d-------- C:\Programmi\ProtezionefiData 2007-11-20 13:48 <DIR> d-------- C:\Programmi\File comuni\ProtezionefiData 2007-11-20 13:48 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\ProtezionefiData 2007-11-13 00:07 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Nokia Multimedia Player 2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Phone Browser 2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Datalayer 2007-11-12 22:39 <DIR> d-------- C:\Programmi\DIFX 2007-11-12 22:38 <DIR> d-------- C:\Programmi\File comuni\Nokia 2007-11-12 22:37 <DIR> d-------- C:\Programmi\Nokia 2007-11-12 22:37 <DIR> d-------- C:\Programmi\File comuni\PCSuite 2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\PC Suite 2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite 2007-11-12 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations 2007-11-11 14:15 2,432 --a------ C:\WINDOWS\system32\unpr.sys 2007-11-09 21:39 987,698 --ahs---- C:\WINDOWS\system32\vebejhwv.ini 2007-11-08 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy 2007-11-07 14:02 <DIR> d-------- C:\Programmi\File comuni\Application 2007-11-06 15:09 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\.clamwin 2007-11-06 15:08 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin 2007-11-06 14:12 24,304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-30 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-26 09:02 --------- d-----w C:\Programmi\RSSoft 2007-11-26 08:51 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\MegauploadToolbar 2007-11-25 23:05 --------- d-----w C:\Programmi\FlashGet 2007-11-25 23:00 39,424 ----a-w C:\WINDOWS\system32\wvuvwxu.dll 2007-11-25 22:59 79,936 ----a-w C:\WINDOWS\system32\pfrviaxv.dll 2007-11-25 22:59 31,622 ----a-w C:\WINDOWS\system32\gbziuz.exe 2007-11-25 22:22 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2007-11-25 19:27 38,373 ----a-w C:\WINDOWS\system32\owtvumxf.exe 2007-11-25 19:27 31,622 ----a-w C:\WINDOWS\system32\orsad.exe 2007-11-25 14:30 39,424 ----a-w C:\WINDOWS\system32\pmnonll.dll 2007-11-25 14:30 31,622 ----a-w C:\WINDOWS\system32\xpxi.exe 2007-11-25 14:30 15,785 ----a-w C:\WINDOWS\system32\sbxw.exe 2007-11-24 23:12 15,785 ----a-w C:\WINDOWS\system32\ftbqk.exe 2007-11-24 22:45 15,785 ----a-w C:\WINDOWS\system32\gfxybwy.exe 2007-11-24 21:33 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Vso 2007-11-24 20:07 38,373 ----a-w C:\WINDOWS\system32\hbmcbgf.exe 2007-11-24 15:10 31,622 ----a-w C:\WINDOWS\system32\pvmyh.exe 2007-11-24 15:10 15,785 ----a-w C:\WINDOWS\system32\rzyqjex.exe 2007-11-24 11:03 38,373 ----a-w C:\WINDOWS\system32\scqqix.exe 2007-11-24 11:03 35,328 ----a-w C:\WINDOWS\system32\vtuttut.dll 2007-11-24 11:03 31,622 ----a-w C:\WINDOWS\system32\xhfdo.exe 2007-11-24 11:03 31,622 ----a-w C:\WINDOWS\system32\oaucn.exe 2007-11-24 11:03 15,785 ----a-w C:\WINDOWS\system32\ymifpgqf.exe 2007-11-24 11:03 11,148 ----a-w C:\WINDOWS\system32\xfaus.exe 2007-11-23 20:59 38,373 ----a-w C:\WINDOWS\system32\ofcbaaym.exe 2007-11-23 20:24 11,148 ----a-w C:\WINDOWS\system32\hfeb.exe 2007-11-23 20:16 39,424 ----a-w C:\WINDOWS\system32\vtuvvvu.dll 2007-11-23 20:16 38,373 ----a-w C:\WINDOWS\system32\arxt.exe 2007-11-23 20:16 31,622 ----a-w C:\WINDOWS\system32\hnaxcq.exe 2007-11-23 20:16 31,622 ----a-w C:\WINDOWS\system32\ewjsswar.exe 2007-11-23 20:16 15,785 ----a-w C:\WINDOWS\system32\guqhq.exe 2007-11-23 20:16 11,148 ----a-w C:\WINDOWS\system32\wmezja.exe 2007-11-23 14:42 15,785 ----a-w C:\WINDOWS\system32\rthlcdhx.exe 2007-11-23 14:16 38,373 ----a-w C:\WINDOWS\system32\zerk.exe 2007-11-23 14:16 34,304 ----a-w C:\WINDOWS\system32\hggfdbb.dll 2007-11-23 14:16 11,148 ----a-w C:\WINDOWS\system32\vsplqhe.exe 2007-11-23 10:25 35,328 ----a-w C:\WINDOWS\system32\vturspo.dll 2007-11-23 10:25 11,148 ----a-w C:\WINDOWS\system32\hiqp.exe 2007-11-19 22:31 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Metacafe 2007-11-19 22:31 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Metacafe 2007-11-07 19:43 --------- d-----w C:\Programmi\MSN Messenger 2007-11-07 12:52 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3661.sys 2007-11-06 20:10 --------- d--h--w C:\Programmi\InstallShield Installation Information 2007-11-06 20:10 --------- d-----w C:\Programmi\ATI Technologies 2007-11-06 14:10 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\.clamwin 2007-11-06 12:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7 2007-11-05 14:35 --------- d-----w C:\Programmi\MediaCoder 2007-10-30 21:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion 2007-10-30 10:35 --------- d-----w C:\Programmi\Yahoo! 2007-10-25 21:38 --------- d-----w C:\Programmi\SWFPlayer 2007-10-25 14:48 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Azureus 2007-10-20 11:26 --------- d-----w C:\Programmi\SuperAVConverter 2007-10-07 11:54 --------- d-----w C:\Programmi\Java 2007-09-21 13:13 43,640 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\GDIPFONTCACHEV1.DAT 2007-08-30 21:24 186 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\wklnhst.dat 2007-06-11 10:41 3,655,608 ----a-w C:\Programmi\FLV PlayerRCATSetup.exe 2007-06-11 10:41 25,990,392 ----a-w C:\Programmi\FLV PlayerRCSetup.exe 2007-02-08 19:31 13,195 ----a-w C:\Documents and Settings\Fujitsu Siemens\zguicfgw.dat 2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll 2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll . ((((((((((((((((((((((((((((( snapshot@2007-11-21_23.15.50.92 ))))))))))))))))))))))))))))))))))))))))) . + 2007-02-22 22:41:12 304,544 ----a-w C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll + 2007-02-28 13:21:04 131,472 ----a-w C:\WINDOWS\Downloaded Program Files\msgrchkr.dll - 2007-11-21 22:14:15 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2007-11-26 09:04:59 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2007-11-21 22:14:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat + 2007-11-26 09:04:59 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat - 2007-11-21 22:14:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat + 2007-11-26 09:04:59 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat + 2005-04-07 18:47:16 58,536 ---ha-w C:\WINDOWS\system32\lssas.exe . ((((((((((((((((((((((((((((((((((((( Points Reg Uploaded )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty values & legitimate / default are not displayed. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{355B9837-EB83-4884-ABE3-ED4384710DF0}] C:\WINDOWS\system32\geedc.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8578d516-a4e2-44f2-9e86-ed6f1def53b1}] 2007-11-25 23:59 79936 --a------ C:\WINDOWS\system32\pfrviaxv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}] 2007-11-24 12:03 35328 --a------ C:\WINDOWS\system32\vtuttut.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00] "NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" [] "FAST Defrag"="" [] "BitTorrent"="C:\Programmi\BitTorrent\bittorrent.exe" [2006-11-01 01:34] "swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 20:22] "Drawtool"="C:\DOCUME~1\FUJITS~1\DATIAP~1\BODYOK~1\Loud memo.exe" [] "SweetIM"="C:\Programmi\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53] "StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35] "Yahoo! Pager"="~C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" [] "spoolw"="C:\WINDOWS\system32\spoolw.exe" [] "igfxsvc"="C:\WINDOWS\system32\igfxsvc.