Jump to content


Photo

cxDFDF.EXE and DxFDF.EXE infection


  • This topic is locked This topic is locked
10 replies to this topic

#1 WaSt

WaSt

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 04 July 2009 - 10:23 PM

Good evening SWI

First of all, congratulations for the very comprehensive instructions on the different topics. I have just followed the forum FAQ, with all the recommended scans, and will try to keep to the posting instructions.

Problem description: we had virus problems in the office some weeks ago, so I decide to perform a complete scan with Avast at home. When I did that, the software recomended a scan on the boot, which I did, as sometimes before. The problem is that I didn’t know that Avast doesn’t show you the report and only when I searched and checked the aswboot.txt I realized that since some scans before Avast couldn’t fix some infected files as cxDFDF.EXE and DxFDF.EXE. Searching the web on these files I found SWI and will try to give you all the details.
- I don’t have any popup;
- my browser hasn’t been hijacked;
- Avast and the antivirus you recommended detect infection, and the reports are being included below as recommended in the forum FAQ;
- I felt my system sluggish in some moments in the past few weeks, but I couldn’t identify any relationship with some specific process. And the thing is not permanent. Actually, in the last few days and right now it appears to be normal;
- once some alerts in the Avast aswboot.txt referred to disposable files and folders I deleted them manually. That’s why some files that appear as not healed in Avast report don’t show in the other reports. Besides that, the only other steps I tried to fix the problem were to follow your recommendations in the forum FAQ.

Thank you in advance for your help.

Avast aswboot.txt report


31/12/2008 00:07
Escaneamento de todos os discos locais

Arquivo C:\Documents and Settings\Walter N. P. Stoffel\Documenti\sudoku.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}, Reparar: Erro 42060 {O arquivo não foi reparado.}, Excluído
Número de pastas processadas: 10628
Número de arquivos verificados: 125109
Número de arquivos infectados: 1

----------------------------------------
25/03/2009 21:29
Escaneamento de todos os discos locais


Escaneamento interrompido
Número de pastas processadas: 43
Número de arquivos verificados: 193
Número de arquivos infectados: 0

----------------------------------------
01/04/2009 20:30
Escaneamento de todos os discos locais

Arquivo C:\Documents and Settings\Walter N. P. Stoffel\cxDFDF.EXE está infectado por Win32:Spyware-gen [Trj], Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo C:\Documents and Settings\Walter N. P. Stoffel\Desktop\flashmemories\Presentazioni 8 maggio\4-Amm_Veri 8 MAGGIO RIVISTO.ppt\Pictures Erro 42145 {O arquivo OLE está corrompido.}
Arquivo C:\Documents and Settings\Walter N. P. Stoffel\Impostazioni locali\Temporary Internet Files\Content.IE5\CP7JUKS6\gr8[1].jpg está infectado por Win32:Spyware-gen [Trj], Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo C:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP418\A0046195.exe\shdoclc.dll Erro 42127 {O arquivo CAB está corrompido.}
Arquivo C:\WINDOWS\Temp\$336630A7.t$m\d3d8.dll Erro 42127 {O arquivo CAB está corrompido.}
Arquivo C:\WINDOWS\Temp\$5BE40375.t$m\gm16.dls Erro 42127 {O arquivo CAB está corrompido.}
Arquivo D:\CDs de instalação\Sound Forge\Har\Bal.v1.5\h-hab15a\h-hab15.rar\setup.exe\%TEMP%\H2OWISE.dll Erro 42146 {O arquivo de instalação está corrompido.}
Arquivo D:\CDs de instalação\Sound Forge\Har\Bal.v1.5\h-hab15a\h-hab15.rar\setup.exe Erro 42126 {O arquivo RAR está corrompido.}
Arquivo D:\CDs de instalação\Sound Forge\Har\Bal.v1.5\h-hab15a.zip\h-hab15.rar\setup.exe\Wise0009.bin Erro 42146 {O arquivo de instalação está corrompido.}
Arquivo D:\CDs de instalação\Sound Forge\Izotop\Ozone.DX.VST.RTAS.v3.08\ozone_keygen.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\Consulta\ECEME\documentaçãortf.zip\01II0315.rtf Erro 42125 {O arquivo ZIP está corrompido.}
Arquivo D:\Consulta\ECEME\documentaçãortf.zip\01II0304.rtf Erro 42125 {O arquivo ZIP está corrompido.}
Arquivo D:\Consulta\Legislação\Legislação de Ensino\Reg Es Com.zip\EsCom_R100_formatado.doc Erro 42125 {O arquivo ZIP está corrompido.}
Arquivo D:\Meus documentos\IASD\58^ Sessione\conferenzie diverse\Presentazioni 8 maggio\4-Amm_Veri 8 MAGGIO RIVISTO.ppt\Pictures Erro 42145 {O arquivo OLE está corrompido.}
Arquivo D:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP415\A0042523.exe\shdoclc.dll Erro 42127 {O arquivo CAB está corrompido.}
Arquivo D:\TEMP\Antivírus\avg_free_stf_en_8_100a1295.exe\avgsetup.exe Erro 42126 {O arquivo RAR está corrompido.}
Arquivo D:\TEMP\novo verif virus\Nova pasta\lifeanddeath.zip\LND.EXE Erro 42125 {O arquivo ZIP está corrompido.}
Arquivo D:\TEMP\novo verif virus\Nova pasta\streetrod2.zip\streetrod2\LIB2 Erro 42125 {O arquivo ZIP está corrompido.}
Arquivo D:\TEMP\novo verif virus\Nova pasta\superoffroad.zip\superoffroad\ctruck.pcg Erro 42125 {O arquivo ZIP está corrompido.}
Número de pastas processadas: 11708
Número de arquivos verificados: 733528
Número de arquivos infectados: 3

----------------------------------------
26/04/2009 22:13
Escaneamento de todos os discos locais

Arquivo C:\Documents and Settings\Walter N. P. Stoffel\cxDFDF.EXE está infectado por Win32:Spyware-gen [Trj], Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo C:\Documents and Settings\Walter N. P. Stoffel\Desktop\flashmemories\Presentazioni 8 maggio\4-Amm_Veri 8 MAGGIO RIVISTO.ppt\Pictures Erro 42145 {O arquivo OLE está corrompido.}
Arquivo C:\Documents and Settings\Walter N. P. Stoffel\DxFDF.EXE está infectado por Win32:VB-LGY [Drp], Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo C:\SYSTEM\G-923-321232-3232-32211-23\memory.exe está infectado por Win32:Spyware-gen [Trj], Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo C:\WINDOWS\Temp\$336630A7.t$m\d3d8.dll Erro 42127 {O arquivo CAB está corrompido.}
Arquivo C:\WINDOWS\Temp\$5BE40375.t$m\gm16.dls Erro 42127 {O arquivo CAB está corrompido.}
Arquivo D:\CDs de instalação\Sound Forge\Har\Bal.v1.5\h-hab15a\h-hab15.rar\setup.exe\%TEMP%\H2OWISE.dll Erro 42146 {O arquivo de instalação está corrompido.}
Arquivo D:\CDs de instalação\Sound Forge\Har\Bal.v1.5\h-hab15a\h-hab15.rar\setup.exe Erro 42126 {O arquivo RAR está corrompido.}
Arquivo D:\CDs de instalação\Sound Forge\Har\Bal.v1.5\h-hab15a.zip\h-hab15.rar\setup.exe\Wise0009.bin Erro 42146 {O arquivo de instalação está corrompido.}
Arquivo D:\CDs de instalação\Sound Forge\Izotop\Ozone.DX.VST.RTAS.v3.08\ozone_keygen.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\CDs de instalação\Sound Forge\Sonoma\Wire.Works.7.VST.v1.1\setup.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\Consulta\ECEME\documentaçãortf.zip\01II0315.rtf Erro 42125 {O arquivo ZIP está corrompido.}
Arquivo D:\Consulta\ECEME\documentaçãortf.zip\01II0304.rtf Erro 42125 {O arquivo ZIP está corrompido.}
Arquivo D:\Consulta\Legislação\Legislação de Ensino\Reg Es Com.zip\EsCom_R100_formatado.doc Erro 42125 {O arquivo ZIP está corrompido.}
Arquivo D:\Meus documentos\IASD\58^ Sessione\conferenzie diverse\Presentazioni 8 maggio\4-Amm_Veri 8 MAGGIO RIVISTO.ppt\Pictures Erro 42145 {O arquivo OLE está corrompido.}
Arquivo D:\TEMP\Antivírus\avg_free_stf_en_8_100a1295.exe\avgsetup.exe Erro 42126 {O arquivo RAR está corrompido.}
Arquivo D:\TEMP\novo verif virus\Nova pasta\lifeanddeath.zip\LND.EXE Erro 42125 {O arquivo ZIP está corrompido.}
Arquivo D:\TEMP\novo verif virus\Nova pasta\streetrod2.zip\streetrod2\LIB2 Erro 42125 {O arquivo ZIP está corrompido.}
Arquivo D:\TEMP\novo verif virus\Nova pasta\superoffroad.zip\superoffroad\ctruck.pcg Erro 42125 {O arquivo ZIP está corrompido.}
Número de pastas processadas: 11610
Número de arquivos verificados: 587242
Número de arquivos infectados: 5

----------------------------------------
19/06/2009 20:37
Escaneamento de todos os discos locais

Arquivo C:\Documents and Settings\Walter N. P. Stoffel\cxDFDF.EXE está infectado por Win32:Spyware-gen [Trj], Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo C:\Documents and Settings\Walter N. P. Stoffel\Desktop\flashmemories\Presentazioni 8 maggio\4-Amm_Veri 8 MAGGIO RIVISTO.ppt\Pictures Erro 42145 {O arquivo OLE está corrompido.}
Arquivo C:\Documents and Settings\Walter N. P. Stoffel\DxFDF.EXE está infectado por Win32:VB-LGY [Drp], Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo C:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\Perfume.exe está infectado por Win32:VB-LVN [Trj], Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo C:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP493\A0057590.exe está infectado por Win32:VB-LVN [Trj], Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo C:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP499\A0058428.exe está infectado por Win32:Spyware-gen [Trj], Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo C:\WINDOWS\Temp\$336630A7.t$m\d3d8.dll Erro 42127 {O arquivo CAB está corrompido.}
Arquivo C:\WINDOWS\Temp\$5BE40375.t$m\gm16.dls Erro 42127 {O arquivo CAB está corrompido.}
Arquivo D:\CDs de instalação\Sound Forge\Camel\Cameleon.5000.VSTi.RTAS.v1.6\setup.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\CDs de instalação\Sound Forge\Camel\Phat.VST.v3.15\setup.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\CDs de instalação\Sound Forge\Camel\Space.VST.v1.15\setup.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\CDs de instalação\Sound Forge\ConcreteFX\h-ck216\setup.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\CDs de instalação\Sound Forge\GRM\Classic.VST.v1.6.52\setup.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\CDs de instalação\Sound Forge\GRM\Spectral.Transform.VST.v1.6.52\setup.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\CDs de instalação\Sound Forge\Har\Bal.v1.5\h-hab15a\h-hab15.rar\setup.exe\%TEMP%\H2OWISE.dll Erro 42146 {O arquivo de instalação está corrompido.}
Arquivo D:\CDs de instalação\Sound Forge\Har\Bal.v1.5\h-hab15a\h-hab15.rar\setup.exe Erro 42126 {O arquivo RAR está corrompido.}
Arquivo D:\CDs de instalação\Sound Forge\Har\Bal.v1.5\h-hab15a.zip\h-hab15.rar\setup.exe\Wise0009.bin Erro 42146 {O arquivo de instalação está corrompido.}
Arquivo D:\CDs de instalação\Sound Forge\Izotop\Ozone.DX.VST.RTAS.v3.08\ozone_keygen.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\CDs de instalação\Sound Forge\Izotop\Ozone.DX.VST.RTAS.v3.08\setup.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\CDs de instalação\Sound Forge\LUXONIX\Ravity.R.VSTi.v1.4.1\Setup.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\CDs de instalação\Sound Forge\LUXONIX\Ravity.S.VSTi.v1.4.1\Setup.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\CDs de instalação\Sound Forge\Rob\Papen.Blue.VSTi.v1.02\setup.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\CDs de instalação\Sound Forge\Scarbee\Keyboard.FX.VST.v1.2.1\setup.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\CDs de instalação\Sound Forge\Sonic Charge\MicroTonic.VSTi.v2.0\setup.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\CDs de instalação\Sound Forge\Sonoma\Wire.Works.7.VST.v1.1\setup.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\CDs de instalação\Sound Forge\USR\Everything.EQ.Bundle.VST.v4.0\URS.Everything.EQ.Bundle.VST.v4.0-H2O\setup.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\Consulta\ECEME\documentaçãortf.zip\01II0315.rtf Erro 42125 {O arquivo ZIP está corrompido.}
Arquivo D:\Consulta\ECEME\documentaçãortf.zip\01II0304.rtf Erro 42125 {O arquivo ZIP está corrompido.}
Arquivo D:\Consulta\Legislação\Legislação de Ensino\Reg Es Com.zip\EsCom_R100_formatado.doc Erro 42125 {O arquivo ZIP está corrompido.}
Arquivo D:\Meus documentos\IASD\58^ Sessione\conferenzie diverse\Presentazioni 8 maggio\4-Amm_Veri 8 MAGGIO RIVISTO.ppt\Pictures Erro 42145 {O arquivo OLE está corrompido.}
Arquivo D:\TEMP\Antivírus\avg_free_stf_en_8_100a1295.exe\avgsetup.exe Erro 42126 {O arquivo RAR está corrompido.}
Arquivo D:\TEMP\novo verif virus\Nova pasta\lifeanddeath.zip\LND.EXE Erro 42125 {O arquivo ZIP está corrompido.}
Arquivo D:\TEMP\novo verif virus\Nova pasta\streetrod2.zip\streetrod2\LIB2 Erro 42125 {O arquivo ZIP está corrompido.}
Arquivo D:\TEMP\novo verif virus\Nova pasta\superoffroad.zip\superoffroad\ctruck.pcg Erro 42125 {O arquivo ZIP está corrompido.}
Número de pastas processadas: 11769
Número de arquivos verificados: 600637
Número de arquivos infectados: 20

