Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malwares on PC and Trojans on USB Pendrives

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby peku006 » February 23rd, 2009, 11:54 am

Hi Flegias

  1. Please download OTListIt2 by OldTimer from Geeks to Go. Save it your desktop.
  2. Double click on OTListIt2.exe to run it.
  3. Under Output, ensure that Minimal Output is selected.
  4. Under Extra Registry section, select Use SafeList.
  5. Click on Run Scan at the top left hand corner.
  6. When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Advertisement
Register to Remove

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby Flegias » February 23rd, 2009, 12:27 pm

OTListIt logfile created on: 2009-02-23 17:13:46 - Run
OTListIt2 by OldTimer - Version 2.0.1.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: yyyy-MM-dd

511.42 Mb Total Physical Memory | 136.67 Mb Available Physical Memory | 26.72% Memory free
1.21 Gb Paging File | 0.89 Gb Available in Paging File | 73.28% Paging File free
Paging file location(s): G:\pagefile.sys 766 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Programmi
Drive C: | 9.50 Gb Total Space | 2.78 Gb Free Space | 29.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.04 Gb Total Space | 78.12 Gb Free Space | 52.41% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-MIGLIORI
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINNT\system32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programmi\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe (FLIR Systems)
PRC - C:\WINNT\system32\hidserv.exe (Microsoft Corporation)
PRC - C:\Programmi\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINNT\system32\drivers\KodakCCS.exe (Eastman Kodak Company)
PRC - C:\WINNT\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINNT\system32\oodag.exe (O&O Software GmbH)
PRC - C:\WINNT\system32\regsvc.exe (Microsoft Corporation)
PRC - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\WINNT\system32\stisvc.exe (Microsoft Corporation)
PRC - C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe (FLIR Systems)
PRC - C:\WINNT\System32\WBEM\WinMgmt.exe (Microsoft Corporation)
PRC - C:\WINNT\Explorer.EXE (Microsoft Corporation)
PRC - C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
PRC - C:\Programmi\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programmi\WIDCOMM\Software Bluetooth\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programmi\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (AVP [Auto | Running]) -- C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)
SRV - (bgsvcgen [Auto | Running]) -- C:\WINNT\system32\bgsvcgen.exe (B.H.A Corporation)
SRV - (btwdins [Auto | Running]) -- C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe (Broadcom Corporation.)
SRV - (CameraMonitor [Auto | Running]) -- C:\Programmi\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe (FLIR Systems)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (dmadmin [On_Demand | Stopped]) -- C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.)
SRV - (Fax [On_Demand | Stopped]) -- C:\WINNT\system32\faxsvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (HidServ [Auto | Running]) -- C:\WINNT\system32\hidserv.exe (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Stopped]) -- C:\Programmi\hp\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Programmi\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (KodakCCS [Auto | Running]) -- C:\WINNT\system32\drivers\KodakCCS.exe (Eastman Kodak Company)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINNT\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NVSvc [Auto | Running]) -- C:\WINNT\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (O&O Defrag [Auto | Running]) -- C:\WINNT\system32\oodag.exe (O&O Software GmbH)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINNT\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (RemoteRegistry [Auto | Running]) -- C:\WINNT\system32\regsvc.exe (Microsoft Corporation)
SRV - (SolidWorks Licensing Service [On_Demand | Stopped]) -- C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (SoundMAX Agent Service (default) [Auto | Running]) -- C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (StiSvc [Auto | Running]) -- C:\WINNT\system32\stisvc.exe (Microsoft Corporation)
SRV - (T3Srv [Auto | Running]) -- C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe (FLIR Systems)
SRV - (UtilMan [On_Demand | Stopped]) -- C:\WINNT\System32\UtilMan.exe (Microsoft Corporation)
SRV - (WinMgmt [Auto | Running]) -- C:\WINNT\System32\WBEM\WinMgmt.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINNT\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (BT2KNDFL [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\bt2kndfl.sys (Broadcom Corporation.)