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2005-05-09 16:57] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10] "iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-02-23 15:45] "ShowIcon_The Company_USB Flash HDD Series Driver v1.17r022"="C:\Programmi\PD\shwicon.exe" [2003-01-27 16:20] "SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11] "SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41] "TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2006-12-08 21:41] "RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57] "LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29] "QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-06-03 13:42] "Red Swoosh"="C:\Programmi\RSSoft\RedSwoosh.exe" [2006-08-14 22:47] "YeppStudioAgent"="C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-10-11 11:11] "DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2005-12-10 15:57] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-18 07:48] "ClamWin"="Z:\Programmi\ClamWin\bin\ClamTray.exe" [] "ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05] "spywarefighterguard"="D:\Programmi\spftray.exe" [2007-06-08 11:52] "PCSuiteTrayApplication"="D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36] "Adobe Photo Downloader"="D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 18:41] "NvGraphicsInterface"="C:\WINDOWS\system32\owtvumxf.exe" [2007-11-25 20:27] "Windows Logon Application"="C:\WINDOWS\system32\winIogon.exe" [] "Advanced DHTML Enable"="C:\WINDOWS\system32\dxasqpx.exe" [2007-11-24 16:11] "Windows Explorer"="C:\WINDOWS\system32\explorer.exe" [] "405ff918"="C:\WINDOWS\system32\thgliayg.dll" [2007-11-25 23:59] "Local Security Authority Service"="C:\WINDOWS\system32\lssas.exe" [2005-04-07 19:47] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-04-18 07:48] C:\Documents and Settings\Fujitsu Siemens\Menu Avvio\Programmi\Esecuzione automatica\ Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50] Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46] C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-01-20 13:10:36] Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06] BitDefender for MSN Messenger.lnk - C:\Programmi\Softwin\BitDefender for MSN Messenger\msnmon.exe~ [2007-04-01 08:34:45] BitDefender_P2P_Startup.lnk - C:\WINDOWS\BitDefender_P2P_Startup.exe [2007-04-01 08:34:45] Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46] Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04] [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{BCC73622-F72D-4277-803C-D65565A0947F}"= C:\WINDOWS\system32\vtuttut.dll [2007-11-24 12:03 35328] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcuujcjn] fcuujcjn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igaohzao] igaohzao.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuttut] vtuttut.dll 2007-11-24 12:03 35328 C:\WINDOWS\system32\vtuttut.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljjh.dll R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe -k NetworkService R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys R3 SpyFighter;SpyFighter Guard Device;\??\D:\Programmi\spyfighter.sys R3 SPYWAREfighterRP;SPYWAREfighterRP;"D:\Programmi\spfprc.exe" R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S3 cusbohcn;cusbohcn;\??\C:\DOCUME~1\FUJITS~1\IMPOST~1\Temp\cusbohcn.sys S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe S3 FreshIO;FreshIO;\??\C:\Programmi\FreshDevices\FreshDiagnose\FreshIO.sys S3 OSCI_DRVNT;OSCI_DRVNT;\??\C:\WINDOWS\System32\Drivers\OSCI_DRVNT.sys S3 SIVDRIVER;SIV Kernel Driver;\??\C:\WINDOWS\system32\Drivers\SIVX32.sys S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys S3 Useless;Absolutely Useless LED Keyboard Control;\??\Z:\Programmi\KEngine\Dll\Useless.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\autorun.exe . Let's folder 'Scheduled Tasks' "2007-11-26 09:00:00 C:\WINDOWS\Tasks\AC7BC342918475A2.job" - c:\docume~1\fujits~1\datiap~1\bodyok~1\Beep team for.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-26 10:05:43 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile Scanning processes hidden ... Scanning autostart entries hidden ... Scanning files hidden ... Scanning completed successfully Hidden Files: 0 ************************************************************************** . End Time scan: 2007-11-26 10:09:31 - machine was rebooted C:\ComboFix2.txt ... 2007-11-24 23:42 C:\ComboFix3.txt ... 2007-11-24 17:43 . --- E O F --- NoLop! Log by Skate_Punk_21 Fix running from: C:\Documents and Settings\Fujitsu Siemens\Desktop [26/11/2007] [10.12.27] ---Infection Files Found/Removed--- C:\WINDOWS\tasks\AC7BC342918475A2.job Beginning Removal... Rebooting... Removing Lop's Leftover Files/Folders... Editing Registry... **Fix Complete!** ---Listing AppData sub directories--- C:\Documents and Settings\All Users\Application Data\Salesmonitor C:\Documents and Settings\All Users\Application Data\Ubisoft -- EMPTY Directory C:\Documents and Settings\Fujitsu Siemens\Application Data\Microsoft C:\Documents and Settings\Fujitsu Siemens\Application Data\Syntrillium Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10.38.17, on 26/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Symantec Shared\ccProxy.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Programmi\CyberLink\Shared files\RichVideo.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\PD\shwicon.exe C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programmi\Analog Devices\SoundMAX\Smax4.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe C:\Programmi\RSSoft\RedSwoosh.exe C:\Programmi\DAEMON Tools\daemon.exe C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Macrogaming\SweetIM\SweetIM.exe D:\Programmi\spfprc.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [showIcon_The Company_USB Flash HDD Series Driver v1.17r022] C:\Programmi\PD\shwicon.exe -t"The Company\USB Flash HDD Series Driver v1.17r022" O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ClamWin] Z:\Programmi\ClamWin\bin\ClamTray.exe --logon O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [spywarefighterguard] D:\Programmi\spftray.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\system32\explorer.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [bitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BitDefender for MSN Messenger.lnk = ? O4 - Global Startup: BitDefender_P2P_Startup.lnk = C:\WINDOWS\BitDefender_P2P_Startup.exe O4 - Global Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm O8 - Extra context menu item: Stampa ad alta velocit
  7. mrhorus87
    ok these are the logs ComboFix 07-11-19.3 - Fujitsu Siemens 2007-11-24 23.26.13.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.543 [GMT 1:00] Executed from: C:\Documents and Settings\Fujitsu Siemens\Desktop\ComboFix(1).exe Command switches used :: C:\Documents and Settings\Fujitsu Siemens\Desktop\CFScript.txt *Created new Restore Point FILE C:\it.exe C:\WINDOWS\meta4.exe C:\WINDOWS\system32\aovtwcyq.dll C:\WINDOWS\system32\asfmcemi.dll C:\WINDOWS\system32\aubuqbf.exe C:\WINDOWS\system32\avnmhpux.ini C:\WINDOWS\system32\bibvlzic.exe C:\WINDOWS\system32\bolvb.exe C:\WINDOWS\system32\bpsi.exe C:\WINDOWS\system32\cpydpxyn.exe C:\WINDOWS\system32\ctcnrtws.exe C:\WINDOWS\system32\cygwin1.dll C:\WINDOWS\system32\cygz.dll C:\WINDOWS\system32\dvuiqkcg.dll C:\WINDOWS\system32\dwyidp.exe C:\WINDOWS\system32\eapogebp.ini C:\WINDOWS\system32\ejdlj.exe C:\WINDOWS\system32\epjfiuri.ini C:\WINDOWS\system32\ewigurrr.dll C:\WINDOWS\system32\eyhwssgu.exe C:\WINDOWS\system32\fcccyaa.dll C:\WINDOWS\system32\ficuvdyf.ini C:\WINDOWS\system32\gztkpqy.exe C:\WINDOWS\system32\hbtwv.exe C:\WINDOWS\system32\i420vfw.dll C:\WINDOWS\system32\igaohzao.dll C:\WINDOWS\system32\iplnydia.dll C:\WINDOWS\system32\ipoaaicn.dll C:\WINDOWS\system32\kguodakd.exe C:\WINDOWS\system32\kibyym.exe C:\WINDOWS\system32\kjsnumh.exe C:\WINDOWS\system32\ktiypejf.ini C:\WINDOWS\system32\lbrnmrai.dll C:\WINDOWS\system32\liwb.exe C:\WINDOWS\system32\ljturgq.exe C:\WINDOWS\system32\lqqlyjli.ini C:\WINDOWS\system32\mfwosjrt.ini C:\WINDOWS\system32\najbccoo.dll C:\WINDOWS\system32\njkirafy.dll C:\WINDOWS\system32\ogmpbe.exe C:\WINDOWS\system32\oiiabedj.ini C:\WINDOWS\system32\olut.exe C:\WINDOWS\system32\ovknuiu.exe C:\WINDOWS\system32\oznfjbq.exe C:\WINDOWS\system32\pokyokrr.dll C:\WINDOWS\system32\pxsrimdl.ini C:\WINDOWS\system32\qchufomu.ini C:\WINDOWS\system32\qevk.exe C:\WINDOWS\system32\qfbwvclv.exe C:\WINDOWS\system32\qkptiwyg.ini C:\WINDOWS\system32\quahw.exe C:\WINDOWS\system32\qvbckij.exe C:\WINDOWS\system32\qycwtvoa.ini C:\WINDOWS\system32\ssqqnop.dll C:\WINDOWS\system32\tbbnihqr.dll C:\WINDOWS\system32\ucdf.exe C:\WINDOWS\system32\ufziq.exe C:\WINDOWS\system32\uppb.exe C:\WINDOWS\system32\vculyi.exe C:\WINDOWS\system32\winIogon.exe C:\WINDOWS\system32\x.264.exe C:\WINDOWS\system32\xehfsjkc.dll C:\WINDOWS\system32\xtgmvxq.exe C:\WINDOWS\system32\xzcfowt.exe C:\WINDOWS\system32\yv12vfw.dll C:\WINDOWS\system32\znqk.exe C:\WINDOWS\system32\zodlfs.exe C:\wpiw.exe . Unable to gain privileges System ((((((((((((((((((((((((((((((((((((( Other removals ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Menu Avvio\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Avvio\Online Security Guide.lnk C:\Documents and Settings\Fujitsu Siemens\Desktop\Live Safety Center.lnk C:\Documents and Settings\Fujitsu Siemens\Desktop\Online Security Guide.lnk C:\Documents and Settings\Fujitsu Siemens\Preferiti\Online Security Guide.lnk C:\it.exe C:\WINDOWS\meta4.exe C:\WINDOWS\system32\asfmcemi.dll C:\WINDOWS\system32\aubuqbf.exe C:\WINDOWS\system32\avnmhpux.ini C:\WINDOWS\system32\awtrssr.dll C:\WINDOWS\system32\awtst.dll C:\WINDOWS\system32\bibvlzic.exe C:\WINDOWS\system32\bolvb.exe C:\WINDOWS\system32\bpsi.exe C:\WINDOWS\system32\cpydpxyn.exe C:\WINDOWS\system32\ctcnrtws.exe C:\WINDOWS\system32\cygwin1.dll C:\WINDOWS\system32\cygz.dll C:\WINDOWS\system32\dvuiqkcg.dll