Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

entire log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

entire log

Unread postby terryant » July 30th, 2009, 6:05 am

scusate ho mancato parte del log....!


Log created by WinPatrol [FREE Edition] version 16.1.2009.1:16.1.2009.1
Scan saved at 12:02:30 AM, on 7/30/2009
Platform: Windows XP SP3 Service Pack 3 (Build 2600)
MSIE: Internet Explorer (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\PROGRAMMI\Unlocker\UNLOCKERASSISTANT.EXE
C:\PROGRAMMI\VISTA DRIVE ICON\DrvIcon.exe
C:\PROGRAMMI\McAfee.com\Agent\mcagent.exe
C:\PROGRAMMI\Creative\SOUND BLASTER X-FI\VOLUME PANEL\VolPanlu.exe
C:\PROGRAMMI\VISUAL TOOLTIP\VISUALTOOLTIP.EXE
C:\PROGRAMMI\ASUS\ASUS REMOTE\REMOTECONTROLAPPL.EXE
C:\PROGRAMMI\Java\jre6\bin\jusched.exe
C:\PROGRAMMI\CYBERLINK\POWERCINEMA\PCMAgent.exe
C:\PROGRAMMI\CYBERLINK\TV ENHANCE\TVESERVICE.EXE
D:\Programmi\CyberLink\InstantBurn\Win2K\IBurn.exe
D:\PROGRAMMI\CYBERLINK\Power2Go\CLMLSvc.exe
D:\PROGRAMMI\CYBERLINK\POWERDVD8\PDVD8SERV.EXE
C:\PROGRAMMI\CYBERLINK\SHARED FILES\brs.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAMMI\LEXMARK 7300 SERIES\lxcimon.exe
C:\PROGRAMMI\LEXMARK 7300 SERIES\ezprint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAMMI\LClock\LClock.exe
C:\PROGRAMMI\WINDOWS SIDEBAR\sidebar.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\PROGRAMMI\FILE COMUNI\LIGHTSCRIBE\LIGHTSCRIBECONTROLPANEL.EXE
C:\PROGRAMMI\Nokia\NOKIA PC SUITE 7\PCSuite.exe
C:\PROGRAMMI\FILE COMUNI\Apple\MOBILE DEVICE SUPPORT\bin\APPLEMOBILEDEVICESERVICE.EXE
C:\WINDOWS\system32\ASTSRV.EXE
C:\PROGRAMMI\Bonjour\MDNSRESPONDER.EXE
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\PROGRAMMI\Java\jre6\bin\jqs.exe
C:\PROGRAMMI\FILE COMUNI\LIGHTSCRIBE\LSSrvc.exe
C:\Programmi\McAfee\MSC\mcmscsvc.exe
C:\PROGRAMMI\FILE COMUNI\McAfee\MNA\McNASvc.exe
C:\Programmi\File comuni\McAfee\McProxy\McProxy.exe
C:\Programmi\McAfee\VirusScan\Mcshield.exe
C:\PROGRAMMI\McAfee\MPF\MpfSrv.exe
C:\PROGRAMMI\FILE COMUNI\Nero\NERO BACKITUP 4\NBSERVICE.EXE
C:\PROGRAMMI\ADVANCED REGISTRY DOCTOR\REGMANSERV.EXE
C:\PROGRAMMI\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
C:\PROGRAMMI\FILE COMUNI\ROXIO SHARED\10.0\SHAREDCOM\ROXWATCH10.EXE
D:\PROGRAMMI\Photodex\PROSHOWPRODUCER\SCSIACCESS.EXE
C:\PROGRAMMI\CYBERLINK\TV ENHANCE\Kernel\TV\TVECAPSVC.EXE
C:\PROGRAMMI\CYBERLINK\TV ENHANCE\Kernel\TV\TVESched.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\PROGRAMMI\PC CONNECTIVITY SOLUTION\SERVICELAYER.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRAMMI\PC CONNECTIVITY SOLUTION\TRANSPORTS\NCLUSBSRV.EXE
C:\PROGRAMMI\PC CONNECTIVITY SOLUTION\TRANSPORTS\NclRSSrv.exe
C:\PROGRAMMI\FILE COMUNI\ROXIO SHARED\10.0\SHAREDCOM\ROXMEDIADB10.EXE
C:\Programmi\McAfee\VirusScan\mcsysmon.exe
C:\PROGRAMMI\INTERNET EXPLORER\iexplore.exe
D:\PROGRAMMI\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\PROGRAMMI\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: - {5C255C8A-E604-49b4-9D64-90988571CECB} -
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programmi\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programmi\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programmi\kikin\ie_kikin.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programmi\Styler\TB\StylerTB.dll
O3 - Toolbar: Searchme Toolbar - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - mscoree.dll
O3 - Toolbar: - Locked -
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [UnlockerAssistant]C:\Programmi\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [DrvIcon]C:\Programmi\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [mcagent_exe]C:\Programmi\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [VolPanel]C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe /r
O4 - HKLM\..\Run: [VisualTooltip]C:\Programmi\Visual ToolTip\VisualToolTip.exe
O4 - HKLM\..\Run: [RemoteControl]C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]C:\Programmi\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [PCMAgent]C:\Programmi\CyberLink\PowerCinema\PCMAgent.exe
O4 - HKLM\..\Run: [TVEService]C:\Programmi\CyberLink\TV Enhance\TVEService.exe
O4 - HKLM\..\Run: [InstantBurn]d:\Programmi\CyberLink\InstantBurn\Win2K\IBurn.exe
O4 - HKLM\..\Run: [CLMLServer]d:\Programmi\CyberLink\Power2Go\CLMLSvc.exe
O4 - HKLM\..\Run: [P2Go_Menu]d:\Programmi\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe d:\Programmi\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0
O4 - HKLM\..\Run: [UpdatePDRShortCut]d:\Programmi\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe d:\Programmi\CyberLink\DVD Suite UpdateWithCreateOnce Software\CyberLink\PowerStarter
O4 - HKLM\..\Run: [RemoteControl8]d:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut]d:\Programmi\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [BDRegion]C:\Programmi\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [UpdatePPShortCut]d:\Programmi\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe d:\Programmi\CyberLink\PowerProducer update Software\CyberLink\PowerProducer\5.0
O4 - HKLM\..\Run: [QuickTime Task]C:\Programmi\QuickTime\qttask.exe -atboottime
O4 - HKLM\..\Run: [nwiz]nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter]C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon]C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [lxcimon.exe]C:\Programmi\Lexmark 7300 Series\lxcimon.exe
O4 - HKLM\..\Run: [EzPrint]C:\Programmi\Lexmark 7300 Series\ezprint.exe
O4 - HKLM\..\Run: [WinPatrol [FREE Edition]]d:\Programmi\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [CTFMON.EXE]C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock]C:\Programmi\LClock\LClock.exe
O4 - HKCU\..\Run: [Sidebar]C:\Programmi\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg]C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr]C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe /background
O4 - HKCU\..\Run: [LightScribe Control Panel]C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [PC Suite Tray]C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O11 - Options group: [Java (Sun)] Java (Sun) - C:\Programmi\Java\jre6\bin
O11 - Options group: [] -
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab Class) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_13) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} (http://fpdownload.macromedia.com/get/fl ... /ultrashim) - http://fpdownload.macromedia.com/get/fl ... rashim.cab
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) - http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) - http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O21 - WPDShServiceObj - WPDShServiceObj Class - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter - - C:\Programmi\Java\jre6\bin\jqs.exe -service -config C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: LightScribeService Direct Disc Labeling Service - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe -service
O23 - Service: McAfee Services - McAfee, Inc. - C:\Programmi\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent - McAfee, Inc. - c:\programmi\file comuni\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner - McAfee, Inc. - C:\Programmi\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service - McAfee, Inc. - c:\Programmi\File comuni\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner - McAfee, Inc. - C:\Programmi\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards - McAfee, Inc. - C:\Programmi\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service - McAfee, Inc. - C:\Programmi\McAfee\MPF\MpfSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Registry Management Service - - C:\Programmi\Advanced Registry Doctor\RegManServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) - - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - D:\Programmi\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - D:\Programmi\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: ScsiAccess - - d:\Programmi\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SessionLauncher - - C:\DOCUME~1\tony\IMPOST~1\Temp\DX9\SessionLauncher.exe
O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) - - C:\Programmi\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) - - C:\Programmi\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
O24 - Desktop Component 0: Pagina iniziale corrente - About:Home

--- Additional WinPatrol Info ---
Default Browser: Windows® Internet Explorer - Internet Explorer version 8.00.6001.18702
MSIE: Internet Explorer (8.00.6001.18702)
1071 IE Cookies in Folder: C:\Documents and Settings\tony\Cookies\

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.


WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [McQcTask.job]c:\programmi\McAfee\MQC\QcConsol.exe Never
WP31 - Scheduled Tasks: [McDefragTask.job]C:\WINDOWS\system32\defrag.exe Never
WP31 - Scheduled Tasks: [AppleSoftwareUpdate.job]C:\Programmi\Apple Software Update\SoftwareUpdate.exe 06/29/2009 1:48 PM

WP16 - ActiveX: {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [Google Script Object] C:\PROGRAMMI\Google\GOOGLE TOOLBAR\GOOGLETOOLBAR.DLL 6, 1, 1715, 1442
WP16 - ActiveX: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [QuickTime Object] C:\PROGRAMMI\QUICKTIME\QTPlugin.ocx QuickTime 7.6 (1292)
WP16 - ActiveX: {19916E01-B44E-4E31-94A4-4696DF46157B} [InformationCardSigninHelper Class] C:\WINDOWS\system32\icardie.dll 8.00.6001.18702
WP16 - ActiveX: {1E54D648-B804-468D-BC78-4AFFED8E262F} [System Requirements Lab Class] C:\WINDOWS\DOWNLOADED PROGRAM FILES\SYSREQLAB_NVD.DLL 3, 0, 0, 4
WP16 - ActiveX: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [Windows Media Player] C:\WINDOWS\system32\wmpdxm.dll 11.0.5721.5145
WP16 - ActiveX: {25336920-03F9-11CF-8FD0-00AA00686F13} [HTML Document] C:\WINDOWS\system32\mshtml.dll 8.00.6001.18812
WP16 - ActiveX: {2933BF90-7B36-11D2-B20E-00C04F983E60} [XML DOM Document] C:\WINDOWS\system32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [DHTML Edit Control Safe for Scripting for IE5] C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\Triedit\DHTMLED.OCX 6.01.9234
WP16 - ActiveX: {4063BE15-3B08-470D-A0D5-B37161CFFD69} [QuickTime Object] C:\PROGRAMMI\QUICKTIME\QTPlugin.ocx QuickTime 7.6 (1292)
WP16 - ActiveX: {48123BC4-99D9-11D1-A6B3-00C04FD91555} [XML Document] C:\WINDOWS\system32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {55136805-B2DE-11D1-B9F2-00A0C98BC547} [Shell Name Space] C:\WINDOWS\system32\ieframe.dll 8.00.6001.18812
WP16 - ActiveX: {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Windows Media Player] C:\WINDOWS\system32\wmp.dll 11.0.5721.5260
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\system32\ieframe.dll 8.00.6001.18812
WP16 - ActiveX: {88D969C0-F192-11D4-A65F-0040963251E5} [XML DOM Document 4.0] C:\WINDOWS\system32\msxml4.dll 4.20.9870.0
WP16 - ActiveX: {88D969E5-F192-11D4-A65F-0040963251E5} [XML DOM Document 5.0] C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\OFFICE11\msxml5.dll 5.20.1072.0
WP16 - ActiveX: {88D96A05-F192-11D4-A65F-0040963251E5} [XML DOM Document 6.0] C:\WINDOWS\system32\msxml6.dll 6.20.1099.0
WP16 - ActiveX: {88D96A06-F192-11D4-A65F-0040963251E5} [Free Threaded XML DOM Document 6.0] C:\WINDOWS\system32\msxml6.dll 6.20.1099.0
WP16 - ActiveX: {88D96A08-F192-11D4-A65F-0040963251E5} [XSL Template 6.0] C:\WINDOWS\system32\msxml6.dll 6.20.1099.0
WP16 - ActiveX: {88D96A0A-F192-11D4-A65F-0040963251E5} [XML HTTP 6.0] C:\WINDOWS\system32\msxml6.dll 6.20.1099.0
WP16 - ActiveX: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.6.0_13] C:\PROGRAMMI\Java\jre6\bin\jp2iexp.dll
WP16 - ActiveX: {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} [&Discussione] SHDOCVW.DLL 6.00.2900.5512
WP16 - ActiveX: {C9712B19-838B-45A5-ABF2-9A315DDDED50} [Microsoft Office 12 Authorization Control] C:\Programmi\Microsoft Office\Office12\AUTHZAX.DLL 12.0.4518.1014
WP16 - ActiveX: {CD3AFA88-B84F-48F0-9393-7EDC34128127} [VIDEO__AVI Moniker Class] C:\WINDOWS\system32\wmp.dll 11.0.5721.5260
WP16 - ActiveX: {CD3AFA94-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] C:\WINDOWS\system32\wmp.dll 11.0.5721.5260
WP16 - ActiveX: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [get_atlcom Class] C:\WINDOWS\DOWNLOADED PROGRAM FILES\gp.ocx 1, 5, 2, 35
WP16 - ActiveX: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} [Microsoft Url Search Hook] C:\WINDOWS\system32\ieframe.dll 8.00.6001.18812
WP16 - ActiveX: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [RealPlayer G2 Control] C:\WINDOWS\system32\rmoc3260.dll 6.0.9.2533
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx 10,0,22,87
WP16 - ActiveX: {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [QuickTimeCheck Class] C:\PROGRAMMI\QUICKTIME\QTSystem\QUICKTIMECHECK.OCX QuickTime 7.6 (1292)
WP16 - ActiveX: {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [msgsc.14.0.8064.0206] C:\Programmi\Windows Live\Messenger\msgsc.14.0.8064.0206.dll 14.0.8064.0206
WP16 - ActiveX: {E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} [NameCtrl Class] C:\PROGRAMMI\MICROSOFT OFFICE\Office12\NAME.DLL 12.0.4518.1014
WP16 - ActiveX: {ED8C108E-4349-11D2-91A4-00C04F7969E8} [XML HTTP Request] C:\WINDOWS\system32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {F6ACF75C-C32C-447B-9BEF-46B766368D29} [Creative Software AutoUpdate Support Package] C:\Programmi\Creative\Shared Files\Software Update\CTPID.ocx 1.0.0.0
WP16 - ActiveX: {F6D90F11-9C73-11D3-B32E-00C04F990BB4} [XML DOM Document] C:\WINDOWS\system32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] C:\WINDOWS\system32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\WINDOWS\system32\wmpdxm.dll 11.0.5721.5145
WP16 - ActiveX: {0713E8A2-850A-101B-AFC0-4210102A8DA7} [Microsoft TreeView Control, version 5.0 (SP2)] C:\WINDOWS\system32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {0713E8D2-850A-101B-AFC0-4210102A8DA7} [Microsoft ProgressBar Control, version 5.0 (SP2)] C:\WINDOWS\system32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {1D2B4F40-1F10-11D1-9E88-00C04FDCAB92} [ThumbCtl Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.5512
WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\WINDOWS\system32\hhctrl.ocx 5.2.3790.4110
WP16 - ActiveX: {58DA8D8A-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ListView Control, version 5.0 (SP2)] C:\WINDOWS\system32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ImageList Control, version 5.0 (SP2)] C:\WINDOWS\system32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {6B7E638F-850A-101B-AFC0-4210102A8DA7} [Microsoft StatusBar Control, version 5.0 (SP2)] C:\WINDOWS\system32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\system32\ieframe.dll 8.00.6001.18812
WP16 - ActiveX: {8BD21D50-EC42-11CE-9E0D-00AA006002F3} [Microsoft Forms 2.0 OptionButton] C:\WINDOWS\system32\FM20.DLL 12.0.4518.1014
WP16 - ActiveX: {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Microsoft Scriptlet Component] C:\WINDOWS\system32\mshtml.dll 8.00.6001.18812
WP16 - ActiveX: {CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [RealPlayer G2 Control] C:\WINDOWS\system32\rmoc3260.dll 6.0.9.2533
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx 10,0,22,87
WP16 - ActiveX: {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} [WebViewFolderIcon Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.5512

WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\Bootfont.bin
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\sqmdata00.sqm
WP32 - Hidden File: C:\sqmdata01.sqm
WP32 - Hidden File: C:\sqmnoopt00.sqm
WP32 - Hidden File: C:\sqmnoopt01.sqm
WP32 - Hidden File: C:\WINDOWS\ctfile.rfc
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\userdiff.LOG
WP32 - Hidden File: C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
WP32 - Hidden File: C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
WP32 - Hidden File: C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
WP32 - Hidden File: C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\Restore\filelist.xml
WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\WindowsLogon.manifest
WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest
WP32 - Hidden File: C:\Documents and Settings\tony\Impostazioni locali\Temp\application.sif

WP33 - File Type .AVI: [Creative MediaSource]C:\Programmi\Creative\MediaSource5\CTCMSU.exe /PlayNow %L
WP33 - File Type .AVI: [PowerDVD]D:\Programmi\CyberLink\PowerDVD8\PowerDVD8.exe %1
WP33 - File Type .BAT: [File batch MS-DOS]%1 %*
WP33 - File Type .CAB: [Archivio WinRAR]C:\Programmi\WinRAR\WinRAR.exe %1
WP33 - File Type .CAT: [Catalogo protezione]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [File di HTML Help compilato]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [Applicazione per MS-DOS]%1 %*
WP33 - File Type .CMD: [Script di comandi Windows NT]%1 %*
WP33 - File Type .DOC: [Documento di Microsoft Office Word 97 - 2003]C:\Programmi\Microsoft Office\Office12\WINWORD.EXE /n /dde
WP33 - File Type .EML: [Messaggio di Outlook Express Mail]C:\Programmi\Outlook Express\msimn.exe /eml:%1
WP33 - File Type .EXE: [Applicazione]%1 %*
WP33 - File Type .INF: [Informazioni di installazione]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [File di script JScript]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Documento di testo]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MSG: [Elemento di Outlook]C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE /f %1
WP33 - File Type .MID: [Creative MediaSource]C:\Programmi\Creative\MediaSource5\CTCMSU.exe /PlayNow %L
WP33 - File Type .MP3: [Creative MediaSource]C:\Programmi\Creative\MediaSource5\CTCMSU.exe /PlayNow %L
WP33 - File Type .MP3: [Audio formato MP3]C:\Programmi\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Collegamento ad un programma per MS-DOS]%1 %*
WP33 - File Type .RAM: [RealMedia file]d:\Programmi\K-Lite Codec Pack\Media Player Classic\mplayerc.exe %1
WP33 - File Type .REG: [Voci di registrazione]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]C:\Programmi\Microsoft Office\Office12\WINWORD.EXE /n /dde
WP33 - File Type .SCR: [Screen saver]%1 /S
WP33 - File Type .TXT: [Documento di testo]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Collegamento Internet]C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [File di script VBScript]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [File di script codificato in VBScript]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [File di script Windows]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [File di impostazioni di Windows Script Host]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Foglio di lavoro di Microsoft Office Excel 97-2003]C:\Programmi\Microsoft Office\Office12\EXCEL.EXE /e

Memory currently in use: 26%
Physical Memory Free: 2,097,151 KB
Paging File Free: 4,194,303 KB
Virtual Memory Free: 2,044,684 KB


--
End of file
terryant
Active Member
 
Posts: 2
Joined: July 30th, 2009, 5:44 am
Top
Advertisement
Register to Remove

Re: entire log

Unread postby Vino Rosso » July 31st, 2009, 9:25 am

Ciao e benvenuto a Malware Removal :)

è possibile qui l'aiutante pòssono parlare/scrìvere l'italiano ma usano l'istruzione inglese. tutti le loro istruzione sono in inglese. puòi parlare l'inglese?

se non puòi parlare l'inglese, devi andare al foro dove l'aiutante hanno le loro istruzione in italiano.

ecco due:
http://www.tomshw.it/forum/sicurezza/

http://forum.swzone.it/forumdisplay.php?f=28

buona fortuna
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)
Top

Re: entire log

Unread postby NonSuch » August 6th, 2009, 5:51 am

As the topic starter has been referred to another site, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 352 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index