DRV - (btaudio [On_Demand | Running]) -- C:\WINNT\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL [On_Demand | Running]) -- C:\WINNT\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWDNDIS [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\btwhid.sys (WIDCOMM, Inc.)
DRV - (btwmodem [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINNT\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (Cdr4_2K [System | Running]) -- C:\WINNT\System32\drivers\cdr4_2k.sys (Sonic Solutions)
DRV - (Cdralw2k [System | Running]) -- C:\WINNT\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (DcCam [System | Running]) -- C:\WINNT\system32\DRIVERS\DcCam.sys (Eastman Kodak Company)
DRV - (DcFpoint [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\DcFpoint.sys (Eastman Kodak Company)
DRV - (DCFS2K [Auto | Running]) -- C:\WINNT\system32\drivers\dcfs2k.sys (Eastman Kodak Company)
DRV - (DcLps [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\DcLps.sys (Eastman Kodak Company)
DRV - (DcPTP [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\DcPTP.sys (Eastman Kodak Company)
DRV - (Diskperf [Boot | Running]) -- C:\WINNT\System32\drivers\diskperf.sys (Microsoft Corporation)
DRV - (dmboot [Disabled | Stopped]) -- C:\WINNT\System32\drivers\dmboot.sys (VERITAS Software Corp.)
DRV - (dmio [Boot | Running]) -- C:\WINNT\System32\drivers\dmio.sys (VERITAS Software Corp.)
DRV - (dmload [Boot | Running]) -- C:\WINNT\System32\drivers\dmload.sys (VERITAS Software Corp.)
DRV - (dtscsi [On_Demand | Running]) -- C:\WINNT\System32\Drivers\dtscsi.sys ()
DRV - (E100B [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\e100bnt5.sys (Intel Corporation)
DRV - (EFS [Disabled | Running]) -- C:\WINNT\System32\drivers\efs.sys (Microsoft Corporation)
DRV - (eugss [Auto | Running]) -- C:\WINNT\system32\Drivers\eugss2k.sys (Eutronsec)
DRV - (eusk2par [Auto | Running]) -- C:\WINNT\system32\Drivers\eusk2par.sys (Eutron)
DRV - (Eutron-Emu [Auto | Stopped]) -- C:\WINNT\System32\drivers\Eutron-Emu.SYS ()
DRV - (Exportit [System | Stopped]) -- C:\WINNT\system32\DRIVERS\exportit.sys (Eastman Kodak Company)
DRV - (F-Secure Standalone Minifilter [On_Demand | Stopped]) -- C:\Documents and Settings\Administrator\Impostazioni locali\temp\OnlineScanner\Anti-Virus\fsgk.sys ()
DRV - (FLIRUSBRNDIS [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\usb8023k.sys (Microsoft Corporation)
DRV - (hwdatacard [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (kl1 [Boot | Stopped]) -- C:\WINNT\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (klbg [Boot | Running]) -- C:\WINNT\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (KLIF [System | Running]) -- C:\WINNT\system32\DRIVERS\klif.sys (Kaspersky Lab)
DRV - (klim5 [On_Demand | Running]) -- C:\WINNT\system32\DRIVERS\klim5.sys (Kaspersky Lab)
DRV - (motccgp [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\motccgp.sys (Motorola)
DRV - (motccgpfl [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\motccgpfl.sys (Motorola)
DRV - (MotDev [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\motodrv.sys (Motorola Inc)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\motmodem.sys (Motorola)
DRV - (MPE [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\MPE.sys (Microsoft Corporation)
DRV - (NetDetect [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\netdtect.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINNT\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nv4 [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\nv4.sys (NVIDIA Corporation)
DRV - (Parallel [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\parallel.sys (Microsoft Corporation)
DRV - (pfc [On_Demand | Running]) -- C:\WINNT\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINNT\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RCA [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\RCA.sys (Microsoft Corporation)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation )
DRV - (skeyusb [On_Demand | Stopped]) -- C:\WINNT\System32\Drivers\skeyusb.sys (Eutron)
DRV - (smwdm [On_Demand | Running]) -- C:\WINNT\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINNT\System32\Drivers\sptd.sys ()
DRV - (StillCam [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (TSP [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (UALFDrv2 [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\UALFDrv2.sys (Sonix)
DRV - (uhcd [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\uhcd.sys (Microsoft Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\usbaudio.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

O1 HOSTS File: (893524 bytes) - C:\WINNT\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 a9rhiwa.cn #[Google.Warning]
O1 - Hosts: 127.0.0.1 www.a9rhiwa.cn
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 26081 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O4 - HKLM..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" (Kaspersky Lab)
O4 - HKLM..\Run: [DrvLsnr] C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Synchronization Manager] mobsync.exe /logon (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk = C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra Button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINNT\System32\rnr20.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} http://plug-in.reallusion.com/CrazyTalk4.cab (CrazyTalk4 Control)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} http://support.f-secure.com/ols3beta/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDow ... rtScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{46AA183D-08D8-4F06-99CC-5F02635E7636}\\NameServer = 151.99.125.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{E5E72B87-5298-4953-BD78-BAD92DCB4C6F}\\NameServer = 151.99.125.1
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINNT\system32\klogon.dll - C:\WINNT\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\system32\wzcdlg.dll (Microsoft Corporation)
O21 - SSODL: Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\WINNT\system32\NETSHELL.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - C:\autorun.inf [2009-01-28 14:23:24 00,000,000 | RHSD | M] - [ NTFS ]
O32 - Autorun File - G:\autorun.inf [2009-01-28 14:23:24 00,000,000 | RHSD | M] - [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINNT\*.tmp files]
[2009-02-23 17:13:21 | 00,494,080 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009-02-23 09:02:28 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_27c.dat
[2009-02-20 14:33:40 | 00,057,568 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Immagine.jpg
[2009-02-20 10:12:46 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Flash_Disinfector.exe
[2009-02-19 17:43:03 | 00,771,824 | ---- | C] (Rockwell) -- C:\WINNT\System32\dllcache\winacisa.sys
[2009-02-19 17:43:03 | 00,019,728 | ---- | C] (Winbond Electronics Corporation) -- C:\WINNT\System32\dllcache\w840nd.sys
[2009-02-19 17:43:02 | 00,007,568 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\twotrack.sys
[2009-02-19 17:39:41 | 00,176,400 | ---- | C] (Stallion Technologies) -- C:\WINNT\System32\dllcache\stlnprop.dll
[2009-02-19 17:39:40 | 00,421,648 | ---- | C] (Specialix International Ltd.) -- C:\WINNT\System32\dllcache\spxports.dll
[2009-02-19 17:39:40 | 00,281,456 | ---- | C] (Stallion Technologies) -- C:\WINNT\System32\dllcache\stlnata.sys
[2009-02-19 17:39:39 | 00,104,656 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINNT\System32\dllcache\skfpwin.sys
[2009-02-19 17:39:37 | 00,010,288 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\stkmc.sys
[2009-02-19 17:39:36 | 00,028,432 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sma032.dll
[2009-02-19 17:38:14 | 00,025,872 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sm9132.dll
[2009-02-19 17:38:14 | 00,023,824 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sm9032.dll
[2009-02-19 17:38:13 | 00,025,872 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sm8c32.dll
[2009-02-19 17:38:13 | 00,023,824 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sm8d32.dll
[2009-02-19 17:38:13 | 00,023,824 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sm8a32.dll
[2009-02-19 17:38:12 | 00,032,528 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sm8132.dll
[2009-02-19 17:38:12 | 00,032,016 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sm8732.dll
[2009-02-19 17:38:12 | 00,023,824 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sm8932.dll
[2009-02-19 17:38:11 | 00,024,848 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sm5932.dll
[2009-02-19 17:38:11 | 00,013,968 | ---- | C] (Rainbow Technologies Inc.) -- C:\WINNT\System32\dllcache\rnbo3531.sys
[2009-02-19 17:37:58 | 00,044,464 | ---- | C] () -- C:\WINNT\System32\dllcache\otceth5.sys
[2009-02-19 17:37:58 | 00,030,064 | ---- | C] (FORE Systems, Inc.) -- C:\WINNT\System32\dllcache\pca200e.sys
[2009-02-19 17:37:57 | 00,092,080 | ---- | C] (Compaq Computer Corporation) -- C:\WINNT\System32\dllcache\netflx3.sys
[2009-02-19 17:37:57 | 00,030,992 | ---- | C] (NETGEAR Corporation.) -- C:\WINNT\System32\dllcache\ngrpci.sys
[2009-02-19 17:37:55 | 00,026,384 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\msmgr32.dll
[2009-02-19 17:37:55 | 00,012,208 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\msriffwv.sys
[2009-02-19 17:37:55 | 00,008,464 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\mssti.dll
[2009-02-19 17:37:54 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\msf12sp.dll
[2009-02-19 17:37:54 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\msf12cx.dll
[2009-02-19 17:37:54 | 00,005,776 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\msfsio.sys
[2009-02-19 17:37:53 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\msf08sp.dll
[2009-02-19 17:37:53 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\msf06sp.dll
[2009-02-19 17:37:53 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\msf06cz.dll
[2009-02-19 17:37:52 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\msf06cx.dll
[2009-02-19 17:37:49 | 00,023,824 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\miscan32.dll
[2009-02-19 17:37:49 | 00,016,144 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\modemcsa.sys
[2009-02-19 17:37:49 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\mfs12sp.dll
[2009-02-19 17:37:49 | 00,006,928 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\mphase32.dll
[2009-02-19 17:37:48 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\mfs12cx.dll
[2009-02-19 17:37:48 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\mfs08sp.dll
[2009-02-19 17:37:48 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\mfs06sp.dll
[2009-02-19 17:37:47 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\mfs06cz.dll
[2009-02-19 17:37:47 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\mfs06cx.dll
[2009-02-19 17:37:47 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\mf3.dll
[2009-02-19 17:37:46 | 00,019,408 | ---- | C] (Logitech, Inc.) -- C:\WINNT\System32\dllcache\lwusbhid.sys
[2009-02-19 17:37:46 | 00,018,576 | ---- | C] (Logitech, Inc.) -- C:\WINNT\System32\dllcache\lwadihid.sys
[2009-02-19 17:37:45 | 00,091,408 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\lgpusb.dll
[2009-02-19 17:37:45 | 00,036,624 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\lgmntr.dll
[2009-02-19 17:37:45 | 00,032,528 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\lginstsc.dll
[2009-02-19 17:37:44 | 00,010,000 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\lgdeskew.dll
[2009-02-19 17:37:43 | 00,016,144 | ---- | C] (Litronic Industries) -- C:\WINNT\System32\dllcache\lit220p.sys
[2009-02-19 17:37:42 | 00,035,856 | ---- | C] (Level One Communications) -- C:\WINNT\System32\dllcache\jt1nd5.sys
[2009-02-19 17:37:42 | 00,017,168 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\jupi32.dll
[2009-02-19 17:37:37 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\is4x.dll
[2009-02-19 17:37:37 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\is450.dll
[2009-02-19 17:37:37 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\is410.dll
[2009-02-19 17:37:36 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\is01.dll
[2009-02-19 17:37:34 | 00,017,680 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hr132.dll
[2009-02-19 17:37:02 | 00,032,528 | ---- | C] (FORE Systems, Inc.) -- C:\WINNT\System32\dllcache\forehe.sys
[2009-02-19 17:37:01 | 00,039,072 | ---- | C] (Eicon Technology Corporation) -- C:\WINNT\System32\dllcache\ecnb.sys
[2009-02-19 17:37:01 | 00,033,792 | ---- | C] (Eicon Technology Corporation) -- C:\WINNT\System32\dllcache\ecpagex.dll
[2009-02-19 17:37:01 | 00,023,664 | ---- | C] (Eicon Technology Corporation) -- C:\WINNT\System32\dllcache\eclandd.sys
[2009-02-19 17:37:01 | 00,017,856 | ---- | C] (Eicon Technology Corporation) -- C:\WINNT\System32\dllcache\ecwandd.sys
[2009-02-19 17:37:00 | 00,156,496 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\essm2e.sys
[2009-02-19 17:36:59 | 00,008,960 | ---- | C] (Eicon Technology Corporation) -- C:\WINNT\System32\dllcache\ecsnadd.sys
[2009-02-19 17:36:59 | 00,007,648 | ---- | C] (Eicon Technology Corporation) -- C:\WINNT\System32\dllcache\ecvbus.sys
[2009-02-19 17:36:58 | 00,021,680 | ---- | C] (Eicon Technology Corporation) -- C:\WINNT\System32\dllcache\ecpinst.dll
[2009-02-19 17:36:58 | 00,007,744 | ---- | C] (Eicon Technology Corporation) -- C:\WINNT\System32\dllcache\ecdtrace.sys
[2009-02-19 17:36:57 | 00,100,656 | ---- | C] (Eicon Technology Corporation) -- C:\WINNT\System32\dllcache\eccommdd.sys
[2009-02-19 17:36:56 | 00,008,752 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dot4scan.sys
[2009-02-19 17:36:55 | 00,012,688 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dot4prt.sys
[2009-02-19 17:36:53 | 00,044,208 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dot4.sys
[2009-02-19 17:36:45 | 00,013,072 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dspimg32.dll
[2009-02-19 17:36:44 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dr3020.dll
[2009-02-19 17:36:43 | 00,023,216 | ---- | C] (D-Link Corporation) -- C:\WINNT\System32\dllcache\dlh5xnd5.sys
[2009-02-19 17:36:39 | 00,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINNT\System32\dllcache\cb325.sys
[2009-02-19 17:36:39 | 00,031,888 | ---- | C] (BreezeCOM) -- C:\WINNT\System32\dllcache\brzwlan.sys
[2009-02-19 17:36:38 | 00,042,192 | ---- | C] () -- C:\WINNT\System32\dllcache\atibt829.sys
[2009-02-19 17:36:38 | 00,016,976 | ---- | C] () -- C:\WINNT\System32\dllcache\atitvsnd.sys
[2009-02-19 17:36:37 | 00,017,168 | ---- | C] (AmbiCom, Inc.) -- C:\WINNT\System32\dllcache\amb8002.sys
[2009-02-19 17:36:37 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\af450.dll
[2009-02-19 17:36:28 | 00,092,432 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\acq32.dll
[2009-02-19 17:36:28 | 00,038,320 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\8514a.dll
[2009-02-19 17:36:27 | 00,010,928 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\4mmdat.sys
[2009-02-19 17:36:25 | 00,801,072 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\3cpciadi.sys
[2009-02-19 17:36:24 | 00,774,928 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\3cisati.sys
[2009-02-19 17:36:23 | 00,792,176 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\3cisaadi.sys
[2009-02-19 17:36:22 | 00,763,024 | ---- | C] (3Com, Inc.) -- C:\WINNT\System32\dllcache\3cwmcru.sys
[2009-02-19 17:36:22 | 00,022,992 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\15_16wdm.sys
[2009-02-19 17:36:01 | 00,040,752 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\1394bus.sys
[2009-02-19 16:26:26 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009-02-19 16:26:24 | 00,246,544 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\CF26044.exe
[2009-02-19 16:26:24 | 00,246,544 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\CF26041.exe
[2009-02-19 11:41:30 | 00,101,287 | ---- | C] () -- C:\WINNT\System32\drivers\klin.dat
[2009-02-19 11:41:30 | 00,089,601 | ---- | C] () -- C:\WINNT\System32\drivers\klick.dat
[2009-02-19 10:28:00 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_280.dat
[2009-02-19 09:15:56 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2009-02-19 08:59:41 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_294.dat
[2009-02-16 15:40:50 | 00,025,037 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\athena_speech_export.dat
[2009-02-16 14:43:44 | 00,026,560 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ONLINESCANNER.html
[2009-02-16 09:06:17 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_298.dat
[2009-02-13 17:47:36 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009-02-13 10:21:39 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTMoveIt3.exe
[2009-02-13 09:24:26 | 00,001,410 | ---- | C] () -- C:\WINNT\imsins.BAK
[2009-02-12 17:56:43 | 00,000,000 | ---D | C] -- C:\WINNT\temp
[2009-02-12 17:37:52 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2009-02-12 17:37:52 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2009-02-12 17:37:52 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2009-02-12 17:37:52 | 00,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2009-02-12 17:37:52 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINNT\fdsv.exe
[2009-02-12 17:37:52 | 00,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2009-02-12 17:37:52 | 00,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2009-02-12 17:37:52 | 00,049,152 | ---- | C] () -- C:\WINNT\VFIND.exe
[2009-02-12 17:37:52 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2009-02-12 17:37:44 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-02-10 16:39:03 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009-02-04 17:09:36 | 00,083,730 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Schema elettrico.zip
[2009-02-04 11:04:46 | 00,013,824 | ---- | C] () -- G:\Documenti\pc.xls
[2009-02-02 16:33:45 | 00,000,000 | ---D | C] -- C:\Programmi\EsetOnlineScanner
[2009-02-02 16:21:01 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009-02-02 14:12:42 | 00,000,000 | ---D | C] -- C:\Programmi\TVAnts
[2009-01-30 17:14:36 | 47,298,7973 | ---- | C] () -- G:\Documenti\Thunderbird.rar
[2009-01-30 11:11:30 | 00,161,604 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VP2_Quick_Ref_Guide_Rev_A.pdf
[2009-01-29 15:41:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dati applicazioni\WinRAR
[2009-01-29 15:27:54 | 00,000,000 | ---D | C] -- C:\WINNT\ERUNT
[2009-01-29 15:13:04 | 00,000,000 | ---D | C] -- C:\SDFix
[2009-01-29 14:48:00 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avenger.zip
[2009-01-29 14:47:36 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009-01-29 09:32:35 | 41,112,0482 | ---- | C] () -- G:\Documenti\Thunderbird 2.0.0.19 (it) - 2009-01-29.pcv
[2009-01-29 09:16:22 | 00,000,250 | ---- | C] () -- C:\WINNT\gmer.ini
[2009-01-29 09:16:19 | 00,884,736 | ---- | C] () -- C:\WINNT\gmer.dll
[2009-01-29 09:16:19 | 00,811,008 | ---- | C] () -- C:\WINNT\gmer.exe
[2009-01-29 09:16:19 | 00,085,969 | ---- | C] (GMER) -- C:\WINNT\System32\drivers\gmer.sys
[2009-01-29 09:16:19 | 00,000,080 | ---- | C] () -- C:\WINNT\gmer_uninstall.cmd
[2009-01-28 14:23:24 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009-01-27 14:11:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Turbine
[2009-01-27 11:12:25 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINNT\System32\E_DCINST.DLL
[2009-01-27 11:12:24 | 00,000,182 | ---- | C] () -- C:\WINNT\System32\EBPPORT4.DAT

========== Files - Modified Within 30 Days ==========

[1 C:\WINNT\System32\*.tmp files]
[4 C:\WINNT\*.tmp files]
[2009-02-23 17:13:08 | 00,494,080 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009-02-23 16:36:18 | 00,000,345 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GUEST.lnk
[2009-02-23 09:02:28 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_27c.dat
[2009-02-20 14:37:12 | 00,057,568 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Immagine.jpg
[2009-02-20 11:58:00 | 00,893,524 | R--- | M] () -- C:\WINNT\System32\drivers\etc\HOSTS
[2009-02-20 10:11:01 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Flash_Disinfector.exe
[2009-02-19 16:25:52 | 00,246,544 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\CF26044.exe
[2009-02-19 16:25:52 | 00,246,544 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\CF26041.exe
[2009-02-19 15:55:55 | 00,230,032 | ---- | M] (Kaspersky Lab) -- C:\WINNT\System32\drivers\klif.sys
[2009-02-19 15:55:55 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINNT\System32\drivers\klbg.sys
[2009-02-19 15:55:53 | 00,101,287 | ---- | M] () -- C:\WINNT\System32\drivers\klin.dat
[2009-02-19 15:55:53 | 00,089,601 | ---- | M] () -- C:\WINNT\System32\drivers\klick.dat
[2009-02-19 15:13:20 | 00,000,069 | ---- | M] () -- C:\WINNT\NeroDigital.ini
[2009-02-19 15:12:44 | 00,000,377 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\eMule Incoming.lnk
[2009-02-19 10:28:00 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_280.dat
[2009-02-19 08:59:41 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_294.dat
[2009-02-16 15:40:50 | 00,025,037 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\athena_speech_export.dat
[2009-02-16 14:43:45 | 00,026,560 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ONLINESCANNER.html
[2009-02-16 09:06:17 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_298.dat
[2009-02-16 09:05:46 | 00,259,048 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2009-02-13 17:48:19 | 00,001,461 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009-02-13 10:21:43 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTMoveIt3.exe
[2009-02-13 09:26:35 | 00,001,410 | ---- | M] () -- C:\WINNT\imsins.BAK
[2009-02-12 17:48:51 | 00,000,227 | ---- | M] () -- C:\WINNT\system.ini
[2009-02-12 17:38:16 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2009-02-12 16:36:36 | 00,000,565 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009-02-12 14:08:18 | 00,001,744 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2009-02-11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2009-02-11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2009-02-11 01:29:44 | 00,610,711 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20090220-115800.backup
[2009-02-04 17:06:33 | 00,083,730 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Schema elettrico.zip
[2009-02-04 11:04:46 | 00,013,824 | ---- | M] () -- G:\Documenti\pc.xls
[2009-01-30 17:31:58 | 47,298,7973 | ---- | M] () -- G:\Documenti\Thunderbird.rar
[2009-01-30 11:11:32 | 00,161,604 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VP2_Quick_Ref_Guide_Rev_A.pdf
[2009-01-29 14:48:09 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avenger.zip
[2009-01-29 09:36:45 | 41,112,0482 | ---- | M] () -- G:\Documenti\Thunderbird 2.0.0.19 (it) - 2009-01-29.pcv
[2009-01-29 09:17:55 | 00,000,250 | ---- | M] () -- C:\WINNT\gmer.ini
[2009-01-29 09:16:19 | 00,884,736 | ---- | M] () -- C:\WINNT\gmer.dll
[2009-01-29 09:16:19 | 00,085,969 | ---- | M] (GMER) -- C:\WINNT\System32\drivers\gmer.sys
[2009-01-29 09:16:19 | 00,000,080 | ---- | M] () -- C:\WINNT\gmer_uninstall.cmd
[2009-01-28 14:10:05 | 00,001,451 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009-01-27 10:18:57 | 00,060,680 | ---- | M] () -- C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
< End of report >
Flegias
Regular Member
 
Posts: 28
Joined: February 3rd, 2009, 6:38 am

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby Flegias » February 23rd, 2009, 12:30 pm

OTListIt Extras logfile created on: 2009-02-23 17:13:46 - Run
OTListIt2 by OldTimer - Version 2.0.1.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: yyyy-MM-dd

511.42 Mb Total Physical Memory | 136.67 Mb Available Physical Memory | 26.72% Memory free
1.21 Gb Paging File | 0.89 Gb Available in Paging File | 73.28% Paging File free
Paging file location(s): G:\pagefile.sys 766 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Programmi
Drive C: | 9.50 Gb Total Space | 2.78 Gb Free Space | 29.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.04 Gb Total Space | 78.12 Gb Free Space | 52.41% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-MIGLIORI
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010410-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{373CDA0D-A5B1-4BCB-8E74-C6337DC4A259}" = Microsoft .NET Framework 2.0 Language Pack - ITA
"{3C819ADC-4E02-11D6-9552-0008C73ADDFE}" = SISLabel
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{49935EAC-4121-43E2-8FFA-E6F38F8FBE98}" = FLIR FireWire Video Driver V2
"{515B6FE8-7428-48D5-A39B-3E64A0BCCABE}" = hppscanM1522
"{5491307B-D2EB-442B-A420-280A3BCF51DF}" = VOIP080
"{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{6F716DA2-398F-11D3-85E1-005004838609}" = WebFldrs
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87C67C49-C2C3-4BD0-B377-C6978BFFCB72}" = SPAC Automazione CAD 2009 (g:\Programmi\SPAC Automazione CAD 2009) (IT)
"{8814711D-2550-4481-B794-16FEA8E6F45D}" = ThermaCAM QuickReport English Language Pack
"{8A105DBF-02B7-4144-BC5E-A0C1657F3E3B}" = SPAC Automazione CAD 2009
"{8E006790-D4DD-4420-80D5-1983ADBB46A8}" = SPAC Automazione CAD 2008
"{8E4C09BF-FAC5-47E0-B9A6-5FF9577F852E}" = SPAC View
"{96BEDBDA-EB5C-499F-8AFC-1AC00FC2E0F8}" = ThermaCAM QuickReport
"{9A57B8BC-F022-4C7A-A01C-E7C980354034}" = ThermaCAM QuickView 2
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1040-7B44-A90000000001}" = Adobe Reader 9 - Italiano
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B00690AD-B4F5-4730-9110-5C495B89E647}" = Scan
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{C8A37F1F-E13B-48ae-93F8-4669264969F9}" = HP LaserJet M1522 MFP Series 4.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Software Kodak EasyShare
"{DA597CCD-0421-413A-8B16-670EA615F468}" = SPAC Automazione 2008 (C:\Programmi\SPAC Automazione CAD 2008) (IT)
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DD23CAA4-8872-4B95-B263-EA46FD82CF19}" = LaserAIO
"{E24198F4-EC1F-409D-A499-95D44450B0F8}" = FLIR Systems Device Drivers
"{E6CB18CD-04EF-4C6A-A5F3-5F49E7332895}" = O&O Defrag Professional Edition
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
"{F651FA4D-2AA0-440B-B0EB-2FB77CCC54D5}" = FLIR USB Network Driver V2
"{F99F74B4-972B-4B06-B893-6B3B0DB0128B}" = ACDSee Pro
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"1A54C006DF667EACD5B48AAE3C0FF034A35958E2" = Pacchetto driver Windows - FLIR Systems (FLIRUSBRNDIS) Net (01/01/2005 1.0.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AutoPlay Media Studio 6.0" = AutoPlay Media Studio 6.0
"AutoPlay Media Studio 6.0 Mega Content Pack1.0" = AutoPlay Media Studio 6.0 Mega Content Pack
"CCleaner" = CCleaner (remove only)
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"eMule" = eMule
"EPSON Printer and Utilities" = Software per stampante EPSON
"EsetOnlineScanner" = ESET Online Scanner
"EvilLyrics" = EvilLyrics
"FreePortScanner_is1" = FreePortScanner 2.7
"HijackThis" = HijackThis 2.0.2
"hp LaserJet-all-in-one" = hp LaserJet-all-in-one
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"IE40" = Microsoft Internet Explorer 6 SP1
"InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"InstallWIX_{75193929-9A52-4CA4-98DE-8C7296940920}" = Kaspersky Anti-Virus 6.0
"Look@LAN_1.0" = Look@LAN 2.50 Build 35
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - ITA" = Microsoft .NET Framework 2.0 - Language Pack (italiano)
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"Mozilla Thunderbird (2.0.0.19)" = Mozilla Thunderbird (2.0.0.19)
"Nero8Lite_is1" = Nero 8 Lite 8.3.6.0
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"OrderReminder hp LaserJet 3015/3020/3030/3380" = OrderReminder hp LaserJet 3015/3020/3030/3380
"Q828026" = Aggiornamento rapido di Windows Media Player [Per ulteriori informazioni vedere Q828026]
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Skype_is1" = Skype 3.1
"SPAC Automazione CAD 2008" = SPAC Automazione CAD 2008
"SPAC Automazione CAD 2008 SP1" = SPAC Automazione CAD 2008 SP1
"SPAC Automazione CAD 2009" = SPAC Automazione CAD 2009
"SPAC Automazione CAD 2009 SP1" = SPAC Automazione CAD 2009 SP1
"TomTom HOME" = TomTom HOME 2.5.1.36
"Trivial Pursuit(TM) Genus Edition Deluxe" = Trivial Pursuit(TM) Genus Edition Deluxe
"TVAnts 1.0" = TVAnts 1.0
"Update Rollup 1" = Aggiornamento cumulativo 1 per Windows 2000 SP4
"VLC media player" = VideoLAN VLC media player 0.8.6b
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp (remove only)
"WinRAR archiver" = WinRAR archiver
"WMP7" = Aggiornamento del sistema Windows Media Player (9 Series)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-02-20 04:05:03 | Computer Name = PC-MIGLIORI | Source = Perflib | ID = 1015
Description = L'intervallo di timeout per il completamento della funzione di raccolta
dati delle prestazioni "PerfProc" nella libreria "C:\WINNT\system32\perfproc.dll"
è scaduto. Problema del contatore flessibile o del servizio del quale si stanno
raccogliendo i dati, o sistema troppo occupato al momento della chiamata.

Error - 2009-02-20 05:17:50 | Computer Name = PC-MIGLIORI | Source = Userenv | ID = 1000
Description = Impossibile scaricare il file del Registro di sistema. Se si dispone
di un profilo di roaming, le impostazioni non vengono replicate. Rivolgersi all'amministratore.
DETTAGLI - Accesso negato. , Build numero ((2195)).

Error - 2009-02-20 05:20:45 | Computer Name = PC-MIGLIORI | Source = Perflib | ID = 2002
Description = Il completamento della procedura di apertura del servizio ".NET CLR
Data" nella DLL "C:\WINNT\system32\netfxperf.dll" è durata più del tempo d'attesa
stabilito. Problema del contatore flessibile o del servizio del quale si stanno
raccogliendo i dati, o sistema troppo occupato al momento della chiamata.

Error - 2009-02-20 05:21:18 | Computer Name = PC-MIGLIORI | Source = Perflib | ID = 2002
Description = Il completamento della procedura di apertura del servizio "PerfDisk"
nella DLL "C:\WINNT\system32\perfdisk.dll" è durata più del tempo d'attesa stabilito.
Problema del contatore flessibile o del servizio del quale si stanno raccogliendo
i dati, o sistema troppo occupato al momento della chiamata.

Error - 2009-02-20 05:22:45 | Computer Name = PC-MIGLIORI | Source = Perflib | ID = 1015
Description = L'intervallo di timeout per il completamento della funzione di raccolta
dati delle prestazioni "PerfProc" nella libreria "C:\WINNT\system32\perfproc.dll"
è scaduto. Problema del contatore flessibile o del servizio del quale si stanno
raccogliendo i dati, o sistema troppo occupato al momento della chiamata.

Error - 2009-02-20 13:06:38 | Computer Name = PC-MIGLIORI | Source = Userenv | ID = 1000
Description = Impossibile scaricare il file del Registro di sistema. Se si dispone
di un profilo di roaming, le impostazioni non vengono replicate. Rivolgersi all'amministratore.
DETTAGLI - Accesso negato. , Build numero ((2195)).

Error - 2009-02-23 04:02:41 | Computer Name = PC-MIGLIORI | Source = Perflib | ID = 2002
Description = Il completamento della procedura di apertura del servizio ".NET CLR
Data" nella DLL "C:\WINNT\system32\netfxperf.dll" è durata più del tempo d'attesa
stabilito. Problema del contatore flessibile o del servizio del quale si stanno
raccogliendo i dati, o sistema troppo occupato al momento della chiamata.

Error - 2009-02-23 04:03:18 | Computer Name = PC-MIGLIORI | Source = Perflib | ID = 2002
Description = Il completamento della procedura di apertura del servizio "PerfDisk"
nella DLL "C:\WINNT\system32\perfdisk.dll" è durata più del tempo d'attesa stabilito.
Problema del contatore flessibile o del servizio del quale si stanno raccogliendo
i dati, o sistema troppo occupato al momento della chiamata.

Error - 2009-02-23 04:04:52 | Computer Name = PC-MIGLIORI | Source = Perflib | ID = 1015
Description = L'intervallo di timeout per il completamento della funzione di raccolta
dati delle prestazioni "PerfProc" nella libreria "C:\WINNT\system32\perfproc.dll"
è scaduto. Problema del contatore flessibile o del servizio del quale si stanno
raccogliendo i dati, o sistema troppo occupato al momento della chiamata.

Error - 2009-02-23 04:05:48 | Computer Name = PC-MIGLIORI | Source = Perflib | ID = 1015
Description = L'intervallo di timeout per il completamento della funzione di raccolta
dati delle prestazioni "PerfProc" nella libreria "C:\WINNT\system32\perfproc.dll"
è scaduto. Problema del contatore flessibile o del servizio del quale si stanno
raccogliendo i dati, o sistema troppo occupato al momento della chiamata.

[ System Events ]
Error - 2009-02-20 05:20:22 | Computer Name = PC-MIGLIORI | Source = Dhcp | ID = 1002
Description = Il lease 192.168.1.128 dell'indirizzo IP della scheda di rete con
indirizzo 001349AA12F3 è stato negato dal server DHCP 0.0.0.0. Il server DHCP ha
inviato un messaggio DHCPNACK.

Error - 2009-02-20 05:20:29 | Computer Name = PC-MIGLIORI | Source = Service Control Manager | ID = 7000
Description = Il servizio Eutron-Emu non è stato avviato per il seguente errore:
%%2

Error - 2009-02-20 05:20:44 | Computer Name = PC-MIGLIORI | Source = Service Control Manager | ID = 7000
Description = Il servizio Utilità di pianificazione non è stato avviato per il seguente
errore: %%1083

Error - 2009-02-20 05:22:34 | Computer Name = PC-MIGLIORI | Source = Service Control Manager | ID = 7026
Description = All'avvio non è stato possibile caricare i seguenti driver: kl1

Error - 2009-02-23 04:02:17 | Computer Name = PC-MIGLIORI | Source = Dhcp | ID = 1002
Description = Il lease 192.168.1.128 dell'indirizzo IP della scheda di rete con
indirizzo 001349AA12F3 è stato negato dal server DHCP 0.0.0.0. Il server DHCP ha
inviato un messaggio DHCPNACK.

Error - 2009-02-23 04:02:24 | Computer Name = PC-MIGLIORI | Source = