Sheur2

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Sheur230th July 2010, 10:28 pm

Hi, my AVG has found Sheur2 infection. What should i do?
Thanks for your help
This is my OTL.txt file

OTL logfile created on: 30/07/2010 23.54.22 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Ciccio\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

511,00 Mb Total Physical Memory | 166,00 Mb Available Physical Memory | 33,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 74,52 Gb Total Space | 54,22 Gb Free Space | 72,76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 114,48 Gb Total Space | 12,28 Gb Free Space | 10,73% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 931,51 Gb Total Space | 890,89 Gb Free Space | 95,64% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: CASA
Current User Name: Ciccio
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/10 16.17.07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ciccio\Desktop\OTL.com
PRC - [2010/06/21 21.51.08 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgtray.exe
PRC - [2010/06/21 21.51.04 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgnsx.exe
PRC - [2010/06/21 21.51.04 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgrsx.exe
PRC - [2010/06/21 21.51.01 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/21 21.50.57 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/21 21.50.56 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/21 21.50.55 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgam.exe
PRC - [2010/06/10 21.03.08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 11.44.46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\File comuni\Java\Java Update\jusched.exe
PRC - [2010/03/03 18.13.14 | 003,320,768 | ---- | M] (SlySoft, Inc.) -- C:\Programmi\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2009/11/30 12.30.29 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2009/10/01 17.03.14 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Programmi\a-squared Free\a2service.exe
PRC - [2009/07/20 12.30.50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programmi\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12.42.32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/05/27 00.31.29 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2008/06/11 23.43.26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programmi\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/05/19 16.24.46 | 000,091,432 | ---- | M] (cyberlink) -- C:\Programmi\CyberLink\Shared Files\brs.exe
PRC - [2007/02/10 12.17.30 | 002,607,616 | ---- | M] (Nimble Software) -- C:\Programmi\AllWallpapersLite\awplite.exe
PRC - [2006/10/26 13.40.34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2004/01/20 19.15.12 | 000,507,965 | ---- | M] (WIDCOMM, Inc.) -- C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
PRC - [2004/01/20 19.05.08 | 000,135,168 | ---- | M] (WIDCOMM, Inc.) -- C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
PRC - [2003/05/30 09.42.22 | 000,585,728 | ---- | M] (Analog Devices, Inc.) -- C:\Programmi\Analog Devices\SoundMAX\SMax4.exe
PRC - [2003/05/29 16.28.32 | 000,790,528 | ---- | M] (Analog Devices, Inc.) -- C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/12/31 14.00.00 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/20 15.50.10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (SafeList) ==========

MOD - [2010/07/10 16.17.07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ciccio\Desktop\OTL.com
MOD - [2010/02/04 20.17.27 | 000,129,984 | ---- | M] (SlySoft, Inc.) -- C:\Programmi\SlySoft\AnyDVD\ADvdDiscHlp.dll
MOD - [2009/07/20 12.29.06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Programmi\Logitech\SetPoint\lgscroll.dll
MOD - [2009/07/12 02.12.06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2004/01/20 19.16.30 | 000,053,248 | ---- | M] () -- C:\Programmi\WIDCOMM\Software Bluetooth\BTKeyInd.dll
MOD - [2002/12/31 14.00.00 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2002/12/31 14.00.00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (FirebirdServerMAGIXInstance)
SRV - [2010/06/21 21.51.01 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 21.03.08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/10 13.38.11 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/30 12.30.29 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2009/10/01 17.03.14 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Programmi\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/07/20 12.28.10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programmi\File comuni\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2006/10/26 19.49.34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13.40.34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2006/10/26 13.03.08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/01/20 19.05.08 | 000,135,168 | ---- | M] (WIDCOMM, Inc.) [Auto | Running] -- C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe -- (btwdins)
SRV - [2002/09/20 15.50.10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - [2010/07/29 23.25.58 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2010/07/29 23.15.51 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2010/06/21 21.51.06 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/21 21.50.57 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/05/31 15.19.28 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/05 01.32.43 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/02/22 18.53.20 | 000,104,768 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/01/01 19.20.34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/11/30 12.30.29 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009/08/16 01.44.45 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2009/06/17 18.56.16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 18.56.06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 18.55.34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/06/17 18.55.18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/05/23 01.08.32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2008/05/15 12.07.00 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programmi\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2008/05/03 05.46.00 | 006,554,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/07/27 12.46.06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007/07/27 10.13.08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2004/08/19 15.23.40 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/04 00.31.34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/01/20 18.44.36 | 000,022,183 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2004/01/20 18.44.06 | 000,222,876 | ---- | M] (WIDCOMM, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2004/01/20 18.40.48 | 001,260,106 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.forexstart.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.startup.homepage: "http://it.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programmi\AVG\AVG9\Firefox [2010/07/20 20.40.54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2010/07/27 22.56.18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2010/07/28 16.46.00 | 000,000,000 | ---D | M]

[2009/08/18 00.56.49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ciccio\Dati applicazioni\Mozilla\Extensions
[2010/07/29 23.48.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ciccio\Dati applicazioni\Mozilla\Firefox\Profiles\wroire2f.default\extensions
[2010/03/15 02.07.33 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Ciccio\Dati applicazioni\Mozilla\Firefox\Profiles\wroire2f.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/07/28 00.11.17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Ciccio\Dati applicazioni\Mozilla\Firefox\Profiles\wroire2f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/01 19.49.44 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Ciccio\Dati applicazioni\Mozilla\Firefox\Profiles\wroire2f.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/02/05 00.52.42 | 000,001,649 | ---- | M] () -- C:\Documents and Settings\Ciccio\Dati applicazioni\Mozilla\Firefox\Profiles\wroire2f.default\searchplugins\Ask.xml
[2010/07/30 23.09.04 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions
[2010/05/13 11.45.32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/29 23.42.57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05.00.04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/27 22.56.14 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2010/07/27 22.56.14 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml
[2010/07/27 22.56.14 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2010/07/27 22.56.14 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2002/12/31 14.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (WinAVI FLVSense) - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Programmi\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programmi\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Programmi\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Programmi\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [awplite] C:\Programmi\AllWallpapersLite\awplite.exe (Nimble Software)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk = C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe (WIDCOMM, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Ciccio\Menu Avvio\Programmi\Esecuzione automatica\AutorunsDisabled [2009/12/25 12.52.43 | 000,000,000 | -H-D | M]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Programmi\WinAVI FLV Converter\flv_link.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm ()
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm ()
O9 - Extra Button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Programmi\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O9 - Extra 'Tools' menuitem : WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Programmi\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 83.103.25.250
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (AnyDiscHelp.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll - c:\Programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/15 23.00.04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/29 21.07.45 | 000,001,271 | ---- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{4ebd052e-1970-11df-9609-0002442390fc}\Shell - "" = AutoRun
O33 - MountPoints2\{4ebd052e-1970-11df-9609-0002442390fc}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8cf2fd16-3795-11df-964f-0002442390fc}\Shell\AutoRun\command - "" = H:\myfolder\myfile.exe -- [2010/07/28 20.42.39 | 000,106,496 | RHS- | M] ()
O33 - MountPoints2\{8cf2fd16-3795-11df-964f-0002442390fc}\Shell\open\command - "" = H:\myfolder\myfile.exe -- [2010/07/28 20.42.39 | 000,106,496 | RHS- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (ount) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE - (WinZip Computing, S.L.)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Ciccio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programmi\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Microsoft Driver Setup - hkey= - key= - C:\WINDOWS\cndrive32.exe File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programmi\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl8 - hkey= - key= - C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendering grafica vettoriale (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Binding dati Dynamic HTML per Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Modulo ricerca non in linea
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Creazione avanzata
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Guida di Internet Explorer
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classi Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Strumenti di installazione di Internet Explorer
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Miglioramenti sfoglia
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Accesso sito MSN
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Binding dati Dynamic HTML
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Font principali di Internet Explorer
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Utilità di pianificazione
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - Guida HTML
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2010/07/30 23.52.18 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ciccio\Desktop\OTL.com
[2010/07/30 23.38.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ciccio\Desktop\JavaRa
[2010/07/30 23.29.58 | 016,062,240 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Ciccio\Desktop\jre-6u21-windows-i586.exe
[2010/07/30 21.37.23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ciccio\Desktop\ragazzi
[2010/07/29 23.43.19 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Java
[2010/07/29 23.42.55 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/29 23.42.55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/29 23.42.55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/29 23.25.58 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/07/29 23.16.20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\RegRunInfo
[2010/07/29 23.03.50 | 000,037,600 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/07/29 23.03.44 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2010/07/29 22.56.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ciccio\Documenti\RegRun2
[2010/07/29 22.56.10 | 000,000,000 | ---D | C] -- C:\Programmi\Greatis
[2010/07/29 22.55.57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ciccio\Desktop\reanimator
[2010/07/29 21.31.07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ciccio\Desktop\ProcessExplorer
[2010/07/29 21.09.08 | 000,000,000 | ---D | C] -- C:\Programmi\Trend Micro
[2010/07/29 21.08.27 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Ciccio\Desktop\HJTInstall.exe
[2010/07/27 22.59.59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\NOS
[2010/07/27 22.40.06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ciccio\Recent
[2010/07/27 21.27.55 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Ciccio\Desktop\ccsetup234.exe
[2010/07/24 12.49.54 | 000,000,000 | ---D | C] -- C:\Programmi\iPod
[2010/07/24 12.05.23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ciccio\Dati applicazioni\vlc
[2010/07/24 01.00.29 | 000,000,000 | ---D | C] -- C:\Programmi\easyMule
[2010/07/19 00.17.10 | 000,000,000 | ---D | C] -- C:\Programmi\XRECODE
[2010/07/17 18.17.48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ciccio\Documenti\NeroVision
[2010/07/16 23.24.26 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/30 23.46.40 | 000,631,556 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/30 23.46.40 | 000,395,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/30 23.46.40 | 000,095,478 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/07/30 23.46.40 | 000,070,658 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/07/30 23.46.40 | 000,059,556 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/30 23.42.03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/30 23.42.01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/30 23.40.36 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Ciccio\NTUSER.DAT
[2010/07/30 23.40.36 | 000,000,194 | -HS- | M] () -- C:\Documents and Settings\Ciccio\ntuser.ini
[2010/07/30 23.35.25 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Ciccio\Desktop\JavaRa.zip
[2010/07/30 23.34.28 | 016,062,240 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Ciccio\Desktop\jre-6u21-windows-i586.exe
[2010/07/30 23.30.03 | 000,001,244 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-920026266-682003330-1004UA.job
[2010/07/30 23.13.11 | 000,071,680 | ---- | M] () -- C:\WINDOWS\System32\43.scr
[2010/07/30 22.51.34 | 000,071,680 | ---- | M] () -- C:\WINDOWS\System32\27.scr
[2010/07/30 22.40.33 | 000,071,680 | ---- | M] () -- C:\WINDOWS\System32\17.scr
[2010/07/30 22.30.07 | 000,001,192 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-920026266-682003330-1004Core.job
[2010/07/30 22.02.12 | 000,048,640 | ---- | M] () -- C:\WINDOWS\System32\33.scr
[2010/07/30 21.30.45 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Ciccio\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/30 21.19.19 | 062,758,076 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/29 23.25.58 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/07/29 23.15.51 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2010/07/29 23.12.06 | 000,108,032 | ---- | M] () -- C:\Documents and Settings\Ciccio\Dati applicazioni\LTZQAI.EXE.del
[2010/07/29 23.11.03 | 000,068,608 | ---- | M] () -- C:\WINDOWS\CNDRIVE32.EXE.del
[2010/07/29 23.03.50 | 000,037,600 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/07/29 22.56.47 | 000,002,885 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/29 22.56.47 | 000,001,840 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/07/29 22.56.47 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/07/29 22.56.15 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Ciccio\Desktop\Reanimator.lnk
[2010/07/29 22.16.55 | 000,110,080 | ---- | M] () -- C:\WINDOWS\System32\75.exe
[2010/07/29 21.30.55 | 001,729,668 | ---- | M] () -- C:\Documents and Settings\Ciccio\Desktop\ProcessExplorer.zip
[2010/07/29 21.09.12 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\Ciccio\Desktop\HijackThis.lnk
[2010/07/29 20.45.36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/28 22.41.27 | 000,111,616 | ---- | M] () -- C:\WINDOWS\System32\84.exe
[2010/07/28 21.35.59 | 000,111,616 | ---- | M] () -- C:\WINDOWS\System32\08.exe
[2010/07/28 21.02.44 | 000,111,616 | ---- | M] () -- C:\WINDOWS\System32\56.exe
[2010/07/28 20.42.12 | 000,111,616 | ---- | M] () -- C:\WINDOWS\System32\80.exe
[2010/07/28 00.16.17 | 000,094,952 | ---- | M] () -- C:\Documents and Settings\Ciccio\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
[2010/07/27 22.43.03 | 001,620,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/27 22.37.21 | 000,021,808 | ---- | M] () -- C:\Documents and Settings\Ciccio\Desktop\cc_20100727_223700.reg
[2010/07/27 21.28.01 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Ciccio\Desktop\ccsetup234.exe
[2010/07/27 17.17.44 | 000,048,640 | ---- | M] () -- C:\WINDOWS\System32\36.scr
[2010/07/24 12.23.26 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/24 00.27.40 | 000,359,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2010/07/22 05.06.52 | 000,063,756 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/20 13.18.57 | 008,617,975 | ---- | M] () -- C:\Documents and Settings\Ciccio\Desktop\reanimator.zip
[2010/07/18 00.26.12 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/17 18.25.11 | 000,000,083 | -HS- | M] () -- C:\Documents and Settings\All Users\Dati applicazioni\.zreglib
[2010/07/17 05.00.12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/17 05.00.12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/17 05.00.10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/17 05.00.04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/17 02.42.29 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/10 16.17.07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ciccio\Desktop\OTL.com
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/30 23.35.24 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Ciccio\Desktop\JavaRa.zip
[2010/07/30 23.13.09 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\43.scr
[2010/07/30 22.51.33 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\27.scr
[2010/07/30 22.40.33 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\17.scr
[2010/07/30 22.02.11 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\33.scr
[2010/07/29 23.11.13 | 000,068,608 | ---- | C] () -- C:\WINDOWS\CNDRIVE32.EXE.del
[2010/07/29 22.56.47 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/07/29 22.56.15 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Ciccio\Desktop\Reanimator.lnk
[2010/07/29 22.55.24 | 008,617,975 | ---- | C] () -- C:\Documents and Settings\Ciccio\Desktop\reanimator.zip
[2010/07/29 22.16.54 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\75.exe
[2010/07/29 21.30.42 | 001,729,668 | ---- | C] () -- C:\Documents and Settings\Ciccio\Desktop\ProcessExplorer.zip
[2010/07/29 21.09.12 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\Ciccio\Desktop\HijackThis.lnk
[2010/07/28 22.41.27 | 000,111,616 | ---- | C] () -- C:\WINDOWS\System32\84.exe
[2010/07/28 21.35.59 | 000,111,616 | ---- | C] () -- C:\WINDOWS\System32\08.exe
[2010/07/28 21.02.44 | 000,111,616 | ---- | C] () -- C:\WINDOWS\System32\56.exe
[2010/07/28 20.42.48 | 000,108,032 | ---- | C] () -- C:\Documents and Settings\Ciccio\Dati applicazioni\LTZQAI.EXE.del
[2010/07/28 20.42.11 | 000,111,616 | ---- | C] () -- C:\WINDOWS\System32\80.exe
[2010/07/27 22.37.09 | 000,021,808 | ---- | C] () -- C:\Documents and Settings\Ciccio\Desktop\cc_20100727_223700.reg
[2010/07/27 17.17.43 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\36.scr
[2010/07/22 05.06.52 | 000,063,756 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/19 00.16.00 | 003,701,959 | ---- | C] () -- C:\Documents and Settings\Ciccio\Desktop\xrecode.zip
[2010/07/17 18.20.40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/19 21.02.47 | 000,000,049 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/11/09 00.47.51 | 000,000,022 | ---- | C] () -- C:\WINDOWS\WET.INI
[2009/10/25 11.42.10 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/10/25 11.42.09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/10/25 11.42.07 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/25 11.42.07 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/25 11.42.06 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/10/25 11.42.04 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/25 11.42.04 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/09/10 22.49.39 | 000,000,576 | ---- | C] () -- C:\WINDOWS\BeatBox.INI
[2009/09/10 22.49.39 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2009/09/10 22.44.08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2009/09/10 22.36.05 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/09/10 22.35.16 | 000,006,768 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/06/07 13.27.20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2008/05/03 05.46.00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/03 05.46.00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/03 05.46.00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/03 05.46.00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/03 05.46.00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/01/20 19.16.56 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\btbip.dll
[2004/01/20 19.03.24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2004/01/20 19.02.40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2004/01/20 18.57.32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/01/20 18.44.36 | 000,022,183 | ---- | C] () -- C:\WINDOWS\System32\drivers\btserial.sys
[2002/12/31 14.00.00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2002/12/31 14.00.00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/05/15 22.29.04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 17.18.00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 12.56.00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2010/07/28 21.35.59 | 000,111,616 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\08.exe
[2010/07/28 21.02.44 | 000,111,616 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\56.exe
[2010/07/29 22.16.55 | 000,110,080 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\75.exe
[2010/07/28 20.42.12 | 000,111,616 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\80.exe
[2010/07/28 22.41.27 | 000,111,616 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\84.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/08/16 00.33.36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/08/16 00.33.35 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/08/16 00.33.35 | 000,450,560 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2002/12/31 14.00.00 | 000,009,030 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2002/12/31 14.00.00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2002/12/31 14.00.00 | 000,004,800 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2002/12/31 14.00.00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2002/12/31 14.00.00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2002/12/31 14.00.00 | 000,027,898 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2002/12/31 14.00.00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2002/12/31 14.00.00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2002/12/31 14.00.00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2002/12/31 14.00.00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2002/12/31 14.00.00 | 000,033,968 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2002/12/31 14.00.00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2002/12/31 14.00.00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2002/12/31 14.00.00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2002/12/31 14.00.00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2002/12/31 14.00.00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2002/12/31 14.00.00 | 001,836,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/08/15 23.00.04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/06 13.06.12 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2002/12/31 14.00.00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2009/08/15 23.00.04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/08/21 11.58.34 | 000,031,844 | ---- | M] () -- C:\debug.log
[2009/08/22 00.55.22 | 000,003,532 | ---- | M] () -- C:\drmHeader.bin
[2007/11/07 08.00.40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08.00.40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08.00.40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08.00.40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08.00.40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08.00.40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08.00.40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08.00.40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08.00.40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08.00.40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 08.03.18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08.00.40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08.03.18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08.03.18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08.03.18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08.03.18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08.03.18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08.03.18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08.03.18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08.03.18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08.03.18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/08/15 23.00.04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/30 23.39.38 | 000,006,798 | ---- | M] () -- C:\JavaRa.log
[2009/08/15 23.00.04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/12/31 14.00.00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2002/12/31 14.00.00 | 000,251,072 | RHS- | M] () -- C:\ntldr
[2010/07/30 23.41.58 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 08.00.40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08.09.22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08.12.28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %PROGRAMFILES%\*. >
[2009/12/20 23.52.33 | 000,000,000 | ---D | M] -- C:\Programmi\a-squared Free
[2010/06/20 14.23.43 | 000,000,000 | ---D | M] -- C:\Programmi\Adobe
[2010/07/13 02.11.49 | 000,000,000 | ---D | M] -- C:\Programmi\AllWallpapersLite
[2009/08/16 01.45.25 | 000,000,000 | ---D | M] -- C:\Programmi\Analog Devices
[2009/08/19 22.54.40 | 000,000,000 | ---D | M] -- C:\Programmi\Apple Software Update
[2009/11/10 23.53.46 | 000,000,000 | ---D | M] -- C:\Programmi\AVG
[2010/06/20 11.36.44 | 000,000,000 | ---D | M] -- C:\Programmi\Bonjour
[2010/07/27 21.28.42 | 000,000,000 | ---D | M] -- C:\Programmi\CCleaner
[2009/08/17 15.43.14 | 000,000,000 | ---D | M] -- C:\Programmi\CDisplay
[2009/08/15 22.56.55 | 000,000,000 | ---D | M] -- C:\Programmi\ComPlus Applications
[2009/08/16 19.37.04 | 000,000,000 | ---D | M] -- C:\Programmi\CyberLink
[2009/08/16 13.42.38 | 000,000,000 | ---D | M] -- C:\Programmi\DivX
[2010/03/30 21.23.31 | 000,000,000 | ---D | M] -- C:\Programmi\DsNET Corp
[2010/07/27 22.31.42 | 000,000,000 | ---D | M] -- C:\Programmi\easyMule
[2009/08/22 15.28.38 | 000,000,000 | ---D | M] -- C:\Programmi\Elaborate Bytes
[2009/08/16 00.01.08 | 000,000,000 | ---D | M] -- C:\Programmi\eMule AdunanzA
[2009/11/12 22.18.03 | 000,000,000 | ---D | M] -- C:\Programmi\epson
[2010/07/29 23.43.19 | 000,000,000 | ---D | M] -- C:\Programmi\File comuni
[2009/08/21 16.22.03 | 000,000,000 | ---D | M] -- C:\Programmi\Flash Movie Player
[2010/07/29 22.56.10 | 000,000,000 | ---D | M] -- C:\Programmi\Greatis
[2009/08/20 12.05.54 | 000,000,000 | -H-D | M] -- C:\Programmi\InstallShield Installation Information
[2009/08/19 22.55.27 | 000,000,000 | ---D | M] -- C:\Programmi\Internet Explorer
[2010/07/24 12.49.54 | 000,000,000 | ---D | M] -- C:\Programmi\iPod
[2010/07/24 12.52.16 | 000,000,000 | ---D | M] -- C:\Programmi\iTunes
[2010/07/30 23.38.45 | 000,000,000 | ---D | M] -- C:\Programmi\Java
[2009/10/25 11.43.27 | 000,000,000 | ---D | M] -- C:\Programmi\K-Lite Codec Pack
[2009/08/20 12.05.36 | 000,000,000 | ---D | M] -- C:\Programmi\Logitech
[2009/12/19 22.35.35 | 000,000,000 | ---D | M] -- C:\Programmi\Malwarebytes' Anti-Malware
[2009/08/15 22.56.39 | 000,000,000 | ---D | M] -- C:\Programmi\Messenger
[2010/05/06 15.24.37 | 000,000,000 | ---D | M] -- C:\Programmi\Microsoft
[2009/08/15 23.00.22 | 000,000,000 | ---D | M] -- C:\Programmi\microsoft frontpage
[2009/08/24 22.58.12 | 000,000,000 | ---D | M] -- C:\Programmi\Microsoft Office
[2009/08/24 22.57.50 | 000,000,000 | ---D | M] -- C:\Programmi\Microsoft Visual Studio
[2009/08/24 22.52.59 | 000,000,000 | ---D | M] -- C:\Programmi\Microsoft Visual Studio 8
[2009/08/24 22.59.10 | 000,000,000 | ---D | M] -- C:\Programmi\Microsoft Works
[2009/08/24 22.56.22 | 000,000,000 | ---D | M] -- C:\Programmi\Microsoft.NET
[2009/08/15 22.57.53 | 000,000,000 | ---D | M] -- C:\Programmi\Movie Maker
[2010/07/27 22.56.25 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox
[2009/08/24 22.58.26 | 000,000,000 | ---D | M] -- C:\Programmi\MSBuild
[2009/08/15 22.56.34 | 000,000,000 | ---D | M] -- C:\Programmi\MSN Gaming Zone
[2009/08/16 15.59.16 | 000,000,000 | ---D | M] -- C:\Programmi\Nero
[2009/08/15 22.58.07 | 000,000,000 | ---D | M] -- C:\Programmi\NetMeeting
[2009/08/15 22.58.03 | 000,000,000 | ---D | M] -- C:\Programmi\Outlook Express
[2009/11/30 12.31.50 | 000,000,000 | ---D | M] -- C:\Programmi\Pegasys Inc
[2009/09/10 22.50.07 | 000,000,000 | ---D | M] -- C:\Programmi\ProtectDisc Driver Installer
[2010/04/04 00.20.07 | 000,000,000 | ---D | M] -- C:\Programmi\QuickTime
[2009/08/15 22.58.55 | 000,000,000 | ---D | M] -- C:\Programmi\Servizi in linea
[2010/02/14 11.53.32 | 000,000,000 | ---D | M] -- C:\Programmi\SlySoft
[2010/07/29 21.09.08 | 000,000,000 | ---D | M] -- C:\Programmi\Trend Micro
[2009/08/15 23.15.50 | 000,000,000 | -H-D | M] -- C:\Programmi\Uninstall Information
[2009/08/16 19.24.32 | 000,000,000 | ---D | M] -- C:\Programmi\VideoLAN
[2010/06/27 20.11.37 | 000,000,000 | ---D | M] -- C:\Programmi\WIDCOMM
[2009/11/09 23.50.25 | 000,000,000 | ---D | M] -- C:\Programmi\WinAVI FLV Converter
[2009/08/22 15.55.10 | 000,000,000 | ---D | M] -- C:\Programmi\WinAVI Video Converter
[2010/05/06 15.24.32 | 000,000,000 | ---D | M] -- C:\Programmi\Windows Live
[2010/05/06 15.24.19 | 000,000,000 | ---D | M] -- C:\Programmi\Windows Live SkyDrive
[2009/08/16 01.51.58 | 000,000,000 | ---D | M] -- C:\Programmi\Windows Media Player
[2009/08/15 22.56.23 | 000,000,000 | ---D | M] -- C:\Programmi\Windows NT
[2009/08/15 22.58.58 | 000,000,000 | -H-D | M] -- C:\Programmi\WindowsUpdate
[2009/11/16 17.21.45 | 000,000,000 | ---D | M] -- C:\Programmi\WinRAR
[2009/08/17 20.51.18 | 000,000,000 | ---D | M] -- C:\Programmi\WinZip
[2009/08/15 23.00.22 | 000,000,000 | ---D | M] -- C:\Programmi\xerox
[2010/07/19 00.17.13 | 000,000,000 | ---D | M] -- C:\Programmi\XRECODE

< %appdata%\*.* >
[2009/08/16 00.35.18 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Ciccio\Dati applicazioni\desktop.ini
[2010/07/29 23.12.06 | 000,108,032 | ---- | M] () -- C:\Documents and Settings\Ciccio\Dati applicazioni\LTZQAI.EXE.del

< MD5 for: AGP440.SYS >
[2002/12/31 14.00.00 | 018,778,587 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 01.07.42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/12/31 14.00.00 | 018,778,587 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2002/12/31 14.00.00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2002/12/31 14.00.00 | 018,778,587 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004/08/03 22.59.56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2002/12/31 14.00.00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=D1CAA255F33C06C8302769A86FFB905E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2002/12/31 14.00.00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=D1CAA255F33C06C8302769A86FFB905E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2002/12/31 14.00.00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=926BB51BB6DE79DEDB93E9C2B0811CCF -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2002/12/31 14.00.00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=926BB51BB6DE79DEDB93E9C2B0811CCF -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2002/12/31 14.00.00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=1446EB71ADF0F54980CDD7E5A812E102 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2002/12/31 14.00.00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=1446EB71ADF0F54980CDD7E5A812E102 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2002/12/31 14.00.00 | 018,778,587 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2004/08/03 23.08.48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2004/08/03 23.08.48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

Sheur2_230th July 2010, 10:29 pm

And this is extras.txt

OTL Extras logfile created on: 30/07/2010 23.54.22 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Ciccio\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

511,00 Mb Total Physical Memory | 166,00 Mb Available Physical Memory | 33,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 74,52 Gb Total Space | 54,22 Gb Free Space | 72,76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 114,48 Gb Total Space | 12,28 Gb Free Space | 10,73% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 931,51 Gb Total Space | 890,89 Gb Free Space | 95,64% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: CASA
Current User Name: Ciccio
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programmi\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programmi\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programmi\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Programmi\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmi\AVG\AVG8\avgemc.exe" = C:\Programmi\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Programmi\AVG\AVG8\avgupd.exe" = C:\Programmi\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Programmi\AVG\AVG8\avgnsx.exe" = C:\Programmi\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Programmi\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Programmi\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programmi\Microsoft Office\Office12\GROOVE.EXE" = C:\Programmi\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programmi\VideoLAN\VLC\vlc.exe" = C:\Programmi\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Programmi\AVG\AVG9\avgam.exe" = C:\Programmi\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG9\avgdiagex.exe" = C:\Programmi\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG9\avgupd.exe" = C:\Programmi\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG9\avgnsx.exe" = C:\Programmi\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programmi\PFPortChecker\PFPortChecker.exe" = C:\Programmi\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded. -- File not found
"C:\Programmi\eMule AdunanzA\eMule_AdnzA.exe" = C:\Programmi\eMule AdunanzA\eMule_AdnzA.exe:*:Disabled:eMule -- (http://www.emule-project.net)
"C:\Programmi\iTunes\iTunes.exe" = C:\Programmi\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\DOCUME~1\Ciccio\IMPOST~1\Temp\4096587.exe" = C:\DOCUME~1\Ciccio\IMPOST~1\Temp\4096587.exe:*:C:\WINDOWS\cndrive32.exe -- ()
"C:\DOCUME~1\Ciccio\IMPOST~1\Temp\918294.exe" = C:\DOCUME~1\Ciccio\IMPOST~1\Temp\918294.exe:*:C:\WINDOWS\cndrive32.exe -- ()
"C:\DOCUME~1\Ciccio\IMPOST~1\Temp\938539.exe" = C:\DOCUME~1\Ciccio\IMPOST~1\Temp\938539.exe:*:C:\WINDOWS\cndrive32.exe -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{49C77D21-F91F-4296-B7DF-19C5FF51AF4D}" = Windows Live Call
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D7BDA00-A4DA-49F9-BAE4-7FB71FAA4737}" = Windows Live Essentials
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7448C481-9F9D-4F4F-88DB-FA5C5EA2E800}" = TMPGEnc Authoring Works 4
"{74F07082-38DB-4E42-A6B6-CA617E21B033}_is1" = AllWallpapers Lite 2.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CBD8A89-45F4-4203-9923-673F72603747}" = Adobe Photoshop Lightroom 2.3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0410-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Italian) 12
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1040-7B44-A93000000001}" = Adobe Reader 9.3.3 - Italiano
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{d0696626-14bf-4c51-ac00-38f5e541f7ec}" = Nero 9
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0ABA486-A39B-4B96-BD80-757396151079}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E98D6792-FC51-4187-9448-CA9BF893384E}" = WIDCOMM Bluetooth Software
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"AnyDVD" = AnyDVD
"a-squared Free_is1" = a-squared Free 4.5
"aTube Catcher" = aTube Catcher
"AVG9Uninstall" = AVG 9.0
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CloneDVD2" = CloneDVD2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"eMule AdunanzA" = AdunanzA
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Flash Movie Player" = Flash Movie Player 1.5
"Greatis Reanimator_is1" = RegRun Reanimator
"HijackThis" = HijackThis 2.0.2
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.1.0
"MAGIX PC Visit D" = MAGIX PC Visit
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIA Drivers" = NVIDIA Drivers
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"vghd" = VirtuaGirl HD
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinAVI FLV Converter 1.0_is1" = WinAVI FLV Converter
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR gestione archivi
"XRECODE_is1" = XRECODE

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Aim Itch Start" = CiD Help
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/04/2010 5.27.57 | Computer Name = CASA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo eMule_AdnzA.exe, versione 0.48.0.8, modulo
in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 16/04/2010 18.09.56 | Computer Name = CASA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo firefox.exe, versione 1.9.2.3743, modulo in
stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 21/04/2010 17.03.16 | Computer Name = CASA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore firefox.exe, versione 1.9.2.3743,
modulo che ha provocato l'errore msvcr80.dll, versione 8.0.50727.4053, indirizzo
errore 0x0004f029.

Error - 21/04/2010 17.03.39 | Computer Name = CASA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore firefox.exe, versione 1.9.2.3743,
modulo che ha provocato l'errore msvcr80.dll, versione 8.0.50727.4053, indirizzo
errore 0x0004f029.

Error - 21/04/2010 17.03.59 | Computer Name = CASA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore firefox.exe, versione 1.9.2.3743,
modulo che ha provocato l'errore msvcr80.dll, versione 8.0.50727.4053, indirizzo
errore 0x0004f029.

Error - 24/04/2010 16.26.12 | Computer Name = CASA | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (Connessione in corso interrotta
forzatamente dall'host remoto.)

Error - 24/04/2010 16.26.12 | Computer Name = CASA | Source = Bonjour Service | ID = 100
Description = 384: ERROR: read_msg errno 10054 (Connessione in corso interrotta
forzatamente dall'host remoto.)

Error - 24/04/2010 16.26.12 | Computer Name = CASA | Source = Bonjour Service | ID = 100
Description = 204: ERROR: read_msg errno 10054 (Connessione in corso interrotta
forzatamente dall'host remoto.)

Error - 24/04/2010 16.26.12 | Computer Name = CASA | Source = Bonjour Service | ID = 100
Description = 224: ERROR: read_msg errno 10054 (Connessione in corso interrotta
forzatamente dall'host remoto.)

Error - 24/04/2010 16.26.12 | Computer Name = CASA | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Connessione in corso interrotta
forzatamente dall'host remoto.)

[ System Events ]
Error - 19/07/2010 3.27.15 | Computer Name = CASA | Source = Cdrom | ID = 262151
Description = Rilevato blocco danneggiato sulla periferica \Device\CdRom1.

Error - 19/07/2010 3.27.22 | Computer Name = CASA | Source = Cdrom | ID = 262151
Description = Rilevato blocco danneggiato sulla periferica \Device\CdRom1.

Error - 27/07/2010 15.18.25 | Computer Name = CASA | Source = Service Control Manager | ID = 7031
Description = Il servizio Apple Mobile Device è terminato in modo imprevisto. Questo
problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite
tra 60000 millisecondi: Riavvia il servizio.

Error - 27/07/2010 15.18.46 | Computer Name = CASA | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio B's Recorder GOLD Library General
Service. Questo evento si è già verificato 1 volta(e).

Error - 27/07/2010 15.19.12 | Computer Name = CASA | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio Acquisizione di immagini di Windows
(WIA). Questo evento si è già verificato 1 volta(e).

Error - 27/07/2010 15.19.20 | Computer Name = CASA | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio Servizio iPod. Questo evento
si è già verificato 1 volta(e).

Error - 27/07/2010 15.19.33 | Computer Name = CASA | Source = Service Control Manager | ID = 7031
Description = Il servizio Apple Mobile Device è terminato in modo imprevisto. Questo
problema si è verificato 2 volta/e. Le seguenti azioni di correzione saranno eseguite
tra 60000 millisecondi: Riavvia il servizio.

Error - 29/07/2010 16.47.34 | Computer Name = CASA | Source = Service Control Manager | ID = 7032
Description = Tentativo di eseguire un'azione di correzione (Riavvia il servizio)
dopo la terminazione imprevista del servizio Strumentazione gestione Windows. Tentativo
non riuscito per l'errore: %%1056

Error - 30/07/2010 17.54.49 | Computer Name = CASA | Source = SRService | ID = 104
Description = Processo di inizializzazione di Ripristino configurazione di sistema
non riuscito.

Error - 30/07/2010 17.54.49 | Computer Name = CASA | Source = Service Control Manager | ID = 7023
Description = Servizio Servizio Ripristino configurazione di sistema terminato con
l'errore: %%2

< End of report >

Re: Sheur231st July 2010, 11:45 pm

Hello.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Sheur2 DXwU4

Re: Sheur21st August 2010, 3:21 am

Hi, thank you for your quick help.
I send you, as requested, the mbam log.
A strange thing is that my audio stopped working.
What's happening?
Thank you again

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4375

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

01/08/2010 5.08.22
mbam-log-2010-08-01 (05-08-22).txt

Tipo di scansione: Scansione veloce
Elementi esaminati: 140518
Tempo trascorso: 10 minuti, 45 secondi

Processi infetti in memoria: 1
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 3
Voci infette nei dati di registro: 4
Cartelle infette: 0
File infetti: 2

Processi infetti in memoria:
C:\WINDOWS\system32\msvmiode.exe (Backdoor.Bot) -> Unloaded process successfully.

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msodesnv7 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Voci infette nei dati di registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-4366076950-5796680638-632887495-4058\syscr.exe,C:\Documents and Settings\Ciccio\Dati applicazioni\ltzqai.exe,explorer.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
C:\WINDOWS\system32\msvmiode.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-4366076950-5796680638-632887495-4058\syscr.exe (Worm.Autorun.B) -> Delete on reboot.

Re: Sheur21st August 2010, 8:41 am

Hi, today there is a new problem:
my system tells me that i don't have any CD/DVD player installed, in fact my units D: and E: doesn't work.
in addition AVG says that I have Troyan Dropper.Generic2.AFWP
What should I do?
Please help me, I have many files on my computer that I can't lose.
Thank you very much

Re: Sheur21st August 2010, 5:17 pm

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: Sheur21st August 2010, 6:10 pm

Thank you again.
This is the ComboFix log.
I hope I have done all correctly

ComboFix 10-07-31.04 - Ciccio 01/08/2010 19.47.46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.511.330 [GMT 2:00]
Eseguito da: c:\documents and settings\Ciccio\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ciccio\Dati applicazioni\ltzqai.exe
c:\documents and settings\Ciccio\Dati applicazioni\LTZQAI.EXE.del
C:\Install.exe
c:\windows\system\WINSPOOL.DRV
c:\windows\system32\33.scr
c:\windows\system32\36.scr
c:\windows\system32\38.exe
c:\windows\system32\47.exe
c:\windows\system32\52.exe
c:\windows\system32\56.exe
c:\windows\system32\76.exe
c:\windows\system32\80.exe
c:\windows\system32\84.exe
c:\windows\system32\msvmiode.exe
c:\windows\system32\vbzlib1.dll
H:\autorun.inf

c:\windows\system32\msgsvc.dll . . . è infetto!!

.
((((((((((((((((((((((((( Files Creati Da 2010-07-01 al 2010-08-01 )))))))))))))))))))))))))))))))))))
.

2010-08-01 15:56 . 2009-08-15 23:44 235100 ----a-w- c:\windows\system32\drivers\MidiSyn.sys
2010-08-01 15:55 . 2009-08-15 23:45 100224 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2010-08-01 15:55 . 2009-08-15 23:45 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2010-08-01 15:55 . 2001-09-11 13:20 30208 ----a-w- c:\windows\system32\wdmioctl.dll
2010-08-01 15:55 . 2001-09-11 13:20 1285632 ----a-w- c:\windows\system32\SMMedia.dll
2010-08-01 15:55 . 2010-08-01 15:55 -------- d-----w- c:\windows\VirtualEar
2010-08-01 15:55 . 2003-06-02 11:42 578304 ----a-w- c:\windows\system32\drivers\smwdm.sys
2010-08-01 15:55 . 2001-09-19 11:47 765952 ----a-w- c:\windows\system\crlds3d.dll
2010-08-01 15:55 . 2001-09-19 11:47 720896 ----a-w- c:\windows\system32\Audio3d.dll
2010-08-01 15:55 . 2010-08-01 15:55 -------- d-----w- c:\programmi\Analog Devices
2010-08-01 15:55 . 2003-01-08 09:23 49152 ----a-w- c:\windows\system32\DSndUp.exe
2010-08-01 15:55 . 2002-04-17 13:05 45056 ----a-w- c:\windows\system32\CleanUp.exe
2010-08-01 08:52 . 2004-08-03 21:15 140928 -c--a-w- c:\windows\system32\dllcache\ks.sys
2010-08-01 08:52 . 2004-08-03 21:15 140928 ----a-w- c:\windows\system32\drivers\ks.sys
2010-07-29 21:43 . 2010-07-29 21:43 -------- d-----w- c:\programmi\File comuni\Java
2010-07-29 21:43 . 2010-07-29 21:43 503808 ----a-w- c:\documents and settings\Ciccio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3d867f75-n\msvcp71.dll
2010-07-29 21:43 . 2010-07-29 21:43 61440 ----a-w- c:\documents and settings\Ciccio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-55392038-n\decora-sse.dll
2010-07-29 21:43 . 2010-07-29 21:43 499712 ----a-w- c:\documents and settings\Ciccio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3d867f75-n\jmc.dll
2010-07-29 21:43 . 2010-07-29 21:43 348160 ----a-w- c:\documents and settings\Ciccio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3d867f75-n\msvcr71.dll
2010-07-29 21:43 . 2010-07-29 21:43 12800 ----a-w- c:\documents and settings\Ciccio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-55392038-n\decora-d3d.dll
2010-07-29 21:25 . 2010-07-29 21:25 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-07-29 21:03 . 2010-07-29 21:03 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-07-29 21:03 . 2010-07-29 21:15 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-07-29 20:56 . 2010-07-29 20:56 2 --shatr- c:\windows\winstart.bat
2010-07-29 20:56 . 2010-07-29 20:56 -------- d-----w- c:\programmi\Greatis
2010-07-29 19:09 . 2010-07-29 19:09 -------- d-----w- c:\programmi\Trend Micro
2010-07-27 21:02 . 2010-07-27 21:02 2568656 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player.exe
2010-07-27 20:59 . 2010-07-28 14:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-07-24 10:49 . 2010-07-24 10:49 -------- d-----w- c:\programmi\iPod
2010-07-24 10:27 . 2010-07-24 10:27 73000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-24 10:05 . 2010-08-01 15:41 -------- d-----w- c:\documents and settings\Ciccio\Dati applicazioni\vlc
2010-07-23 23:00 . 2010-07-27 20:31 -------- d-----w- c:\programmi\easyMule
2010-07-22 22:31 . 2002-12-31 12:00 25600 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-07-22 03:06 . 2010-07-22 03:06 63756 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-20 18:40 . 2010-07-20 18:40 1615200 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgssie.dll
2010-07-20 18:40 . 2010-07-20 18:40 4368224 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2010-07-20 18:40 . 2010-07-20 18:40 1373536 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgssff.dll
2010-07-20 18:40 . 2010-07-20 18:40 1107296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgxpl.dll
2010-07-18 22:17 . 2010-07-18 22:17 -------- d-----w- c:\programmi\XRECODE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-01 16:52 . 2002-12-31 12:00 95478 ----a-w- c:\windows\system32\perfh010.dat
2010-08-01 16:52 . 2002-12-31 12:00 70658 ----a-w- c:\windows\system32\perfc010.dat
2010-08-01 15:55 . 2009-08-15 23:45 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-08-01 15:55 . 2009-08-15 22:30 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-07-31 20:21 . 2009-12-19 20:35 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-07-31 20:05 . 2009-08-21 23:04 -------- d-----w- c:\documents and settings\Ciccio\Dati applicazioni\dvdcss
2010-07-30 21:38 . 2009-08-16 11:36 -------- d-----w- c:\programmi\Java
2010-07-27 22:16 . 2009-08-15 22:41 94952 ----a-w- c:\documents and settings\Ciccio\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-07-27 19:50 . 2009-10-25 14:18 -------- d-----w- c:\documents and settings\Ciccio\Dati applicazioni\Media Player Classic
2010-07-27 19:28 . 2009-12-19 17:01 -------- d-----w- c:\programmi\CCleaner
2010-07-25 23:35 . 2009-11-10 21:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-07-24 10:52 . 2010-06-20 09:44 -------- d-----w- c:\programmi\iTunes
2010-07-24 10:49 . 2009-09-19 18:34 -------- d-----w- c:\programmi\File comuni\Apple
2010-07-23 22:27 . 2002-12-31 12:00 359040 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2010-07-17 03:00 . 2010-05-13 09:45 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-13 00:11 . 2010-03-27 14:44 -------- d-----w- c:\programmi\AllWallpapersLite
2010-06-27 18:11 . 2010-06-27 18:11 -------- d-----w- c:\programmi\WIDCOMM
2010-06-27 18:09 . 2009-08-16 12:05 -------- d-----w- c:\programmi\File comuni\Adobe
2010-06-21 19:51 . 2009-08-15 21:36 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-21 19:51 . 2010-06-21 19:51 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-21 19:50 . 2009-08-15 21:36 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-20 12:23 . 2010-06-20 12:23 -------- d-----w- c:\documents and settings\Ciccio\Dati applicazioni\com.adobe.example.ilMeteo-Desktop.2A39F48DF942E9FC2327EA036DB75B8B901F9CB0.1
2010-06-20 12:23 . 2010-06-20 12:23 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2010-06-20 12:22 . 2010-06-20 12:23 53632 ----a-w- c:\documents and settings\Ciccio\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-20 09:36 . 2010-05-01 23:00 -------- d-----w- c:\programmi\Bonjour
2010-05-31 13:19 . 2009-08-15 21:35 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-25 19:41 . 2010-05-25 19:41 1956808 ----a-w- c:\documents and settings\Ciccio\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

------- Sigcheck -------

[-] 2010-07-23 . C81D6A930A7805F6DAA0C7902B99037E . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2010-07-23 . C81D6A930A7805F6DAA0C7902B99037E . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"awplite"="c:\programmi\AllWallpapersLite\awplite.exe" [2007-02-10 2607616]
"AnyDVD"="c:\programmi\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-03-03 3320768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2002-12-31 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"PDVD8LanguageShortcut"="c:\programmi\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\programmi\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-21 2065760]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Acrobat Speed Launcher"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2004-1-20 507965]
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2009-8-20 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-21 19:51 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-15 21:49 133104 ----atw- c:\documents and settings\Ciccio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-03 03:46 1630208 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 18:23 83240 ------w- c:\programmi\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgam.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/11/2009 23.53.49 52872]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/08/2009 23.36.00 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/08/2009 23.36.05 243024]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\programmi\CyberLink\PowerDVD8\000.fcl [15/05/2008 12.07.00 61424]
R2 a2free;a-squared Free Service;c:\programmi\a-squared Free\a2service.exe [20/12/2009 21.43.31 1858144]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [27/07/2007 10.13.08 330144]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [27/07/2007 12.46.06 251680]
R2 avg9wd;AVG WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [21/06/2010 21.51.01 308136]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [20/08/2009 12.08.45 10384]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; [x]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [29/07/2010 23.25.58 35816]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [29/07/2010 23.03.44 24416]
.
Contenuto della cartella 'Scheduled Tasks'

2010-07-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-920026266-682003330-1004Core.job
- c:\documents and settings\Ciccio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-08-15 21:49]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-920026266-682003330-1004UA.job
- c:\documents and settings\Ciccio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-08-15 21:49]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.forexstart.net/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Download FLV by WinAVI... - c:\programmi\WinAVI FLV Converter\flv_link.htm
IE: Append Link Target to Existing PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Ciccio\Dati applicazioni\Mozilla\Firefox\Profiles\wroire2f.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Ciccio\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
MSConfigStartUp-Microsoft Driver Setup - c:\windows\cndrive32.exe
AddRemove-Aim Itch Start - c:\docume~1\Ciccio\DATIAP~1\FLAGTO~1\Send Amen Regs.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-01 20:00
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD8\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3316)
c:\programmi\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\programmi\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\rundll32.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\programmi\AVG\AVG9\avgam.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2010-08-01 20:03:28 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-08-01 18:03

Pre-Run: 57.973.354.496 byte disponibili
Post-Run: 57.977.077.760 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F778ED714612D9D408B66AE778AC30C5

Re: Sheur21st August 2010, 8:21 pm

Hello.
We need to check something out, a system file may possibly be infected.

Submit a file for analysis.

Please visit this website: Jotti's Malware Scanner
Press the "Browse" button and locate the following file in bold:

C:\WINDOWS\system32\msgsvc.dll
Press the "Submit File button to submit the file for analysis.
Allow it to be scanned, it could take a few minutes depending on server load.
Next, do the same for this file:

C:\WINDOWS\system32\drivers\TCPIP.SYS
Copy and paste the result back here.

Re: Sheur21st August 2010, 9:59 pm

Hi, these are the results.
Thank you again

Filename: msgsvc.dll
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Fri 23 Apr 2010 23:07:40 (CET) Permalink
Additional info
File size: 33792 bytes
Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5: 3777ab9537d05bfd404b0fbc13a140a6
SHA1: b82f320d171a06425bd5d564eeaa87ab0a885b01

Filename: TCPIP.SYS
Status:
Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Sun 1 Aug 2010 23:57:25 (CET) Permalink
Additional info
File size: 359040 bytes
Filetype: PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5: c81d6a930a7805f6daa0c7902b99037e
SHA1: b7ed739e6aa9ea80113c258cdbfe6d1eb86d17d1

Re: Sheur21st August 2010, 10:35 pm

Hello.
When you scanned msgsvc.dll, did it ask if you wanted to re-scan it because it was already scanned in the past? the log there shows me the scan was done several months back, not today.

Re: Sheur21st August 2010, 11:01 pm

You are right, this is the result of the new scan.
Thank you very much for your help

Filename: msgsvc.dll
Status:
Scan finished. 0 out of 18 scanners reported malware.
Scan taken on: Mon 2 Aug 2010 00:59:10 (CET) Permalink
Additional info
File size: 33792 bytes
Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5: 3777ab9537d05bfd404b0fbc13a140a6
SHA1: b82f320d171a06425bd5d564eeaa87ab0a885b01

Re: Sheur21st August 2010, 11:23 pm

Hello.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
:filefind msgsvc.dll TCPIP.SYS
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Re: Sheur21st August 2010, 11:34 pm

Hi, this is the result.
Thank you

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 01:28 on 02/08/2010 by Ciccio (Administrator - Elevation successful)

========== filefind ==========

Searching for "msgsvc.dll"
C:\WINDOWS\ERDNT\cache\msgsvc.dll --a--- 33792 bytes [18:02 01/08/2010] [12:00 31/12/2002] 3777AB9537D05BFD404B0FBC13A140A6
C:\WINDOWS\system32\msgsvc.dll --a--- 33792 bytes [12:00 31/12/2002] [12:00 31/12/2002] 3777AB9537D05BFD404B0FBC13A140A6

Searching for "TCPIP.SYS"
C:\WINDOWS\system32\dllcache\tcpip.sys --a--c 359040 bytes [12:00 31/12/2002] [22:27 23/07/2010] C81D6A930A7805F6DAA0C7902B99037E
C:\WINDOWS\system32\drivers\TCPIP.SYS --a--- 359040 bytes [12:00 31/12/2002] [22:27 23/07/2010] C81D6A930A7805F6DAA0C7902B99037E

-=End Of File=-

Re: Sheur22nd August 2010, 9:16 pm

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
KILLALL:: FCopy:: C:\WINDOWS\system32\dllcache\tcpip.sys | C:\WINDOWS\system32\drivers\TCPIP.SYS C:\WINDOWS\ERDNT\cache\msgsvc.dll | C:\WINDOWS\system32\msgsvc.dll
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Sheur23rd August 2010, 3:36 am

Hi, i think there is a problem
combofix starts working and after a few minutes the hard disk stops turning and the computer seems to freeze.
What should i do?

Re: Sheur24th August 2010, 12:06 am

Did you try the script more than once?

Re: Sheur24th August 2010, 2:21 am

Hi, i've tryed 3 times and the result is even the same.
Thank you again

Re: Sheur24th August 2010, 11:59 pm

Can you run Combofix as normal? try that for me.

Re: Sheur25th August 2010, 3:43 pm

I've runned Combofix as normal and this is the report.
Thank you

ComboFix 10-08-02.01 - Ciccio 05/08/2010 17.09.41.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.511.268 [GMT 2:00]
Eseguito da: c:\documents and settings\Ciccio\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

La copia infetta di c:\windows\system32\msgsvc.dll è stata trovata e disinfettata
ipristinata copia da - c:\windows\ERDNT\cache\msgsvc.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-07-05 al 2010-08-05 )))))))))))))))))))))))))))))))))))
.

2010-08-01 15:56 . 2009-08-15 23:44 235100 ----a-w- c:\windows\system32\drivers\MidiSyn.sys
2010-08-01 15:55 . 2009-08-15 23:45 100224 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2010-08-01 15:55 . 2009-08-15 23:45 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2010-08-01 15:55 . 2001-09-11 13:20 30208 ----a-w- c:\windows\system32\wdmioctl.dll
2010-08-01 15:55 . 2001-09-11 13:20 1285632 ----a-w- c:\windows\system32\SMMedia.dll
2010-08-01 15:55 . 2010-08-01 18:23 -------- d-----w- c:\windows\VirtualEar
2010-08-01 15:55 . 2003-06-02 11:42 578304 ----a-w- c:\windows\system32\drivers\smwdm.sys
2010-08-01 15:55 . 2001-09-19 11:47 765952 ----a-w- c:\windows\system\crlds3d.dll
2010-08-01 15:55 . 2001-09-19 11:47 720896 ----a-w- c:\windows\system32\Audio3d.dll
2010-08-01 15:55 . 2010-08-01 15:55 -------- d-----w- c:\programmi\Analog Devices
2010-08-01 15:55 . 2003-01-08 09:23 49152 ----a-w- c:\windows\system32\DSndUp.exe
2010-08-01 15:55 . 2002-04-17 13:05 45056 ----a-w- c:\windows\system32\CleanUp.exe
2010-08-01 08:52 . 2004-08-03 21:15 140928 -c--a-w- c:\windows\system32\dllcache\ks.sys
2010-08-01 08:52 . 2004-08-03 21:15 140928 ----a-w- c:\windows\system32\drivers\ks.sys
2010-07-29 21:43 . 2010-07-29 21:43 -------- d-----w- c:\programmi\File comuni\Java
2010-07-29 21:43 . 2010-07-29 21:43 503808 ----a-w- c:\documents and settings\Ciccio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3d867f75-n\msvcp71.dll
2010-07-29 21:43 . 2010-07-29 21:43 61440 ----a-w- c:\documents and settings\Ciccio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-55392038-n\decora-sse.dll
2010-07-29 21:43 . 2010-07-29 21:43 499712 ----a-w- c:\documents and settings\Ciccio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3d867f75-n\jmc.dll
2010-07-29 21:43 . 2010-07-29 21:43 348160 ----a-w- c:\documents and settings\Ciccio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3d867f75-n\msvcr71.dll
2010-07-29 21:43 . 2010-07-29 21:43 12800 ----a-w- c:\documents and settings\Ciccio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-55392038-n\decora-d3d.dll
2010-07-29 21:25 . 2010-07-29 21:25 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-07-29 21:03 . 2010-07-29 21:03 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-07-29 21:03 . 2010-07-29 21:15 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-07-29 20:56 . 2010-07-29 20:56 2 --shatr- c:\windows\winstart.bat
2010-07-29 20:56 . 2010-07-29 20:56 -------- d-----w- c:\programmi\Greatis
2010-07-29 19:09 . 2010-07-29 19:09 -------- d-----w- c:\programmi\Trend Micro
2010-07-27 21:02 . 2010-07-27 21:02 2568656 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player.exe
2010-07-27 20:59 . 2010-07-28 14:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-07-24 10:49 . 2010-07-24 10:49 -------- d-----w- c:\programmi\iPod
2010-07-24 10:27 . 2010-07-24 10:27 73000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-24 10:05 . 2010-08-03 23:21 -------- d-----w- c:\documents and settings\Ciccio\Dati applicazioni\vlc
2010-07-23 23:00 . 2010-07-27 20:31 -------- d-----w- c:\programmi\easyMule
2010-07-22 22:31 . 2002-12-31 12:00 25600 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-07-22 03:06 . 2010-07-22 03:06 63756 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-20 18:40 . 2010-07-20 18:40 1615200 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgssie.dll
2010-07-20 18:40 . 2010-07-20 18:40 4368224 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2010-07-20 18:40 . 2010-07-20 18:40 1373536 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgssff.dll
2010-07-20 18:40 . 2010-07-20 18:40 1107296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgxpl.dll
2010-07-18 22:17 . 2010-07-18 22:17 -------- d-----w- c:\programmi\XRECODE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 14:23 . 2002-12-31 12:00 95478 ----a-w- c:\windows\system32\perfh010.dat
2010-08-05 14:23 . 2002-12-31 12:00 70658 ----a-w- c:\windows\system32\perfc010.dat
2010-08-03 15:35 . 2009-08-21 23:04 -------- d-----w- c:\documents and settings\Ciccio\Dati applicazioni\dvdcss
2010-08-02 03:41 . 2010-03-27 14:44 -------- d-----w- c:\programmi\AllWallpapersLite
2010-08-01 15:55 . 2009-08-15 23:45 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-08-01 15:55 . 2009-08-15 22:30 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-07-31 20:21 . 2009-12-19 20:35 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-07-30 21:38 . 2009-08-16 11:36 -------- d-----w- c:\programmi\Java
2010-07-27 22:16 . 2009-08-15 22:41 94952 ----a-w- c:\documents and settings\Ciccio\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-07-27 19:50 . 2009-10-25 14:18 -------- d-----w- c:\documents and settings\Ciccio\Dati applicazioni\Media Player Classic
2010-07-27 19:28 . 2009-12-19 17:01 -------- d-----w- c:\programmi\CCleaner
2010-07-25 23:35 . 2009-11-10 21:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-07-24 10:52 . 2010-06-20 09:44 -------- d-----w- c:\programmi\iTunes
2010-07-24 10:49 . 2009-09-19 18:34 -------- d-----w- c:\programmi\File comuni\Apple
2010-07-23 22:27 . 2002-12-31 12:00 359040 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2010-07-17 03:00 . 2010-05-13 09:45 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-27 18:11 . 2010-06-27 18:11 -------- d-----w- c:\programmi\WIDCOMM
2010-06-27 18:09 . 2009-08-16 12:05 -------- d-----w- c:\programmi\File comuni\Adobe
2010-06-21 19:51 . 2009-08-15 21:36 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-21 19:51 . 2010-06-21 19:51 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-21 19:50 . 2009-08-15 21:36 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-20 12:23 . 2010-06-20 12:23 -------- d-----w- c:\documents and settings\Ciccio\Dati applicazioni\com.adobe.example.ilMeteo-Desktop.2A39F48DF942E9FC2327EA036DB75B8B901F9CB0.1
2010-06-20 12:23 . 2010-06-20 12:23 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2010-06-20 12:22 . 2010-06-20 12:23 53632 ----a-w- c:\documents and settings\Ciccio\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-20 09:36 . 2010-05-01 23:00 -------- d-----w- c:\programmi\Bonjour
2010-05-31 13:19 . 2009-08-15 21:35 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-25 19:41 . 2010-05-25 19:41 1956808 ----a-w- c:\documents and settings\Ciccio\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

------- Sigcheck -------

[-] 2010-07-23 . C81D6A930A7805F6DAA0C7902B99037E . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2010-07-23 . C81D6A930A7805F6DAA0C7902B99037E . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( SnapShot@2010-08-01_17.59.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2002-12-31 12:00 . 2010-08-01 16:52 59556 c:\windows\system32\perfc009.dat
+ 2002-12-31 12:00 . 2010-08-05 14:23 59556 c:\windows\system32\perfc009.dat
+ 2002-12-31 12:00 . 2010-08-05 14:23 395508 c:\windows\system32\perfh009.dat
- 2002-12-31 12:00 . 2010-08-01 16:52 395508 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"awplite"="c:\programmi\AllWallpapersLite\awplite.exe" [2007-02-10 2607616]
"AnyDVD"="c:\programmi\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-03-03 3320768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2002-12-31 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"PDVD8LanguageShortcut"="c:\programmi\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\programmi\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-21 2065760]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Acrobat Speed Launcher"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2004-1-20 507965]
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2009-8-20 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-21 19:51 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-15 21:49 133104 ----atw- c:\documents and settings\Ciccio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-03 03:46 1630208 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 18:23 83240 ------w- c:\programmi\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgam.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/11/2009 23.53.49 52872]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [27/07/2007 12.46.06 251680]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/08/2009 23.36.00 216400]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/08/2009 23.36.05 243024]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\programmi\CyberLink\PowerDVD8\000.fcl [15/05/2008 12.07.00 61424]
S2 a2free;a-squared Free Service;c:\programmi\a-squared Free\a2service.exe [20/12/2009 21.43.31 1858144]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [27/07/2007 10.13.08 330144]
S2 avg9wd;AVG WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [21/06/2010 21.51.01 308136]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [20/08/2009 12.08.45 10384]
S2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [19/12/2009 22.35.32 304464]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19/12/2009 22.35.25 20952]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [29/07/2010 23.25.58 35816]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [29/07/2010 23.03.44 24416]
.
Contenuto della cartella 'Scheduled Tasks'

2010-07-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-920026266-682003330-1004Core.job
- c:\documents and settings\Ciccio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-08-15 21:49]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-920026266-682003330-1004UA.job
- c:\documents and settings\Ciccio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-08-15 21:49]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.forexstart.net/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Download FLV by WinAVI... - c:\programmi\WinAVI FLV Converter\flv_link.htm
IE: Append Link Target to Existing PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Ciccio\Dati applicazioni\Mozilla\Firefox\Profiles\wroire2f.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Ciccio\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-05 17:21
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD8\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(316)
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTServ.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\AVG\AVG9\avgchsvx.exe
.
**************************************************************************
.
Ora fine scansione: 2010-08-05 17:26:10 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-08-05 15:26

Pre-Run: 57.617.465.344 byte disponibili
Post-Run: 57.668.468.736 byte disponibili

- - End Of File - - D831CC3D0799D4A91D7123A979F2BE76

Re: Sheur25th August 2010, 8:43 pm

Hello.
Try this script now.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
FCopy:: C:\WINDOWS\system32\dllcache\tcpip.sys | C:\WINDOWS\system32\drivers\TCPIP.SYS
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Sheur25th August 2010, 10:19 pm

Hi, i runned the script restarting windows in safe mode and this is the result.
Thank you

ComboFix 10-08-02.01 - Ciccio 05/08/2010 23.32.02.3.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.511.364 [GMT 2:00]
Eseguito da: c:\documents and settings\Ciccio\Desktop\Combo-Fix.exe
Opzioni usate :: c:\documents and settings\Ciccio\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

La copia infetta di c:\windows\system32\msgsvc.dll è stata trovata e disinfettata
ipristinata copia da - c:\windows\ERDNT\cache\msgsvc.dll

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\tcpip.sys --> c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((( Files Creati Da 2010-07-05 al 2010-08-05 )))))))))))))))))))))))))))))))))))
.

2010-08-01 15:56 . 2009-08-15 23:44 235100 ----a-w- c:\windows\system32\drivers\MidiSyn.sys
2010-08-01 15:55 . 2009-08-15 23:45 100224 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2010-08-01 15:55 . 2009-08-15 23:45 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2010-08-01 15:55 . 2001-09-11 13:20 30208 ----a-w- c:\windows\system32\wdmioctl.dll
2010-08-01 15:55 . 2001-09-11 13:20 1285632 ----a-w- c:\windows\system32\SMMedia.dll
2010-08-01 15:55 . 2010-08-01 18:23 -------- d-----w- c:\windows\VirtualEar
2010-08-01 15:55 . 2003-06-02 11:42 578304 ----a-w- c:\windows\system32\drivers\smwdm.sys
2010-08-01 15:55 . 2001-09-19 11:47 765952 ----a-w- c:\windows\system\crlds3d.dll
2010-08-01 15:55 . 2001-09-19 11:47 720896 ----a-w- c:\windows\system32\Audio3d.dll
2010-08-01 15:55 . 2010-08-01 15:55 -------- d-----w- c:\programmi\Analog Devices
2010-08-01 15:55 . 2003-01-08 09:23 49152 ----a-w- c:\windows\system32\DSndUp.exe
2010-08-01 15:55 . 2002-04-17 13:05 45056 ----a-w- c:\windows\system32\CleanUp.exe
2010-08-01 08:52 . 2004-08-03 21:15 140928 -c--a-w- c:\windows\system32\dllcache\ks.sys
2010-08-01 08:52 . 2004-08-03 21:15 140928 ----a-w- c:\windows\system32\drivers\ks.sys
2010-07-29 21:43 . 2010-07-29 21:43 -------- d-----w- c:\programmi\File comuni\Java
2010-07-29 21:43 . 2010-07-29 21:43 503808 ----a-w- c:\documents and settings\Ciccio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3d867f75-n\msvcp71.dll
2010-07-29 21:43 . 2010-07-29 21:43 61440 ----a-w- c:\documents and settings\Ciccio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-55392038-n\decora-sse.dll
2010-07-29 21:43 . 2010-07-29 21:43 499712 ----a-w- c:\documents and settings\Ciccio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3d867f75-n\jmc.dll
2010-07-29 21:43 . 2010-07-29 21:43 348160 ----a-w- c:\documents and settings\Ciccio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3d867f75-n\msvcr71.dll
2010-07-29 21:43 . 2010-07-29 21:43 12800 ----a-w- c:\documents and settings\Ciccio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-55392038-n\decora-d3d.dll
2010-07-29 21:25 . 2010-07-29 21:25 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-07-29 21:03 . 2010-07-29 21:03 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-07-29 21:03 . 2010-07-29 21:15 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-07-29 20:56 . 2010-07-29 20:56 2 --shatr- c:\windows\winstart.bat
2010-07-29 20:56 . 2010-07-29 20:56 -------- d-----w- c:\programmi\Greatis
2010-07-29 19:09 . 2010-07-29 19:09 -------- d-----w- c:\programmi\Trend Micro
2010-07-27 21:02 . 2010-07-27 21:02 2568656 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player.exe
2010-07-27 20:59 . 2010-07-28 14:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-07-24 10:49 . 2010-07-24 10:49 -------- d-----w- c:\programmi\iPod
2010-07-24 10:27 . 2010-07-24 10:27 73000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-24 10:05 . 2010-08-05 20:00 -------- d-----w- c:\documents and settings\Ciccio\Dati applicazioni\vlc
2010-07-23 23:00 . 2010-07-27 20:31 -------- d-----w- c:\programmi\easyMule
2010-07-22 22:31 . 2002-12-31 12:00 25600 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-07-22 03:06 . 2010-07-22 03:06 63756 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-20 18:40 . 2010-07-20 18:40 1615200 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgssie.dll
2010-07-20 18:40 . 2010-07-20 18:40 4368224 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2010-07-20 18:40 . 2010-07-20 18:40 1373536 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgssff.dll
2010-07-20 18:40 . 2010-07-20 18:40 1107296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgxpl.dll
2010-07-18 22:17 . 2010-07-18 22:17 -------- d-----w- c:\programmi\XRECODE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 21:27 . 2009-12-20 19:43 -------- d-----w- c:\programmi\a-squared Free
2010-08-05 15:35 . 2002-12-31 12:00 95478 ----a-w- c:\windows\system32\perfh010.dat
2010-08-05 15:35 . 2002-12-31 12:00 70658 ----a-w- c:\windows\system32\perfc010.dat
2010-08-03 15:35 . 2009-08-21 23:04 -------- d-----w- c:\documents and settings\Ciccio\Dati applicazioni\dvdcss
2010-08-02 03:41 . 2010-03-27 14:44 -------- d-----w- c:\programmi\AllWallpapersLite
2010-08-01 15:55 . 2009-08-15 23:45 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-08-01 15:55 . 2009-08-15 22:30 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-07-31 20:21 . 2009-12-19 20:35 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-07-30 21:38 . 2009-08-16 11:36 -------- d-----w- c:\programmi\Java
2010-07-27 22:16 . 2009-08-15 22:41 94952 ----a-w- c:\documents and settings\Ciccio\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-07-27 19:50 . 2009-10-25 14:18 -------- d-----w- c:\documents and settings\Ciccio\Dati applicazioni\Media Player Classic
2010-07-27 19:28 . 2009-12-19 17:01 -------- d-----w- c:\programmi\CCleaner
2010-07-25 23:35 . 2009-11-10 21:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-07-24 10:52 . 2010-06-20 09:44 -------- d-----w- c:\programmi\iTunes
2010-07-24 10:49 . 2009-09-19 18:34 -------- d-----w- c:\programmi\File comuni\Apple
2010-07-23 22:27 . 2002-12-31 12:00 359040 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2010-07-17 03:00 . 2010-05-13 09:45 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-27 18:11 . 2010-06-27 18:11 -------- d-----w- c:\programmi\WIDCOMM
2010-06-27 18:09 . 2009-08-16 12:05 -------- d-----w- c:\programmi\File comuni\Adobe
2010-06-21 19:51 . 2009-08-15 21:36 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-21 19:51 . 2010-06-21 19:51 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-21 19:50 . 2009-08-15 21:36 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-20 12:23 . 2010-06-20 12:23 -------- d-----w- c:\documents and settings\Ciccio\Dati applicazioni\com.adobe.example.ilMeteo-Desktop.2A39F48DF942E9FC2327EA036DB75B8B901F9CB0.1
2010-06-20 12:23 . 2010-06-20 12:23 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2010-06-20 12:22 . 2010-06-20 12:23 53632 ----a-w- c:\documents and settings\Ciccio\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-20 09:36 . 2010-05-01 23:00 -------- d-----w- c:\programmi\Bonjour
2010-05-31 13:19 . 2009-08-15 21:35 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-25 19:41 . 2010-05-25 19:41 1956808 ----a-w- c:\documents and settings\Ciccio\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

------- Sigcheck -------

[-] 2010-07-23 . C81D6A930A7805F6DAA0C7902B99037E . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2010-07-23 . C81D6A930A7805F6DAA0C7902B99037E . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( SnapShot@2010-08-01_17.59.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2002-12-31 12:00 . 2010-08-01 16:52 59556 c:\windows\system32\perfc009.dat
+ 2002-12-31 12:00 . 2010-08-05 15:35 59556 c:\windows\system32\perfc009.dat
+ 2002-12-31 12:00 . 2010-08-05 15:35 395508 c:\windows\system32\perfh009.dat
- 2002-12-31 12:00 . 2010-08-01 16:52 395508 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"awplite"="c:\programmi\AllWallpapersLite\awplite.exe" [2007-02-10 2607616]
"AnyDVD"="c:\programmi\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-03-03 3320768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2002-12-31 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"PDVD8LanguageShortcut"="c:\programmi\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\programmi\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-21 2065760]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Acrobat Speed Launcher"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2004-1-20 507965]
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2009-8-20 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-21 19:51 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-15 21:49 133104 ----atw- c:\documents and settings\Ciccio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-03 03:46 1630208 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 18:23 83240 ------w- c:\programmi\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgam.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/11/2009 23.53.49 52872]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [27/07/2007 12.46.06 251680]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/08/2009 23.36.00 216400]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/08/2009 23.36.05 243024]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\programmi\CyberLink\PowerDVD8\000.fcl [15/05/2008 12.07.00 61424]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [27/07/2007 10.13.08 330144]
S2 avg9wd;AVG WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [21/06/2010 21.51.01 308136]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [20/08/2009 12.08.45 10384]
S2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [19/12/2009 22.35.32 304464]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19/12/2009 22.35.25 20952]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [29/07/2010 23.25.58 35816]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [29/07/2010 23.03.44 24416]
.
Contenuto della cartella 'Scheduled Tasks'

2010-07-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-920026266-682003330-1004Core.job
- c:\documents and settings\Ciccio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-08-15 21:49]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-920026266-682003330-1004UA.job
- c:\documents and settings\Ciccio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-08-15 21:49]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.forexstart.net/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Download FLV by WinAVI... - c:\programmi\WinAVI FLV Converter\flv_link.htm
IE: Append Link Target to Existing PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Ciccio\Dati applicazioni\Mozilla\Firefox\Profiles\wroire2f.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Ciccio\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD8\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(320)
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1612)
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\AVG\AVG9\avgchsvx.exe
.
**************************************************************************
.
Ora fine scansione: 2010-08-05 23:47:42 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-08-05 21:47

Pre-Run: 61.959.061.504 byte disponibili
Post-Run: 61.951.623.168 byte disponibili

- - End Of File - - 97921BB1B09401D8F17F21D727972D82

Re: Sheur25th August 2010, 11:09 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

Re: Sheur28th August 2010, 1:53 am

Hi, this is the ESET report.
Thank you again

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6e1459cbe715e945820062f710d4b659
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-08 01:33:10
# local_time=2010-08-08 03:33:10 (+0100, ora legale Europa occidentale)
# country="Italy"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 795139 795139 0 0
# compatibility_mode=1029 16777173 100 91 50831 23339254 0 0
# compatibility_mode=8192 67108863 100 0 249 249 0 0
# scanned=99126
# found=5
# cleaned=5
# scan_time=5510
C:\Programmi\SlySoft\AnyDVD\AnyDiscHelp.dll probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\CNDRIVE32.EXE.del a variant of Win32/Injector.CLZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
H:\Download\AnyDVD 6.6.2.4\ANY DLL\AnyDiscHelp.dll probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
H:\Download\Nero 8.2.8.0\Nero-8.2.8.0_all_trial.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
H:\Download\Nero 9.0.9.4b\Nero-9.0.9.4b_trial.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

Re: Sheur28th August 2010, 7:22 pm

Hello.
How is the machine running now?

Re: Sheur28th August 2010, 9:56 pm

Hi,
my computer is going good (considering that is very very old).
What can i do to mantain my pc safe without making it too slow?
I'm very grateful for all your help

Re: Sheur28th August 2010, 10:28 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck. Big Grin

Sheur2

descriptionSheur230th July 2010, 10:28 pm

descriptionSheur2_230th July 2010, 10:29 pm

descriptionRe: Sheur231st July 2010, 11:45 pm

descriptionRe: Sheur21st August 2010, 3:21 am

descriptionRe: Sheur21st August 2010, 8:41 am

descriptionRe: Sheur21st August 2010, 5:17 pm

descriptionRe: Sheur21st August 2010, 6:10 pm

descriptionRe: Sheur21st August 2010, 8:21 pm

descriptionRe: Sheur21st August 2010, 9:59 pm

descriptionRe: Sheur21st August 2010, 10:35 pm

descriptionRe: Sheur21st August 2010, 11:01 pm

descriptionRe: Sheur21st August 2010, 11:23 pm

descriptionRe: Sheur21st August 2010, 11:34 pm

descriptionRe: Sheur22nd August 2010, 9:16 pm

descriptionRe: Sheur23rd August 2010, 3:36 am

descriptionRe: Sheur24th August 2010, 12:06 am

descriptionRe: Sheur24th August 2010, 2:21 am

descriptionRe: Sheur24th August 2010, 11:59 pm

descriptionRe: Sheur25th August 2010, 3:43 pm

descriptionRe: Sheur25th August 2010, 8:43 pm

descriptionRe: Sheur25th August 2010, 10:19 pm

descriptionRe: Sheur25th August 2010, 11:09 pm

descriptionRe: Sheur28th August 2010, 1:53 am

descriptionRe: Sheur28th August 2010, 7:22 pm

descriptionRe: Sheur28th August 2010, 9:56 pm

descriptionRe: Sheur28th August 2010, 10:28 pm

descriptionRe: Sheur2

Sheur230th July 2010, 10:28 pm

Sheur2_230th July 2010, 10:29 pm

Re: Sheur231st July 2010, 11:45 pm

Re: Sheur21st August 2010, 3:21 am

Re: Sheur21st August 2010, 8:41 am

Re: Sheur21st August 2010, 5:17 pm

Re: Sheur21st August 2010, 6:10 pm

Re: Sheur21st August 2010, 8:21 pm

Re: Sheur21st August 2010, 9:59 pm

Re: Sheur21st August 2010, 10:35 pm

Re: Sheur21st August 2010, 11:01 pm

Re: Sheur21st August 2010, 11:23 pm

Re: Sheur21st August 2010, 11:34 pm

Re: Sheur22nd August 2010, 9:16 pm

Re: Sheur23rd August 2010, 3:36 am

Re: Sheur24th August 2010, 12:06 am

Re: Sheur24th August 2010, 2:21 am

Re: Sheur24th August 2010, 11:59 pm

Re: Sheur25th August 2010, 3:43 pm

Re: Sheur25th August 2010, 8:43 pm

Re: Sheur25th August 2010, 10:19 pm

Re: Sheur25th August 2010, 11:09 pm

Re: Sheur28th August 2010, 1:53 am

Re: Sheur28th August 2010, 7:22 pm

Re: Sheur28th August 2010, 9:56 pm

Re: Sheur28th August 2010, 10:28 pm

Re: Sheur2