C:\WINDOWS\system32\dwyidp.exe C:\WINDOWS\system32\eapogebp.ini C:\WINDOWS\system32\ejdlj.exe C:\WINDOWS\system32\epjfiuri.ini C:\WINDOWS\system32\ewigurrr.dll C:\WINDOWS\system32\eyhwssgu.exe C:\WINDOWS\system32\fcccyaa.dll C:\WINDOWS\system32\ficuvdyf.ini C:\WINDOWS\system32\gztkpqy.exe C:\WINDOWS\system32\hbtwv.exe C:\WINDOWS\system32\i420vfw.dll C:\WINDOWS\system32\igaohzao.dll C:\WINDOWS\system32\igaohzao.dllbox C:\WINDOWS\system32\iplnydia.dll C:\WINDOWS\system32\ipoaaicn.dll C:\WINDOWS\system32\kguodakd.exe C:\WINDOWS\system32\kibyym.exe C:\WINDOWS\system32\kjsnumh.exe C:\WINDOWS\system32\ktiypejf.ini C:\WINDOWS\system32\lbrnmrai.dll C:\WINDOWS\system32\liwb.exe C:\WINDOWS\system32\ljturgq.exe C:\WINDOWS\system32\lqqlyjli.ini C:\WINDOWS\system32\mfwosjrt.ini C:\WINDOWS\system32\najbccoo.dll C:\WINDOWS\system32\njkirafy.dll C:\WINDOWS\system32\nnnomnm.dll C:\WINDOWS\system32\ogmpbe.exe C:\WINDOWS\system32\oiiabedj.ini C:\WINDOWS\system32\olut.exe C:\WINDOWS\system32\ovknuiu.exe C:\WINDOWS\system32\oznfjbq.exe C:\WINDOWS\system32\pokyokrr.dll C:\WINDOWS\system32\pxsrimdl.ini C:\WINDOWS\system32\qchufomu.ini C:\WINDOWS\system32\qevk.exe C:\WINDOWS\system32\qfbwvclv.exe C:\WINDOWS\system32\qkptiwyg.ini C:\WINDOWS\system32\quahw.exe C:\WINDOWS\system32\qvbckij.exe C:\WINDOWS\system32\qycwtvoa.ini C:\WINDOWS\system32\ssqqnop.dll C:\WINDOWS\system32\tbbnihqr.dll C:\WINDOWS\system32\tstwa.ini C:\WINDOWS\system32\tstwa.ini2 C:\WINDOWS\system32\ucdf.exe C:\WINDOWS\system32\ufziq.exe C:\WINDOWS\system32\uppb.exe C:\WINDOWS\system32\vculyi.exe C:\WINDOWS\system32\winIogon.exe C:\WINDOWS\system32\x.264.exe C:\WINDOWS\system32\xehfsjkc.dll C:\WINDOWS\system32\xtgmvxq.exe C:\WINDOWS\system32\xzcfowt.exe C:\WINDOWS\system32\yv12vfw.dll C:\WINDOWS\system32\znqk.exe C:\WINDOWS\system32\zodlfs.exe C:\wpiw.exe . ((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 ))))))))))))))))))))))))))))))))))) . 2007-11-24 21:07 39,424 --a------ C:\WINDOWS\system32\awtuvwu.dll 2007-11-24 21:07 38,373 --a------ C:\WINDOWS\system32\hbmcbgf.exe 2007-11-24 21:07 15,785 --a------ C:\WINDOWS\system32\hpwmvuw.exe 2007-11-24 17:28 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-11-24 16:34 11,148 --a------ C:\WINDOWS\system32\mbgl.exe 2007-11-24 16:10 38,373 --a------ C:\WINDOWS\system32\bvlqt.exe 2007-11-24 16:10 31,622 --a------ C:\WINDOWS\system32\pvmyh.exe 2007-11-24 16:10 31,622 --a------ C:\WINDOWS\system32\dxasqpx.exe 2007-11-24 16:10 11,148 --a------ C:\WINDOWS\system32\cxrxglax.exe 2007-11-24 12:09 85,056 --a------ C:\WINDOWS\system32\kdqjcfbu.dll 2007-11-24 12:06 81,472 --a------ C:\WINDOWS\system32\kxuelypx.dll 2007-11-24 12:03 31,622 --a------ C:\WINDOWS\system32\oaucn.exe 2007-11-23 22:39 11,148 --a------ C:\WINDOWS\system32\hxyabmd.exe 2007-11-23 21:59 39,424 --a------ C:\WINDOWS\system32\mljkjgh.dll 2007-11-23 21:59 38,373 --a------ C:\WINDOWS\system32\ofcbaaym.exe 2007-11-23 21:59 31,622 --a------ C:\WINDOWS\system32\cbyyjjw.exe 2007-11-23 21:59 15,785 --a------ C:\WINDOWS\system32\ayxrdpw.exe 2007-11-23 21:59 11,148 --a------ C:\WINDOWS\system32\cwujlm.exe 2007-11-23 21:24 11,148 --a------ C:\WINDOWS\system32\hfeb.exe 2007-11-23 21:16 31,622 --a------ C:\WINDOWS\system32\hnaxcq.exe 2007-11-23 21:16 31,622 --a------ C:\WINDOWS\system32\ewjsswar.exe 2007-11-23 21:16 15,785 --a------ C:\WINDOWS\system32\guqhq.exe 2007-11-23 15:42 15,785 --a------ C:\WINDOWS\system32\rthlcdhx.exe 2007-11-23 15:16 34,304 --a------ C:\WINDOWS\system32\hggfdbb.dll 2007-11-23 15:16 15,785 --a------ C:\WINDOWS\system32\lkexkvf.exe 2007-11-23 11:48 1,539 --a------ C:\WINDOWS\system32\lvzv.exe 2007-11-23 11:48 1,539 --a------ C:\WINDOWS\system32\lrrxdcm.exe 2007-11-23 11:25 15,785 --a------ C:\WINDOWS\system32\nxmwxm.exe 2007-11-23 11:25 11,148 --a------ C:\WINDOWS\system32\hiqp.exe 2007-11-21 11:23 <DIR> d-------- C:\VundoFix Backups 2007-11-21 11:11 <DIR> d-------- C:\Deckard 2007-11-21 10:43 <DIR> d-------- C:\WINDOWS\ERUNT 2007-11-21 10:30 <DIR> d-------- C:\Programmi\Trend Micro 2007-11-21 09:51 403,968 --a------ C:\HijackThis.exe 2007-11-20 18:16 <DIR> d-------- C:\Downloads 2007-11-20 13:48 <DIR> d-------- C:\Programmi\ProtezionefiData 2007-11-20 13:48 <DIR> d-------- C:\Programmi\File comuni\ProtezionefiData 2007-11-20 13:48 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\ProtezionefiData 2007-11-13 00:07 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Nokia Multimedia Player 2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Phone Browser 2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Datalayer 2007-11-12 22:39 <DIR> d-------- C:\Programmi\DIFX 2007-11-12 22:38 <DIR> d-------- C:\Programmi\File comuni\Nokia 2007-11-12 22:37 <DIR> d-------- C:\Programmi\Nokia 2007-11-12 22:37 <DIR> d-------- C:\Programmi\File comuni\PCSuite 2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\PC Suite 2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite 2007-11-12 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations 2007-11-09 21:39 987,698 --ahs---- C:\WINDOWS\system32\vebejhwv.ini 2007-11-08 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy 2007-11-07 14:02 <DIR> d-------- C:\Programmi\File comuni\Application 2007-11-06 15:09 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\.clamwin 2007-11-06 15:08 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin 2007-11-06 14:12 24,304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-30 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! 2007-10-25 22:38 <DIR> d-------- C:\Programmi\SWFPlayer . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-24 22:39 --------- d-----w C:\Programmi\RSSoft 2007-11-24 22:23 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\MegauploadToolbar 2007-11-24 21:33 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Vso 2007-11-24 15:10 35,328 ----a-w C:\WINDOWS\system32\urqqolk.dll 2007-11-24 15:10 15,785 ----a-w C:\WINDOWS\system32\rzyqjex.exe 2007-11-24 11:03 38,373 ----a-w C:\WINDOWS\system32\scqqix.exe 2007-11-24 11:03 35,328 ----a-w C:\WINDOWS\system32\vtuttut.dll 2007-11-24 11:03 31,622 ----a-w C:\WINDOWS\system32\xhfdo.exe 2007-11-24 11:03 15,785 ----a-w C:\WINDOWS\system32\ymifpgqf.exe 2007-11-24 11:03 11,148 ----a-w C:\WINDOWS\system32\xfaus.exe 2007-11-23 20:59 31,622 ----a-w C:\WINDOWS\system32\ufxzkg.exe 2007-11-23 20:32 15,785 ----a-w C:\WINDOWS\system32\twxzae.exe 2007-11-23 20:16 39,424 ----a-w C:\WINDOWS\system32\vtuvvvu.dll 2007-11-23 20:16 38,373 ----a-w C:\WINDOWS\system32\arxt.exe 2007-11-23 20:16 11,148 ----a-w C:\WINDOWS\system32\wmezja.exe 2007-11-23 14:42 11,148 ----a-w C:\WINDOWS\system32\tsxjixbv.exe 2007-11-23 14:16 38,373 ----a-w C:\WINDOWS\system32\zerk.exe 2007-11-23 14:16 11,148 ----a-w C:\WINDOWS\system32\vsplqhe.exe 2007-11-23 10:25 35,328 ----a-w C:\WINDOWS\system32\vturspo.dll 2007-11-23 09:44 --------- d-----w C:\Programmi\FlashGet 2007-11-19 22:31 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Metacafe 2007-11-19 22:31 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Metacafe 2007-11-19 22:16 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2007-11-07 19:43 --------- d-----w C:\Programmi\MSN Messenger 2007-11-07 12:52 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3661.sys 2007-11-06 20:10 --------- d--h--w C:\Programmi\InstallShield Installation Information 2007-11-06 20:10 --------- d-----w C:\Programmi\ATI Technologies 2007-11-06 14:10 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\.clamwin 2007-11-06 12:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7 2007-11-05 14:35 --------- d-----w C:\Programmi\MediaCoder 2007-10-30 21:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion 2007-10-30 10:35 --------- d-----w C:\Programmi\Yahoo! 2007-10-25 14:48 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Azureus 2007-10-20 11:26 --------- d-----w C:\Programmi\SuperAVConverter 2007-10-07 11:54 --------- d-----w C:\Programmi\Java 2007-09-21 13:13 43,640 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\GDIPFONTCACHEV1.DAT 2007-08-30 21:24 186 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\wklnhst.dat 2007-06-11 10:41 3,655,608 ----a-w C:\Programmi\FLV PlayerRCATSetup.exe 2007-06-11 10:41 25,990,392 ----a-w C:\Programmi\FLV PlayerRCSetup.exe 2007-02-08 19:31 13,195 ----a-w C:\Documents and Settings\Fujitsu Siemens\zguicfgw.dat 2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll 2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll . ((((((((((((((((((((((((((((( snapshot@2007-11-21_23.15.50.92 ))))))))))))))))))))))))))))))))))))))))) . + 2007-02-22 22:41:12 304,544 ----a-w C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll + 2007-02-28 13:21:04 131,472 ----a-w C:\WINDOWS\Downloaded Program Files\msgrchkr.dll - 2007-11-21 22:14:15 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2007-11-24 22:37:23 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2007-11-21 22:14:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat + 2007-11-24 22:37:23 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat - 2007-11-21 22:14:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat + 2007-11-24 22:37:23 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat + 2005-04-07 18:47:16 51,368 ---h--w C:\WINDOWS\system32\lssas.exe . ((((((((((((((((((((((((((((((((((((( Points Reg Uploaded )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty values & legitimate / default are not displayed. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{355B9837-EB83-4884-ABE3-ED4384710DF0}] C:\WINDOWS\system32\geedc.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}] 2007-11-24 12:03 35328 --a------ C:\WINDOWS\system32\vtuttut.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f8812d8d-0fe0-4e76-871d-d41a56288d7e}] 2007-11-24 12:06 81472 --a------ C:\WINDOWS\system32\kxuelypx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00] "NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" [] "FAST Defrag"="" [] "BitTorrent"="C:\Programmi\BitTorrent\bittorrent.exe" [2006-11-01 01:34] "swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 20:22] "Drawtool"="C:\DOCUME~1\FUJITS~1\DATIAP~1\BODYOK~1\Loud memo.exe" [] "SweetIM"="C:\Programmi\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53] "StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35] "Yahoo! Pager"="~C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" [] "spoolw"="C:\WINDOWS\system32\spoolw.exe" [] "igfxsvc"="C:\WINDOWS\system32\igfxsvc.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2005-05-09 16:57] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10] "iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-02-23 15:45] "ShowIcon_The Company_USB Flash HDD Series Driver v1.17r022"="C:\Programmi\PD\shwicon.exe" [2003-01-27 16:20] "SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11] "SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41] "TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2006-12-08 21:41] "RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57] "LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29] "QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-06-03 13:42] "Red Swoosh"="C:\Programmi\RSSoft\RedSwoosh.exe" [2006-08-14 22:47] "YeppStudioAgent"="C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-10-11 11:11] "DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2005-12-10 15:57] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-18 07:48] "ClamWin"="Z:\Programmi\ClamWin\bin\ClamTray.exe" [] "ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05] "spywarefighterguard"="D:\Programmi\spftray.exe" [2007-06-08 11:52] "PCSuiteTrayApplication"="D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36] "Adobe Photo Downloader"="D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 18:41] "NvGraphicsInterface"="C:\WINDOWS\system32\bvlqt.exe" [2007-11-24 16:10] "Windows Logon Application"="C:\WINDOWS\system32\winIogon.exe" [] "Advanced DHTML Enable"="C:\WINDOWS\system32\dxasqpx.exe" [2007-11-24 16:11] "Windows Explorer"="C:\WINDOWS\system32\explorer.exe" [] "405ff918"="C:\WINDOWS\system32\kdqjcfbu.dll" [2007-11-24 12:09] "Local Security Authority Service"="C:\WINDOWS\system32\lssas.exe" [2005-04-07 19:47] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-04-18 07:48] C:\Documents and Settings\Fujitsu Siemens\Menu Avvio\Programmi\Esecuzione automatica\ Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50] Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46] C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-01-20 13:10:36] Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06] BitDefender for MSN Messenger.lnk - C:\Programmi\Softwin\BitDefender for MSN Messenger\msnmon.exe~ [2007-04-01 08:34:45] BitDefender_P2P_Startup.lnk - C:\WINDOWS\BitDefender_P2P_Startup.exe [2007-04-01 08:34:45] Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46] Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04] [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{BCC73622-F72D-4277-803C-D65565A0947F}"= C:\WINDOWS\system32\vtuttut.dll [2007-11-24 12:03 35328] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcuujcjn] fcuujcjn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igaohzao] igaohzao.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuttut] vtuttut.dll 2007-11-24 12:03 35328 C:\WINDOWS\system32\vtuttut.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtst.dll R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe -k NetworkService R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys R3 SpyFighter;SpyFighter Guard Device;\??\D:\Programmi\spyfighter.sys R3 SPYWAREfighterRP;SPYWAREfighterRP;"D:\Programmi\spfprc.exe" R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S3 cusbohcn;cusbohcn;\??\C:\DOCUME~1\FUJITS~1\IMPOST~1\Temp\cusbohcn.sys S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe S3 FreshIO;FreshIO;\??\C:\Programmi\FreshDevices\FreshDiagnose\FreshIO.sys S3 OSCI_DRVNT;OSCI_DRVNT;\??\C:\WINDOWS\System32\Drivers\OSCI_DRVNT.sys S3 SIVDRIVER;SIV Kernel Driver;\??\C:\WINDOWS\system32\Drivers\SIVX32.sys S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys S3 Useless;Absolutely Useless LED Keyboard Control;\??\Z:\Programmi\KEngine\Dll\Useless.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\autorun.exe . Let's folder 'Scheduled Tasks' "2007-11-24 22:00:00 C:\WINDOWS\Tasks\AC7BC342918475A2.job" - c:\docume~1\fujits~1\datiap~1\bodyok~1\Beep team for.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-24 23:38:43 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile Scanning processes hidden ... Scanning autostart entries hidden ... Scanning files hidden ... Scanning completed successfully Hidden Files: 0 ************************************************************************** . End Time scan: 2007-11-24 23:42:16 - machine was rebooted C:\ComboFix2.txt ... 2007-11-24 17:43 C:\ComboFix3.txt ... 2007-11-22 11:53 . --- E O F --- And now Hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23.46.26, on 24/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programmi\File comuni\Symantec Shared\ccProxy.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\CyberLink\Shared files\RichVideo.exe C:\Programmi\PD\shwicon.exe C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programmi\Analog Devices\SoundMAX\Smax4.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe C:\Programmi\RSSoft\RedSwoosh.exe C:\Programmi\DAEMON Tools\daemon.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\Programmi\spftray.exe C:\Programmi\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\lssas.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Macrogaming\SweetIM\SweetIM.exe D:\Programmi\spfprc.exe C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [showIcon_The Company_USB Flash HDD Series Driver v1.17r022] C:\Programmi\PD\shwicon.exe -t"The Company\USB Flash HDD Series Driver v1.17r022" O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ClamWin] Z:\Programmi\ClamWin\bin\ClamTray.exe --logon O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [spywarefighterguard] D:\Programmi\spftray.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NvGraphicsInterface] C:\WINDOWS\system32\bvlqt.exe O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\system32\winIogon.exe O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\system32\dxasqpx.exe O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\system32\explorer.exe O4 - HKLM\..\Run: [405ff918] rundll32.exe "C:\WINDOWS\system32\kdqjcfbu.dll",b O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\lssas.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [bitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Drawtool] C:\DOCUME~1\FUJITS~1\DATIAP~1\BODYOK~1\Loud memo.exe O4 - HKCU\..\Run: [sweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\system32\spoolw.exe O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BitDefender for MSN Messenger.lnk = ? O4 - Global Startup: BitDefender_P2P_Startup.lnk = C:\WINDOWS\BitDefender_P2P_Startup.exe O4 - Global Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm O8 - Extra context menu item: Stampa ad alta velocit
  8. mrhorus87
    i've a problem with combofix when it runs with the combofix.txt it says this Tentavate to load CFScript? The name, CFScript is spelled incorrectly what is that?
