Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malwares on PC and Trojans on USB Pendrives

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malwares on PC and Trojans on USB Pendrives

Unread postby Flegias » February 4th, 2009, 4:39 am

Yes, I really think there are some type of malwares on my PC and surely some type of trojans on my two pendrive.

This is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.32.08, on 04/02/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINNT\system32\bgsvcgen.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\oodag.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\WINNT\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\Programmi\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [DrvLsnr] C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: BTTray.lnk = C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} (CrazyTalk4 Control) - http://plug-in.reallusion.com/CrazyTalk4.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46AA183D-08D8-4F06-99CC-5F02635E7636}: NameServer = 151.99.125.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5E72B87-5298-4953-BD78-BAD92DCB4C6F}: NameServer = 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{46AA183D-08D8-4F06-99CC-5F02635E7636}: NameServer = 151.99.125.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{46AA183D-08D8-4F06-99CC-5F02635E7636}: NameServer = 151.99.125.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINNT\system32\bgsvcgen.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: FLIR Camera Monitor (CameraMonitor) - FLIR Systems - C:\Programmi\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: FLIR Systems Camera Monitor (T3Srv) - FLIR Systems - C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe

--
End of file - 6645 bytes


And this is the alert message of Kaspersky AV when i connect my USB pendrives.

Image
Image

Help me please!
Flegias
Flegias
Regular Member
 
Posts: 28
Joined: February 3rd, 2009, 6:38 am
Advertisement
Register to Remove

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby peku006 » February 12th, 2009, 9:38 am

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Please continue to respond until I give you the "All Clear"

If you follow these instructions, everything should go smoothly.

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform full scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found here:

    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


2 - download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
description of any problems you are having with your PC

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby Flegias » February 12th, 2009, 11:48 am

Hello peku006!

Thank you for helping me!

The scan with Malwarebytes' Anti-Malware found 4 infections but they were on 2 other pcs (even if I didn't select the rispective letter drive)
Here's the log:

Malwarebytes' Anti-Malware 1.34
Versione del database: 1753
Windows 5.0.2195 Service Pack 4

12/02/2009 16.15.29
mbam-log-2009-02-12 (16-15-29).txt

Tipo di scansione: Scansione completa (A:\|C:\|D:\|E:\|F:\|G:\|)
Elementi scansionati: 107278
Tempo trascorso: 1 hour(s), 14 minute(s), 14 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 1
File infetti: 3

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
H:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 (Trojan.Conficker.H) -> Quarantined and deleted successfully.

File infetti:
H:\autorun.inf (Trojan.Conficker.H) -> Quarantined and deleted successfully.
H:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx (Trojan.Conficker.H) -> Quarantined and deleted successfully.
T:\autorun.inf (Trojan.Conficker.H) -> Delete on reboot.


Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-02-12 16:34:36
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 3 GB (32%) free of 10 GB
Total RAM: 511 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.34.55, on 12/02/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINNT\system32\bgsvcgen.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\oodag.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Programmi\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [DrvLsnr] C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: BTTray.lnk = C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} (CrazyTalk4 Control) - http://plug-in.reallusion.com/CrazyTalk4.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46AA183D-08D8-4F06-99CC-5F02635E7636}: NameServer = 151.99.125.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5E72B87-5298-4953-BD78-BAD92DCB4C6F}: NameServer = 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{46AA183D-08D8-4F06-99CC-5F02635E7636}: NameServer = 151.99.125.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{46AA183D-08D8-4F06-99CC-5F02635E7636}: NameServer = 151.99.125.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINNT\system32\bgsvcgen.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: FLIR Camera Monitor (CameraMonitor) - FLIR Systems - C:\Programmi\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: FLIR Systems Camera Monitor (T3Srv) - FLIR Systems - C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe

--
End of file - 6706 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-07-17 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Radio - C:\WINNT\system32\msdxm.ocx [2005-06-03 850192]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - G:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DrvLsnr"=C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe [2003-05-08 69632]
"Synchronization Manager"=mobsync.exe /logon []
"AVP"=C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-10 201992]
"NvCplDaemon"=C:\WINNT\system32\NvCpl.dll [2003-07-28 4841472]
"nwiz"=nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=3
"SCardSvr"=3
"SCardDrv"=3
"Adobe LM Service"=3
"BITS"=3
"wuauserv"=2
"Messenger"=2

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
BTTray.lnk - C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~1\kasper~1\kasper~1\mzvkbd.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINNT\system32\klogon.dll [2008-04-25 206088]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.scr - open - "%windir%\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-02-12 16:34:36 ----D---- C:\rsit
2009-02-10 16:39:03 ----D---- C:\Lop SD
2009-02-04 16:47:25 ----SHD---- C:\RECYCLER
2009-02-02 16:33:45 ----D---- C:\Programmi\EsetOnlineScanner
2009-02-02 16:21:01 ----D---- C:\_OTMoveIt
2009-02-02 14:12:42 ----D---- C:\Programmi\TVAnts
2009-01-29 15:41:43 ----D---- C:\Documents and Settings\Administrator\Dati applicazioni\WinRAR
2009-01-29 15:27:54 ----D---- C:\WINNT\ERUNT
2009-01-29 15:24:09 ----A---- C:\WINNT\ntbtlog.txt
2009-01-29 15:13:04 ----D---- C:\SDFix
2009-01-29 14:47:36 ----D---- C:\Rooter$
2009-01-29 09:16:22 ----A---- C:\WINNT\gmer.ini
2009-01-29 09:16:19 ----A---- C:\WINNT\gmer_uninstall.cmd
2009-01-29 09:16:19 ----A---- C:\WINNT\gmer.exe
2009-01-29 09:16:19 ----A---- C:\WINNT\gmer.dll
2009-01-28 14:23:24 ----RASHD---- C:\autorun.inf
2009-01-27 11:12:25 ----A---- C:\WINNT\system32\E_DCINST.DLL
2009-01-21 12:34:55 ----D---- C:\Documents and Settings\Administrator\Dati applicazioni\Thunderbird
2009-01-19 12:06:31 ----D---- C:\Programmi\Nsasoft