----------------------------------------
19/06/2009 23:27
Escaneamento de todos os discos locais

Arquivo C:\Documents and Settings\Walter N. P. Stoffel\u1c1w78v7.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}, Mover para a Quarentena: Erro 0xC0000034 {Impossibile trovare il nome dell'oggetto.}, Mover: Erro 0xC000009C {STATUS_DEVICE_DATA_ERROR}, Excluir: Erro 0xC0000034 {Impossibile trovare il nome dell'oggetto.}, Excluir: Erro 0xC0000034 {Impossibile trovare il nome dell'oggetto.}, Excluir: Erro 0xC0000034 {Impossibile trovare il nome dell'oggetto.}, Mover: Erro 0xC000009C {STATUS_DEVICE_DATA_ERROR}, Mover: Erro 0xC000009C {STATUS_DEVICE_DATA_ERROR}, Mover para a Quarentena: Erro 0xC000009C {STATUS_DEVICE_DATA_ERROR}, Mover para a Quarentena: Erro 0xC000009C {STATUS_DEVICE_DATA_ERROR}, Reparar: Erro 42060 {O arquivo não foi reparado.}, Reparar: Erro 42060 {O arquivo não foi reparado.}, Reparar: Erro 42060 {O arquivo não foi reparado.}

Escaneamento interrompido

----------------------------------------
20/06/2009 00:38
Escaneamento de todos os discos locais

Arquivo C:\Documents and Settings\Walter N. P. Stoffel\Desktop\flashmemories\Presentazioni 8 maggio\4-Amm_Veri 8 MAGGIO RIVISTO.ppt\Pictures Erro 42145 {O arquivo OLE está corrompido.}
Arquivo C:\Programmi\Alwil Software\Avast4\DATA\moved\cxDFDF.EXE está infectado por Win32:Spyware-gen [Trj], Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo C:\Programmi\Alwil Software\Avast4\DATA\moved\DxFDF.EXE está infectado por Win32:VB-LGY [Drp], Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo C:\RECYCLER\S-1-5-21-2880746800-4292816137-381910254-1007\Dc5.EXE está infectado por Win32:VB-LGY [Drp], Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo C:\RECYCLER\S-1-5-21-2880746800-4292816137-381910254-1007\Dc6.EXE está infectado por Win32:Spyware-gen [Trj], Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo C:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP493\A0057590.exe está infectado por Win32:VB-LVN [Trj], Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo C:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP499\A0058428.exe está infectado por Win32:Spyware-gen [Trj], Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo C:\WINDOWS\Temp\$336630A7.t$m\d3d8.dll Erro 42127 {O arquivo CAB está corrompido.}
Arquivo C:\WINDOWS\Temp\$5BE40375.t$m\gm16.dls Erro 42127 {O arquivo CAB está corrompido.}
Arquivo D:\CDs de instalação\Sound Forge\Har\Bal.v1.5\h-hab15a.zip\h-hab15.rar\setup.exe\Wise0009.bin Erro 42146 {O arquivo de instalação está corrompido.}
Arquivo D:\Consulta\ECEME\documentaçãortf.zip\01II0315.rtf Erro 42125 {O arquivo ZIP está corrompido.}
Arquivo D:\Consulta\ECEME\documentaçãortf.zip\01II0304.rtf Erro 42125 {O arquivo ZIP está corrompido.}
Arquivo D:\Consulta\Legislação\Legislação de Ensino\Reg Es Com.zip\EsCom_R100_formatado.doc Erro 42125 {O arquivo ZIP está corrompido.}
Arquivo D:\Meus documentos\IASD\58^ Sessione\conferenzie diverse\Presentazioni 8 maggio\4-Amm_Veri 8 MAGGIO RIVISTO.ppt\Pictures Erro 42145 {O arquivo OLE está corrompido.}
Arquivo D:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP499\A0058434.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP499\A0058435.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP499\A0058436.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP499\A0058437.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP499\A0058438.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP499\A0058439.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP499\A0058440.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP499\A0058441.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP499\A0058442.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP499\A0058443.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP499\A0058444.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP499\A0058445.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP499\A0058446.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP499\A0058447.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP499\A0058448.exe\%TEMP%\h2o.exe está infectado por Win32:Trojan-gen {Other}, Reparar: Erro 42060 {O arquivo não foi reparado.}
Arquivo D:\TEMP\Antivírus\avg_free_stf_en_8_100a1295.exe\avgsetup.exe Erro 42126 {O arquivo RAR está corrompido.}
Arquivo D:\TEMP\novo verif virus\Nova pasta\lifeanddeath.zip\LND.EXE Erro 42125 {O arquivo ZIP está corrompido.}
Arquivo D:\TEMP\novo verif virus\Nova pasta\streetrod2.zip\streetrod2\LIB2 Erro 42125 {O arquivo ZIP está corrompido.}
Arquivo D:\TEMP\novo verif virus\Nova pasta\superoffroad.zip\superoffroad\ctruck.pcg Erro 42125 {O arquivo ZIP está corrompido.}
Número de pastas processadas: 11768
Número de arquivos verificados: 600592
Número de arquivos infectados: 21


Malwarebytes' Anti-Malware Report


Malwarebytes' Anti-Malware 1.38
Database version: 2347
Windows 5.1.2600 Service Pack 3

28/06/2009 22.53.11
mbam-log-2009-06-28 (22-53-11).txt

Scan type: Quick Scan
Objects scanned: 95291
Time elapsed: 6 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 3
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__gbpluginbb (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpyClean (Rogue.NetCom3) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\SYSTEM\G-923-321232-3232-32211-23 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\MEMORY\S-v-6-2009 (Trojan.Buzus) -> Quarantined and deleted successfully.

Files Infected:
c:\SYSTEM\g-923-321232-3232-32211-23\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\SYSTEM\s-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
c:\MEMORY\s-v-6-2009\Desktop.ini (Trojan.Buzus) -> Quarantined and deleted successfully.
c:\MEMORY\s-v-6-2009\PeAcE.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\PROGRAMMI\GbPlugin\gbieh.dll (Trojan.Vundo) -> Delete on reboot.
c:\documents and settings\walter n. p. stoffel\m3p1h7s7q9v1.exe (Worm.Autorun) -> Quarantined and deleted successfully.


Kaspersky Report

KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, July 3, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 02, 2009 22:29:58
Records in database: 2415851
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
Scan statistics
Files scanned 112333
Threat name 11
Infected objects 36
Suspicious objects 1
Duration of the scan 02:36:31

File name Threat name Threats count
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\066A5BCE.doc Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\067703C0.doc Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\067A2DBC.doc Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\067D57B9.tmp Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\068001B5.doc Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\06842BB1.doc Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\068755AE.doc Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\068E29A7.doc Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\06947D9F.doc Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\0697279C.doc Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\069B5198.doc Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\069E7B95.doc Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\089F3B61.doc Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\0AA959B4.tmp Infected: Hoax.Win32.BadJoke.Train 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\0C9667A7.doc Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\1DE03F1F.tmp Infected: Email-Worm.Win32.Warezov.df 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\241D55AB.doc Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\2E436AA8.exe Infected: Hoax.Win32.BadJoke.Stupen.c 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\3CC62263.tmp Infected: Email-Worm.Win32.Warezov.fb 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\46CE09A7.doc Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\479667CE.doc Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\4B77438A.doc Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\4DA473D4.tmp Infected: Email-Worm.Win32.Warezov.fb 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\52C53BAD.doc Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\5E5577AC.doc Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\603527D9.doc Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\63746A48.tmp Infected: Email-Worm.Win32.Magistr.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\63DD29D5.tmp Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\63F44FBC.tmp Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\6663230D.exe Infected: Hoax.Win32.BadJoke.Delf.n 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\69E533AB.doc Infected: Virus.MSWord.Nohate.a 1
C:\Documents and Settings\Walter N. P. Stoffel\Impostazioni locali\Dati applicazioni\Identities\{49B2BCBB-0E89-4755-940C-5E609C2E034D}\Microsoft\Outlook Express\Posta inviata.dbx Infected: Trojan-Clicker.HTML.IFrame.ail 1
C:\Documents and Settings\Walter N. P. Stoffel\Impostazioni locali\Dati applicazioni\Identities\{49B2BCBB-0E89-4755-940C-5E609C2E034D}\Microsoft\Outlook Express\suspeitos.dbx Suspicious: Password-protected-EXE 1
C:\Documents and Settings\Walter N. P. Stoffel\Impostazioni locali\Temporary Internet Files\Content.IE5\YJ5TD0JY\foto-442588-359243[1].htm Infected: Trojan-Clicker.HTML.IFrame.ail 1
D:\correio\correio eletrônico\Militares - só falta este\Raul\Respostas.eml Infected: Trojan.JS.Relink.b 1
D:\Meus documentos\Itália\viagens e vistos - psq e info\geral\Cadê LazerViagens e TurismoDicas de Viagem.htm Infected: Trojan-Clicker.HTML.IFrame.ail 1
D:\TEMP\diversos\DETECT~1.EXE Infected: Hoax.Win32.BadJoke.Delf.cc 1
The selected area was scanned.


Panda ActiveScan Report


;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2009-07-05 00:02:47
PROTECTIONS: 1
MALWARE: 6
SUSPECTS: 9
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
avast! antivirus 4.8.1335 [VPS 090703-0] 4.8.1335 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00099952 Joke/MouseShoot Jokes No 0 Yes No D:\correio\CORRESPONDÊNCIA e-mail\Wagner-Tuninho-Nádia-Emília-Rica\Tuninho\msg.eml[rato[1].zip][rato.exe]
00135331 Dialer.YC Dialers No 0 Yes No D:\correio\CORRESPONDÊNCIA e-mail\Itens enviados\inf driver ide.eml[Inf.zip][INF/nsupd9x.inf]
00135331 Dialer.YC Dialers No 0 Yes No D:\correio\CORRESPONDÊNCIA e-mail\Itens enviados\Fw_ inf driver ide.eml[Inf.zip][INF/nsupd9x.inf]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Walter N. P. Stoffel\Cookies\walter_n._p._stoffel@atdmt[2].txt
00155988 adware/fastlook Adware No 0 Yes No hkey_current_user\software\toolband
00447834 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP507\A0059176.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP502\A0058896.dll
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location [!
;===============================================================================
=================================================================================
===================
No c:\programmi\file comuni\akamai\rswin_3538.dll [!
No C:\Programmi\File comuni\Akamai\AdminTool.exe [!
No C:\Programmi\Pinnacle\MediaCenter\Install\DivXPlayer\DivXPlay_ISV.exe [!
No C:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP482\A0057343.exe [!
No C:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP502\A0058898.exe [!
No D:\correio\correio eletrônico\Diversos\para Soraia-escola-França\pSoraia-escola-França.eml[Carinho.exe]
No D:\correio\correio eletrônico\Diversos\para Soraia-escola-França\pSoraia-escola-França.eml[Carinho.exe]
No D:\Meus documentos\IASD\validação do windows\WindowsXP-KB905474-x86-1.5.540.0-noWGA.exe [!
No D:\TEMP\diversos\verificar\starwars.exe [!
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description [!
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================



HijackThis Report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1.13.51, on 05/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\fxssvc.exe
c:\programmi\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Programmi\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Apoint\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
C:\Programmi\Sony\ISB Utility\ISBMgr.exe
C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\vsnpstd2.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmon.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\WinLogT.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Programmi\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Outlook Express\msimn.exe
C:\WINDOWS\system32\calc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Microsoft Money\MSMONEY.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Microsoft Office\Office\Winword.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
D:\CDs de instalação\pacote proteção antivirus\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Programmi\Scpad\scpsssh2.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmi\TEXTware\QUICKfind\PlugIns\IEHelp.dll (file missing)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GBPLUGIN\gbieh.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programmi\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [PDService.exe] C:\Programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [winpos] C:\WINDOWS\winpos.exe
O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Programmi\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Programmi\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VoipBusterPro] "C:\programmi\voipbusterpro.com\voipbusterpro\voipbusterpro.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Programmi\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PMCS] "C:\Programmi\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [NitroPC] "C:\Programmi\NitroPC\NitroPC.exe" -minimized
O4 - HKCU\..\Run: [STManager] "C:\Programmi\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" -"http://dss.un.org/BS...rnetplayer.htm"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Gerenciador do HotSync.lnk = C:\Programmi\Palm\HOTSYNC.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: Trasferimento tramite Image Converter 2 Plus - C:\Programmi\Sony\Image Converter 2\menu.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1182625216968
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom....gamesplayer.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancob...gin/GbpDist.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GBPLUGIN\gbieh.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Programmi\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Programmi\Scpad\scpLIB.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avas

#2 e-tech

e-tech

    The Decontaminator

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,891 posts

Posted 06 July 2009 - 01:04 PM

Hello WaSt!

Posted Image
It may take some time and couple of attempts to provide you with the right help. Many of today's infections are advanced and install other infections on the computer.
It's almost impossible to remove the entire infection and to check for leftovers in one go. Please be patient.
:)


I have noticed that you have 2 antispyware programs installed on your computer. These are Windows Defender and Spybot - Search & Destroy\TeaTimer.exe.
Warning: running more than one resident protection program of the same type (antivirus, firewall, or anti-spyware program) at the same time can result in unwanted conflict. This can reduce the effectiveness of all resident protection programs individually.
If you want to keep them all then please make sure that they are not in resident mode at the same time.


Please disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.


  • So please disable TeaTimer by doing the following:
  • Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
  • On the left hand side, click on Tools, then click on the Resident Icon in the list.
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • Click on the "System Startup" icon in the List
  • Uncheck the "TeaTimer" box and "OK" any prompts.
  • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • Exit Spybot S&D when done and reboot your computer.
    (When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]
Please download ResetTeaTimer.zip and save to your Desktop. Extract (unzip) the file and double-click ResetTeaTimer.bat to run the script. This will remove all entries set by TeaTimer and it from restoring them upon reactivation).



Please download ATF Cleaner. Save it to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: (but don't run it yet)
http://www.bleepingc...to-use-combofix


Then please
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the quotebox below into it:

http://www.spywareinfoforum.com/index.php?showtopic=124747
KILLALL::
Collect::
C:\Documents and Settings\Walter N. P. Stoffel\Impostazioni locali\Temporary Internet Files\Content.IE5\YJ5TD0JY\foto-442588-359243[1].htm 
D:\correio\correio eletrônico\Militares - só falta este\Raul\Respostas.eml
D:\Meus documentos\Itália\viagens e vistos - psq e info\geral\Cadê LazerViagens e TurismoDicas de Viagem.htm
D:\TEMP\diversos\DETECT~1.EXE

Save this as CFScript.txt


Posted Image


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.



Please include the C:\ComboFix.txt, and the contents of checkup.txt in your next reply for further review.


Best regards

e-tech

Edited by e-tech, 06 July 2009 - 01:48 PM.

My fight is dedicated to the children with autism - please support and help these kids.

Our greatest glory is not in never falling but in rising every time we fall.
- Confucius


#3 WaSt

WaSt

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 09 July 2009 - 03:45 PM

Hello, e-tech!

Thanks a lot for your quick reply. We've been facing some energy cuts here so it took me a while to follow your instructions, but finally here it goes both contents of checkup.txt and ComboFix.txt: :thumbup:

checkup.txt

Results of screen317's Security Check version 0.98.4
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

WindowsLiveOneCaresafetyscanner
avast!Antivirus
NortonSecurityScan(SymantecCorporation)
NortonSecurityScan
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Spybot - Search & Destroy
Windows Defender
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Receitanet Java 2009.01
Java™ 6 Update 13
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
Spybot SDHelper is disabled!
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
ALWILS~1 Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 298703 seconds.
`````````End of Log```````````



ComboFix.txt

ComboFix 09-07-09.02 - Walter N. P. Stoffel 09/07/2009 19.56.24.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1014.399 [GMT 0:00]
Eseguito da: c:\documents and settings\Walter N. P. Stoffel\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Walter N. P. Stoffel\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090709-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
ADS - drivers: deleted 204 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\memory
c:\recycler\S-1-5-21-1028354696-4153828883-50306420-1003
c:\recycler\S-1-5-21-1052165031-2614460885-855987967-1003
C:\System
c:\windows\emMON.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Creati Da 2009-06-09 al 2009-07-09 )))))))))))))))))))))))))))))))))))
.

2009-07-09 19:20 . 2009-07-09 19:20 -------- d-----w- C:\75a27a3260b9ae8350e0f4a7ef48
2009-07-05 01:12 . 2009-07-05 01:12 -------- d-----w- c:\programmi\Trend Micro
2009-06-28 22:34 . 2009-06-28 22:34 -------- d-----w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\Malwarebytes
2009-06-28 22:34 . 2009-06-17 11:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-28 22:34 . 2009-06-28 22:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-06-28 22:34 . 2009-06-17 11:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-28 22:34 . 2009-06-28 22:52 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-06-28 21:16 . 2009-06-28 21:26 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-06-28 21:16 . 2009-06-28 21:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-06-28 20:47 . 2009-06-28 21:08 -------- d-----w- c:\windows\BDOSCAN8
2009-06-28 20:15 . 2008-06-19 17:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-28 20:13 . 2009-06-28 20:13 -------- d-----w- c:\programmi\Panda Security
2009-06-28 19:08 . 2009-06-28 19:08 0 ----a-w- c:\windows\nsreg.dat
2009-06-28 19:08 . 2009-06-28 19:08 -------- d-----w- c:\documents and settings\Walter N. P. Stoffel\Impostazioni locali\Dati applicazioni\Mozilla
2009-06-21 23:06 . 2009-06-21 23:11 5589408 ----a-w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.5.3.exe
2009-06-21 23:06 . 2009-06-21 23:06 -------- d-----w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\TVU networks
2009-06-20 17:50 . 2009-06-20 17:50 -------- d-----w- c:\programmi\File comuni\PCSuite
2009-06-20 17:49 . 2009-06-20 17:49 -------- d-----w- c:\programmi\File comuni\Nokia
2009-06-20 17:47 . 2008-08-26 10:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-06-20 17:46 . 2009-06-20 17:46 -------- d-----w- c:\programmi\PC Connectivity Solution
2009-06-20 17:44 . 2009-06-20 17:37 33775224 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_eng.exe
2009-06-20 17:43 . 2009-06-20 17:43 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe
2009-06-20 17:43 . 2009-06-20 17:43 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-20 17:43 . 2009-06-20 17:43 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-20 17:43 . 2009-06-20 17:43 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 20:10 . 2008-08-16 02:18 -------- d-----w- c:\programmi\File comuni\Akamai
2009-07-09 19:33 . 2006-09-11 13:32 90112 ----a-w- c:\windows\DUMP60fc.tmp
2009-07-09 19:31 . 2006-09-16 09:45 -------- d-----w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\Skype
2009-07-09 18:58 . 2009-01-31 03:00 -------- d-----w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\skypePM
2009-07-07 22:45 . 2006-09-25 21:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\GbPlugin
2009-07-05 19:10 . 2006-10-01 17:35 -------- d-----w- c:\programmi\Microsoft Money
2009-07-03 23:33 . 2006-11-12 21:53 -------- d-----w- c:\programmi\GbPlugin
2009-07-03 22:31 . 2009-01-24 14:13 -------- d-----w- c:\programmi\Norton Security Scan
2009-06-28 21:51 . 2008-05-22 15:45 -------- d-----w- c:\programmi\Netcom3 Cleaner
2009-06-27 17:59 . 2007-10-21 22:19 -------- d-----w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\Nokia
2009-06-20 17:49 . 2007-10-21 22:17 -------- d-----w- c:\programmi\Nokia
2009-06-20 17:47 . 2007-10-21 22:18 -------- d-----w- c:\programmi\DIFX
2009-06-20 17:44 . 2007-10-21 22:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-06-15 19:19 . 2009-02-07 15:48 27056 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2009-06-06 21:53 . 2007-10-21 22:18 -------- d-----w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\PC Suite
2009-06-06 21:53 . 2009-06-06 21:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-06-06 21:53 . 2009-06-06 21:53 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-06 20:10 . 2009-06-06 20:10 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-06 20:10 . 2009-06-06 20:10 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-06 20:10 . 2009-06-06 20:10 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-06 19:34 . 2009-06-06 20:11 34348464 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Nokia_PC_Suite_7_1_26_1_eng_web.exe
2009-05-27 20:16 . 2006-02-27 01:59 488408 ----a-w- c:\windows\system32\perfh010.dat
2009-05-27 20:16 . 2006-02-27 01:59 92692 ----a-w- c:\windows\system32\perfc010.dat
2009-05-21 15:36 . 2009-02-23 22:01 17134 ----a-w- c:\windows\system32\PCANDIS5.SYS
2009-05-21 14:38 . 2007-12-02 22:02 -------- d--h--w- c:\programmi\Scpad
2009-05-07 15:32 . 2006-02-27 01:59 347648 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 01:42 . 2009-05-03 01:42 152576 ----a-w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-30 23:58 . 2006-09-11 13:32 90112 ----a-w- c:\windows\DUMP83f5.tmp
2009-04-29 04:45 . 2006-02-27 01:59 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:44 . 2006-02-27 01:59 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:47 . 2006-02-27 01:59 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:52 . 2006-02-27 01:59 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PMCS"="c:\programmi\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-06-08 65536]
"STManager"="c:\programmi\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-10-16 118784]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-12 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2003-11-07 114688]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 184320]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\programmi\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"PDService.exe"="c:\programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 40960]
"Lexmark X1100 Series"="c:\programmi\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-28 29744]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"WinLogT"="c:\windows\WinLogT.exe" [2006-03-30 500224]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]
"PMCRemote"="c:\programmi\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe" [2006-06-08 90112]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-03-24 198160]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-06-29 14720000]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Walter N. P. Stoffel\Menu Avvio\Programmi\Esecuzione automatica\
Gerenciador do HotSync.lnk - c:\programmi\Palm\HOTSYNC.EXE [2003-3-21 299008]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
BlueSoleil.lnk - c:\programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-10-20 1048576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2009-06-18 18:00 302368 ----a-w- c:\progra~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-30 11:12 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Documents and Settings\\Walter N. P. Stoffel\\Impostazioni locali\\Dati applicazioni\\Xenocode\\ApplianceCaches\\KumaClient.exe_v4B8EBC79\\Native\\STUBEXE\\@PROGRAMFILES@\\Kuma Games\\Kuma.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\SpeedTouch\\Dr SpeedTouch\\drst.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"2048:TCP"= 2048:TCP:Akamai NetSession Interface
"1508:TCP"= 1508:TCP:Akamai NetSession Interface
"1519:TCP"= 1519:TCP:Akamai NetSession Interface
"2290:TCP"= 2290:TCP:Akamai NetSession Interface
"1199:TCP"= 1199:TCP:Akamai NetSession Interface
"1092:TCP"= 1092:TCP:Akamai NetSession Interface
"1106:TCP"= 1106:TCP:Akamai NetSession Interface
"1169:TCP"= 1169:TCP:Akamai NetSession Interface
"1118:TCP"= 1118:TCP:Akamai NetSession Interface
"1620:TCP"= 1620:TCP:Akamai NetSession Interface
"3367:TCP"= 3367:TCP:Akamai NetSession Interface
"2433:TCP"= 2433:TCP:Akamai NetSession Interface
"3459:TCP"= 3459:TCP:Akamai NetSession Interface
"4980:TCP"= 4980:TCP:Akamai NetSession Interface
"1178:TCP"= 1178:TCP:Akamai NetSession Interface
"1186:TCP"= 1186:TCP:Akamai NetSession Interface
"1563:TCP"= 1563:TCP:Akamai NetSession Interface
"1103:TCP"= 1103:TCP:Akamai NetSession Interface
"4601:TCP"= 4601:TCP:Akamai NetSession Interface
"2456:TCP"= 2456:TCP:Akamai NetSession Interface
"2466:TCP"= 2466:TCP:Akamai NetSession Interface
"2524:TCP"= 2524:TCP:Akamai NetSession Interface
"3400:TCP"= 3400:TCP:Akamai NetSession Interface
"3107:TCP"= 3107:TCP:Akamai NetSession Interface
"2280:TCP"= 2280:TCP:Akamai NetSession Interface
"1802:TCP"= 1802:TCP:Akamai NetSession Interface
"4748:TCP"= 4748:TCP:Akamai NetSession Interface
"3917:TCP"= 3917:TCP:Akamai NetSession Interface
"4511:TCP"= 4511:TCP:Akamai NetSession Interface
"4592:TCP"= 4592:TCP:Akamai NetSession Interface
"1644:TCP"= 1644:TCP:Akamai NetSession Interface
"4105:TCP"= 4105:TCP:Akamai NetSession Interface
"1607:TCP"= 1607:TCP:Akamai NetSession Interface
"2525:TCP"= 2525:TCP:Akamai NetSession Interface
"1708:TCP"= 1708:TCP:Akamai NetSession Interface
"1093:TCP"= 1093:TCP:Akamai NetSession Interface
"1934:TCP"= 1934:TCP:Akamai NetSession Interface
"1954:TCP"= 1954:TCP:Akamai NetSession Interface
"4085:TCP"= 4085:TCP:Akamai NetSession Interface
"3478:TCP"= 3478:TCP:Akamai NetSession Interface
"3500:TCP"= 3500:TCP:Akamai NetSession Interface
"4175:TCP"= 4175:TCP:Akamai NetSession Interface
"4183:TCP"= 4183:TCP:Akamai NetSession Interface
"1203:TCP"= 1203:TCP:Akamai NetSession Interface
"1700:TCP"= 1700:TCP:Akamai NetSession Interface
"1719:TCP"= 1719:TCP:Akamai NetSession Interface
"1747:TCP"= 1747:TCP:Akamai NetSession Interface
"3184:TCP"= 3184:TCP:Akamai NetSession Interface
"3263:TCP"= 3263:TCP:Akamai NetSession Interface
"4664:TCP"= 4664:TCP:Akamai NetSession Interface
"1625:TCP"= 1625:TCP:Akamai NetSession Interface
"1089:TCP"= 1089:TCP:Akamai NetSession Interface
"1187:TCP"= 1187:TCP:Akamai NetSession Interface
"3152:TCP"= 3152:TCP:Akamai NetSession Interface
"3231:TCP"= 3231:TCP:Akamai NetSession Interface
"3668:TCP"= 3668:TCP:Akamai NetSession Interface
"3765:TCP"= 3765:TCP:Akamai NetSession Interface
"4066:TCP"= 4066:TCP:Akamai NetSession Interface
"4231:TCP"= 4231:TCP:Akamai NetSession Interface
"4242:TCP"= 4242:TCP:Akamai NetSession Interface
"4307:TCP"= 4307:TCP:Akamai NetSession Interface
"4372:TCP"= 4372:TCP:Akamai NetSession Interface
"4458:TCP"= 4458:TCP:Akamai NetSession Interface
"2530:TCP"= 2530:TCP:Akamai NetSession Interface
"2540:TCP"= 2540:TCP:Akamai NetSession Interface
"4235:TCP"= 4235:TCP:Akamai NetSession Interface
"4295:TCP"= 4295:TCP:Akamai NetSession Interface
"2517:TCP"= 2517:TCP:Akamai NetSession Interface
"4237:TCP"= 4237:TCP:Akamai NetSession Interface
"4840:TCP"= 4840:TCP:Akamai NetSession Interface
"4850:TCP"= 4850:TCP:Akamai NetSession Interface
"4905:TCP"= 4905:TCP:Akamai NetSession Interface
"1698:TCP"= 1698:TCP:Akamai NetSession Interface
"2909:TCP"= 2909:TCP:Akamai NetSession Interface
"2567:TCP"= 2567:TCP:Akamai NetSession Interface
"1084:TCP"= 1084:TCP:Akamai NetSession Interface
"3600:TCP"= 3600:TCP:Akamai NetSession Interface
"3616:TCP"= 3616:TCP:Akamai NetSession Interface
"4568:TCP"= 4568:TCP:Akamai NetSession Interface
"4579:TCP"= 4579:TCP:Akamai NetSession Interface
"4629:TCP"= 4629:TCP:Akamai NetSession Interface
"2590:TCP"= 2590:TCP:Akamai NetSession Interface
"4136:TCP"= 4136:TCP:Akamai NetSession Interface
"4836:TCP"= 4836:TCP:Akamai NetSession Interface
"4097:TCP"= 4097:TCP:Akamai NetSession Interface
"4663:TCP"= 4663:TCP:Akamai NetSession Interface
"4679:TCP"= 4679:TCP:Akamai NetSession Interface
"4713:TCP"= 4713:TCP:Akamai NetSession Interface
"3690:TCP"= 3690:TCP:Akamai NetSession Interface
"1593:TCP"= 1593:TCP:Akamai NetSession Interface
"4830:TCP"= 4830:TCP:Akamai NetSession Interface
"4273:TCP"= 4273:TCP:Akamai NetSession Interface
"2279:TCP"= 2279:TCP:Akamai NetSession Interface
"1119:TCP"= 1119:TCP:Akamai NetSession Interface
"1270:TCP"= 1270:TCP:Akamai NetSession Interface
"1159:TCP"= 1159:TCP:Akamai NetSession Interface
"1297:TCP"= 1297:TCP:Akamai NetSession Interface
"1489:TCP"= 1489:TCP:Akamai NetSession Interface
"1131:TCP"= 1131:TCP:Akamai NetSession Interface
"1343:TCP"= 1343:TCP:Akamai NetSession Interface
"1587:TCP"= 1587:TCP:Akamai NetSession Interface
"2087:TCP"= 2087:TCP:Akamai NetSession Interface
"2356:TCP"= 2356:TCP:Akamai NetSession Interface
"2800:TCP"= 2800:TCP:Akamai NetSession Interface
"2813:TCP"= 2813:TCP:Akamai NetSession Interface
"2832:TCP"= 2832:TCP:Akamai NetSession Interface
"4396:TCP"= 4396:TCP:Akamai NetSession Interface
"4461:TCP"= 4461:TCP:Akamai NetSession Interface
"4651:TCP"= 4651:TCP:Akamai NetSession Interface
"4688:TCP"= 4688:TCP:Akamai NetSession Interface
"2163:TCP"= 2163:TCP:Akamai NetSession Interface
"4096:TCP"= 4096:TCP:Akamai NetSession Interface
"4459:TCP"= 4459:TCP:Akamai NetSession Interface
"4502:TCP"= 4502:TCP:Akamai NetSession Interface
"1933:TCP"= 1933:TCP:Akamai NetSession Interface
"3016:TCP"= 3016:TCP:Akamai NetSession Interface
"2484:TCP"= 2484:TCP:Akamai NetSession Interface
"2552:TCP"= 2552:TCP:Akamai NetSession Interface
"2621:TCP"= 2621:TCP:Akamai NetSession Interface
"1894:TCP"= 1894:TCP:Akamai NetSession Interface
"2109:TCP"= 2109:TCP:Akamai NetSession Interface
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"4417:TCP"= 4417:TCP:Akamai NetSession Interface
"4733:TCP"= 4733:TCP:Akamai NetSession Interface
"1518:TCP"= 1518:TCP:Akamai NetSession Interface
"1659:TCP"= 1659:TCP:Akamai NetSession Interface
"4623:TCP"= 4623:TCP:Akamai NetSession Interface
"4653:TCP"= 4653:TCP:Akamai NetSession Interface
"1135:TCP"= 1135:TCP:Akamai NetSession Interface
"1598:TCP"= 1598:TCP:Akamai NetSession Interface
"2340:TCP"= 2340:TCP:Akamai NetSession Interface
"3175:TCP"= 3175:TCP:Akamai NetSession Interface
"3539:TCP"= 3539:TCP:Akamai NetSession Interface
"4717:TCP"= 4717:TCP:Akamai NetSession Interface
"4406:TCP"= 4406:TCP:Akamai NetSession Interface
"4780:TCP"= 4780:TCP:Akamai NetSession Interface
"4887:TCP"= 4887:TCP:Akamai NetSession Interface
"4901:TCP"= 4901:TCP:Akamai NetSession Interface
"4937:TCP"= 4937:TCP:Akamai NetSession Interface
"1229:TCP"= 1229:TCP:Akamai NetSession Interface
"4490:TCP"= 4490:TCP:Akamai NetSession Interface
"4699:TCP"= 4699:TCP:Akamai NetSession Interface
"4744:TCP"= 4744:TCP:Akamai NetSession Interface
"1651:TCP"= 1651:TCP:Akamai NetSession Interface
"1832:TCP"= 1832:TCP:Akamai NetSession Interface
"2861:TCP"= 2861:TCP:Akamai NetSession Interface
"2871:TCP"= 2871:TCP:Akamai NetSession Interface
"2955:TCP"= 2955:TCP:Akamai NetSession Interface
"2377:TCP"= 2377:TCP:Akamai NetSession Interface
"3816:TCP"= 3816:TCP:Akamai NetSession Interface
"4063:TCP"= 4063:TCP:Akamai NetSession Interface
"4285:TCP"= 4285:TCP:Akamai NetSession Interface
"1109:TCP"= 1109:TCP:Akamai NetSession Interface
"3010:TCP"= 3010:TCP:Akamai NetSession Interface
"4517:TCP"= 4517:TCP:Akamai NetSession Interface
"4795:TCP"= 4795:TCP:Akamai NetSession Interface
"2264:TCP"= 2264:TCP:Akamai NetSession Interface
"2271:TCP"= 2271:TCP:Akamai NetSession Interface
"3615:TCP"= 3615:TCP:Akamai NetSession Interface
"2650:TCP"= 2650:TCP:Akamai NetSession Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [07/02/2009 15.48.26 27056]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [28/06/2009 20.15.46 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/12/2008 2.00.43 114768]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [06/07/2004 13.07.06 45627]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [27/02/2006 1.59.34 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/12/2008 2.00.43 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [29/03/2009 1.36.40 55152]
R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [02/05/2008 17.15.50 53552]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;c:\programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe [03/10/2006 16.27.57 100032]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 17.19.58 13592]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [09/06/2002 22.09.08 31232]
S2 gupdate1c9acdbeaa71faa;Servizio di Google Update (gupdate1c9acdbeaa71faa);c:\programmi\Google\Update\GoogleUpdate.exe [24/03/2009 23.54.44 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [03/12/2007 18.47.25 16512]
S3 fsssvc;Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [06/02/2009 17.08.58 533360]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [20/09/2006 17.41.05 29744]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-22CX3C644241}]
c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\Perfume.exe
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-03-24 23:54]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-03-24 23:54]

2009-07-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-VoipBusterPro - c:\programmi\voipbusterpro.com\voipbusterpro\voipbusterpro.exe
HKCU-Run-Internet Download Accelerator - c:\programmi\IDA\ida.exe
HKCU-Run-NitroPC - c:\programmi\NitroPC\NitroPC.exe
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET
HKLM-Run-winpos - c:\windows\winpos.exe
HKLM-Run-Pinnacle WebUpdater - c:\programmi\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe -s -f=UpdateVersion.xml
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard


.
------- Scansione supplementare -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download ALL with IDA
IE: Download with IDA
IE: Trasferimento tramite Image Converter 2 Plus - c:\programmi\Sony\Image Converter 2\menu.htm
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game13.zylom.com/activex/zylomgamesplayer.cab
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab
FF - ProfilePath - c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\Mozilla\Firefox\Profiles\urnf1m7y.default\
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 20:08
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2880746800-4292816137-381910254-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2880746800-4292816137-381910254-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D806178E-1329-470D-227A-A1E5880A5D67}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,54,78,50,44,9f,
92,ec,60,e2,63,26,f1,3f,c8,ff,68,ee,4a,33,79,6f,25,9c,8b,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,a0,ea,38,fb,2d,
37,e4,11,6a,9c,d6,61,af,45,84,18,48,24,b8,44,63,ae,11,2d,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,04,bb,39,f1,d0,
a7,f7,1d,ff,7c,85,e0,43,d4,0e,fe,b8,50,da,f0,a1,c8,c6,23,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,11,8f,b4,36,b4,
f7,60,e8,86,8c,21,01,be,91,eb,e7,65,f2,96,25,ea,63,2f,46,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,cc,0b,8d,e9,25,
31,6d,ad,f5,1d,4d,73,a8,13,5c,05,98,5b,cc,41,7d,ca,74,d1,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,13,18,23,44,19,
7b,9b,2c,df,20,58,62,78,6b,cf,c8,76,f8,d5,88,92,61,c1,9b,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,ba,a9,ec,60,3a,
60,76,47,fb,a7,78,e6,12,2f,9a,ea,84,6e,91,fb,42,c7,af,60,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,ec,d0,29,26,c1,
4a,4f,f5,01,3a,48,fc,e8,04,4a,f1,cd,ca,96,a8,c4,b2,1f,9d,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,37,04,0a,84,45,
68,71,34,f6,0f,4e,58,98,5b,89,c9,98,72,ff,87,ed,8f,90,cf,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,1e,d1,8c,2a,6c,
1d,f2,cd,3d,ce,ea,26,2d,45,aa,78,e4,ae,93,2e,25,af,59,aa,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,35,7f,4c,9c,45,
b6,4f,b0,2a,b7,cc,b5,b9,7f,41,e7,c9,08,a5,c7,6d,9f,22,7c,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,ca,e2,7c,39,01,
88,7b,5d,6c,43,2d,1e,aa,22,2f,9c,9c,b6,d5,ba,8c,73,2f,c0,6c,43,2d,1e,aa,22,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1112)
c:\progra~1\GBPLUGIN\gbieh.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(5188)
c:\progra~1\WINDOW~2\wmpband.dll
c:\progra~1\GBPLUGIN\gbieh.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Scpad\scpLIB.dll
c:\programmi\Scpad\scpMIB.dll
c:\programmi\Scpad\sshib.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\IVT Corporation\BlueSoleil\BTNtService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\tcpsvcs.exe
c:\programmi\Sony\VAIO Event Service\VESMgr.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\programmi\Canon\CAL\CALMAIN.exe
c:\windows\system32\fxssvc.exe
c:\programmi\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\programmi\Apoint\ApntEx.exe
c:\programmi\Lexmark X1100 Series\lxbkbmon.exe
c:\programmi\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
c:\programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\programmi\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Ora fine scansione: 2009-07-09 20.17.02 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-07-09 20:16

Pre-Run: 11.561.492.480 byte disponibili
Post-Run: 11.601.788.928 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

592 --- E O F --- 2009-07-06 19:42



Best regards

WaSt

#4 e-tech

e-tech

    The Decontaminator

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,891 posts

Posted 10 July 2009 - 01:19 AM

Hi! Well done.

I notice that you have these sites
bancobrasil.com.br\www2
sony-europe.com
sonystyle-europe.com
vaio-link.com

in your Trusted Zone.
Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone.

I strongly recommend remove all entries from the Trusted Zone as they are unnecessary to be there.


Then please
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the quotebox below into it:

http://www.spywareinfoforum.com/index.php?showtopic=124747 
KILLALL:: 
Collect:: 
C:\Documents and Settings\Walter N. P. Stoffel\Impostazioni locali\Temporary Internet Files\Content.IE5\YJ5TD0JY\foto-442588-359243[1].htm 
D:\correio\correio eletrônico\Militares - só falta este\Raul\Respostas.eml 
D:\Meus documentos\Itália\viagens e vistos - psq e info\geral\Cadê LazerViagens e TurismoDicas de Viagem.htm 
D:\TEMP\diversos\DETECT~1.EXE 
c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\Perfume.exe
FileLook:: 
c:\windows\DUMP60fc.tmp 
c:\windows\system32\PCANDIS5.SYS 
c:\windows\DUMP83f5.tmp 
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-22CX3C644241}]
[-HKEY_USERS\S-1-5-21-2880746800-4292816137-381910254-1007\Software\Microsoft\SystemCertificates\AddressBook*]
RegNull:: 
[HKEY_USERS\S-1-5-21-2880746800-4292816137-381910254-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D806178E-1329-470D-227A-A1E5880A5D67}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

Save this as CFScript.txt


Posted Image


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
Best regards

e-tech

My fight is dedicated to the children with autism - please support and help these kids.

Our greatest glory is not in never falling but in rising every time we fall.
- Confucius


#5 WaSt

WaSt

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 10 July 2009 - 06:24 PM

Hi, e-tech!

Here it is the new ComboFix.txt. By the way, I emptied the Internet Explorer Trust Zone, as you recommended.

ComboFix

ComboFix 09-07-09.08 - Walter N. P. Stoffel 10/07/2009 22.41.58.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1014.533 [GMT 0:00]
Eseguito da: c:\documents and settings\Walter N. P. Stoffel\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Walter N. P. Stoffel\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090710-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
ADS - drivers: deleted 204 bytes in 1 streams.

((((((((((((((((((((((((( Files Creati Da 2009-06-10 al 2009-07-10 )))))))))))))))))))))))))))))))))))
.

2009-07-09 19:20 . 2009-07-09 19:20 -------- d-----w- C:\75a27a3260b9ae8350e0f4a7ef48
2009-07-05 01:12 . 2009-07-05 01:12 -------- d-----w- c:\programmi\Trend Micro
2009-06-28 22:34 . 2009-06-28 22:34 -------- d-----w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\Malwarebytes
2009-06-28 22:34 . 2009-06-17 11:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-28 22:34 . 2009-06-28 22:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-06-28 22:34 . 2009-06-17 11:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-28 22:34 . 2009-06-28 22:52 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-06-28 21:16 . 2009-06-28 21:26 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-06-28 21:16 . 2009-06-28 21:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-06-28 20:47 . 2009-06-28 21:08 -------- d-----w- c:\windows\BDOSCAN8
2009-06-28 20:15 . 2008-06-19 17:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-28 20:13 . 2009-06-28 20:13 -------- d-----w- c:\programmi\Panda Security
2009-06-28 19:08 . 2009-06-28 19:08 0 ----a-w- c:\windows\nsreg.dat
2009-06-28 19:08 . 2009-06-28 19:08 -------- d-----w- c:\documents and settings\Walter N. P. Stoffel\Impostazioni locali\Dati applicazioni\Mozilla
2009-06-21 23:06 . 2009-06-21 23:11 5589408 ----a-w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.5.3.exe
2009-06-21 23:06 . 2009-06-21 23:06 -------- d-----w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\TVU networks
2009-06-20 17:50 . 2009-06-20 17:50 -------- d-----w- c:\programmi\File comuni\PCSuite
2009-06-20 17:49 . 2009-06-20 17:49 -------- d-----w- c:\programmi\File comuni\Nokia
2009-06-20 17:47 . 2008-08-26 10:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-06-20 17:46 . 2009-06-20 17:46 -------- d-----w- c:\programmi\PC Connectivity Solution
2009-06-20 17:44 . 2009-06-20 17:37 33775224 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_eng.exe
2009-06-20 17:43 . 2009-06-20 17:43 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe
2009-06-20 17:43 . 2009-06-20 17:43 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-20 17:43 . 2009-06-20 17:43 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-20 17:43 . 2009-06-20 17:43 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 22:57 . 2008-08-16 02:18 -------- d-----w- c:\programmi\File comuni\Akamai
2009-07-09 19:33 . 2006-09-11 13:32 90112 ----a-w- c:\windows\DUMP60fc.tmp
2009-07-09 19:31 . 2006-09-16 09:45 -------- d-----w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\Skype
2009-07-09 18:58 . 2009-01-31 03:00 -------- d-----w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\skypePM
2009-07-07 22:45 . 2006-09-25 21:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\GbPlugin
2009-07-05 19:10 . 2006-10-01 17:35 -------- d-----w- c:\programmi\Microsoft Money
2009-07-03 23:33 . 2006-11-12 21:53 -------- d-----w- c:\programmi\GbPlugin
2009-07-03 22:31 . 2009-01-24 14:13 -------- d-----w- c:\programmi\Norton Security Scan
2009-06-28 21:51 . 2008-05-22 15:45 -------- d-----w- c:\programmi\Netcom3 Cleaner
2009-06-27 17:59 . 2007-10-21 22:19 -------- d-----w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\Nokia
2009-06-20 17:49 . 2007-10-21 22:17 -------- d-----w- c:\programmi\Nokia
2009-06-20 17:47 . 2007-10-21 22:18 -------- d-----w- c:\programmi\DIFX
2009-06-20 17:44 . 2007-10-21 22:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-06-15 19:19 . 2009-02-07 15:48 27056 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2009-06-06 21:53 . 2007-10-21 22:18 -------- d-----w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\PC Suite
2009-06-06 21:53 . 2009-06-06 21:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-06-06 21:53 . 2009-06-06 21:53 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-06 20:10 . 2009-06-06 20:10 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-06 20:10 . 2009-06-06 20:10 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-06 20:10 . 2009-06-06 20:10 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-06 19:34 . 2009-06-06 20:11 34348464 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Nokia_PC_Suite_7_1_26_1_eng_web.exe
2009-05-27 20:16 . 2006-02-27 01:59 488408 ----a-w- c:\windows\system32\perfh010.dat
2009-05-27 20:16 . 2006-02-27 01:59 92692 ----a-w- c:\windows\system32\perfc010.dat
2009-05-21 15:36 . 2009-02-23 22:01 17134 ----a-w- c:\windows\system32\PCANDIS5.SYS
2009-05-21 14:38 . 2007-12-02 22:02 -------- d--h--w- c:\programmi\Scpad
2009-05-07 15:32 . 2006-02-27 01:59 347648 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 01:42 . 2009-05-03 01:42 152576 ----a-w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-30 23:58 . 2006-09-11 13:32 90112 ----a-w- c:\windows\DUMP83f5.tmp
2009-04-29 04:45 . 2006-02-27 01:59 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:44 . 2006-02-27 01:59 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:47 . 2006-02-27 01:59 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:52 . 2006-02-27 01:59 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\DUMP60fc.tmp ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 90112
Created time: 2006-09-11 13:32
Modified time: 2009-07-09 19:33
MD5: FAC8B6A8701D054B3146278A82F88A13
SHA1: 6729F289FD6B7C78FD0111996F81F851066C7989


--- c:\windows\DUMP83f5.tmp ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 90112
Created time: 2006-09-11 13:32
Modified time: 2009-04-30 23:58
MD5: 7A046C3B75FDACFD699DE6C8CDCFFB9A
SHA1: EEBBB9F28DD9DF6DD750AC627A2EE9D696243D3A


--- c:\windows\system32\PCANDIS5.SYS ---
Company: Printing Communications Assoc., Inc. (PCAUSA)
File Description: PCAUSA NDIS 5.0 Protocol Driver
File Version: 5.03.16.54
Product Name: PCAUSA Rawether for Windows
Copyright: Copyright © 1995-2002 Printing Communications Assoc., Inc. (PCAUSA)
Original Filename: PCANDIS5.SYS
File size: 17134
Created time: 2009-02-23 22:01
Modified time: 2009-05-21 15:36
MD5: 2F9806B52CB3748B1E49222744B28E3C
SHA1: 752D4F3195842208BA0B59C0B2F28CD6BA529C8E


((((((((((((((((((((((((((((( SnapShot@2009-07-09_20.08.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-10 22:51 . 2009-07-10 22:51 16384 c:\windows\Temp\Perflib_Perfdata_738.dat
+ 2009-07-10 22:51 . 2009-07-10 22:51 16384 c:\windows\Temp\Perflib_Perfdata_1a4.dat
+ 2009-07-10 22:51 . 2009-07-10 22:51 16384 c:\windows\Temp\Perflib_Perfdata_128.dat
+ 2009-07-10 22:51 . 2009-07-10 22:51 16384 c:\windows\Temp\Perflib_Perfdata_10c.dat
+ 2009-07-10 22:53 . 2009-07-10 22:53 49152 c:\windows\Temp\CompiledAdapter.dll
- 2009-07-09 20:06 . 2009-07-09 20:06 49152 c:\windows\Temp\CompiledAdapter.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PMCS"="c:\programmi\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-06-08 65536]
"STManager"="c:\programmi\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-10-16 118784]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-12 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2003-11-07 114688]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 184320]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\programmi\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"PDService.exe"="c:\programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 40960]
"Lexmark X1100 Series"="c:\programmi\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-28 29744]
"WinLogT"="c:\windows\WinLogT.exe" [2006-03-30 500224]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]
"PMCRemote"="c:\programmi\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe" [2006-06-08 90112]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-03-24 198160]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-06-29 14720000]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Walter N. P. Stoffel\Menu Avvio\Programmi\Esecuzione automatica\
Gerenciador do HotSync.lnk - c:\programmi\Palm\HOTSYNC.EXE [2003-3-21 299008]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
BlueSoleil.lnk - c:\programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-10-20 1048576]
Update Spybot S&D.lnk.disabled [2009-7-9 1737]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2009-06-18 18:00 302368 ----a-w- c:\progra~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-30 11:12 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Documents and Settings\\Walter N. P. Stoffel\\Impostazioni locali\\Dati applicazioni\\Xenocode\\ApplianceCaches\\KumaClient.exe_v4B8EBC79\\Native\\STUBEXE\\@PROGRAMFILES@\\Kuma Games\\Kuma.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\SpeedTouch\\Dr SpeedTouch\\drst.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"2048:TCP"= 2048:TCP:Akamai NetSession Interface
"1508:TCP"= 1508:TCP:Akamai NetSession Interface
"1519:TCP"= 1519:TCP:Akamai NetSession Interface
"2290:TCP"= 2290:TCP:Akamai NetSession Interface
"1199:TCP"= 1199:TCP:Akamai NetSession Interface
"1092:TCP"= 1092:TCP:Akamai NetSession Interface
"1106:TCP"= 1106:TCP:Akamai NetSession Interface
"1169:TCP"= 1169:TCP:Akamai NetSession Interface
"1118:TCP"= 1118:TCP:Akamai NetSession Interface
"1620:TCP"= 1620:TCP:Akamai NetSession Interface
"3367:TCP"= 3367:TCP:Akamai NetSession Interface
"2433:TCP"= 2433:TCP:Akamai NetSession Interface
"3459:TCP"= 3459:TCP:Akamai NetSession Interface
"4980:TCP"= 4980:TCP:Akamai NetSession Interface
"1178:TCP"= 1178:TCP:Akamai NetSession Interface
"1186:TCP"= 1186:TCP:Akamai NetSession Interface
"1563:TCP"= 1563:TCP:Akamai NetSession Interface
"1103:TCP"= 1103:TCP:Akamai NetSession Interface
"4601:TCP"= 4601:TCP:Akamai NetSession Interface
"2456:TCP"= 2456:TCP:Akamai NetSession Interface
"2466:TCP"= 2466:TCP:Akamai NetSession Interface
"2524:TCP"= 2524:TCP:Akamai NetSession Interface
"3400:TCP"= 3400:TCP:Akamai NetSession Interface
"3107:TCP"= 3107:TCP:Akamai NetSession Interface
"2280:TCP"= 2280:TCP:Akamai NetSession Interface
"1802:TCP"= 1802:TCP:Akamai NetSession Interface
"4748:TCP"= 4748:TCP:Akamai NetSession Interface
"3917:TCP"= 3917:TCP:Akamai NetSession Interface
"4511:TCP"= 4511:TCP:Akamai NetSession Interface
"4592:TCP"= 4592:TCP:Akamai NetSession Interface
"1644:TCP"= 1644:TCP:Akamai NetSession Interface
"4105:TCP"= 4105:TCP:Akamai NetSession Interface
"1607:TCP"= 1607:TCP:Akamai NetSession Interface
"2525:TCP"= 2525:TCP:Akamai NetSession Interface
"1708:TCP"= 1708:TCP:Akamai NetSession Interface
"1093:TCP"= 1093:TCP:Akamai NetSession Interface
"1934:TCP"= 1934:TCP:Akamai NetSession Interface
"1954:TCP"= 1954:TCP:Akamai NetSession Interface
"4085:TCP"= 4085:TCP:Akamai NetSession Interface
"3478:TCP"= 3478:TCP:Akamai NetSession Interface
"3500:TCP"= 3500:TCP:Akamai NetSession Interface
"4175:TCP"= 4175:TCP:Akamai NetSession Interface
"4183:TCP"= 4183:TCP:Akamai NetSession Interface
"1203:TCP"= 1203:TCP:Akamai NetSession Interface
"1700:TCP"= 1700:TCP:Akamai NetSession Interface
"1719:TCP"= 1719:TCP:Akamai NetSession Interface
"1747:TCP"= 1747:TCP:Akamai NetSession Interface
"3184:TCP"= 3184:TCP:Akamai NetSession Interface
"3263:TCP"= 3263:TCP:Akamai NetSession Interface
"4664:TCP"= 4664:TCP:Akamai NetSession Interface
"1625:TCP"= 1625:TCP:Akamai NetSession Interface
"1089:TCP"= 1089:TCP:Akamai NetSession Interface
"1187:TCP"= 1187:TCP:Akamai NetSession Interface
"3152:TCP"= 3152:TCP:Akamai NetSession Interface
"3231:TCP"= 3231:TCP:Akamai NetSession Interface
"3668:TCP"= 3668:TCP:Akamai NetSession Interface
"3765:TCP"= 3765:TCP:Akamai NetSession Interface
"4066:TCP"= 4066:TCP:Akamai NetSession Interface
"4231:TCP"= 4231:TCP:Akamai NetSession Interface
"4242:TCP"= 4242:TCP:Akamai NetSession Interface
"4307:TCP"= 4307:TCP:Akamai NetSession Interface
"4372:TCP"= 4372:TCP:Akamai NetSession Interface
"4458:TCP"= 4458:TCP:Akamai NetSession Interface
"2530:TCP"= 2530:TCP:Akamai NetSession Interface
"2540:TCP"= 2540:TCP:Akamai NetSession Interface
"4235:TCP"= 4235:TCP:Akamai NetSession Interface
"4295:TCP"= 4295:TCP:Akamai NetSession Interface
"2517:TCP"= 2517:TCP:Akamai NetSession Interface
"4237:TCP"= 4237:TCP:Akamai NetSession Interface
"4840:TCP"= 4840:TCP:Akamai NetSession Interface
"4850:TCP"= 4850:TCP:Akamai NetSession Interface
"4905:TCP"= 4905:TCP:Akamai NetSession Interface
"1698:TCP"= 1698:TCP:Akamai NetSession Interface
"2909:TCP"= 2909:TCP:Akamai NetSession Interface
"2567:TCP"= 2567:TCP:Akamai NetSession Interface
"1084:TCP"= 1084:TCP:Akamai NetSession Interface
"3600:TCP"= 3600:TCP:Akamai NetSession Interface
"3616:TCP"= 3616:TCP:Akamai NetSession Interface
"4568:TCP"= 4568:TCP:Akamai NetSession Interface
"4579:TCP"= 4579:TCP:Akamai NetSession Interface
"4629:TCP"= 4629:TCP:Akamai NetSession Interface
"2590:TCP"= 2590:TCP:Akamai NetSession Interface
"4136:TCP"= 4136:TCP:Akamai NetSession Interface
"4836:TCP"= 4836:TCP:Akamai NetSession Interface
"4097:TCP"= 4097:TCP:Akamai NetSession Interface
"4663:TCP"= 4663:TCP:Akamai NetSession Interface
"4679:TCP"= 4679:TCP:Akamai NetSession Interface
"4713:TCP"= 4713:TCP:Akamai NetSession Interface
"3690:TCP"= 3690:TCP:Akamai NetSession Interface
"1593:TCP"= 1593:TCP:Akamai NetSession Interface
"4830:TCP"= 4830:TCP:Akamai NetSession Interface
"4273:TCP"= 4273:TCP:Akamai NetSession Interface
"2279:TCP"= 2279:TCP:Akamai NetSession Interface
"1119:TCP"= 1119:TCP:Akamai NetSession Interface
"1270:TCP"= 1270:TCP:Akamai NetSession Interface
"1159:TCP"= 1159:TCP:Akamai NetSession Interface
"1297:TCP"= 1297:TCP:Akamai NetSession Interface
"1489:TCP"= 1489:TCP:Akamai NetSession Interface
"1131:TCP"= 1131:TCP:Akamai NetSession Interface
"1343:TCP"= 1343:TCP:Akamai NetSession Interface
"1587:TCP"= 1587:TCP:Akamai NetSession Interface
"2087:TCP"= 2087:TCP:Akamai NetSession Interface
"2356:TCP"= 2356:TCP:Akamai NetSession Interface
"2800:TCP"= 2800:TCP:Akamai NetSession Interface
"2813:TCP"= 2813:TCP:Akamai NetSession Interface
"2832:TCP"= 2832:TCP:Akamai NetSession Interface
"4396:TCP"= 4396:TCP:Akamai NetSession Interface
"4461:TCP"= 4461:TCP:Akamai NetSession Interface
"4651:TCP"= 4651:TCP:Akamai NetSession Interface
"4688:TCP"= 4688:TCP:Akamai NetSession Interface
"2163:TCP"= 2163:TCP:Akamai NetSession Interface
"4096:TCP"= 4096:TCP:Akamai NetSession Interface
"4459:TCP"= 4459:TCP:Akamai NetSession Interface
"4502:TCP"= 4502:TCP:Akamai NetSession Interface
"1933:TCP"= 1933:TCP:Akamai NetSession Interface
"3016:TCP"= 3016:TCP:Akamai NetSession Interface
"2484:TCP"= 2484:TCP:Akamai NetSession Interface
"2552:TCP"= 2552:TCP:Akamai NetSession Interface
"2621:TCP"= 2621:TCP:Akamai NetSession Interface
"1894:TCP"= 1894:TCP:Akamai NetSession Interface
"2109:TCP"= 2109:TCP:Akamai NetSession Interface
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"4417:TCP"= 4417:TCP:Akamai NetSession Interface
"4733:TCP"= 4733:TCP:Akamai NetSession Interface
"1518:TCP"= 1518:TCP:Akamai NetSession Interface
"1659:TCP"= 1659:TCP:Akamai NetSession Interface
"4623:TCP"= 4623:TCP:Akamai NetSession Interface
"4653:TCP"= 4653:TCP:Akamai NetSession Interface
"1135:TCP"= 1135:TCP:Akamai NetSession Interface
"1598:TCP"= 1598:TCP:Akamai NetSession Interface
"2340:TCP"= 2340:TCP:Akamai NetSession Interface
"3175:TCP"= 3175:TCP:Akamai NetSession Interface
"3539:TCP"= 3539:TCP:Akamai NetSession Interface
"4717:TCP"= 4717:TCP:Akamai NetSession Interface
"4406:TCP"= 4406:TCP:Akamai NetSession Interface
"4780:TCP"= 4780:TCP:Akamai NetSession Interface
"4887:TCP"= 4887:TCP:Akamai NetSession Interface
"4901:TCP"= 4901:TCP:Akamai NetSession Interface
"4937:TCP"= 4937:TCP:Akamai NetSession Interface
"1229:TCP"= 1229:TCP:Akamai NetSession Interface
"4490:TCP"= 4490:TCP:Akamai NetSession Interface
"4699:TCP"= 4699:TCP:Akamai NetSession Interface
"4744:TCP"= 4744:TCP:Akamai NetSession Interface
"1651:TCP"= 1651:TCP:Akamai NetSession Interface
"1832:TCP"= 1832:TCP:Akamai NetSession Interface
"2861:TCP"= 2861:TCP:Akamai NetSession Interface
"2871:TCP"= 2871:TCP:Akamai NetSession Interface
"2955:TCP"= 2955:TCP:Akamai NetSession Interface
"2377:TCP"= 2377:TCP:Akamai NetSession Interface
"3816:TCP"= 3816:TCP:Akamai NetSession Interface
"4063:TCP"= 4063:TCP:Akamai NetSession Interface
"4285:TCP"= 4285:TCP:Akamai NetSession Interface
"1109:TCP"= 1109:TCP:Akamai NetSession Interface
"3010:TCP"= 3010:TCP:Akamai NetSession Interface
"4517:TCP"= 4517:TCP:Akamai NetSession Interface
"4795:TCP"= 4795:TCP:Akamai NetSession Interface
"2264:TCP"= 2264:TCP:Akamai NetSession Interface
"2271:TCP"= 2271:TCP:Akamai NetSession Interface
"3615:TCP"= 3615:TCP:Akamai NetSession Interface
"2650:TCP"= 2650:TCP:Akamai NetSession Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [07/02/2009 15.48.26 27056]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [28/06/2009 20.15.46 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/12/2008 2.00.43 114768]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [06/07/2004 13.07.06 45627]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [27/02/2006 1.59.34 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/12/2008 2.00.43 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [29/03/2009 1.36.40 55152]
R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [02/05/2008 17.15.50 53552]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;c:\programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe [03/10/2006 16.27.57 100032]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 17.19.58 13592]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [09/06/2002 22.09.08 31232]
S2 gupdate1c9acdbeaa71faa;Servizio di Google Update (gupdate1c9acdbeaa71faa);c:\programmi\Google\Update\GoogleUpdate.exe [24/03/2009 23.54.44 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [03/12/2007 18.47.25 16512]
S3 fsssvc;Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [06/02/2009 17.08.58 533360]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [20/09/2006 17.41.05 29744]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-03-24 23:54]

2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-03-24 23:54]

2009-07-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download ALL with IDA
IE: Download with IDA
IE: Trasferimento tramite Image Converter 2 Plus - c:\programmi\Sony\Image Converter 2\menu.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game13.zylom.com/activex/zylomgamesplayer.cab
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab
FF - ProfilePath - c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\Mozilla\Firefox\Profiles\urnf1m7y.default\
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 22:56
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2880746800-4292816137-381910254-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,76,4e,70,2a,d3,
67,c3,fb,e2,63,26,f1,3f,c8,ff,68,ee,4a,33,79,6f,25,9c,8b,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,7c,8e,5c,2a,39,
a2,08,d5,6a,9c,d6,61,af,45,84,18,48,24,b8,44,63,ae,11,2d,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,27,72,c6,f8,1e,
26,5f,c1,ff,7c,85,e0,43,d4,0e,fe,b8,50,da,f0,a1,c8,c6,23,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,d9,43,1f,b4,f7,
e4,6a,09,86,8c,21,01,be,91,eb,e7,65,f2,96,25,ea,63,2f,46,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,e3,bf,ea,3c,98,
26,0f,d1,f5,1d,4d,73,a8,13,5c,05,98,5b,cc,41,7d,ca,74,d1,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,1c,b9,cd,d7,2b,
f1,10,bd,df,20,58,62,78,6b,cf,c8,76,f8,d5,88,92,61,c1,9b,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c1,91,22,88,ef,
48,fc,30,fb,a7,78,e6,12,2f,9a,ea,84,6e,91,fb,42,c7,af,60,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,3f,1a,67,9f,9d,
5e,4d,8e,01,3a,48,fc,e8,04,4a,f1,cd,ca,96,a8,c4,b2,1f,9d,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,52,32,a0,48,98,
3f,b7,c8,f6,0f,4e,58,98,5b,89,c9,98,72,ff,87,ed,8f,90,cf,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,bc,3a,ac,b8,25,
08,54,75,3d,ce,ea,26,2d,45,aa,78,e4,ae,93,2e,25,af,59,aa,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,25,2c,20,84,3a,
69,6f,ef,2a,b7,cc,b5,b9,7f,41,e7,c9,08,a5,c7,6d,9f,22,7c,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,bd,c0,83,59,16,
78,4e,62,6c,43,2d,1e,aa,22,2f,9c,9c,b6,d5,ba,8c,73,2f,c0,6c,43,2d,1e,aa,22,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1104)
c:\progra~1\GBPLUGIN\gbieh.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(4208)
c:\progra~1\GBPLUGIN\gbieh.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Scpad\scpLIB.dll
c:\programmi\Scpad\scpMIB.dll
c:\programmi\Scpad\sshib.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\IVT Corporation\BlueSoleil\BTNtService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\programmi\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\tcpsvcs.exe
c:\programmi\Sony\VAIO Event Service\VESMgr.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\programmi\Canon\CAL\CALMAIN.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\igfxext.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\programmi\Apoint\ApntEx.exe
c:\programmi\Lexmark X1100 Series\lxbkbmon.exe
c:\programmi\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
c:\programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
c:\programmi\Windows Live\Contacts\wlcomm.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-07-10 23.07.08 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-07-10 23:06
ComboFix2.txt 2009-07-09 20:17

Pre-Run: 11.357.405.184 byte disponibili
Post-Run: 11.465.572.352 byte disponibili

606 --- E O F --- 2009-07-06 19:42



Best regards and a nice weekend

WaSt

#6 e-tech

e-tech

    The Decontaminator

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,891 posts

Posted 11 July 2009 - 02:31 AM

Great job! Looks much better now. :thumbsup:
But, there's more to do. :)

Please
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the quotebox below into it:

KILLALL::
RegNull::
[HKEY_USERS\S-1-5-21-2880746800-4292816137-381910254-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D806178E-1329-470D-227A-A1E5880A5D67}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.




Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note:
In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command.

If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your Desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Please post the Kaspersky Online Scanner Report in your reply along with the ComboFix log.


Best regards

e-tech

My fight is dedicated to the children with autism - please support and help these kids.

Our greatest glory is not in never falling but in rising every time we fall.
- Confucius


#7 WaSt

WaSt

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 11 July 2009 - 08:33 PM

Hello, e-tech,

Here it is the ComboFix and the Kaspersky reports.


ComboFix

ComboFix 09-07-09.08 - Walter N. P. Stoffel 11/07/2009 20.19.01.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1014.512 [GMT 0:00]
Eseguito da: c:\documents and settings\Walter N. P. Stoffel\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Walter N. P. Stoffel\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090710-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Creato nuovo punto di ripristino
.
ADS - drivers: deleted 204 bytes in 1 streams.

((((((((((((((((((((((((( Files Creati Da 2009-06-11 al 2009-07-11 )))))))))))))))))))))))))))))))))))
.

2009-07-09 19:20 . 2009-07-09 19:20 -------- d-----w- C:\75a27a3260b9ae8350e0f4a7ef48
2009-07-05 01:12 . 2009-07-05 01:12 -------- d-----w- c:\programmi\Trend Micro
2009-06-28 22:34 . 2009-06-28 22:34 -------- d-----w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\Malwarebytes
2009-06-28 22:34 . 2009-06-17 11:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-28 22:34 . 2009-06-28 22:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-06-28 22:34 . 2009-06-17 11:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-28 22:34 . 2009-06-28 22:52 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-06-28 21:16 . 2009-06-28 21:26 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-06-28 21:16 . 2009-06-28 21:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-06-28 20:47 . 2009-06-28 21:08 -------- d-----w- c:\windows\BDOSCAN8
2009-06-28 20:15 . 2008-06-19 17:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-28 20:13 . 2009-06-28 20:13 -------- d-----w- c:\programmi\Panda Security
2009-06-28 19:08 . 2009-06-28 19:08 0 ----a-w- c:\windows\nsreg.dat
2009-06-28 19:08 . 2009-06-28 19:08 -------- d-----w- c:\documents and settings\Walter N. P. Stoffel\Impostazioni locali\Dati applicazioni\Mozilla
2009-06-21 23:06 . 2009-06-21 23:11 5589408 ----a-w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.5.3.exe
2009-06-21 23:06 . 2009-06-21 23:06 -------- d-----w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\TVU networks
2009-06-20 17:50 . 2009-06-20 17:50 -------- d-----w- c:\programmi\File comuni\PCSuite
2009-06-20 17:49 . 2009-06-20 17:49 -------- d-----w- c:\programmi\File comuni\Nokia
2009-06-20 17:47 . 2008-08-26 10:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-06-20 17:46 . 2009-06-20 17:46 -------- d-----w- c:\programmi\PC Connectivity Solution
2009-06-20 17:44 . 2009-06-20 17:37 33775224 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_eng.exe
2009-06-20 17:43 . 2009-06-20 17:43 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe
2009-06-20 17:43 . 2009-06-20 17:43 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-20 17:43 . 2009-06-20 17:43 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-20 17:43 . 2009-06-20 17:43 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 21:02 . 2008-08-16 02:18 -------- d-----w- c:\programmi\File comuni\Akamai
2009-07-09 19:33 . 2006-09-11 13:32 90112 ----a-w- c:\windows\DUMP60fc.tmp
2009-07-09 19:31 . 2006-09-16 09:45 -------- d-----w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\Skype
2009-07-09 18:58 . 2009-01-31 03:00 -------- d-----w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\skypePM
2009-07-07 22:45 . 2006-09-25 21:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\GbPlugin
2009-07-05 19:10 . 2006-10-01 17:35 -------- d-----w- c:\programmi\Microsoft Money
2009-07-03 23:33 . 2006-11-12 21:53 -------- d-----w- c:\programmi\GbPlugin
2009-07-03 22:31 . 2009-01-24 14:13 -------- d-----w- c:\programmi\Norton Security Scan
2009-06-28 21:51 . 2008-05-22 15:45 -------- d-----w- c:\programmi\Netcom3 Cleaner
2009-06-27 17:59 . 2007-10-21 22:19 -------- d-----w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\Nokia
2009-06-20 17:49 . 2007-10-21 22:17 -------- d-----w- c:\programmi\Nokia
2009-06-20 17:47 . 2007-10-21 22:18 -------- d-----w- c:\programmi\DIFX
2009-06-20 17:44 . 2007-10-21 22:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-06-15 19:19 . 2009-02-07 15:48 27056 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2009-06-06 21:53 . 2007-10-21 22:18 -------- d-----w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\PC Suite
2009-06-06 21:53 . 2009-06-06 21:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-06-06 21:53 . 2009-06-06 21:53 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-06 20:10 . 2009-06-06 20:10 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-06 20:10 . 2009-06-06 20:10 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-06 20:10 . 2009-06-06 20:10 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-06 19:34 . 2009-06-06 20:11 34348464 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Nokia_PC_Suite_7_1_26_1_eng_web.exe
2009-05-27 20:16 . 2006-02-27 01:59 488408 ----a-w- c:\windows\system32\perfh010.dat
2009-05-27 20:16 . 2006-02-27 01:59 92692 ----a-w- c:\windows\system32\perfc010.dat
2009-05-21 15:36 . 2009-02-23 22:01 17134 ----a-w- c:\windows\system32\PCANDIS5.SYS
2009-05-21 14:38 . 2007-12-02 22:02 -------- d--h--w- c:\programmi\Scpad
2009-05-07 15:32 . 2006-02-27 01:59 347648 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 01:42 . 2009-05-03 01:42 152576 ----a-w- c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-30 23:58 . 2006-09-11 13:32 90112 ----a-w- c:\windows\DUMP83f5.tmp
2009-04-29 04:45 . 2006-02-27 01:59 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:44 . 2006-02-27 01:59 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:47 . 2006-02-27 01:59 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:52 . 2006-02-27 01:59 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-09_20.08.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 20:55 . 2009-07-11 20:55 16384 c:\windows\Temp\Perflib_Perfdata_f8.dat
+ 2009-07-11 20:55 . 2009-07-11 20:55 16384 c:\windows\Temp\Perflib_Perfdata_7cc.dat
+ 2009-07-11 20:55 . 2009-07-11 20:55 16384 c:\windows\Temp\Perflib_Perfdata_600.dat
+ 2009-07-11 20:55 . 2009-07-11 20:55 16384 c:\windows\Temp\Perflib_Perfdata_124.dat
+ 2009-07-11 20:58 . 2009-07-11 20:58 49152 c:\windows\Temp\CompiledAdapter.dll
- 2009-07-09 20:06 . 2009-07-09 20:06 49152 c:\windows\Temp\CompiledAdapter.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PMCS"="c:\programmi\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-06-08 65536]
"STManager"="c:\programmi\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-10-16 118784]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-12 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2003-11-07 114688]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 184320]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\programmi\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"PDService.exe"="c:\programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 40960]
"Lexmark X1100 Series"="c:\programmi\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-28 29744]
"WinLogT"="c:\windows\WinLogT.exe" [2006-03-30 500224]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]
"PMCRemote"="c:\programmi\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe" [2006-06-08 90112]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-03-24 198160]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-06-29 14720000]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Walter N. P. Stoffel\Menu Avvio\Programmi\Esecuzione automatica\
Gerenciador do HotSync.lnk - c:\programmi\Palm\HOTSYNC.EXE [2003-3-21 299008]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
BlueSoleil.lnk - c:\programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-10-20 1048576]
Update Spybot S&D.lnk.disabled [2009-7-9 1737]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2009-06-18 18:00 302368 ----a-w- c:\progra~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-30 11:12 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Documents and Settings\\Walter N. P. Stoffel\\Impostazioni locali\\Dati applicazioni\\Xenocode\\ApplianceCaches\\KumaClient.exe_v4B8EBC79\\Native\\STUBEXE\\@PROGRAMFILES@\\Kuma Games\\Kuma.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\SpeedTouch\\Dr SpeedTouch\\drst.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"2048:TCP"= 2048:TCP:Akamai NetSession Interface
"1508:TCP"= 1508:TCP:Akamai NetSession Interface
"1519:TCP"= 1519:TCP:Akamai NetSession Interface
"2290:TCP"= 2290:TCP:Akamai NetSession Interface
"1199:TCP"= 1199:TCP:Akamai NetSession Interface
"1092:TCP"= 1092:TCP:Akamai NetSession Interface
"1106:TCP"= 1106:TCP:Akamai NetSession Interface
"1169:TCP"= 1169:TCP:Akamai NetSession Interface
"1118:TCP"= 1118:TCP:Akamai NetSession Interface
"1620:TCP"= 1620:TCP:Akamai NetSession Interface
"3367:TCP"= 3367:TCP:Akamai NetSession Interface
"2433:TCP"= 2433:TCP:Akamai NetSession Interface
"3459:TCP"= 3459:TCP:Akamai NetSession Interface
"4980:TCP"= 4980:TCP:Akamai NetSession Interface
"1178:TCP"= 1178:TCP:Akamai NetSession Interface
"1186:TCP"= 1186:TCP:Akamai NetSession Interface
"1563:TCP"= 1563:TCP:Akamai NetSession Interface
"1103:TCP"= 1103:TCP:Akamai NetSession Interface
"4601:TCP"= 4601:TCP:Akamai NetSession Interface
"2456:TCP"= 2456:TCP:Akamai NetSession Interface
"2466:TCP"= 2466:TCP:Akamai NetSession Interface
"2524:TCP"= 2524:TCP:Akamai NetSession Interface
"3400:TCP"= 3400:TCP:Akamai NetSession Interface
"3107:TCP"= 3107:TCP:Akamai NetSession Interface
"2280:TCP"= 2280:TCP:Akamai NetSession Interface
"1802:TCP"= 1802:TCP:Akamai NetSession Interface
"4748:TCP"= 4748:TCP:Akamai NetSession Interface
"3917:TCP"= 3917:TCP:Akamai NetSession Interface
"4511:TCP"= 4511:TCP:Akamai NetSession Interface
"4592:TCP"= 4592:TCP:Akamai NetSession Interface
"1644:TCP"= 1644:TCP:Akamai NetSession Interface
"4105:TCP"= 4105:TCP:Akamai NetSession Interface
"1607:TCP"= 1607:TCP:Akamai NetSession Interface
"2525:TCP"= 2525:TCP:Akamai NetSession Interface
"1708:TCP"= 1708:TCP:Akamai NetSession Interface
"1093:TCP"= 1093:TCP:Akamai NetSession Interface
"1934:TCP"= 1934:TCP:Akamai NetSession Interface
"1954:TCP"= 1954:TCP:Akamai NetSession Interface
"4085:TCP"= 4085:TCP:Akamai NetSession Interface
"3478:TCP"= 3478:TCP:Akamai NetSession Interface
"3500:TCP"= 3500:TCP:Akamai NetSession Interface
"4175:TCP"= 4175:TCP:Akamai NetSession Interface
"4183:TCP"= 4183:TCP:Akamai NetSession Interface
"1203:TCP"= 1203:TCP:Akamai NetSession Interface
"1700:TCP"= 1700:TCP:Akamai NetSession Interface
"1719:TCP"= 1719:TCP:Akamai NetSession Interface
"1747:TCP"= 1747:TCP:Akamai NetSession Interface
"3184:TCP"= 3184:TCP:Akamai NetSession Interface
"3263:TCP"= 3263:TCP:Akamai NetSession Interface
"4664:TCP"= 4664:TCP:Akamai NetSession Interface
"1625:TCP"= 1625:TCP:Akamai NetSession Interface
"1089:TCP"= 1089:TCP:Akamai NetSession Interface
"1187:TCP"= 1187:TCP:Akamai NetSession Interface
"3152:TCP"= 3152:TCP:Akamai NetSession Interface
"3231:TCP"= 3231:TCP:Akamai NetSession Interface
"3668:TCP"= 3668:TCP:Akamai NetSession Interface
"3765:TCP"= 3765:TCP:Akamai NetSession Interface
"4066:TCP"= 4066:TCP:Akamai NetSession Interface
"4231:TCP"= 4231:TCP:Akamai NetSession Interface
"4242:TCP"= 4242:TCP:Akamai NetSession Interface
"4307:TCP"= 4307:TCP:Akamai NetSession Interface
"4372:TCP"= 4372:TCP:Akamai NetSession Interface
"4458:TCP"= 4458:TCP:Akamai NetSession Interface
"2530:TCP"= 2530:TCP:Akamai NetSession Interface
"2540:TCP"= 2540:TCP:Akamai NetSession Interface
"4235:TCP"= 4235:TCP:Akamai NetSession Interface
"4295:TCP"= 4295:TCP:Akamai NetSession Interface
"2517:TCP"= 2517:TCP:Akamai NetSession Interface
"4237:TCP"= 4237:TCP:Akamai NetSession Interface
"4840:TCP"= 4840:TCP:Akamai NetSession Interface
"4850:TCP"= 4850:TCP:Akamai NetSession Interface
"4905:TCP"= 4905:TCP:Akamai NetSession Interface
"1698:TCP"= 1698:TCP:Akamai NetSession Interface
"2909:TCP"= 2909:TCP:Akamai NetSession Interface
"2567:TCP"= 2567:TCP:Akamai NetSession Interface
"1084:TCP"= 1084:TCP:Akamai NetSession Interface
"3600:TCP"= 3600:TCP:Akamai NetSession Interface
"3616:TCP"= 3616:TCP:Akamai NetSession Interface
"4568:TCP"= 4568:TCP:Akamai NetSession Interface
"4579:TCP"= 4579:TCP:Akamai NetSession Interface
"4629:TCP"= 4629:TCP:Akamai NetSession Interface
"2590:TCP"= 2590:TCP:Akamai NetSession Interface
"4136:TCP"= 4136:TCP:Akamai NetSession Interface
"4836:TCP"= 4836:TCP:Akamai NetSession Interface
"4097:TCP"= 4097:TCP:Akamai NetSession Interface
"4663:TCP"= 4663:TCP:Akamai NetSession Interface
"4679:TCP"= 4679:TCP:Akamai NetSession Interface
"4713:TCP"= 4713:TCP:Akamai NetSession Interface
"3690:TCP"= 3690:TCP:Akamai NetSession Interface
"1593:TCP"= 1593:TCP:Akamai NetSession Interface
"4830:TCP"= 4830:TCP:Akamai NetSession Interface
"4273:TCP"= 4273:TCP:Akamai NetSession Interface
"2279:TCP"= 2279:TCP:Akamai NetSession Interface
"1119:TCP"= 1119:TCP:Akamai NetSession Interface
"1270:TCP"= 1270:TCP:Akamai NetSession Interface
"1159:TCP"= 1159:TCP:Akamai NetSession Interface
"1297:TCP"= 1297:TCP:Akamai NetSession Interface
"1489:TCP"= 1489:TCP:Akamai NetSession Interface
"1131:TCP"= 1131:TCP:Akamai NetSession Interface
"1343:TCP"= 1343:TCP:Akamai NetSession Interface
"1587:TCP"= 1587:TCP:Akamai NetSession Interface
"2087:TCP"= 2087:TCP:Akamai NetSession Interface
"2356:TCP"= 2356:TCP:Akamai NetSession Interface
"2800:TCP"= 2800:TCP:Akamai NetSession Interface
"2813:TCP"= 2813:TCP:Akamai NetSession Interface
"2832:TCP"= 2832:TCP:Akamai NetSession Interface
"4396:TCP"= 4396:TCP:Akamai NetSession Interface
"4461:TCP"= 4461:TCP:Akamai NetSession Interface
"4651:TCP"= 4651:TCP:Akamai NetSession Interface
"4688:TCP"= 4688:TCP:Akamai NetSession Interface
"2163:TCP"= 2163:TCP:Akamai NetSession Interface
"4096:TCP"= 4096:TCP:Akamai NetSession Interface
"4459:TCP"= 4459:TCP:Akamai NetSession Interface
"4502:TCP"= 4502:TCP:Akamai NetSession Interface
"1933:TCP"= 1933:TCP:Akamai NetSession Interface
"3016:TCP"= 3016:TCP:Akamai NetSession Interface
"2484:TCP"= 2484:TCP:Akamai NetSession Interface
"2552:TCP"= 2552:TCP:Akamai NetSession Interface
"2621:TCP"= 2621:TCP:Akamai NetSession Interface
"1894:TCP"= 1894:TCP:Akamai NetSession Interface
"2109:TCP"= 2109:TCP:Akamai NetSession Interface
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"4417:TCP"= 4417:TCP:Akamai NetSession Interface
"4733:TCP"= 4733:TCP:Akamai NetSession Interface
"1518:TCP"= 1518:TCP:Akamai NetSession Interface
"1659:TCP"= 1659:TCP:Akamai NetSession Interface
"4623:TCP"= 4623:TCP:Akamai NetSession Interface
"4653:TCP"= 4653:TCP:Akamai NetSession Interface
"1135:TCP"= 1135:TCP:Akamai NetSession Interface
"1598:TCP"= 1598:TCP:Akamai NetSession Interface
"2340:TCP"= 2340:TCP:Akamai NetSession Interface
"3175:TCP"= 3175:TCP:Akamai NetSession Interface
"3539:TCP"= 3539:TCP:Akamai NetSession Interface
"4717:TCP"= 4717:TCP:Akamai NetSession Interface
"4406:TCP"= 4406:TCP:Akamai NetSession Interface
"4780:TCP"= 4780:TCP:Akamai NetSession Interface
"4887:TCP"= 4887:TCP:Akamai NetSession Interface
"4901:TCP"= 4901:TCP:Akamai NetSession Interface
"4937:TCP"= 4937:TCP:Akamai NetSession Interface
"1229:TCP"= 1229:TCP:Akamai NetSession Interface
"4490:TCP"= 4490:TCP:Akamai NetSession Interface
"4699:TCP"= 4699:TCP:Akamai NetSession Interface
"4744:TCP"= 4744:TCP:Akamai NetSession Interface
"1651:TCP"= 1651:TCP:Akamai NetSession Interface
"1832:TCP"= 1832:TCP:Akamai NetSession Interface
"2861:TCP"= 2861:TCP:Akamai NetSession Interface
"2871:TCP"= 2871:TCP:Akamai NetSession Interface
"2955:TCP"= 2955:TCP:Akamai NetSession Interface
"2377:TCP"= 2377:TCP:Akamai NetSession Interface
"3816:TCP"= 3816:TCP:Akamai NetSession Interface
"4063:TCP"= 4063:TCP:Akamai NetSession Interface
"4285:TCP"= 4285:TCP:Akamai NetSession Interface
"1109:TCP"= 1109:TCP:Akamai NetSession Interface
"3010:TCP"= 3010:TCP:Akamai NetSession Interface
"4517:TCP"= 4517:TCP:Akamai NetSession Interface
"4795:TCP"= 4795:TCP:Akamai NetSession Interface
"2264:TCP"= 2264:TCP:Akamai NetSession Interface
"2271:TCP"= 2271:TCP:Akamai NetSession Interface
"3615:TCP"= 3615:TCP:Akamai NetSession Interface
"2650:TCP"= 2650:TCP:Akamai NetSession Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [07/02/2009 15.48.26 27056]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [28/06/2009 20.15.46 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/12/2008 2.00.43 114768]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [06/07/2004 13.07.06 45627]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [27/02/2006 1.59.34 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/12/2008 2.00.43 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [29/03/2009 1.36.40 55152]
R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [02/05/2008 17.15.50 53552]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;c:\programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe [03/10/2006 16.27.57 100032]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 17.19.58 13592]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [09/06/2002 22.09.08 31232]
S2 gupdate1c9acdbeaa71faa;Servizio di Google Update (gupdate1c9acdbeaa71faa);c:\programmi\Google\Update\GoogleUpdate.exe [24/03/2009 23.54.44 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [03/12/2007 18.47.25 16512]
S3 fsssvc;Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [06/02/2009 17.08.58 533360]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [20/09/2006 17.41.05 29744]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-03-24 23:54]

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-03-24 23:54]

2009-07-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download ALL with IDA
IE: Download with IDA
IE: Trasferimento tramite Image Converter 2 Plus - c:\programmi\Sony\Image Converter 2\menu.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game13.zylom.com/activex/zylomgamesplayer.cab
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab
FF - ProfilePath - c:\documents and settings\Walter N. P. Stoffel\Dati applicazioni\Mozilla\Firefox\Profiles\urnf1m7y.default\
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 20:59
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2880746800-4292816137-381910254-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,ce,49,18,51,ab,
bb,e2,94,e2,63,26,f1,3f,c8,ff,68,ee,4a,33,79,6f,25,9c,8b,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,fe,dc,d8,79,75,
e9,6f,6b,6a,9c,d6,61,af,45,84,18,48,24,b8,44,63,ae,11,2d,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,c0,68,9d,ad,f7,
e8,a2,43,ff,7c,85,e0,43,d4,0e,fe,b8,50,da,f0,a1,c8,c6,23,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,c8,e0,d7,97,b1,
50,a2,35,86,8c,21,01,be,91,eb,e7,65,f2,96,25,ea,63,2f,46,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,cd,2b,3c,29,36,
f2,0f,d5,f5,1d,4d,73,a8,13,5c,05,98,5b,cc,41,7d,ca,74,d1,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,0f,b0,1c,60,ea,
56,e0,03,df,20,58,62,78,6b,cf,c8,76,f8,d5,88,92,61,c1,9b,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,57,95,a1,04,60,
69,b2,5e,fb,a7,78,e6,12,2f,9a,ea,84,6e,91,fb,42,c7,af,60,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,29,5a,e1,75,7c,
7d,2f,9e,01,3a,48,fc,e8,04,4a,f1,cd,ca,96,a8,c4,b2,1f,9d,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,17,16,db,1e,1c,
e2,ff,06,f6,0f,4e,58,98,5b,89,c9,98,72,ff,87,ed,8f,90,cf,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,22,67,08,ca,54,
21,b8,85,3d,ce,ea,26,2d,45,aa,78,e4,ae,93,2e,25,af,59,aa,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,3a,b6,90,38,e7,
9f,32,b6,2a,b7,cc,b5,b9,7f,41,e7,c9,08,a5,c7,6d,9f,22,7c,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,43,a5,4c,81,b7,
a6,f9,a3,6c,43,2d,1e,aa,22,2f,9c,9c,b6,d5,ba,8c,73,2f,c0,6c,43,2d,1e,aa,22,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1104)
c:\progra~1\GBPLUGIN\gbieh.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(4864)
c:\progra~1\GBPLUGIN\gbieh.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\programmi\Scpad\scpLIB.dll
c:\programmi\Scpad\scpMIB.dll
c:\programmi\Scpad\sshib.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\IVT Corporation\BlueSoleil\BTNtService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\tcpsvcs.exe
c:\programmi\Sony\VAIO Event Service\VESMgr.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\programmi\Canon\CAL\CALMAIN.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\programmi\Apoint\ApntEx.exe
c:\programmi\Lexmark X1100 Series\lxbkbmon.exe
c:\programmi\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
c:\programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\Windows Live\Contacts\wlcomm.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-07-11 21.09.38 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-07-11 21:09
ComboFix2.txt 2009-07-10 23:07
ComboFix3.txt 2009-07-09 20:17

Pre-Run: 10.970.247.168 byte disponibili
Post-Run: 11.190.460.416 byte disponibili

570 --- E O F --- 2009-07-06 19:42



Kaspersky

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, July 12, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, July 11, 2009 22:10:49
Records in database: 2460935
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 111612
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 02:56:06


File name / Threat name / Threats count
C:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP507\A0059176.exe Infected: Hoax.Win32.BadJoke.Stupen.c 1
C:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP507\A0059178.exe Infected: Hoax.Win32.BadJoke.Delf.n 1

The selected area was scanned.

#8 e-tech

e-tech

    The Decontaminator

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,891 posts

Posted 12 July 2009 - 07:30 AM

Hello WaSt!

We are almost done with the cleaning process.

Please use the Internet Explorer and run a BitDefender Online scan from Here
  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply.

Best regards

e-tech

My fight is dedicated to the children with autism - please support and help these kids.

Our greatest glory is not in never falling but in rising every time we fall.
- Confucius


#9 WaSt

WaSt

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 12 July 2009 - 02:35 PM

Hi, e-tech!

Here it is the report from BitDefender.


BitDefender Online Scanner
Scan report generated at: Sun, Jul 12, 2009 - 18:55:24
Scan path: C:\;D:\;E:\;F:\;

Statistics
Time 04:08:53
Files 527371
Folders 11637
Boot Sectors 0
Archives 54545
Packed Files 12471

Results
Identified Viruses 5
Infected Files 5
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 8

Engines Info
Virus Definitions 3681938
Engine build AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
Scan plugins 17
Archive plugins 45
Unpack plugins 7
E-mail plugins 6
System plugins 4

Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes

Scanned File Status
C:\Documents and Settings\Walter N. P. Stoffel\Desktop\KEYGEN.EXE Infected with: Trojan.Keygen.AQ
C:\Documents and Settings\Walter N. P. Stoffel\Desktop\KEYGEN.EXE Deleted
C:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP507\A0059175.exe=>(Quarantine-2) Detected with: Application.Joke.Interrompa.A
C:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP507\A0059175.exe=>(Quarantine-2) Disinfection failed
C:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP507\A0059175.exe=>(Quarantine-2) Deleted
C:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP507\A0059175.exe Deleted
C:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP507\A0059176.exe=>(Quarantine-2) Infected with: Joke.Stupen.B
C:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP507\A0059176.exe=>(Quarantine-2) Deleted
C:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP507\A0059176.exe Deleted
C:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP507\A0059178.exe=>(Quarantine-2) Infected with: Backdoor.Darkmoon.U
C:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP507\A0059178.exe=>(Quarantine-2) Deleted
C:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP507\A0059178.exe Deleted
D:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP502\A0058841.EXE Infected with: Trojan.Keygen.AQ
D:\System Volume Information\_restore{B0F7D85B-ECA5-42BE-93C9-5E98A54325A8}\RP502\A0058841.EXE Deleted




BitDefender Online Scanner - Real Time Virus Report
Generated at: Sun, Jul 12, 2009 - 18:58:01


Scan Info

Scanned Files 539136
Infected Files 5

Virus Detected

Application.Joke.Interrompa.A 1
Trojan.Keygen.AQ 2
Joke.Stupen.B 1
Backdoor.Darkmoon.U 1

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.


Thanks again and best regards.

WaSt

#10 e-tech

e-tech

    The Decontaminator

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,891 posts

Posted 12 July 2009 - 03:10 PM

Hello WaSt

You computer appears to be clean now.

One of the infection is caused by the keygen file on your computer. Crack, keygen and pirate sites are places some folks go to look for keys and workarounds to illegally use products rather than buy them. In many cases, these sites are infected with a smörgåsbord of malware and an increasing source of system infection. They can lead to other sites containing more malware which you can inadvertently download without knowledge or consent. In some instances an infection may cause so much damage to your system that it cannot be successfully cleaned or repaired. In those cases, recovery is not possible and the only option is to reformat/reinstall the OS.

So I hope you will agree to stop downloading cracks. Otherwise, you are almost certain to become reinfected and I will just be wasting my time.

I will not help you if you are going to be downloading cracks, so I hope you will agree to stop doing so.

If you use those kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen and pirated software sites. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling Windows.




One or more of the identified infections was a backdoor trojan.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever be trusted again. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall




Java is out of date and older versions contain vulnerabilities. Please update to the newest version.
Download and save to your Desktop the latest version of the Java Runtime Environment (JRE) from here.
Please download JavaRa and unzip it to your Desktop.

***Please close any instances of Internet Explorer before continuing!***

* Double-click on JavaRa.exe to start the program.
* From the drop-down menu, choose English and click on Select.
* JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
* Click Yes when prompted.
* When JavaRa is finished, a notice will appear that a logfile has been produced. Click OK.
* A logfile will pop up. Please save it to a convenient location.

Finally, reboot the computer, then install the Java you downloaded earlier.



Time for some housekeeping.
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
ComboFix /u

Posted Image




Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:


Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.
A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available A tutorial on understanding and using firewalls may be found here.



Please navigate to http://windowsupdate.microsoft.com and download all the "Critical Updates" for Windows. These will patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.


As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection.

However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them. .

Make sure your programs are up to date. Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure.

If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewa...nti-spyware.htm

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)



Best regards

e-tech

Edited by e-tech, 12 July 2009 - 03:11 PM.

My fight is dedicated to the children with autism - please support and help these kids.

Our greatest glory is not in never falling but in rising every time we fall.
- Confucius


#11 e-tech

e-tech

    The Decontaminator

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,891 posts

Posted 13 July 2009 - 01:26 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

My fight is dedicated to the children with autism - please support and help these kids.

Our greatest glory is not in never falling but in rising every time we fall.
- Confucius





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button