  9. mrhorus87
    there's no problem ^^
  10. mrhorus87
    ok first of all i'm very happy that your injury is nothing serious because i had an injury on the knee in the past and it was terrible however here the logs(the log.txt in the attachment is the combofix log) These are the results of OTmoveit C:\WINDOWS\system32\awsdljw.exe moved successfully. C:\WINDOWS\system32\vedb.exe moved successfully. C:\WINDOWS\system32\efuabpow.exe moved successfully. C:\WINDOWS\system32\ekbsxv.exe moved successfully. C:\WINDOWS\system32\zddpaa.exe moved successfully. C:\WINDOWS\system32\fgtgo.exe moved successfully. C:\WINDOWS\system32\wgdcwvkn.exe moved successfully. C:\WINDOWS\system32\ngunf.exe moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\rrkaacoh.dll C:\WINDOWS\system32\rrkaacoh.dll NOT unregistered. C:\WINDOWS\system32\rrkaacoh.dll moved successfully. C:\WINDOWS\system32\qycwtvoa.ini moved successfully. LoadLibrary failed for C:\WINDOWS\system32\ernel32.dll C:\WINDOWS\system32\ernel32.dll NOT unregistered. C:\WINDOWS\system32\ernel32.dll moved successfully. C:\asjojwqeras2384u9jdsfkasdf.dat moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\avktlbhs.dll C:\WINDOWS\system32\avktlbhs.dll NOT unregistered. C:\WINDOWS\system32\avktlbhs.dll moved successfully. C:\WINDOWS\system32\dfmvguxh.ini moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\hxugvmfd.dll C:\WINDOWS\system32\hxugvmfd.dll NOT unregistered. C:\WINDOWS\system32\hxugvmfd.dll moved successfully. C:\UGA6PT moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\mnoqvpar.dll C:\WINDOWS\system32\mnoqvpar.dll NOT unregistered. C:\WINDOWS\system32\mnoqvpar.dll moved successfully. C:\WINDOWS\system32\eqaafiul.ini moved successfully. C:\WINDOWS\system32\iunovpdt.exe moved successfully. C:\WINDOWS\system32\wymknkv.exe moved successfully. C:\WINDOWS\system32\ksobtadw.exe moved successfully. C:\WINDOWS\system32\wwswu.exe moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\efcayxu.dll C:\WINDOWS\system32\efcayxu.dll NOT unregistered. C:\WINDOWS\system32\efcayxu.dll moved successfully. C:\WINDOWS\system32\uvtm.exe moved successfully. C:\WINDOWS\system32\jcbcuhim.exe moved successfully. C:\WINDOWS\system32\srmry.exe moved successfully. C:\WINDOWS\system32\txlw.exe moved successfully. C:\WINDOWS\system32\ifkqjewn.ini moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\nwejqkfi.dll C:\WINDOWS\system32\nwejqkfi.dll NOT unregistered. C:\WINDOWS\system32\nwejqkfi.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\hatdsjny.dll C:\WINDOWS\system32\hatdsjny.dll NOT unregistered. C:\WINDOWS\system32\hatdsjny.dll moved successfully. C:\WINDOWS\system32\tkmukaib.exe moved successfully. C:\WINDOWS\system32\qlahl.exe moved successfully. C:\WINDOWS\system32\mppkg.exe moved successfully. C:\WINDOWS\system32\sjqt.exe moved successfully. C:\WINDOWS\system32\mawuqjnx.exe moved successfully. C:\WINDOWS\system32\jyfythyd.ini moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\clyhvnbl.dll C:\WINDOWS\system32\clyhvnbl.dll NOT unregistered. C:\WINDOWS\system32\clyhvnbl.dll moved successfully. C:\WINDOWS\system32\yrionwtg.ini moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\gtwnoiry.dll C:\WINDOWS\system32\gtwnoiry.dll NOT unregistered. C:\WINDOWS\system32\gtwnoiry.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\qfltjwxa.dll C:\WINDOWS\system32\qfltjwxa.dll NOT unregistered. C:\WINDOWS\system32\qfltjwxa.dll moved successfully. C:\WINDOWS\system32\wrmwxavt.ini moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\kxedcxus.dll C:\WINDOWS\system32\kxedcxus.dll NOT unregistered. C:\WINDOWS\system32\kxedcxus.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\sadpajhg.dll C:\WINDOWS\system32\sadpajhg.dll NOT unregistered. C:\WINDOWS\system32\sadpajhg.dll moved successfully. C:\WINDOWS\system32\uxfjejtw.ini moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\wtjejfxu.dll C:\WINDOWS\system32\wtjejfxu.dll NOT unregistered. C:\WINDOWS\system32\wtjejfxu.dll moved successfully. C:\WINDOWS\system32\owhjhhns.ini moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\snhhjhwo.dll C:\WINDOWS\system32\snhhjhwo.dll NOT unregistered. C:\WINDOWS\system32\snhhjhwo.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\yqkwrncg.dll C:\WINDOWS\system32\yqkwrncg.dll NOT unregistered. C:\WINDOWS\system32\yqkwrncg.dll moved successfully. C:\WINDOWS\system32\gbkkdmer.ini moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\rfqjwgps.dll C:\WINDOWS\system32\rfqjwgps.dll NOT unregistered. C:\WINDOWS\system32\rfqjwgps.dll moved successfully. C:\WINDOWS\system32\gwlhhmux.exe moved successfully. C:\WINDOWS\system32\xffkwaq.exe moved successfully. C:\WINDOWS\system32\gphf.exe moved successfully. C:\WINDOWS\system32\yoti.exe moved successfully. C:\WINDOWS\system32\kmvhaqb.exe moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\tglsseae.dll C:\WINDOWS\system32\tglsseae.dll NOT unregistered. C:\WINDOWS\system32\tglsseae.dll moved successfully. C:\WINDOWS\system32\ovtjgikn.ini moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\nkigjtvo.dll C:\WINDOWS\system32\nkigjtvo.dll NOT unregistered. C:\WINDOWS\system32\nkigjtvo.dll moved successfully. C:\WINDOWS\system32\wfbt.exe moved successfully. C:\WINDOWS\system32\mcrh.tmp moved successfully. C:\WINDOWS\system32\oghsymyr.ini moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\rymyshgo.dll C:\WINDOWS\system32\rymyshgo.dll NOT unregistered. C:\WINDOWS\system32\rymyshgo.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\wuvcdycr.dll C:\WINDOWS\system32\wuvcdycr.dll NOT unregistered. C:\WINDOWS\system32\wuvcdycr.dll moved successfully. C:\WINDOWS\system32\aytwkvjd.ini moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\djvkwtya.dll C:\WINDOWS\system32\djvkwtya.dll NOT unregistered. C:\WINDOWS\system32\djvkwtya.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\rllnqfqa.dll C:\WINDOWS\system32\rllnqfqa.dll NOT unregistered. C:\WINDOWS\system32\rllnqfqa.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\drtfflme.dll C:\WINDOWS\system32\drtfflme.dll NOT unregistered. C:\WINDOWS\system32\drtfflme.dll moved successfully. C:\WINDOWS\system32\tvrapjxo.ini moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\eesyuoye.dll C:\WINDOWS\system32\eesyuoye.dll NOT unregistered. C:\WINDOWS\system32\eesyuoye.dll moved successfully. C:\WINDOWS\system32\chwehaxb.ini moved successfully. C:\WINDOWS\system32\nwgrynsb.ini moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\kqlguebd.dll C:\WINDOWS\system32\kqlguebd.dll NOT unregistered. C:\WINDOWS\system32\kqlguebd.dll moved successfully. C:\WINDOWS\system32\swyocb.exe moved successfully. C:\WINDOWS\system32\srfngttr.ini moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\gwedoujl.dll C:\WINDOWS\system32\gwedoujl.dll NOT unregistered. C:\WINDOWS\system32\gwedoujl.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\nmwcdcls.dll C:\WINDOWS\system32\nmwcdcls.dll NOT unregistered. C:\WINDOWS\system32\nmwcdcls.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\nmwcdcocls.dll C:\WINDOWS\system32\nmwcdcocls.dll NOT unregistered. C:\WINDOWS\system32\nmwcdcocls.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\nmwcdlog.dll C:\WINDOWS\system32\nmwcdlog.dll NOT unregistered. C:\WINDOWS\system32\nmwcdlog.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\bclcjfwd.dll C:\WINDOWS\system32\bclcjfwd.dll NOT unregistered. C:\WINDOWS\system32\bclcjfwd.dll moved successfully. C:\WINDOWS\system32\ikxqgsre.ini moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\vcsbwkft.dll C:\WINDOWS\system32\vcsbwkft.dll NOT unregistered. C:\WINDOWS\system32\vcsbwkft.dll moved successfully. C:\WINDOWS\MOTA113.exe moved successfully. C:\WINDOWS\x2.64.exe moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\Smab.dll C:\WINDOWS\system32\Smab.dll NOT unregistered. C:\WINDOWS\system32\Smab.dll moved successfully. Created on 11/22/2007 11.34.39 And in the end after the log of combofix the hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12.04.36, on 22/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programmi\File comuni\Symantec Shared\ccProxy.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Programmi\CyberLink\Shared files\RichVideo.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\PD\shwicon.exe C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programmi\Analog Devices\SoundMAX\Smax4.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\RSSoft\RedSwoosh.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmi\DAEMON Tools\daemon.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\Programmi\spfprc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Macrogaming\SweetIM\SweetIM.exe C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: {e58cbcfa-acda-2818-1ea4-ed0d7898bc30} - {03cb8987-d0de-4ae1-8182-adcaafcbc85e} - C:\WINDOWS\system32\rrkaacoh.dll (file missing) O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {355B9837-EB83-4884-ABE3-ED4384710DF0} - C:\WINDOWS\system32\geedc.dll (file missing) O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\igaohzao.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing) O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\igaohzao.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [showIcon_The Company_USB Flash HDD Series Driver v1.17r022] C:\Programmi\PD\shwicon.exe -t"The Company\USB Flash HDD Series Driver v1.17r022" O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ClamWin] Z:\Programmi\ClamWin\bin\ClamTray.exe --logon O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [spywarefighterguard] D:\Programmi\spftray.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NvGraphicsInterface] C:\WINDOWS\system32\kibyym.exe O4 - HKLM\..\Run: [405ff918] rundll32.exe "C:\WINDOWS\system32\aovtwcyq.dll",b O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\system32\winIogon.exe O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\system32\dwyidp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [bitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Drawtool] C:\DOCUME~1\FUJITS~1\DATIAP~1\BODYOK~1\Loud memo.exe O4 - HKCU\..\Run: [sweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\system32\spoolw.exe O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BitDefender for MSN Messenger.lnk = ? O4 - Global Startup: BitDefender_P2P_Startup.lnk = C:\WINDOWS\BitDefender_P2P_Startup.exe O4 - Global Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm O8 - Extra context menu item: Stampa ad alta velocit log.txt log.txt
  11. mrhorus87
    ok these are the logs ComboFix 07-11-19.3 - Fujitsu Siemens 2007-11-21 23.02.15.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.564 [GMT 1:00] Executed from: D:\ComboFix.exe * Created new Restore Point . Unable to gain privileges System ((((((((((((((((((((((((((((((((((((( Other removals ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Menu Avvio\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Avvio\Online Security Guide.lnk C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\install_it[1].exe C:\Documents and Settings\Fujitsu Siemens\Desktop\Live Safety Center.lnk C:\Documents and Settings\Fujitsu Siemens\Desktop\Online Security Guide.lnk C:\Documents and Settings\Fujitsu Siemens\Preferiti\Online Security Guide.lnk C:\Documents and Settings\Fujitsu Siemens\ResErrors.log C:\WINDOWS\1929406.exe C:\WINDOWS\896750.exe C:\WINDOWS\897281.exe C:\WINDOWS\system32\__c0017763.dat C:\WINDOWS\system32\awtqnkh.dll C:\WINDOWS\system32\csrs.exe C:\WINDOWS\system32\isass.exe C:\WINDOWS\system32\jjjlm.ini C:\WINDOWS\system32\jjjlm.ini2 C:\WINDOWS\system32\mljjj.dll C:\WINDOWS\system32\taskmgr.com C:\WINDOWS\system32\winzlo32.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\LEGACY_FMTR -------\LEGACY_NWSAPAGENT -------\DomainService -------\NwSapAgent ((((((((((((((((((((((((( Files Created from 2007-10-21 to 2007-11-21 ))))))))))))))))))))))))))))))))))) . 2007-11-21 22:49 11,148 --a------ C:\WINDOWS\system32\awsdljw.exe 2007-11-21 20:44 11,148 --a------ C:\WINDOWS\system32\vedb.exe 2007-11-21 20:19 15,785 --a------ C:\WINDOWS\system32\efuabpow.exe 2007-11-21 20:12 38,373 --a------ C:\WINDOWS\system32\ekbsxv.exe 2007-11-21 20:12 31,622 --a------ C:\WINDOWS\system32\zddpaa.exe 2007-11-21 20:12 31,622 --a------ C:\WINDOWS\system32\fgtgo.exe 2007-11-21 20:12 15,785 --a------ C:\WINDOWS\system32\wgdcwvkn.exe 2007-11-21 20:12 11,148 --a------ C:\WINDOWS\system32\ngunf.exe 2007-11-21 11:23 <DIR> d-------- C:\VundoFix Backups 2007-11-21 11:11 <DIR> d-------- C:\Deckard 2007-11-21 10:43 <DIR> d-------- C:\WINDOWS\ERUNT 2007-11-21 10:30 <DIR> d-------- C:\Programmi\Trend Micro 2007-11-21 09:51 403,968 --a------ C:\HijackThis.exe 2007-11-20 21:59 84,544 --a------ C:\WINDOWS\system32\rrkaacoh.dll 2007-11-20 21:53 714,581 --ahs---- C:\WINDOWS\system32\qycwtvoa.ini 2007-11-20 18:16 <DIR> d-------- C:\Downloads 2007-11-20 17:58 6,144 --a------ C:\WINDOWS\system32\ernel32.dll 2007-11-20 17:58 8 --a------ C:\asjojwqeras2384u9jdsfkasdf.dat 2007-11-20 16:07 84,544 --a------ C:\WINDOWS\system32\avktlbhs.dll 2007-11-20 16:01 700,663 --ahs---- C:\WINDOWS\system32\dfmvguxh.ini 2007-11-20 16:01 85,056 --a------ C:\WINDOWS\system32\hxugvmfd.dll 2007-11-20 13:48 <DIR> d--hs---- C:\UGA6PT 2007-11-20 13:48 <DIR> d-------- C:\Programmi\ProtezionefiData 2007-11-20 13:48 <DIR> d-------- C:\Programmi\File comuni\ProtezionefiData 2007-11-20 13:48 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\ProtezionefiData 2007-11-20 09:34 84,544 --a------ C:\WINDOWS\system32\mnoqvpar.dll 2007-11-20 09:31 703,168 --ahs---- C:\WINDOWS\system32\eqaafiul.ini 2007-11-20 09:19 82,496 --a------ C:\WINDOWS\system32\iunovpdt.exe 2007-11-19 23:44 15,785 --a------ C:\WINDOWS\system32\wymknkv.exe 2007-11-19 23:44 11,148 --a------ C:\WINDOWS\system32\ksobtadw.exe 2007-11-19 23:37 38,373 --a------ C:\WINDOWS\system32\wwswu.exe 2007-11-19 23:37 35,328 --a------ C:\WINDOWS\system32\efcayxu.dll 2007-11-19 23:37 15,785 --a------ C:\WINDOWS\system32\uvtm.exe 2007-11-19 23:37 11,148 --a------ C:\WINDOWS\system32\jcbcuhim.exe 2007-11-19 22:29 15,785 --a------ C:\WINDOWS\system32\srmry.exe 2007-11-19 21:39 15,785 --a------ C:\WINDOWS\system32\txlw.exe 2007-11-19 21:29 685,943 --ahs---- C:\WINDOWS\system32\ifkqjewn.ini 2007-11-19 21:29 85,056 --a------ C:\WINDOWS\system32\nwejqkfi.dll 2007-11-19 21:26 83,008 --a------ C:\WINDOWS\system32\hatdsjny.dll 2007-11-19 21:14 82,496 --a------ C:\WINDOWS\system32\tkmukaib.exe 2007-11-19 21:14 15,785 --a------ C:\WINDOWS\system32\qlahl.exe 2007-11-19 20:53 38,373 --a------ C:\WINDOWS\system32\mppkg.exe 2007-11-19 20:53 15,785 --a------ C:\WINDOWS\system32\sjqt.exe 2007-11-19 20:53 11,148 --a------ C:\WINDOWS\system32\mawuqjnx.exe 2007-11-19 10:52 678,755 --ahs---- C:\WINDOWS\system32\jyfythyd.ini 2007-11-19 10:48 83,008 --a------ C:\WINDOWS\system32\clyhvnbl.dll 2007-11-18 21:48 678,040 --ahs---- C:\WINDOWS\system32\yrionwtg.ini 2007-11-18 21:48 85,056 --a------ C:\WINDOWS\system32\gtwnoiry.dll 2007-11-18 21:48 79,424 --a------ C:\WINDOWS\system32\qfltjwxa.dll 2007-11-18 15:02 677,980 --ahs---- C:\WINDOWS\system32\wrmwxavt.ini 2007-11-18 15:01 79,424 --a------ C:\WINDOWS\system32\kxedcxus.dll 2007-11-17 21:19 82,496 --a------ C:\WINDOWS\system32\sadpajhg.dll 2007-11-17 21:13 677,920 --ahs---- C:\WINDOWS\system32\uxfjejtw.ini 2007-11-17 21:13 85,056 --a------ C:\WINDOWS\system32\wtjejfxu.dll 2007-11-17 16:03 678,040 --ahs---- C:\WINDOWS\system32\owhjhhns.ini 2007-11-17 16:03 85,056 --a------ C:\WINDOWS\system32\snhhjhwo.dll 2007-11-17 16:00 82,496 --a------ C:\WINDOWS\system32\yqkwrncg.dll 2007-11-17 13:54 677,980 --ahs---- C:\WINDOWS\system32\gbkkdmer.ini 2007-11-17 13:51 82,496 --a------ C:\WINDOWS\system32\rfqjwgps.dll 2007-11-17 13:40 82,496 --a------ C:\WINDOWS\system32\gwlhhmux.exe 2007-11-17 12:37 38,373 --a------ C:\WINDOWS\system32\xffkwaq.exe 2007-11-16 21:56 31,622 --a------ C:\WINDOWS\system32\gphf.exe 2007-11-16 21:34 38,373 --a------ C:\WINDOWS\system32\yoti.exe 2007-11-16 20:55 31,622 --a------ C:\WINDOWS\system32\kmvhaqb.exe 2007-11-16 20:32 81,984 --a------ C:\WINDOWS\system32\tglsseae.dll 2007-11-16 20:29 678,152 --ahs---- C:\WINDOWS\system32\ovtjgikn.ini 2007-11-16 20:29 85,056 --a------ C:\WINDOWS\system32\nkigjtvo.dll 2007-11-16 20:13 38,013 --a------ C:\WINDOWS\system32\wfbt.exe 2007-11-16 15:57 0 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-11-16 11:11 675,829 --ahs---- C:\WINDOWS\system32\oghsymyr.ini 2007-11-16 11:11 85,056 --a------ C:\WINDOWS\system32\rymyshgo.dll 2007-11-16 11:11 81,984 --a------ C:\WINDOWS\system32\wuvcdycr.dll 2007-11-15 11:19 1,098,550 --ahs---- C:\WINDOWS\system32\aytwkvjd.ini 2007-11-15 11:18 85,056 --a------ C:\WINDOWS\system32\djvkwtya.dll 2007-11-15 11:15 79,936 --a------ C:\WINDOWS\system32\rllnqfqa.dll 2007-11-14 20:43 79,424 --a------ C:\WINDOWS\system32\drtfflme.dll 2007-11-14 20:40 1,085,785 --ahs---- C:\WINDOWS\system32\tvrapjxo.ini 2007-11-14 10:28 81,472 --a------ C:\WINDOWS\system32\eesyuoye.dll 2007-11-14 10:19 1,083,234 --ahs---- C:\WINDOWS\system32\chwehaxb.ini 2007-11-13 21:14 1,084,234 --ahs---- C:\WINDOWS\system32\nwgrynsb.ini 2007-11-13 21:11 80,448 --a------ C:\WINDOWS\system32\kqlguebd.dll 2007-11-13 10:25 31,622 --a------ C:\WINDOWS\system32\swyocb.exe 2007-11-13 10:20 1,086,761 --ahs---- C:\WINDOWS\system32\srfngttr.ini 2007-11-13 10:17 80,448 --a------ C:\WINDOWS\system32\gwedoujl.dll 2007-11-13 00:07 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Nokia Multimedia Player 2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Phone Browser 2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Datalayer 2007-11-12 22:39 <DIR> d-------- C:\Programmi\DIFX 2007-11-12 22:38 <DIR> d-------- C:\Programmi\File comuni\Nokia 2007-11-12 22:37 <DIR> d-------- C:\Programmi\Nokia 2007-11-12 22:37 <DIR> d-------- C:\Programmi\File comuni\PCSuite 2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\PC Suite 2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite 2007-11-12 22:37 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-11-12 22:37 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-11-12 22:37 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll 2007-11-12 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations 2007-11-12 21:35 81,472 --a------ C:\WINDOWS\system32\bclcjfwd.dll 2007-11-12 21:29 992,200 --ahs---- C:\WINDOWS\system32\ikxqgsre.ini 2007-11-12 09:21 81,472 --a------ C:\WINDOWS\system32\vcsbwkft.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-21 22:15 --------- d-----w C:\Programmi\RSSoft 2007-11-21 21:54 --------- d-----w C:\Programmi\FlashGet 2007-11-21 12:07 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\MegauploadToolbar 2007-11-20 17:45 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Vso 2007-11-19 22:31 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Metacafe 2007-11-19 22:31 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Metacafe 2007-11-07 19:43 --------- d-----w C:\Programmi\MSN Messenger 2007-11-07 12:52 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3661.sys 2007-11-06 20:10 --------- d--h--w C:\Programmi\InstallShield Installation Information 2007-11-06 20:10 --------- d-----w C:\Programmi\ATI Technologies 2007-11-06 14:10 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\.clamwin 2007-11-06 12:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7 2007-11-05 14:35 --------- d-----w C:\Programmi\MediaCoder 2007-10-30 21:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion 2007-10-30 10:35 --------- d-----w C:\Programmi\Yahoo! 2007-10-25 14:48 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Azureus 2007-10-20 11:26 --------- d-----w C:\Programmi\SuperAVConverter 2007-10-07 11:54 --------- d-----w C:\Programmi\Java 2007-09-21 13:13 43,640 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\GDIPFONTCACHEV1.DAT 2007-08-30 21:24 186 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\wklnhst.dat 2007-06-11 10:41 3,655,608 ----a-w C:\Programmi\FLV PlayerRCATSetup.exe 2007-06-11 10:41 25,990,392 ----a-w C:\Programmi\FLV PlayerRCSetup.exe 2007-02-08 19:31 13,195 ----a-w C:\Documents and Settings\Fujitsu Siemens\zguicfgw.dat 2005-05-13 16:12 217,073 -csha-r C:\WINDOWS\meta4.exe 2005-10-24 10:13 77,312 -csha-r C:\WINDOWS\MOTA113.exe 2005-10-13 20:27 433,152 -csha-r C:\WINDOWS\x2.64.exe 2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll 2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll 2005-06-26 13:32 616,448 -csha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-21 20:37 45,568 -csha-r C:\WINDOWS\system32\cygz.dll 2004-01-24 22:00 70,656 -csha-r C:\WINDOWS\system32\i420vfw.dll 2006-04-27 08:24 2,945,024 -csha-r C:\WINDOWS\system32\Smab.dll 2005-02-28 11:16 250,880 -csha-r C:\WINDOWS\system32\x.264.exe 2004-01-24 22:00 70,656 -csha-r C:\WINDOWS\system32\yv12vfw.dll . ((((((((((((((((((((((((((((((((((((( Points Reg Uploaded )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty values & legitimate / default are not displayed. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03cb8987-d0de-4ae1-8182-adcaafcbc85e}] 2007-11-20 21:59 84544 --a------ C:\WINDOWS\system32\rrkaacoh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{355B9837-EB83-4884-ABE3-ED4384710DF0}] C:\WINDOWS\system32\geedc.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00] "NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" [] "FAST Defrag"="" [] "BitTorrent"="C:\Programmi\BitTorrent\bittorrent.exe" [2006-11-01 01:34] "swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 20:22] "Drawtool"="C:\DOCUME~1\FUJITS~1\DATIAP~1\BODYOK~1\Loud memo.exe" [] "SweetIM"="C:\Programmi\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53] "StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35] "Yahoo! Pager"="~C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" [] "spoolw"="C:\WINDOWS\system32\spoolw.exe" [] "igfxsvc"="C:\WINDOWS\system32\igfxsvc.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2005-05-09 16:57] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10] "iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-02-23 15:45] "ShowIcon_The Company_USB Flash HDD Series Driver v1.17r022"="C:\Programmi\PD\shwicon.exe" [2003-01-27 16:20] "SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11] "SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41] "TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2006-12-08 21:41] "RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57] "LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29] "QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-06-03 13:42] "Red Swoosh"="C:\Programmi\RSSoft\RedSwoosh.exe" [2006-08-14 22:47] "YeppStudioAgent"="C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-10-11 11:11] "DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2005-12-10 15:57] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-18 07:48] "ClamWin"="Z:\Programmi\ClamWin\bin\ClamTray.exe" [] "ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05] "spywarefighterguard"="D:\Programmi\spftray.exe" [2007-06-08 11:52] "PCSuiteTrayApplication"="D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36] "Adobe Photo Downloader"="D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 18:41] "NvGraphicsInterface"="C:\WINDOWS\system32\wwswu.exe" [2007-11-19 23:37] "405ff918"="C:\WINDOWS\system32\aovtwcyq.dll" [2007-11-20 21:53] "Windows Logon Application"="C:\WINDOWS\system32\winIogon.exe" [2005-04-07 19:47] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-04-18 07:48] C:\Documents and Settings\Fujitsu Siemens\Menu Avvio\Programmi\Esecuzione automatica\ Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50] Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46] C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-01-20 13:10:36] Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06] BitDefender for MSN Messenger.lnk - C:\Programmi\Softwin\BitDefender for MSN Messenger\msnmon.exe~ [2007-04-01 08:34:45] BitDefender_P2P_Startup.lnk - C:\WINDOWS\BitDefender_P2P_Startup.exe [2007-04-01 08:34:45] Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46] Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcuujcjn] fcuujcjn.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljjj.dll R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe -k NetworkService R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S3 cusbohcn;cusbohcn;\??\C:\DOCUME~1\FUJITS~1\IMPOST~1\Temp\cusbohcn.sys S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe S3 FreshIO;FreshIO;\??\C:\Programmi\FreshDevices\FreshDiagnose\FreshIO.sys S3 OSCI_DRVNT;OSCI_DRVNT;\??\C:\WINDOWS\System32\Drivers\OSCI_DRVNT.sys S3 SIVDRIVER;SIV Kernel Driver;\??\C:\WINDOWS\system32\Drivers\SIVX32.sys S3 SpyFighter;SpyFighter Guard Device;\??\D:\Programmi\spyfighter.sys S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys S3 Useless;Absolutely Useless LED Keyboard Control;\??\Z:\Programmi\KEngine\Dll\Useless.sys Start Pending3 SPYWAREfighterRP;SPYWAREfighterRP;"D:\Programmi\spfprc.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\autorun.exe . Let's folder 'Scheduled Tasks' "2007-11-21 22:00:00 C:\WINDOWS\Tasks\AC7BC342918475A2.job" - c:\docume~1\fujits~1\datiap~1\bodyok~1\Beep team for.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-21 23:14:39 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile Scanning processes hidden ... Scanning autostart entries hidden ... Scanning files hidden... Scanning completed successfully Hidden Files: 0 ************************************************************************** . End Time scan: 2007-11-21 23:17:56 - machine was rebooted . --- E O F --- And now the HijacjThis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23.22.44, on 21/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programmi\File comuni\Symantec Shared\ccProxy.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\CyberLink\Shared files\RichVideo.exe C:\Programmi\PD\shwicon.exe C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programmi\Analog Devices\SoundMAX\Smax4.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe C:\Programmi\RSSoft\RedSwoosh.exe C:\Programmi\DAEMON Tools\daemon.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\Programmi\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\winIogon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Macrogaming\SweetIM\SweetIM.exe D:\Programmi\spfprc.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\system32\ljturgq.exe C:\WINDOWS\system32\dwyidp.exe C:\WINDOWS\system32\kibyym.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: {e58cbcfa-acda-2818-1ea4-ed0d7898bc30} - {03cb8987-d0de-4ae1-8182-adcaafcbc85e} - C:\WINDOWS\system32\rrkaacoh.dll O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {355B9837-EB83-4884-ABE3-ED4384710DF0} - C:\WINDOWS\system32\geedc.dll (file missing) O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing) O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [showIcon_The Company_USB Flash HDD Series Driver v1.17r022] C:\Programmi\PD\shwicon.exe -t"The Company\USB Flash HDD Series Driver v1.17r022" O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ClamWin] Z:\Programmi\ClamWin\bin\ClamTray.exe --logon O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [spywarefighterguard] D:\Programmi\spftray.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NvGraphicsInterface] C:\WINDOWS\system32\kibyym.exe O4 - HKLM\..\Run: [405ff918] rundll32.exe "C:\WINDOWS\system32\aovtwcyq.dll",b O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\system32\winIogon.exe O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\system32\dwyidp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [bitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Drawtool] C:\DOCUME~1\FUJITS~1\DATIAP~1\BODYOK~1\Loud memo.exe O4 - HKCU\..\Run: [sweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\system32\spoolw.exe O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BitDefender for MSN Messenger.lnk = ? O4 - Global Startup: BitDefender_P2P_Startup.lnk = C:\WINDOWS\BitDefender_P2P_Startup.exe O4 - Global Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm O8 - Extra context menu item: Stampa ad alta velocit
  12. mrhorus87
    And finally the hijackthis log(vundofix.txt is in attachment) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12.37.58, on 21/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programmi\File comuni\Symantec Shared\ccProxy.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Programmi\CyberLink\Shared files\RichVideo.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\PD\shwicon.exe C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programmi\Analog Devices\SoundMAX\Smax4.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe C:\Programmi\RSSoft\RedSwoosh.exe C:\Programmi\DAEMON Tools\daemon.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\File comuni\ProtezionefiData\stmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Macrogaming\SweetIM\SweetIM.exe D:\Programmi\spfprc.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: {e58cbcfa-acda-2818-1ea4-ed0d7898bc30} - {03cb8987-d0de-4ae1-8182-adcaafcbc85e} - C:\WINDOWS\system32\rrkaacoh.dll O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {355B9837-EB83-4884-ABE3-ED4384710DF0} - C:\WINDOWS\system32\geedc.dll (file missing) O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing) O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [showIcon_The Company_USB Flash HDD Series Driver v1.17r022] C:\Programmi\PD\shwicon.exe -t"The Company\USB Flash HDD Series Driver v1.17r022" O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ClamWin] Z:\Programmi\ClamWin\bin\ClamTray.exe --logon O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [spywarefighterguard] D:\Programmi\spftray.exe O4 - HKLM\..\Run: [fwewwqwe3] C:\WINDOWS\TEMP\7AE427FA.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NvGraphicsInterface] C:\WINDOWS\system32\wwswu.exe O4 - HKLM\..\Run: [salestart] "C:\Programmi\File comuni\ProtezionefiData\stmon.exe" dm=http://protezionefidata.com; ad=http://protezionefidata.com O4 - HKLM\..\Run: [405ff918] rundll32.exe "C:\WINDOWS\system32\aovtwcyq.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [bitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Drawtool] C:\DOCUME~1\FUJITS~1\DATIAP~1\BODYOK~1\Loud memo.exe O4 - HKCU\..\Run: [sweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\system32\spoolw.exe O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BitDefender for MSN Messenger.lnk = ? O4 - Global Startup: BitDefender_P2P_Startup.lnk = C:\WINDOWS\BitDefender_P2P_Startup.exe O4 - Global Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm O8 - Extra context menu item: Stampa ad alta velocit VundoFix.txt VundoFix.txt
  13. mrhorus87
    in the previous post there is the logs of the comboscan now i will post the extra.txt(supplementary.txt of comboscan) just as you told me Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: Italian CPU 0: Intel® Pentium® 4 CPU 3.06GHz Percentage of Memory in Use: 46% Physical Memory (total/avail): 1022.61 MiB / 546.84 MiB Pagefile Memory (total/avail): 2462.02 MiB / 2028.5 MiB Virtual Memory (total/avail): 2047.88 MiB / 1901.04 MiB C: is Fixed (NTFS) - 29.29 GiB total, 1.62 GiB free. D: is Fixed (NTFS) - 203.59 GiB total, 63.14 GiB free. E: is CDROM (UDF) G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) J: is Removable (No Media) K: is Removable (No Media) \\.\PHYSICALDRIVE0 - ST3250823AS - 232.88 GiB - 2 partitions \PARTITION0 (bootable) - File system installabile - 29.29 GiB - C: \PARTITION1 - Esteso con INT 13 esteso - 203.59 GiB - D: \\.\PHYSICALDRIVE1 - Generic STORAGE DEVICE USB Device \\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device \\.\PHYSICALDRIVE3 - Generic STORAGE DEVICE USB Device \\.\PHYSICALDRIVE4 - Generic STORAGE DEVICE USB Device \\.\PHYSICALDRIVE5 - Generic STORAGE DEVICE USB Device -- Security Center ------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is enabled. FW: Norton Internet Security v2005 (Symantec Corporation) Disabled FW: AVG Firewall 7.5.448 v7.5.448 (GRISOFT) AV: AVG 7.5.467 v7.5.467 (GRISOFT) Outdated AV: Norton Internet Security v2005 (Symantec Corporation) Outdated [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Programmi\\MSN Messenger\\msnmsgr.exe"="C:\\Programmi\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Programmi\\MSN Messenger\\livecall.exe"="C:\\Programmi\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programmi\\iTunes\\iTunes.exe"="C:\\Programmi\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Programmi\\Ubisoft\\Demo\\Tom Clancy's Splinter Cell Double Agent Demo\\SCDA-Offline\\System\\SplinterCell4.exe"="C:\\Programmi\\Ubisoft\\Demo\\Tom Clancy's Splinter Cell Double Agent Demo\\SCDA-Offline\\System\\SplinterCell4.exe:*:Enabled:SplinterCell4" "C:\\Programmi\\NAMCO BANDAI Games\\Warhammer Mark of Chaos DEMO\\Warhammer_DEMO.exe"="C:\\Programmi\\NAMCO BANDAI Games\\Warhammer Mark of Chaos DEMO\\Warhammer_DEMO.exe:*:Disabled:Warhammer
  14. mrhorus87
    ok i think i did it good however i have put the report.txt in as attachment because if i post it it tells me that the post was too long and the program wich i have done the first scan it calls ProtezioneIfData. Here the other logs Deckard's System Scanner v20071014.68 Run by Fujitsu Siemens on 2007-11-21 11:12:00 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 2 Restore Point(s) -- 2: 2007-11-21 10:12:07 UTC - RP338 - Deckard's System Scanner Restore Point 1: 2007-11-20 12:43:42 UTC - RP337 - Punto di arresto del sistema Backed up registry hives. Performed disk cleanup. System Drive C: has 1.64 GiB (less than 15%) free. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2007-11-21 11:19:06 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\explorer.exe C:\Programmi\File comuni\Symantec Shared\ccProxy.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programmi\Grisoft\AVG7\avgamsvr.exe C:\Programmi\Grisoft\AVG7\avgupsvc.exe C:\Programmi\Grisoft\AVG7\avgemc.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Programmi\CyberLink\Shared files\RichVideo.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\PD\shwicon.exe C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\Analog Devices\SoundMAX\SMax4.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe C:\Programmi\RSSoft\RedSwoosh.exe C:\Programmi\DAEMON Tools\daemon.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\File comuni\ProtezionefiData\stmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Macrogaming\SweetIM\SweetIM.exe D:\Programmi\spfprc.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe C:\Documents and Settings\Fujitsu Siemens\Desktop\dss.exe C:\Programmi\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: {e58cbcfa-acda-2818-1ea4-ed0d7898bc30} - {03cb8987-d0de-4ae1-8182-adcaafcbc85e} - C:\WINDOWS\system32\rrkaacoh.dll O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programmi\FlashGet\Jccatch.dll O2 - BHO: (no name) - {355B9837-EB83-4884-ABE3-ED4384710DF0} - C:\WINDOWS\system32\geedc.dll O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\fcuujcjn.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\GoogleToolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing) O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programmi\FlashGet\getflash.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\GoogleToolbar2.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\fcuujcjn.dll (file missing) O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [showIcon_The Company_USB Flash HDD Series Driver v1.17r022] C:\Programmi\PD\shwicon.exe -t"The Company\USB Flash HDD Series Driver v1.17r022" O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ClamWin] Z:\Programmi\ClamWin\bin\ClamTray.exe --logon O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [spywarefighterguard] D:\Programmi\spftray.exe O4 - HKLM\..\Run: [fwewwqwe3] C:\WINDOWS\TEMP\7AE427FA.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NvGraphicsInterface] C:\WINDOWS\system32\wwswu.exe O4 - HKLM\..\Run: [salestart] "C:\Programmi\File comuni\ProtezionefiData\stmon.exe" dm=http://protezionefidata.com; ad=http://protezionefidata.com O4 - HKLM\..\Run: [405ff918] rundll32.exe "C:\WINDOWS\system32\aovtwcyq.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [bitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Drawtool] C:\DOCUME~1\FUJITS~1\DATIAP~1\BODYOK~1\Loud memo.exe O4 - HKCU\..\Run: [sweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\system32\spoolw.exe O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BitDefender for MSN Messenger.lnk = C:\Programmi\Softwin\BitDefender for MSN Messenger\msnmon.exe~ O4 - Global Startup: BitDefender_P2P_Startup.lnk = ? O4 - Global Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm O8 - Extra context menu item: Stampa ad alta velocit report.txt report.txt
  15. mrhorus87
    sorry for that here it is the hijackthis log Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 23.36.36, on 20/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccProxy.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Programmi\CyberLink\Shared files\RichVideo.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\PD\shwicon.exe C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programmi\Analog Devices\SoundMAX\Smax4.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe C:\Programmi\RSSoft\RedSwoosh.exe C:\Programmi\DAEMON Tools\daemon.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\TEMP\7AE427FA.exe D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe D:\Programmi\spfprc.exe C:\WINDOWS\system32\wwswu.exe C:\Programmi\File comuni\ProtezionefiData\stmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe C:\Programmi\Metacafe\MetacafeAgent.exe C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Programmi\FlashGet\flashget.exe D:\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: {e58cbcfa-acda-2818-1ea4-ed0d7898bc30} - {03cb8987-d0de-4ae1-8182-adcaafcbc85e} - C:\WINDOWS\system32\rrkaacoh.dll O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\fcuujcjn.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing) O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: (no name) - {C45D6C77-289E-4168-9A07-72A36ADE4813} - C:\WINDOWS\system32\geedc.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\fcuujcjn.dll (file missing) O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [showIcon_The Company_USB Flash HDD Series Driver v1.17r022] C:\Programmi\PD\shwicon.exe -t"The Company\USB Flash HDD Series Driver v1.17r022" O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ClamWin] Z:\Programmi\ClamWin\bin\ClamTray.exe --logon O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [spywarefighterguard] D:\Programmi\spftray.exe O4 - HKLM\..\Run: [fwewwqwe3] C:\WINDOWS\TEMP\7AE427FA.exe O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\lssas.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\iexplore.exe O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\system32\logon.exe O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\system32\winamp.exe O4 - HKLM\..\Run: [NvGraphicsInterface] C:\WINDOWS\system32\wwswu.exe O4 - HKLM\..\Run: [salestart] "C:\Programmi\File comuni\ProtezionefiData\stmon.exe" dm=http://protezionefidata.com; ad=http://protezionefidata.com O4 - HKLM\..\Run: [405ff918] rundll32.exe "C:\WINDOWS\system32\aovtwcyq.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [bitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Drawtool] C:\DOCUME~1\FUJITS~1\DATIAP~1\BODYOK~1\Loud memo.exe O4 - HKCU\..\Run: [sweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\system32\spoolw.exe O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BitDefender for MSN Messenger.lnk = ? O4 - Global Startup: BitDefender_P2P_Startup.lnk = C:\WINDOWS\BitDefender_P2P_Startup.exe O4 - Global Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm O8 - Extra context menu item: Stampa ad alta velocit
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.