======List of files/folders modified in the last 1 months======

2009-02-12 16:34:37 ----D---- C:\Programmi\HijackThis
2009-02-12 16:28:16 ----AD---- C:\WINNT\system32
2009-02-12 16:27:00 ----AD---- C:\WINNT\Temp
2009-02-12 16:24:05 ----D---- C:\Programmi\Mozilla Thunderbird
2009-02-12 16:23:24 ----D---- C:\Programmi\Mozilla Firefox
2009-02-12 16:22:30 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2009-02-12 16:22:01 ----AD---- C:\WINNT\Debug
2009-02-12 16:20:29 ----D---- C:\WINNT\system32\NtmsData
2009-02-12 16:18:23 ----AD---- C:\WINNT\system32\drivers
2009-02-12 16:16:51 ----A---- C:\WINNT\SchedLgU.Txt
2009-02-12 14:55:27 ----D---- C:\Programmi\Malwarebytes' Anti-Malware
2009-02-12 14:14:35 ----A---- C:\WINNT\NeroDigital.ini
2009-02-12 09:08:42 ----AD---- C:\WINNT\security
2009-02-09 09:24:02 ----D---- C:\Programmi\Look@LAN
2009-02-03 17:02:21 ----HD---- C:\WINNT\system32\GroupPolicy
2009-02-02 16:59:33 ----SD---- C:\WINNT\Downloaded Program Files
2009-02-02 16:33:45 ----AD---- C:\Programmi
2009-01-29 15:40:28 ----HD---- C:\WINNT\inf
2009-01-29 15:40:28 ----AD---- C:\WINNT\Help
2009-01-29 15:40:22 ----RASHDC---- C:\WINNT\system32\dllcache
2009-01-29 15:38:03 ----AD---- C:\WINNT
2009-01-29 15:08:16 ----D---- C:\Programmi\MessengerPlus! 3
2009-01-29 11:23:24 ----D---- C:\Programmi\EvilLyrics
2009-01-27 11:17:58 ----D---- C:\Programmi\EPSON Print CD
2009-01-22 10:11:19 ----SHD---- C:\WINNT\Installer
2009-01-22 10:11:19 ----AHD---- C:\Config.Msi
2009-01-21 12:29:47 ----D---- C:\Programmi\CCleaner
2009-01-16 10:46:46 ----D---- C:\Programmi\Mplayerc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys [2005-11-03 2432]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2005-11-03 2560]
R1 DcCam;Kodak Camera Proxy; C:\WINNT\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
R1 kbdhid;Driver di tastiera HID; C:\WINNT\System32\DRIVERS\kbdhid.sys [1999-12-22 13776]
R1 KLIF;Kaspersky Lab Driver; C:\WINNT\system32\DRIVERS\klif.sys [2009-02-10 215824]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINNT\system32\drivers\dcfs2k.sys [2005-03-31 38673]
R2 eugss;EUTRON SmartKey GSS2 Driver; \??\C:\WINNT\system32\Drivers\eugss2k.sys []
R2 eusk2par;EUTRON SmartKey Parallel Driver; \??\C:\WINNT\system32\Drivers\eusk2par.sys []
R2 HidUsb;Driver di classe HID Microsoft; C:\WINNT\System32\DRIVERS\hidusb.sys [1999-10-04 13904]
R3 aeaudio;aeaudio; C:\WINNT\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 btaudio;Periferica audio Bluetooth; C:\WINNT\system32\drivers\btaudio.sys [2005-09-16 428269]
R3 BTKRNL;Enumeratore bus Bluetooth; C:\WINNT\system32\drivers\btkrnl.sys [2005-09-16 853258]
R3 dtscsi;dtscsi; C:\WINNT\System32\Drivers\dtscsi.sys [2007-03-09 223128]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINNT\system32\DRIVERS\klim5.sys [2008-03-25 24592]
R3 nv;nv; C:\WINNT\system32\DRIVERS\nv4_mini.sys [2003-07-28 1341339]
R3 pfc;Padus ASPI Shell; C:\WINNT\system32\drivers\pfc.sys [2007-08-10 10368]
R3 rtl8139;Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver; C:\WINNT\System32\DRIVERS\RTL8139.SYS [1999-09-25 18704]
R3 smwdm;smwdm; C:\WINNT\system32\drivers\smwdm.sys [2003-05-27 578304]
R3 StillCam;Driver per fotocamera digitale seriale; C:\WINNT\System32\DRIVERS\serscan.sys [1999-12-22 6832]
R3 uhcd;Driver host controller Universal USB Microsoft; C:\WINNT\System32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbhub;Driver hub USB standard Microsoft; C:\WINNT\System32\DRIVERS\usbhub.sys [2003-06-19 40176]
S1 Exportit;Exportit; C:\WINNT\system32\DRIVERS\exportit.sys [2005-03-31 152081]
S2 Eutron-Emu;Eutron-Emu; C:\WINNT\System32\drivers\Eutron-Emu.sys [2006-08-19 9216]
S3 Bcim;Bandwidth Controller kernel component; C:\WINNT\system32\DRIVERS\bcim.sys []
S3 BT2KNDFL;Driver del server di accesso alla rete LAN Bluetooth - Filter; C:\WINNT\system32\DRIVERS\bt2kndfl.sys [2005-09-16 3879]
S3 BTDriver;Driver di comunicazioni virtuali Bluetooth; C:\WINNT\system32\DRIVERS\btport.sys [2005-09-16 30363]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINNT\system32\DRIVERS\btwdndis.sys [2005-09-16 148360]
S3 btwhid;btwhid; C:\WINNT\system32\DRIVERS\btwhid.sys [2004-01-20 43299]
S3 btwmodem;Modem Bluetooth; C:\WINNT\system32\DRIVERS\btwmodem.sys [2005-09-16 30221]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINNT\System32\Drivers\btwusb.sys [2005-09-16 64344]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 DcFpoint;DcFpoint; C:\WINNT\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
S3 DcLps;Legacy Polling Service; C:\WINNT\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
S3 DcPTP;dcptp; C:\WINNT\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
S3 E100B;Intel(R) PRO Network Connection Driver; C:\WINNT\System32\DRIVERS\e100bnt5.sys [2007-03-14 154760]
S3 eusk3usb;SmartKey 3 USB; C:\WINNT\System32\Drivers\eusk3usb.sys []
S3 FLIRUSBRNDIS;FLIR Camera USB Network Device Driver; C:\WINNT\system32\DRIVERS\usb8023k.sys [2006-05-05 13824]
S3 gmer;gmer; C:\WINNT\System32\DRIVERS\gmer.sys [2009-01-29 85969]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINNT\system32\DRIVERS\ewusbmdm.sys [2006-12-04 88960]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINNT\system32\DRIVERS\motccgp.sys [2007-06-20 17920]
S3 motccgpfl;MotCcgpFlService; C:\WINNT\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device; C:\WINNT\system32\DRIVERS\motodrv.sys [2007-09-07 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINNT\system32\DRIVERS\motmodem.sys [2007-06-20 23680]
S3 mouhid;Driver di mouse HID; C:\WINNT\System32\DRIVERS\mouhid.sys [2003-06-19 11632]
S3 MPE;BDA MPE Filter; C:\WINNT\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 nv4;nv4; C:\WINNT\System32\DRIVERS\nv4.sys [1999-10-27 345040]
S3 skeyusb;SmartKey USB; C:\WINNT\System32\Drivers\skeyusb.sys [2006-03-10 43968]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 TSP;TSP; \??\C:\WINNT\system32\drivers\klif.sys []
S3 UALFDrv2;UALFDrv2; C:\WINNT\System32\DRIVERS\UALFDrv2.sys [2006-09-12 46309]
S3 usbaudio;Driver audio USB (WDM); C:\WINNT\system32\drivers\usbaudio.sys [1999-10-12 68912]
S3 usbprint;Classe stampanti USB Microsoft; C:\WINNT\System32\DRIVERS\usbprint.sys [2003-06-19 21872]
S3 usbscan;Driver scanner USB; C:\WINNT\System32\DRIVERS\usbscan.sys [2003-06-19 12592]
S3 USBSTOR;Driver archiviazione di massa USB; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINNT\system32\DRIVERS\vmnetadapter.sys []
S3 Wdf01000;Wdf01000; C:\WINNT\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; C:\WINNT\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Anti-Virus; C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-10 201992]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINNT\system32\bgsvcgen.exe [2005-04-30 86016]
R2 btwdins;Bluetooth Service; C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe [2005-09-16 266295]
R2 CameraMonitor;FLIR Camera Monitor; C:\Programmi\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe [2006-06-08 140896]
R2 HidServ;HID Input Service; C:\WINNT\system32\hidserv.exe [2003-06-19 19728]
R2 KodakCCS;Kodak Camera Connection Software; C:\WINNT\system32\drivers\KodakCCS.exe [2005-03-30 411920]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINNT\System32\svchost.exe [1999-12-23 7952]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINNT\system32\nvsvc32.exe [2003-07-28 77824]
R2 O&O Defrag;O&O Defrag; C:\WINNT\system32\oodag.exe [2008-09-04 1295616]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINNT\System32\svchost.exe [1999-12-23 7952]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 StiSvc;Still Image Service; C:\WINNT\system32\stisvc.exe [2003-06-19 62224]
R2 T3Srv;FLIR Systems Camera Monitor; C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe [2007-02-01 140896]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-29 654848]
S3 hpqcxs08;hpqcxs08; C:\WINNT\system32\svchost.exe [1999-12-23 7952]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe [2007-06-27 79360]
S3 WmdmPmSN;Servizio Numero di serie per dispositivi multimediali portatili; C:\WINNT\System32\svchost.exe [1999-12-23 7952]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-02-12 16:35:01

======Uninstall list======

-->C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
-->msiexec /x{1C32666E-3F65-4A9A-BC4D-FE293015FE7B}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{2ECB009A-87BC-4E01-977E-65DA01E64D7D}\Setup.exe" -l0x10
32 Bit HP BiDi Channel Components Installer-->MsiExec.exe /I{9DE3F260-B88E-42CE-90E7-73C78C37D95E}
ACDSee Pro-->MsiExec.exe /I{F99F74B4-972B-4B06-B893-6B3B0DB0128B}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINNT\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 9 - Italiano-->MsiExec.exe /I{AC76BA86-7AD7-1040-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\Install.log
Aggiornamento cumulativo 1 per Windows 2000 SP4-->"C:\WINNT\$NtUpdateRollupPackUninstall$\spuninst\spuninst.exe"
Aggiornamento del sistema Windows Media Player (9 Series)-->C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
Aggiornamento rapido di Windows Media Player [Per ulteriori informazioni vedere Q828026]-->C:\WINNT\$NtUninstallQ828026$\spuninst\spuninst.exe
AutoPlay Media Studio 6.0 Mega Content Pack-->"C:\WINNT\AutoPlay Media Studio 6.0 Mega Content Pack\uninstall.exe" "/U:C:\Programmi\AutoPlay Media Studio 6.0\Gallery\Uninstall\uninstall.xml"
AutoPlay Media Studio 6.0-->"C:\WINNT\AutoPlay Media Studio 6.0\uninstall.exe" "/U:C:\Programmi\AutoPlay Media Studio 6.0\Uninstall\uninstall.xml"
CCleaner (remove only)-->"C:\Programmi\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
dBpoweramp Music Converter-->"C:\WINNT\system32\SpoonUninstall.exe" <uninstall>C:\WINNT\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Ogg Vorbis Codec-->"C:\WINNT\system32\SpoonUninstall.exe" <uninstall>C:\WINNT\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
eMule-->"G:\Programmi\eMule\Uninstall.exe"
EPSON PhotoQuicker3.5-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x10 uninst
EPSON Print CD-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x10 -SYSTEM
ESET Online Scanner-->C:\WINNT\system32\OnlineScannerUninstaller.exe
EvilLyrics-->"C:\Programmi\EvilLyrics\uninst.exe"
FLIR FireWire Video Driver V2-->MsiExec.exe /X{49935EAC-4121-43E2-8FFA-E6F38F8FBE98}
FLIR USB Network Driver V2-->MsiExec.exe /X{F651FA4D-2AA0-440B-B0EB-2FB77CCC54D5}
FreePortScanner 2.7-->"C:\Programmi\Nsasoft\FreePortScanner\unins000.exe"
HijackThis 2.0.2-->"C:\Programmi\HijackThis\HijackThis.exe" /uninstall
Hotfix for MDAC 2.53 (KB911562)-->"C:\WINNT\$SQLUninstallMDAC25SP3-KB911562-x86-ITA$\spuninst\spuninst.exe"
Hotfix for MDAC 2.80 (KB927779)-->"C:\WINNT\$SQLUninstallMDAC28-KB927779-x86-ITA$\spuninst\spuninst.exe"
HP Extended Capabilities 5.3-->C:\Programmi\hp\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP LaserJet M1522 MFP Series 4.0-->C:\Programmi\HP\Digital Imaging\{C8A37F1F-E13B-48ae-93F8-4669264969F9}\setup\hpzscr01.exe -datfile hppscr08.dat -onestop -forcereboot
hp LaserJet-all-in-one-->C:\Programmi\hp\Digital Imaging\{1B4B2D13-BA87-4c7c-8B67-0EE7CE698415}\setup\hpzscr01.exe -datfile hpbscr01.dat
Intel(R) PRO Network Connections 12.1.12.0-->MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Kaspersky Anti-Virus 6.0-->MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
LaserAIO-->MsiExec.exe /I{DD23CAA4-8872-4B95-B263-EA46FD82CF19}
Look@LAN 2.50 Build 35-->C:\WINNT\iun6002.exe "C:\Programmi\Look@LAN\irunin.ini"
Malwarebytes' Anti-Malware-->"C:\Programmi\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1 Italian Language Pack-->MsiExec.exe /X{F2D2B58B-B2FD-46D1-8319-DCE564079934}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 - Language Pack (italiano)-->C:\WINNT\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - ITA\install.exe
Microsoft .NET Framework 2.0-->C:\WINNT\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internet Explorer 6 SP1-->rundll32 C:\WINNT\system32\setupwbv.dll,IE6Maintenance C:\Programmi\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINNT\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010410-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.6)-->C:\Programmi\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.19)-->C:\Programmi\Mozilla Thunderbird\uninstall\helper.exe
MSN Messenger 7.5-->MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
Nero 8 Lite 8.3.6.0-->"C:\Programmi\Nero\unins000.exe"
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINNT\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
O&O Defrag Professional Edition-->MsiExec.exe /I{E6CB18CD-04EF-4C6A-A5F3-5F49E7332895}
OrderReminder hp LaserJet 3015/3020/3030/3380-->C:\Programmi\Hewlett-Packard\OrderReminder\OrderReminder\Uninstall-hpLJ_3015-3020-3030-3380\installerhelper.exe C:\Programmi\Hewlett-Packard\OrderReminder\OrderReminder\Uninstall-hpLJ_3015-3020-3030-3380\installerhelper.properties -from-addremove
Pacchetto driver Windows - FLIR Systems (FLIRUSBRNDIS) Net (01/01/2005 1.0.0.1)-->rundll32.exe C:\PROGRA~1\DIFX\613CA917A2352ABE05BF59AA6EBFE49306A8B670\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINNT\system32\DRVSTORE\RNDIS_FLIR_4AD9BC6F64A01B215B94F2012A3D5477A6BB13DD\RNDIS_FLIR.inf
ScanToWeb-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SISLabel-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{3C819ADC-4E02-11D6-9552-0008C73ADDFE}\setup.exe"
Skype 3.1-->"C:\Programmi\Skype\Phone\unins000.exe"
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Software Kodak EasyShare-->C:\Documents and Settings\All Users\Dati applicazioni\Kodak\EasyShareSetup\$SETUP_1e0010_1274da\Setup.exe /APR-REMOVE
Software per stampante EPSON-->C:\WINNT\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
SoundMAX-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
SPAC Automazione 2008 (C:\Programmi\SPAC Aut


Another infection found by Kaspersky:
Image

Kaspersky try to disinfect it by a particular procedure that include a reboot of the pc.
But the infection still remain.
Flegias
Regular Member
 
Posts: 28
Joined: February 3rd, 2009, 6:38 am

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby peku006 » February 12th, 2009, 12:08 pm

Hello Flegias

1 - Scan With ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable Anti-virus

Please include the C:\ComboFix.txt in your next reply for further review.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby Flegias » February 12th, 2009, 1:08 pm

peku006,
Take your time, reply with no hurry because I'll come back to this forum tomorrow!
Thank you again for helping me!!!!

Kaspersky still detect the previous infection.


ComboFix 09-02-11.03 - Administrator 12/02/2009 17.38.52.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1040.18.511.342 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\bacddd.ini
c:\winnt\ehgffe.ini
c:\winnt\Web\default.htt
c:\winnt\wwvxbc.ini
c:\winnt\wybbeg.ini
c:\winnt\xayxbc.ini
c:\winnt\yxyyyb.ini

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE


((((((((((((((((((((((((( Files Creati Da 2009-01-12 al 2009-02-12 )))))))))))))))))))))))))))))))))))
.

2009-02-12 16:34 . 09-02-12 16:35 <DIR> d-------- C:\rsit
2009-02-10 16:39 . 09-02-10 16:39 <DIR> d-------- C:\Lop SD
2009-02-02 16:33 . 09-02-02 19:22 <DIR> d-------- c:\programmi\EsetOnlineScanner
2009-02-02 16:21 . 09-02-02 16:21 <DIR> d-------- C:\_OTMoveIt
2009-02-02 14:12 . 09-02-02 16:15 <DIR> d-------- c:\programmi\TVAnts
2009-01-29 15:27 . 09-01-29 15:28 <DIR> d-------- c:\winnt\ERUNT
2009-01-29 15:13 . 09-01-29 15:53 <DIR> d-------- C:\SDFix
2009-01-29 14:47 . 09-01-29 16:30 <DIR> d-------- C:\Rooter$
2009-01-29 09:16 . 09-01-29 09:17 250 --a------ c:\winnt\gmer.ini
2009-01-27 11:12 . 03-07-16 14:14 31,744 --a------ c:\winnt\system32\E_DCINST.DLL
2009-01-27 11:12 . 01-09-04 03:04 182 --a------ c:\winnt\system32\EBPPORT4.DAT
2009-01-21 12:34 . 09-01-30 17:14 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Thunderbird
2009-01-19 12:06 . 09-01-19 12:06 <DIR> d-------- c:\programmi\Nsasoft
2009-01-12 12:05 . 09-01-12 12:05 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Media Player Classic
2009-01-12 12:04 . 09-01-16 10:46 <DIR> d-------- c:\programmi\Mplayerc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 16:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-02-12 15:24 --------- d-----w c:\programmi\Mozilla Thunderbird
2009-02-12 13:55 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-02-11 09:19 38,496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\winnt\system32\drivers\mbam.sys
2009-02-10 10:26 33,808 ----a-w c:\winnt\system32\drivers\klbg.sys
2009-02-09 08:24 --------- d-----w c:\programmi\Look@LAN
2009-02-04 08:03 89,601 ----a-w c:\winnt\system32\drivers\klick.dat
2009-02-04 08:03 101,287 ----a-w c:\winnt\system32\drivers\klin.dat
2009-01-29 14:08 --------- d-----w c:\programmi\MessengerPlus! 3
2009-01-29 10:23 --------- d-----w c:\programmi\EvilLyrics
2009-01-27 10:17 --------- d-----w c:\programmi\EPSON Print CD
2009-01-21 11:29 --------- d-----w c:\programmi\CCleaner
2009-01-09 11:25 --------- d-----w c:\programmi\File comuni\Real
2009-01-09 11:24 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-09 11:24 --------- d-----w c:\programmi\Mozilla Sunbird
2009-01-09 11:24 --------- d-----w c:\programmi\File comuni\FLIR Systems
2009-01-09 11:24 --------- d-----w c:\programmi\EPSON
2009-01-09 09:09 --------- d-----w c:\programmi\OO Software
2009-01-08 16:43 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\SDProget
2009-01-08 16:43 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\SDProget
2009-01-08 10:05 720,896 ----a-w c:\winnt\iun6002.exe
2008-12-16 15:51 --------- d-----w c:\programmi\NOS
2008-12-16 15:51 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\NOS
2008-12-16 13:25 --------- d-----w c:\programmi\File comuni\Adobe
2008-04-10 13:24 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2007-01-05 10:26 271 ---h--w c:\programmi\desktop.ini
2007-01-05 10:26 22,075 ---h--w c:\programmi\folder.htt
2007-07-26 23:06 479,232 ----a-w c:\programmi\mozilla firefox\plugins\msvcm80.dll
2007-07-26 23:06 548,864 ----a-w c:\programmi\mozilla firefox\plugins\msvcp80.dll
2007-07-26 23:06 626,688 ----a-w c:\programmi\mozilla firefox\plugins\msvcr80.dll
2006-06-21 06:52 171,926 --sha-r c:\winnt\system32\seszv.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvLsnr"="c:\programmi\Analog Devices\SoundMAX\DrvLsnr.exe" [03-05-08 12:34 69632]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [09-02-10 11:26 201992]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [03-07-28 14:19 4841472]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 111376 c:\winnt\system32\mobsync.exe]
"nwiz"="nwiz.exe" [03-07-28 14:19 323584 c:\winnt\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [99-12-23 01:00 20752 c:\winnt\system32\internat.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\programmi\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 188176]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-09-16 610365]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=3 (0x3)
"SCardSvr"=3 (0x3)
"SCardDrv"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"BITS"=3 (0x3)
"wuauserv"=2 (0x2)
"Messenger"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R?2 nolxwqs;Center Monitor;c:\winnt\system32\svchost.exe -k netsvcs [1999-12-23 7952]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\winnt\system32\drivers\klbg.sys [2008-01-29 33808]
R2 CameraMonitor;FLIR Camera Monitor;c:\programmi\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe [2006-06-08 140896]
R2 eugss;EUTRON SmartKey GSS2 Driver;c:\winnt\system32\drivers\eugss2k.sys [2008-01-18 63336]
R2 eusk2par;EUTRON SmartKey Parallel Driver;c:\winnt\system32\drivers\eusk2par.sys [2008-01-18 30656]
R2 T3Srv;FLIR Systems Camera Monitor;c:\programmi\FLIR Systems\Device Drivers\T3Srv.exe [2007-02-01 140896]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\winnt\system32\drivers\klim5.sys [2008-03-25 24592]
S2 Eutron-Emu;Eutron-Emu;c:\winnt\system32\drivers\Eutron-Emu.sys.SYS --> c:\winnt\system32\drivers\Eutron-Emu.sys.SYS [?]
S3 BT2KNDFL;Driver del server di accesso alla rete LAN Bluetooth - Filter;c:\winnt\system32\drivers\bt2kndfl.sys [2007-05-18 3879]
S3 eusk3usb;SmartKey 3 USB;c:\winnt\system32\Drivers\eusk3usb.sys --> c:\winnt\system32\Drivers\eusk3usb.sys [?]
S3 FLIRUSBRNDIS;FLIR Camera USB Network Device Driver;c:\winnt\system32\drivers\usb8023k.sys [2006-05-05 13824]
S3 motccgp;Motorola USB Composite Device Driver;c:\winnt\system32\drivers\motccgp.sys [2007-12-03 17920]
S3 motccgpfl;MotCcgpFlService;c:\winnt\system32\drivers\motccgpfl.sys [2007-12-03 7680]
S3 MotDev;Motorola Inc. USB Device;c:\winnt\system32\drivers\motodrv.sys [2007-12-03 42112]
S3 skeyusb;SmartKey USB;c:\winnt\system32\drivers\skeyusb.sys [2008-01-18 43968]
S3 UALFDrv2;UALFDrv2;c:\winnt\system32\drivers\UALFDrv2.sys [2006-09-12 46309]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xkiyxi
nolxwqs
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: Invia a &Bluetooth - c:\programmi\IBM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: %SystemRoot%\system32\msafd.dll
TCP: {46AA183D-08D8-4F06-99CC-5F02635E7636} = 151.99.125.1
TCP: {E5E72B87-5298-4953-BD78-BAD92DCB4C6F} = 151.99.125.1
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - hxxp://plug-in.reallusion.com/CrazyTalk4.cab
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\yyauvfjj.default\
FF - prefs.js: browser.startup.homepage - hxxp://it.start2.mozilla.com/firefox?cl ... t:official
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 17:48:48
Windows 5.0.2195 Service Pack 4 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nolxwqs]
"ServiceDll"="c:\winnt\system32\seszv.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="E97A55E4D2F53F29ACDF51D0358BB99892AB3AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D5D575E7D6A3B98088EDD5E5BE2F6E66748C29376B5BF93AD996DA3D540B7B7A28C30BDAAF90702B2653C632D81E95BBE89A38A8C28E26D44ADE76214F7938F033F9EEFE0912B06BEB5A4F5A9D85B15901B5D2A1772E76140F70BC1260F419EB5842BC8220928117AAEED492ACEF0DDBFEEB3C2C4A1C7AD85E924780DA18F9844E94D82E128C76A2C1C5ABB31F80C3375ADCFF74C381AA43E29640DCEBDF045F5AFE02A96ABF470DFFA8D81475F31261FB140C164AC1E2C578DE45D74E6FB7FD9CC2321BA42BF90E2FE91A0F8808ADB6A8A76EBCBE6B4BF82A11E1A8C936D3642EB391E4C12DB52CA8C50F4D4CCE20D4E7D471742C8646C34A86FC8293022EC4668AAAACF31224B6CC09C2B6EA8AC8701FEEBB48BA0D7D426959A405E9A1EBCBE53E1A4492C8CA7E5E928C6DDEDFBAC7EBE028FF0B6DA2ED49246AE47A5874D4AF4AFBD4603BCA992880EA03E698AF187180BC03F44604502F8FC9400992AE04AC346FAD32A752498D4C861AFDB34E0A1216C39C7767F76B25DAD47ABB073C966EFBC38838920015E383A08D6FAFA9592A0703DDD71EF34300129EE6E19F7EE875A10A0ED7CC6BA0ED2266759EE83C1E691C2E25B499185065EA60873F66ECBDC179EB7AD541B6218F5B4276455152CF0A475971C096484082141E468E1B070D7F0AB5360D3EF9BAF28F241A63F1F2B43BCFE1C01AE905FC9A97628FD64BEFEAEE4DE1B29B3BC9F4A25500454B031AE35F0B6816F2C5E57A48D29CB6A7C3A30DBA5C3102E209E3A24D8A114A5A480B7648E5C30CEE6BB4436141F1D661E6B4D1D1649811B3855CBBC699FE5D406E5D9AF1310658C393B8FDFB904BAB0303CB6F4D343161D11C348572AE5C52237DDBF3DB256AF98F113B745B0649B8A0DBBDFA828E8C76831F1B87A27F551510D0B26F2559A74E8D21CCF50DAB488B9851D50C397D66333178C39719E347D2BCFAFDEFD96A8E87490D4FB2E544A1D07DA37A213D58A0CB7B0E3F84B03E78EF8BDB5CD4FC4331B3957DEF85166DFCAC2C585062A4DE7B635636B3D5B7BBDA18C072BEE99644E68B6438093EC1313D4BA6EA5BEDE9BB7AD6D063A5EB9E147A3B7503FCCD52D7408F2E6A3AE7B8E67D647F65B23C912230EA7E48CC8BFC4F6D7D334C70AC08A827E7649563FB84242BB42710E9E4BB5BBCA2E40C27C0EE6A7D43C3EBEDB591CB929CC6349D1A7486E440763C7AF0441F3A750CC618C863F9486CFEF3F8A6335BFB7872453828C749A0679C9B6EB5AA122C0E0B18EA251F65C2AF2BE0A75E85C1E2E3AEB6F0570C8D968FE93AF7879778302358A97FAD86E86530C13"
"OODEFRAG11.00.00.01WORKSTATION"="EDCF803DF2C1AF95C7E8FE3C80FC30E2DC07148B2F37609DFAA42AF7FBBF71E5ADD561F583661C956A3C48044D773B651605DE1B03B8BF29CD73E838FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B9808A9C6AECB7A5D1407B0B14DB991E48DCB30998C87BD00B565D28D1826A18E87FBD27CD4EA37A2C100E4329235EFBFDB87E064FA2981EAD74E39C7CE7784486DC7C3336E396C49FAC6D6DB3C5C3FEC462AA614C41C2B0B19A10B2ABC0AE7B61E837E47CB2B62A71CA67A6DADA34240745E1EF81AEC37157A77AA3501A3198D194DC60A99605D93C4E81A2CC0A352D1C0B6B5659F4E308035C7CA6E2C2FFA4792A7B4CFF51AB5A6C4B653DA3F965B7B39A4AD33EE13380B34EFF15FC6390320F2F837F37341D23FA2A198C76BDCDCDBA104A0BC153684B297B27D13C8F5BC9AD78B8C521ADE38FE171BAE3FF6FAECD86E0EF66192525E3CB1331D1B203844F9110E4B4E6423774D11FCAF148C1932964D65EF055DAAA3300BFB548BB07CCDC8A3925ACBC060B6D2B1010B1E45026982998D1E905DA2C4DBDFF9F97D4FDE1F54C611F836148CB27E4DC600B7B227E2C8E76FE8EC70C3C74D1E003C0D45A2922DE9E036FAB344BA836E51A43E591A83607D568A0D66BA45D9E9C118DB522C15A82AC3778AEA46B1565209E4163195427E56F3916206D66B191A5AE20EA707AB5FDDD8F55B78740F326BB87CA4A4732C1D9FDB61E48710F9E73CC4444C6A60E92F8CA9BDE69056DC14DD8F7E5595B4627E3C863190187E47E60EE43742360AFBB8749D2F2B5996BBBF04A1CF95577B172242500B65D85DBD78037F0D2318F81F61848580A8EE84DEB96AE5A9D9321294D27D7ACC66DD8E5846433CE72012C82653E11339E6DE130E4DD3379B1861E2B6186B292B1BB096293BAAAAC0751A3776F9E55CB66DAC5823873557864A957E6C44BE63AB904F1F5688483BE25D1B250B871BDBA9CB4F8F0E3CB7669FEF7299BBE8DE96AAD3A97518A160C3EC98721AF1F0C3EE1713B298D2803A6E710B900ABBDCE49454FBA4093D3F697DD5ECF2BD4EEE535A5658B47487AE4DD8D9237BCC99BB200FAC1E9A7025DC0F85E1A2605FD5FE73449536A8CB58E4B5760941340115E593208BD5576245BB315D2F06F670D2E2FEB4D54956680305EE7987F5ACEC027C75441B449BBDA85FE36AAC676587A21E081B6BB3F73A5DB5A47B2D53CE7549682F5AD88C1E036A8F6DF61E9DCA5D38FB53CA7F1BBCD34C61397528EEF62868D2E0A819D58655BE59CA2F9BFE3FD19A8858F90D29486A4D344248F9E3F2356CAC5CD6024CF100678BA92410E74DE36394C342E70CAFDBED2388B679D188707C28A7718E1F726F40BBEECDBB3BF03C"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(252)
c:\winnt\system32\klogon.dll
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
Ora fine scansione: 2009-02-12 17:56:39 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-02-12 16:55:15

Pre-Run: 3.208.146.944 byte disponibili
Post-Run: 3,137,044,480 byte disponibili

173



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.58.17, on 12/02/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\bgsvcgen.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\oodag.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\WINNT\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\Programmi\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [DrvLsnr] C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: BTTray.lnk = C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} (CrazyTalk4 Control) - http://plug-in.reallusion.com/CrazyTalk4.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46AA183D-08D8-4F06-99CC-5F02635E7636}: NameServer = 151.99.125.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5E72B87-5298-4953-BD78-BAD92DCB4C6F}: NameServer = 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{46AA183D-08D8-4F06-99CC-5F02635E7636}: NameServer = 151.99.125.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{46AA183D-08D8-4F06-99CC-5F02635E7636}: NameServer = 151.99.125.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINNT\system32\bgsvcgen.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: FLIR Camera Monitor (CameraMonitor) - FLIR Systems - C:\Programmi\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: FLIR Systems Camera Monitor (T3Srv) - FLIR Systems - C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe

--
End of file - 6797 bytes
Flegias
Regular Member
 
Posts: 28
Joined: February 3rd, 2009, 6:38 am

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby peku006 » February 12th, 2009, 2:13 pm

Hi Flegias
Kaspersky still detect the previous infection.

Do not worry, I know where they are..but before we removed them we need to install The Recovery Console.......

RECOVERY CONSOLE

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Image

Download the file & save it as it's originally named, next to ComboFix.exe.

Image

Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click 'Yes' to run the full ComboFix scan.

    Image
  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby Flegias » February 13th, 2009, 4:23 am

Hi peku006,

I run Win2k, not XP. I think there isn't the recovery console for this OS.
What should I do?
Thanks
Flegias
Regular Member
 
Posts: 28
Joined: February 3rd, 2009, 6:38 am

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby peku006 » February 13th, 2009, 5:05 am

Hi Flegias

Yes of course you have Win2k, I am sorry I made a mistake...... :oops:

1 - Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

      R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (file missing)
      O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

2 - Download anf Run OTMoveIt3

Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe.
  • Copy the lines in the codebox below.
Code: Select all
:Processes
internat.exe

:files
c:\winnt\system32\seszv.dll
c:\winnt\system32\internat.exe

:Reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nolxwqs]


  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

3 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform full scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found here:

    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

5 - Status Check
Please reply with


1. the OTMoveIt3 log
2. the Malwarebytes' Anti-Malware Log
3. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby Flegias » February 13th, 2009, 10:48 am

Hello peku006!

========== PROCESSES ==========
Unable to kill process: internat.exe
========== FILES ==========
LoadLibrary failed for c:\winnt\system32\seszv.dll
c:\winnt\system32\seszv.dll NOT unregistered.
File move failed. c:\winnt\system32\seszv.dll scheduled to be moved on reboot.
c:\winnt\system32\internat.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\internat.exe not found.
Registry key HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nolxwqs\\ not found.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02132009_102247

Files moved on Reboot...
LoadLibrary failed for c:\winnt\system32\seszv.dll
c:\winnt\system32\seszv.dll NOT unregistered.
File move failed. c:\winnt\system32\seszv.dll scheduled to be moved on reboot.




Malwarebytes' Anti-Malware 1.34
Versione del database: 1757
Windows 5.0.2195 Service Pack 4

13/02/2009 15.31.57
mbam-log-2009-02-13 (15-31-56).txt

Tipo di scansione: Scansione completa (A:\|C:\|D:\|E:\|F:\|G:\|)
Elementi scansionati: 106946
Tempo trascorso: 1 hour(s), 15 minute(s), 8 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.46.03, on 13/02/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINNT\system32\bgsvcgen.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\oodag.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINNT\explorer.exe
C:\Programmi\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [DrvLsnr] C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: BTTray.lnk = C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} (CrazyTalk4 Control) - http://plug-in.reallusion.com/CrazyTalk4.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46AA183D-08D8-4F06-99CC-5F02635E7636}: NameServer = 151.99.125.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5E72B87-5298-4953-BD78-BAD92DCB4C6F}: NameServer = 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{46AA183D-08D8-4F06-99CC-5F02635E7636}: NameServer = 151.99.125.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{46AA183D-08D8-4F06-99CC-5F02635E7636}: NameServer = 151.99.125.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINNT\system32\bgsvcgen.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: FLIR Camera Monitor (CameraMonitor) - FLIR Systems - C:\Programmi\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: FLIR Systems Camera Monitor (T3Srv) - FLIR Systems - C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe

--
End of file - 6653 bytes
Flegias
Regular Member
 
Posts: 28
Joined: February 3rd, 2009, 6:38 am

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby peku006 » February 13th, 2009, 11:18 am

Hi Flegias

Run RSIT

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, one log will open. Please post the contents of log.txt

Please reply with

1.the log from RSIT (log.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby Flegias » February 13th, 2009, 11:34 am

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-02-13 16:30:57
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 3 GB (31%) free of 10 GB
Total RAM: 511 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.31.23, on 13/02/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINNT\system32\bgsvcgen.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\oodag.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINNT\explorer.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Programmi\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [DrvLsnr] C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: BTTray.lnk = C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} (CrazyTalk4 Control) - http://plug-in.reallusion.com/CrazyTalk4.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46AA183D-08D8-4F06-99CC-5F02635E7636}: NameServer = 151.99.125.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5E72B87-5298-4953-BD78-BAD92DCB4C6F}: NameServer = 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{46AA183D-08D8-4F06-99CC-5F02635E7636}: NameServer = 151.99.125.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{46AA183D-08D8-4F06-99CC-5F02635E7636}: NameServer = 151.99.125.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINNT\system32\bgsvcgen.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: FLIR Camera Monitor (CameraMonitor) - FLIR Systems - C:\Programmi\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: FLIR Systems Camera Monitor (T3Srv) - FLIR Systems - C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe

--
End of file - 6764 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-07-17 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Radio - C:\WINNT\system32\msdxm.ocx [2005-06-03 850192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DrvLsnr"=C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe [2003-05-08 69632]
"Synchronization Manager"=mobsync.exe /logon []
"AVP"=C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-10 201992]
"NvCplDaemon"=C:\WINNT\system32\NvCpl.dll [2003-07-28 4841472]
"nwiz"=nwiz.exe /install []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (reboot)"=C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 1273488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=3
"SCardSvr"=3
"SCardDrv"=3
"Adobe LM Service"=3
"BITS"=3
"wuauserv"=2
"Messenger"=2

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
BTTray.lnk - C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINNT\system32\klogon.dll [2008-04-25 206088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.scr - open - "%windir%\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-02-13 15:32:20 ----A---- C:\svwttx.txt
2009-02-13 09:26:40 ----HDC---- C:\WINNT\$NtUninstallKB926122$
2009-02-13 09:26:23 ----HDC---- C:\WINNT\$NtUninstallKB925902$
2009-02-13 09:26:00 ----HDC---- C:\WINNT\$NtUninstallKB931784$
2009-02-13 09:25:03 ----HDC---- C:\WINNT\$NtUninstallKB927891$
2009-02-13 09:24:50 ----HDC---- C:\WINNT\$NtUninstallKB930178$
2009-02-13 09:24:40 ----HDC---- C:\WINNT\$NtUninstallKB935840$
2009-02-13 09:24:26 ----A---- C:\WINNT\imsins.BAK
2009-02-13 09:24:06 ----HDC---- C:\WINNT\$NtUninstallKB935839$
2009-02-12 17:56:43 ----D---- C:\WINNT\temp
2009-02-12 17:56:40 ----A---- C:\ComboFix.txt
2009-02-12 17:37:52 ----A---- C:\WINNT\zip.exe
2009-02-12 17:37:52 ----A---- C:\WINNT\VFIND.exe
2009-02-12 17:37:52 ----A---- C:\WINNT\SWXCACLS.exe
2009-02-12 17:37:52 ----A---- C:\WINNT\SWSC.exe
2009-02-12 17:37:52 ----A---- C:\WINNT\SWREG.exe
2009-02-12 17:37:52 ----A---- C:\WINNT\sed.exe
2009-02-12 17:37:52 ----A---- C:\WINNT\NIRCMD.exe
2009-02-12 17:37:52 ----A---- C:\WINNT\grep.exe
2009-02-12 17:37:52 ----A---- C:\WINNT\fdsv.exe
2009-02-12 17:37:44 ----D---- C:\Qoobox
2009-02-12 16:34:36 ----D---- C:\rsit
2009-02-10 16:39:03 ----D---- C:\Lop SD
2009-02-02 16:33:45 ----D---- C:\Programmi\EsetOnlineScanner
2009-02-02 16:21:01 ----D---- C:\_OTMoveIt
2009-02-02 14:12:42 ----D---- C:\Programmi\TVAnts
2009-01-29 15:41:43 ----D---- C:\Documents and Settings\Administrator\Dati applicazioni\WinRAR
2009-01-29 15:27:54 ----D---- C:\WINNT\ERUNT
2009-01-29 15:24:09 ----A---- C:\WINNT\ntbtlog.txt
2009-01-29 15:13:04 ----D---- C:\SDFix
2009-01-29 14:47:36 ----D---- C:\Rooter$
2009-01-29 09:16:22 ----A---- C:\WINNT\gmer.ini
2009-01-29 09:16:19 ----A---- C:\WINNT\gmer_uninstall.cmd
2009-01-29 09:16:19 ----A---- C:\WINNT\gmer.exe
2009-01-29 09:16:19 ----A---- C:\WINNT\gmer.dll
2009-01-28 14:23:24 ----RASHD---- C:\autorun.inf
2009-01-27 11:12:25 ----A---- C:\WINNT\system32\E_DCINST.DLL
2009-01-21 12:34:55 ----D---- C:\Documents and Settings\Administrator\Dati applicazioni\Thunderbird
2009-01-19 12:06:31 ----D---- C:\Programmi\Nsasoft

======List of files/folders modified in the last 1 months======

2009-02-13 16:30:59 ----D---- C:\Programmi\HijackThis
2009-02-13 16:30:58 ----AD---- C:\WINNT\system32
2009-02-13 15:59:47 ----D---- C:\Programmi\Mozilla Thunderbird
2009-02-13 15:32:20 ----AD---- C:\WINNT\system32\drivers
2009-02-13 14:22:44 ----D---- C:\Programmi\Mozilla Firefox
2009-02-13 14:09:44 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2009-02-13 10:29:06 ----AD---- C:\WINNT\Debug
2009-02-13 10:27:36 ----D---- C:\WINNT\system32\NtmsData
2009-02-13 10:22:58 ----RASHDC---- C:\WINNT\system32\dllcache
2009-02-13 09:26:48 ----HD---- C:\WINNT\inf
2009-02-13 09:26:48 ----AD---- C:\WINNT
2009-02-13 09:04:20 ----AD---- C:\WINNT\security
2009-02-12 17:48:51 ----N---- C:\WINNT\system.ini
2009-02-12 17:42:47 ----D---- C:\WINNT\ERDNT
2009-02-12 17:41:24 ----AD---- C:\WINNT\AppPatch
2009-02-12 17:41:20 ----AD---- C:\Programmi\File comuni
2009-02-12 17:39:14 ----SD---- C:\WINNT\Web
2009-02-12 17:38:16 ----A---- C:\WINNT\SchedLgU.Txt
2009-02-12 14:55:27 ----D---- C:\Programmi\Malwarebytes' Anti-Malware
2009-02-12 14:14:35 ----A---- C:\WINNT\NeroDigital.ini
2009-02-09 09:24:02 ----D---- C:\Programmi\Look@LAN
2009-02-03 17:02:21 ----HD---- C:\WINNT\system32\GroupPolicy
2009-02-02 16:59:33 ----SD---- C:\WINNT\Downloaded Program Files
2009-02-02 16:33:45 ----AD---- C:\Programmi
2009-01-29 15:40:28 ----AD---- C:\WINNT\Help
2009-01-29 15:08:16 ----D---- C:\Programmi\MessengerPlus! 3
2009-01-29 11:23:24 ----D---- C:\Programmi\EvilLyrics
2009-01-27 11:17:58 ----D---- C:\Programmi\EPSON Print CD
2009-01-22 10:11:19 ----SHD---- C:\WINNT\Installer
2009-01-22 10:11:19 ----AHD---- C:\Config.Msi
2009-01-21 12:29:47 ----D---- C:\Programmi\CCleaner
2009-01-16 10:46:46 ----D---- C:\Programmi\Mplayerc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys [2005-11-03 2432]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2005-11-03 2560]
R1 DcCam;Kodak Camera Proxy; C:\WINNT\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
R1 kbdhid;Driver di tastiera HID; C:\WINNT\System32\DRIVERS\kbdhid.sys [1999-12-22 13776]
R1 KLIF;Kaspersky Lab Driver; C:\WINNT\system32\DRIVERS\klif.sys [2009-02-10 215824]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINNT\system32\drivers\dcfs2k.sys [2005-03-31 38673]
R2 eugss;EUTRON SmartKey GSS2 Driver; \??\C:\WINNT\system32\Drivers\eugss2k.sys []
R2 eusk2par;EUTRON SmartKey Parallel Driver; \??\C:\WINNT\system32\Drivers\eusk2par.sys []
R2 HidUsb;Driver di classe HID Microsoft; C:\WINNT\System32\DRIVERS\hidusb.sys [1999-10-04 13904]
R3 aeaudio;aeaudio; C:\WINNT\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 btaudio;Periferica audio Bluetooth; C:\WINNT\system32\drivers\btaudio.sys [2005-09-16 428269]
R3 BTKRNL;Enumeratore bus Bluetooth; C:\WINNT\system32\drivers\btkrnl.sys [2005-09-16 853258]
R3 dtscsi;dtscsi; C:\WINNT\System32\Drivers\dtscsi.sys [2007-03-09 223128]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINNT\system32\DRIVERS\klim5.sys [2008-03-25 24592]
R3 nv;nv; C:\WINNT\system32\DRIVERS\nv4_mini.sys [2003-07-28 1341339]
R3 pfc;Padus ASPI Shell; C:\WINNT\system32\drivers\pfc.sys [2007-08-10 10368]
R3 rtl8139;Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver; C:\WINNT\System32\DRIVERS\RTL8139.SYS [1999-09-25 18704]
R3 smwdm;smwdm; C:\WINNT\system32\drivers\smwdm.sys [2003-05-27 578304]
R3 StillCam;Driver per fotocamera digitale seriale; C:\WINNT\System32\DRIVERS\serscan.sys [1999-12-22 6832]
R3 uhcd;Driver host controller Universal USB Microsoft; C:\WINNT\System32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbhub;Driver hub USB standard Microsoft; C:\WINNT\System32\DRIVERS\usbhub.sys [2003-06-19 40176]
S1 Exportit;Exportit; C:\WINNT\system32\DRIVERS\exportit.sys [2005-03-31 152081]
S2 Eutron-Emu;Eutron-Emu; C:\WINNT\System32\drivers\Eutron-Emu.sys [2006-08-19 9216]
S3 Bcim;Bandwidth Controller kernel component; C:\WINNT\system32\DRIVERS\bcim.sys []
S3 BT2KNDFL;Driver del server di accesso alla rete LAN Bluetooth - Filter; C:\WINNT\system32\DRIVERS\bt2kndfl.sys [2005-09-16 3879]
S3 BTDriver;Driver di comunicazioni virtuali Bluetooth; C:\WINNT\system32\DRIVERS\btport.sys [2005-09-16 30363]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINNT\system32\DRIVERS\btwdndis.sys [2005-09-16 148360]
S3 btwhid;btwhid; C:\WINNT\system32\DRIVERS\btwhid.sys [2004-01-20 43299]
S3 btwmodem;Modem Bluetooth; C:\WINNT\system32\DRIVERS\btwmodem.sys [2005-09-16 30221]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINNT\System32\Drivers\btwusb.sys [2005-09-16 64344]
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 DcFpoint;DcFpoint; C:\WINNT\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
S3 DcLps;Legacy Polling Service; C:\WINNT\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
S3 DcPTP;dcptp; C:\WINNT\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
S3 E100B;Intel(R) PRO Network Connection Driver; C:\WINNT\System32\DRIVERS\e100bnt5.sys [2007-03-14 154760]
S3 eusk3usb;SmartKey 3 USB; C:\WINNT\System32\Drivers\eusk3usb.sys []
S3 FLIRUSBRNDIS;FLIR Camera USB Network Device Driver; C:\WINNT\system32\DRIVERS\usb8023k.sys [2006-05-05 13824]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINNT\system32\DRIVERS\ewusbmdm.sys [2006-12-04 88960]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINNT\system32\DRIVERS\motccgp.sys [2007-06-20 17920]
S3 motccgpfl;MotCcgpFlService; C:\WINNT\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device; C:\WINNT\system32\DRIVERS\motodrv.sys [2007-09-07 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINNT\system32\DRIVERS\motmodem.sys [2007-06-20 23680]
S3 mouhid;Driver di mouse HID; C:\WINNT\System32\DRIVERS\mouhid.sys [2003-06-19 11632]
S3 MPE;BDA MPE Filter; C:\WINNT\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 nv4;nv4; C:\WINNT\System32\DRIVERS\nv4.sys [1999-10-27 345040]
S3 skeyusb;SmartKey USB; C:\WINNT\System32\Drivers\skeyusb.sys [2006-03-10 43968]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 TSP;TSP; \??\C:\WINNT\system32\drivers\klif.sys []
S3 UALFDrv2;UALFDrv2; C:\WINNT\System32\DRIVERS\UALFDrv2.sys [2006-09-12 46309]
S3 usbaudio;Driver audio USB (WDM); C:\WINNT\system32\drivers\usbaudio.sys [1999-10-12 68912]
S3 usbprint;Classe stampanti USB Microsoft; C:\WINNT\System32\DRIVERS\usbprint.sys [2003-06-19 21872]
S3 usbscan;Driver scanner USB; C:\WINNT\System32\DRIVERS\usbscan.sys [2003-06-19 12592]
S3 USBSTOR;Driver archiviazione di massa USB; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINNT\system32\DRIVERS\vmnetadapter.sys []
S3 Wdf01000;Wdf01000; C:\WINNT\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; C:\WINNT\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Anti-Virus; C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-10 201992]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINNT\system32\bgsvcgen.exe [2005-04-30 86016]
R2 btwdins;Bluetooth Service; C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe [2005-09-16 266295]
R2 CameraMonitor;FLIR Camera Monitor; C:\Programmi\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe [2006-06-08 140896]
R2 HidServ;HID Input Service; C:\WINNT\system32\hidserv.exe [2003-06-19 19728]
R2 KodakCCS;Kodak Camera Connection Software; C:\WINNT\system32\drivers\KodakCCS.exe [2005-03-30 411920]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINNT\System32\svchost.exe [1999-12-23 7952]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINNT\system32\nvsvc32.exe [2003-07-28 77824]
R2 O&O Defrag;O&O Defrag; C:\WINNT\system32\oodag.exe [2008-09-04 1295616]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINNT\System32\svchost.exe [1999-12-23 7952]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 StiSvc;Still Image Service; C:\WINNT\system32\stisvc.exe [2003-06-19 62224]
R2 T3Srv;FLIR Systems Camera Monitor; C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe [2007-02-01 140896]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-29 654848]
S3 hpqcxs08;hpqcxs08; C:\WINNT\system32\svchost.exe [1999-12-23 7952]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe [2007-06-27 79360]
S3 WmdmPmSN;Servizio Numero di serie per dispositivi multimediali portatili; C:\WINNT\System32\svchost.exe [1999-12-23 7952]

-----------------EOF-----------------
Flegias
Regular Member
 
Posts: 28
Joined: February 3rd, 2009, 6:38 am

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby peku006 » February 13th, 2009, 12:04 pm

Hi Flegias

Looking good :)
Let's make sure we got everything

1 - Update Java

Please download JavaRa and unzip it to your desktop.

  • Double-click on JavaRa.exe to start the program.
  • Click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a log file has been produced. Click OK.
  • A log file will pop up. Please save it to a convenient location.

Download the latest version of Java Runtime Environment (JRE) 6 Update 12.

  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on the download to install the newest version.

2 - Clean temp files

    Download and Run ATF Cleaner
    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

    Under Main choose:
      Windows Temp
      Current User Temp
      All Users Temp
      Temporary Internet Files
      Prefetch
      Java Cache

      *The other boxes are optional*
      Then click the Empty Selected button.
    if you use Firefox:
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
    if you use Opera:
      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program

3 - Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

5 - Status Check
Please reply with

1. the JavaRa log
2. the Kaspersky online scanner report
3. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby Flegias » February 13th, 2009, 1:03 pm

Hello peku006,

It seems to me that Kaspersky Online scanner goes in conflict with Kaspersky Antivirus installed on my pc.
However I'll try to run it.
I have to go away for 2 days, I'll post the logs when i'll come back.

Thanky for now!

Bye!

JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Feb 13 17:20:04 2009

Found and removed: C:\Programmi\Java\jre1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.
Flegias
Regular Member
 
Posts: 28
Joined: February 3rd, 2009, 6:38 am

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby Flegias » February 16th, 2009, 4:51 am

Hello peku006!

As I expected, Kaspersky online scanner goes in conflict with Kaspersky Anti virus that I have installed on my pc even if I disabled it!

Should I run an alternative online scanner?
Flegias
Regular Member
 
Posts: 28
Joined: February 3rd, 2009, 6:38 am

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby peku006 » February 16th, 2009, 4:25 pm

Hi Flegias

1 - F-Secure Online Scan

  1. Please go to F-Secure website to perform an online scan. Click on Start scanning at the bottom of the page.
  2. You may be prompted to install an ActiveX before you are able to accept the License Agreement. If prompted, please install it. After installing, the Accept button will be available.
  3. Click on Accept to accept the License Agreement.
  4. Click on Custom Scan.
    • Under Virus Scan Options, select the Scan whole system option.
    • Under Other Scan Options, select these options:
      • Scan all files
      • Scan whole system for rootkits
      • Scan whole system for spyware
      • Scan inside archives
      • Use advanced heuristics
  5. Click Start.
  6. It will start installing the scanner and virus definitions. Once the installation is done, it will start scanning automatically. This takes a while. Please be patient.
  7. Click on I want decide item by item.
  8. Under Actions, select None for all infections found.
  9. Click Next.
  10. Click on Show Report.
  11. Please copy and paste this report in your next reply.
  12. Click Finish.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with

1. the F-Secure online scanner report
2. a fresh HijackThis log
How's the computer running now? Any problems?

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware