Jump to content

random new tabs while using firefox


Recommended Posts

Hi my name is Max and i'm writing from Italy so please be patient with my english!!

It happens that a new tab occasionally open (mfeed.in, flycell.it, etc) while i'm using firefox (mfeed.in, flycell.it, etc)

I have tried to solve the problem using malwarebytes anti-malaware, supera-antispyware, spybot search&destroy, combofix but nothing seems to work.

This is highjack log before i tried to solve the problem:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23.52.53, on 24/05/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe

C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe

D:\Programmi\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe

C:\Programmi\Cyberlink\Shared Files\brs.exe

D:\Programmi\Eset\nod32kui.exe

D:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe

D:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

D:\Programmi\ScanSoft\PaperPort\pptd40nt.exe

C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe

C:\Programmi\File comuni\Java\Java Update\jusched.exe

C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\File comuni\AVerMedia\Service\AVerRemote.exe

M:\Programmi\Skype\Phone\Skype.exe

C:\Programmi\File comuni\AVerMedia\Service\AVerScheduleService.exe

C:\Programmi\File comuni\AVerMedia\AVerQuick\AVerHIDReceiver.exe

C:\Programmi\Bonjour\mDNSResponder.exe

D:\Programmi\Silicon Image\SiISATARaid\SATARaid.exe

D:\Programmi\Active SMART SCSI\asmartCore.exe

C:\Programmi\Portrait Displays\DisplayTune\DTSRVC.exe

C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe

C:\Programmi\Java\jre6\bin\jqs.exe

C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

D:\Programmi\Eset\nod32krn.exe

C:\Programmi\Cyberlink\Shared files\RichVideo.exe

D:\Programmi\Silicon Image\3114-W-I32-R SATARAID5\SATARaid5ConfigService.exe

C:\Programmi\Sleepy\service.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Sleepy\slptask.exe

C:\Programmi\Raxco\PerfectDisk\PDSched.exe

C:\WINDOWS\system32\wscntfy.exe

D:\Programmi\Active SMART SCSI\asmartCore.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - M:\Programmi\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Go!Zilla IE Helper - {E1FF080D-12A3-439A-A2EF-4BA95A3148E8} - d:\Programmi\GoZilla\GozCatch.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: SearchWin - {48A9D9E3-DD0A-11D5-8BD1-00A0CCE781D4} - D:\Programmi\SearchWin\SWBand.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl8] D:\Programmi\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] D:\Programmi\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe

O4 - HKLM\..\Run: [bDRegion] C:\Programmi\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [nod32kui] "D:\Programmi\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Programmi\File comuni\Acronis\Acronis Disk Director\oss_reinstall.exe

O4 - HKLM\..\Run: [startCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "M:\Programmi\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "D:\Programmi\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "D:\Programmi\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "D:\Programmi\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [AdmTask] C:\Programmi\AdmTask\admtask.exe /m

O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Administrator\Desktop\muBlinder.exe -startup

O4 - HKLM\..\Run: [MBM 5] "D:\Programmi\Motherboard Monitor 5\MBM5.EXE"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [NBJ] "D:\Programmi\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spybotSD TeaTimer] M:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [skype] "M:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [PeerGuardian] D:\Programmi\PeerGuardian2\pg2.exe

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3" -"http://wbs.paginegialle.it/vservice/visual_shock.html?prjQuery=7460419D081CA7C455F87662BE3AE7EE&initDataset=italia&initCoordX=503622.9941735426&initCoordY=5042113.766510849&sWidth=1880&sHeight=900"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MqtgSVC] C:\WINDOWS\System\mqtgsvc.exe /waitservice (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MqtgSVC] C:\WINDOWS\System\mqtgsvc.exe /waitservice (User 'Default user')

O4 - Startup: Active SMART.lnk = D:\Programmi\Active SMART SCSI\ActiveSMART.exe

O4 - Startup: AVer HID Receiver.lnk = C:\Programmi\File comuni\AVerMedia\AVerQuick\AVerHIDReceiver.exe

O4 - Startup: AVerQuick.lnk = C:\Programmi\File comuni\AVerMedia\AVerQuick\AVerQuick.exe

O4 - Global Startup: AVer HID Receiver.lnk = C:\Programmi\File comuni\AVerMedia\AVerQuick\AVerHIDReceiver.exe

O4 - Global Startup: AVerQuick.lnk = C:\Programmi\File comuni\AVerMedia\AVerQuick\AVerQuick.exe

O4 - Global Startup: LG Sync Manager.lnk = ?

O4 - Global Startup: LG SyncManager.lnk = ?

O4 - Global Startup: SATARaid.lnk = ?

O8 - Extra context menu item: Download All Files by HiDownload - D:\Programmi\HiDownload\HDGetAll.htm

O8 - Extra context menu item: Download by HiDownload - D:\Programmi\HiDownload\HDGet.htm

O8 - Extra context menu item: Download with GetRight - D:\Programmi\GetRight\GRdownload.htm

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - D:\Programmi\GetRight\GRbrowse.htm

O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - M:\Programmi\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - M:\Programmi\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://mondoconvenienza3dvp.2020.net/Core/...yerAX_Win32.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1261249145376

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1261249127651

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVerRemote - AVerMedia - C:\Programmi\File comuni\AVerMedia\Service\AVerRemote.exe

O23 - Service: AVerScheduleService - Unknown owner - C:\Programmi\File comuni\AVerMedia\Service\AVerScheduleService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programmi\Portrait Displays\DisplayTune\DTSRVC.exe

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programmi\Eset\nod32krn.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\Cyberlink\Shared files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe

O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - D:\Programmi\Silicon Image\3114-W-I32-R SATARAID5\SATARaid5ConfigService.exe

O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Sleepy - Sashazur, LLC - C:\Programmi\Sleepy\service.exe

--

End of file - 12826 bytes

And this is combofix log after i try to solve the problem:

ComboFix 10-05-25.02 - Administrator 25/05/2010 23.33.47.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1580 [GMT 2:00]

Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe

.

((((((((((((((((((((((((( Files Creati Da 2010-04-25 al 2010-05-25 )))))))))))))))))))))))))))))))))))

.

2010-05-25 19:00 . 2010-05-25 19:00 63488 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-05-25 18:59 . 2010-05-25 18:59 52224 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-05-25 18:58 . 2010-05-25 18:58 -------- d-----w- c:\programmi\SUPERAntiSpyware

2010-05-25 18:58 . 2010-05-25 18:58 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard

2010-05-24 21:50 . 2010-05-24 21:50 -------- d-----w- c:\programmi\Trend Micro

2010-05-23 21:02 . 2010-05-23 21:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-05-23 19:53 . 2010-05-23 19:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-05-23 19:49 . 2010-05-24 18:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft

2010-05-23 08:23 . 2010-05-23 08:23 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Promixis

2010-05-22 19:07 . 2010-05-22 19:07 503808 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1277d9c2-n\msvcp71.dll

2010-05-22 19:07 . 2010-05-22 19:07 499712 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1277d9c2-n\jmc.dll

2010-05-22 19:07 . 2010-05-22 19:07 348160 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1277d9c2-n\msvcr71.dll

2010-05-22 19:07 . 2010-05-22 19:07 61440 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-128cdb12-n\decora-sse.dll

2010-05-22 19:07 . 2010-05-22 19:07 12800 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-128cdb12-n\decora-d3d.dll

2010-05-22 17:43 . 2010-05-22 17:43 -------- d-----w- c:\programmi\DivX H.264 decoder

2010-05-22 17:36 . 2010-05-22 17:36 -------- d-----w- c:\programmi\CoreCodec

2010-05-22 17:07 . 2010-05-22 17:07 54073 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Qt4.5\Uninstaller.exe

2010-05-22 17:07 . 2010-05-22 17:07 56969 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\ASPEncoder\Uninstaller.exe

2010-05-22 16:58 . 2010-05-22 17:07 -------- d-----w- c:\programmi\File comuni\DivX Shared

2010-05-22 16:55 . 2010-05-22 16:55 -------- d-----w- c:\programmi\DivX

2010-05-22 16:55 . 2010-05-22 17:04 144696 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-05-22 16:54 . 2010-05-22 17:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivX

2010-05-20 16:44 . 2010-05-23 11:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVerTV

2010-05-20 16:43 . 2010-05-20 16:43 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\AVerMedia

2010-05-20 16:42 . 2009-09-03 19:38 102400 ----a-w- c:\windows\system32\CardID.dll

2010-05-20 16:42 . 2007-02-08 19:09 49152 ----a-w- c:\windows\system32\AVerIO.dll

2010-05-20 16:42 . 2005-04-29 01:08 3456 ----a-w- c:\windows\system32\AVerIO.sys

2010-05-20 16:42 . 2009-09-04 21:47 135168 ----a-w- c:\windows\system32\sptlib12.dll

2010-05-20 16:42 . 2009-09-04 05:25 311296 ----a-w- c:\windows\system32\sptlib01.dll

2010-05-20 16:42 . 2009-08-17 19:38 598016 ----a-w- c:\windows\system32\sptlib21.dll

2010-05-20 16:42 . 2009-07-03 01:38 294912 ----a-w- c:\windows\system32\sptlib11.dll

2010-05-20 16:42 . 2009-05-25 20:56 249856 ----a-w- c:\windows\system32\sptlib03.dll

2010-05-20 16:42 . 2009-03-23 19:59 225280 ----a-w- c:\windows\system32\sptlib02.dll

2010-05-20 16:42 . 2008-10-07 23:31 290816 ----a-w- c:\windows\system32\sptlib22.dll

2010-05-20 16:42 . 2007-12-26 19:37 45056 ----a-w- c:\windows\system32\pthreadVC.dll

2010-05-20 16:42 . 2010-05-20 16:42 -------- d-----w- c:\programmi\File comuni\AVerMedia

2010-05-19 21:28 . 2009-09-29 15:56 44544 ----a-w- c:\windows\system32\msxml4a.dll

2010-05-19 21:28 . 2010-05-19 21:44 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\PlayMovie

2010-05-19 21:27 . 2010-05-19 21:44 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\PowerCinema

2010-05-19 21:27 . 2010-05-19 22:04 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\PostBuild.exe

2010-05-19 21:26 . 2010-05-19 21:26 53319 ----a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe

2010-05-16 17:14 . 2010-05-16 17:14 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\USBSafelyRemove

2010-05-16 17:14 . 2010-05-16 17:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\USBSRService

2010-05-12 17:35 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-05-12 17:31 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-05-12 16:48 . 2010-05-12 16:48 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\DivX

2010-05-12 16:46 . 2010-05-12 16:46 -------- d-----w- c:\programmi\Microsoft SQL Server Compact Edition

2010-05-12 16:39 . 2008-04-14 02:13 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2010-05-12 16:39 . 2008-04-14 02:13 21504 ----a-w- c:\windows\system32\hidserv.dll

2010-05-12 16:39 . 2008-04-14 01:53 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-05-12 16:39 . 2008-04-14 01:53 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-05-12 16:24 . 2009-08-05 06:57 32896 ----a-w- c:\windows\system32\drivers\AVPolCIR.sys

2010-05-12 16:24 . 2009-08-05 06:56 314752 ----a-w- c:\windows\system32\drivers\AVerPola.sys

2010-05-12 16:24 . 2009-04-06 03:40 24576 ----a-w- c:\windows\system32\cxtvrate.dll

2010-05-12 16:22 . 2010-05-12 16:22 -------- d-----w- c:\documents and settings\user\LOCALS~1

2010-05-12 16:22 . 2010-05-12 16:22 -------- d-----w- c:\documents and settings\user

2010-05-12 16:22 . 2010-05-20 16:46 -------- d-----w- c:\programmi\AVerMedia

2010-04-30 22:16 . 2010-05-19 21:34 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\vlc

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-25 21:31 . 2009-10-07 18:27 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skype

2010-05-25 18:59 . 2009-03-13 19:10 117760 -c--a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-05-23 19:15 . 2009-10-07 18:35 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\skypePM

2010-05-23 16:05 . 2008-07-01 17:04 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP

2010-05-20 16:45 . 2001-08-31 13:00 555036 ----a-w- c:\windows\system32\perfh010.dat

2010-05-20 16:45 . 2001-08-31 13:00 104514 ----a-w- c:\windows\system32\perfc010.dat

2010-05-20 16:21 . 2008-06-06 17:17 -------- d--h--w- c:\programmi\InstallShield Installation Information

2010-05-19 22:07 . 2008-06-18 15:56 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\CyberLink

2010-05-19 22:06 . 2008-06-18 15:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink

2010-05-19 21:39 . 2008-06-06 18:18 76472 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT

2010-05-19 16:56 . 2008-11-29 14:52 1392304 ----a-w- c:\windows\system32\AutoPartNt.exe

2010-05-09 08:01 . 2008-06-19 18:58 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-05-01 19:24 . 2008-07-28 20:16 60 -c--a-w- c:\windows\wpd99.drv

2010-05-01 19:24 . 2008-07-28 20:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\pdf995

2010-04-29 13:39 . 2009-11-18 17:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 13:39 . 2009-11-18 17:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-23 19:53 . 2008-06-11 17:06 -------- d-----w- c:\programmi\Microsoft.NET

2010-04-22 17:01 . 2008-10-03 14:05 -------- d-----w- c:\programmi\File comuni\Java

2010-04-22 17:00 . 2010-04-22 17:00 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-22 17:00 . 2010-04-22 17:00 -------- d-----w- c:\programmi\Java

2010-04-12 18:25 . 2009-03-11 20:15 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\uTorrent

2010-04-03 18:57 . 2010-04-03 18:57 503808 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-197a90bf-n\msvcp71.dll

2010-04-03 18:57 . 2010-04-03 18:57 499712 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-197a90bf-n\jmc.dll

2010-04-03 18:57 . 2010-04-03 18:57 348160 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-197a90bf-n\msvcr71.dll

2010-04-03 18:57 . 2010-04-03 18:57 61440 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6f37a9d1-n\decora-sse.dll

2010-04-03 18:57 . 2010-04-03 18:57 12800 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6f37a9d1-n\decora-d3d.dll

2010-03-28 21:51 . 2008-06-11 19:55 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\dvdcss

2010-03-22 19:33 . 2010-03-22 19:33 12212040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe

2010-03-22 19:33 . 2010-03-22 19:33 13930312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe

2010-03-22 19:33 . 2010-03-22 19:33 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe

2010-03-22 19:33 . 2010-03-22 19:33 58880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe

2010-03-22 19:33 . 2010-03-22 19:33 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe

2010-03-22 19:33 . 2010-03-22 19:33 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe

2010-03-22 19:32 . 2010-03-22 19:33 98366952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_webinstaller_ALL(2).exe

2010-03-22 17:42 . 2010-03-22 17:42 1 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-03-18 14:47 . 2010-03-18 14:47 17760 ----a-w- c:\windows\system32\aspnet_counters.dll

2010-03-18 11:16 . 2010-03-18 11:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll

2010-03-18 11:16 . 2010-03-18 11:16 70472 ----a-w- c:\windows\system32\dxva2.dll

2010-03-18 11:16 . 2010-03-18 11:16 486216 ----a-w- c:\windows\system32\evr.dll

2010-03-18 08:09 . 2010-03-18 08:09 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-03-18 08:09 . 2010-03-18 08:09 49488 ----a-w- c:\windows\system32\netfxperf.dll

2010-03-18 08:09 . 2010-03-18 08:09 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-03-18 08:09 . 2010-03-18 08:09 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-03-16 17:44 . 2010-03-16 17:44 53248 ----a-w- c:\windows\system32\sleepy.scr

2010-03-10 06:15 . 2004-08-19 15:39 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-08 13:22 . 2010-03-08 17:21 1243997 ----a-w- C:\EasyBCD 2.0 Beta - Build 82.exe

2010-02-25 06:16 . 2004-08-19 15:39 916480 ----a-w- c:\windows\system32\wininet.dll

2006-05-03 10:06 . 2009-04-10 13:21 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 11:47 . 2009-04-10 13:21 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 13:30 . 2009-04-10 13:21 216064 --sh--r- c:\windows\system32\nbDX.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-05-25_16.57.45 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-05-25 21:24 . 2010-05-25 21:24 16384 c:\windows\Temp\Perflib_Perfdata_55c.dat

+ 2010-05-25 18:58 . 2010-05-25 18:58 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

+ 2010-05-25 18:58 . 2010-05-25 18:58 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2010-05-25 18:58 . 2010-05-25 18:58 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe

+ 2010-05-25 18:58 . 2010-05-25 18:58 1583616 c:\windows\Installer\5aa721.msi

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBJ"="d:\programmi\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]

"Google Update"="c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-06-12 133104]

"SpybotSD TeaTimer"="m:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Skype"="m:\programmi\Skype\Phone\Skype.exe" [2009-09-02 25623336]

"PeerGuardian"="d:\programmi\PeerGuardian2\pg2.exe" [2005-09-18 1421824]

"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-06 2017280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"RemoteControl8"="d:\programmi\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]

"PDVD8LanguageShortcut"="d:\programmi\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"BDRegion"="c:\programmi\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]

"TrueImageMonitor.exe"="d:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-16 1164912]

"AcronisTimounterMonitor"="d:\programmi\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-16 1941784]

"Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2006-10-16 87584]

"OSSelectorReinstall"="c:\programmi\File comuni\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]

"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"Adobe Reader Speed Launcher"="m:\programmi\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"EPSON Stylus CX3200"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 74752]

"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="d:\programmi\ScanSoft\PaperPort\pptd40nt.exe" [2008-05-10 29984]

"IndexSearch"="d:\programmi\ScanSoft\PaperPort\IndexSearch.exe" [2008-05-10 46368]

"PPort11reminder"="d:\programmi\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"AdmTask"="c:\programmi\AdmTask\admtask.exe" [2009-06-19 24576]

"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]

"MBM 5"="d:\programmi\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 594944]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\

Active SMART.lnk - d:\programmi\Active SMART SCSI\ActiveSMART.exe [2004-1-16 61440]

AVer HID Receiver.lnk - c:\programmi\File comuni\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2010-5-20 155648]

AVerQuick.lnk - c:\programmi\File comuni\AVerMedia\AVerQuick\AVerQuick.exe [2010-5-20 651264]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\

AVer HID Receiver.lnk - c:\programmi\File comuni\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2010-5-20 155648]

AVerQuick.lnk - c:\programmi\File comuni\AVerMedia\AVerQuick\AVerQuick.exe [2010-5-20 651264]

LG Sync Manager.lnk - d:\programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe [2004-4-23 229376]

LG SyncManager.lnk - d:\programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe [2004-4-23 229376]

SATARaid.lnk - d:\programmi\Silicon Image\SiISATARaid\SATARaid.exe [2009-12-20 1032192]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=

"d:\\eMule\\emule.exe"=

"d:\\Programmi\\CyberLink\\PowerDVD8\\PowerDVD8\\PowerDVD8.exe"=

"d:\\Programmi\\Infogrames\\Grand Prix 4\\GP4.exe"=

"d:\\Programmi\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

"d:\\Programmi\\Mozilla Firefox\\firefox.exe"=

"d:\\Programmi\\uTorrent\\uTorrent.exe"=

"m:\\pes2009\\utorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Programmi\\vv\\CDROMs\\iper3pro\\Ita\\client\\f\\EasyWebEditorT.exe"=

"c:\\Programmi\\vv\\CDROMs\\iper3pro\\Ita\\client\\f\\EasyWebEditorT.exe"=

"m:\\Programmi\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=

"m:\\Programmi\\BitBlinder\\Tor.exe"=

"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=

"c:\\Programmi\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=

"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"d:\\Programmi\\WinLIRC\\winlirc.exe"=

"d:\\Programmi\\Promixis\\Girder5\\girder.exe"=

"d:\\Programmi\\Promixis\\Girder5\\grunt.exe"=

"m:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1755:TCP"= 1755:TCP:1755

"1756:UDP"= 1756:UDP:1756

"1755:UDP"= 1755:UDP:1755

"1756:TCP"= 1756:TCP:1756

"23585:TCP"= 23585:TCP:23585tcp

"23585:UDP"= 23585:UDP:23585udp

"5000:TCP"= 5000:TCP:5000

"5000:UDP"= 5000:UDP:5000

"2755:TCP"= 2755:TCP:2755

"2756:UDP"= 2756:UDP:2756

"1194:TCP"= 1194:TCP:1194

"1194:UDP"= 1194:UDP:1194

"443:TCP"= 443:TCP:443

"443:UDP"= 443:UDP:443

"80:UDP"= 80:UDP:80

"3000:TCP"= 3000:TCP:bitlet

"3000:UDP"= 3000:UDP:bitlet

R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\pnp680.sys [06/06/2008 23.31.09 37031]

R1 atitray;atitray;m:\programmi\Ray Adams\ATI Tray Tools\atitray.sys [24/10/2009 20.03.08 19232]

R1 Dev_UNIDRV;Dev_UNIDRV;c:\windows\system32\drivers\UNIDRV.SYS [14/06/2008 9.28.44 6080]

R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11.25.50 12872]

R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [06/05/2010 17.10.20 68168]

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};d:\programmi\CyberLink\PowerDVD8\PowerDVD8\000.fcl [15/05/2008 12.07.00 61424]

R2 AVerRemote;AVerRemote;c:\programmi\File comuni\AVerMedia\Service\AVerRemote.exe [20/05/2010 18.42.52 348160]

R2 AVerScheduleService;AVerScheduleService;c:\programmi\File comuni\AVerMedia\Service\AVerScheduleService.exe [20/05/2010 18.42.53 389120]

R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [18/11/2008 19.05.20 5152]

R2 PDSched;PDScheduler;c:\programmi\Raxco\PerfectDisk\PDSched.exe [04/01/2005 15.59.52 237635]

R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [18/06/2008 19.07.46 36352]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08/06/2008 16.27.28 717296]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]

S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [06/06/2008 19.38.30 39680]

S2 SATARaid5 Config Service;SATARaid5 Configuration Service;d:\programmi\Silicon Image\3114-W-I32-R SATARAID5\SATARaid5ConfigService.exe [05/10/2005 18.19.00 131072]

S3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\drivers\AVerPola.sys [12/05/2010 18.24.08 314752]

S3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\drivers\AVPolCIR.sys [12/05/2010 18.24.08 32896]

S3 ctlsb16;Driver Creative SB16/AWE32/AWE64 (WDM);c:\windows\system32\drivers\ctlsb16.sys [07/10/2009 7.58.45 96256]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/01/2007 19.31.34 42000]

S3 ntkvpn;Loki VPN Service;c:\windows\system32\DRIVERS\ntkvpn.sys --> c:\windows\system32\DRIVERS\ntkvpn.sys [?]

S3 ntkvpnMP;ntkvpnMP;c:\windows\system32\DRIVERS\ntkvpn.sys --> c:\windows\system32\DRIVERS\ntkvpn.sys [?]

S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [06/06/2008 19.38.30 54784]

S3 WFIOCTL;WFIOCTL;\??\d:\programmi\WinFast\WFTVFM\WFIOCTL.SYS --> d:\programmi\WinFast\WFTVFM\WFIOCTL.SYS [?]

S3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys --> c:\windows\system32\drivers\wfeaglxt.sys [?]

S3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [08/11/2009 19.00.17 23480]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]

S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [18/06/2008 19.07.46 134912]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - ArcRec

.

Contenuto della cartella 'Scheduled Tasks'

2010-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-854245398-725345543-500Core.job

- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-06-12 20:16]

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-854245398-725345543-500UA.job

- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-06-12 20:16]

2010-05-25 c:\windows\Tasks\User_Feed_Synchronization-{4A4E9A0E-B22D-44C7-B6DA-65213F4237FA}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

.

.

------- Scansione supplementare -------

.

uStart Page = hxxp://www.google.it/

uInternet Settings,ProxyOverride = *.local

IE: Download All Files by HiDownload - d:\programmi\HiDownload\HDGetAll.htm

IE: Download by HiDownload - d:\programmi\HiDownload\HDGet.htm

IE: Download with GetRight - d:\programmi\GetRight\GRdownload.htm

IE: E&sporta in Microsoft Excel - d:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Open with GetRight Browser - d:\programmi\GetRight\GRbrowse.htm

Trusted Zone: microsoft.com\support

Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - d:\programmi\GetRight\xx2gr.dll

Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - d:\programmi\GetRight\xx2gr.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://mondoconvenienza3dvp.2020.net/Core/Player/2020PlayerAX_Win32.cab

FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\rvwlx971.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.it

FF - component: c:\programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll

FF - component: d:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: d:\programmi\DivX\DivX Player\npDivxPlayerPlugin.dll

FF - plugin: d:\programmi\DivX\DivX Web Player\npdivx32.dll

FF - plugin: d:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: m:\programmi\Reader\browser\nppdf32.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

d:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

d:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

d:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

d:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

d:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

d:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

d:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-muBlinder - c:\documents and settings\Administrator\Desktop\muBlinder.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-25 23:40

Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\d:\programmi\CyberLink\PowerDVD8\PowerDVD8\000.fcl"

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-220523388-854245398-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,52,10,8d,02,a9,64,4b,ae,54,3e,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,52,10,8d,02,a9,64,4b,ae,54,3e,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@DACL=(02 0010)

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

@DACL=(02 0010)

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@DACL=(02 0010)

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@DACL=(02 0010)

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@DACL=(02 0010)

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@DACL=(02 0010)

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@DACL=(02 0010)

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ

Link to post
Share on other sites

Hello Max! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.

ComboFix is a very powerful tool, so don't use it without the supervision of an expert.

Step 1

* Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step 2

Please follow these instructions:

http://forums.malwarebytes.org/index.php?showtopic=9573

Post all logs if you can.

Link to post
Share on other sites

Hello Max! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.

ComboFix is a very powerful tool, so don't use it without the supervision of an expert.

Step 1

* Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step 2

Please follow these instructions:

http://forums.malwarebytes.org/index.php?showtopic=9573

Post all logs if you can.

Yesterday, before you wrote to me, i have tried other solutions: tdss killer, mbr and gmer.

I hope this was not a mistake.

You can see the logs in the attachments.

As soon as i can (when i'll be back home) i'll follow your procedure.

Thank you

TDSSKiller_before.2.3.1.0_26.05.2010_18.30.36_log.txt

TDSSKiller_after.2.3.1.0_26.05.2010_18.47.10_log.txt

mbr.txt

hijackthis_after_all_last_cleanings.txt

gmer.txt

Link to post
Share on other sites

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s) in this sequence:

  1. JavaRa log
  2. MalwareBytes' Anti-Malware log
  3. a new fresh DDS log only

Link to post
Share on other sites

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s) in this sequence:

  1. JavaRa log
  2. MalwareBytes' Anti-Malware log
  3. a new fresh DDS log only

MBAM didn't find anything. Is actually from last night that the problem no longer occurs.

But I prefer to have your opinion about the attachment.

Thank you very much.

Attach2.zip

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.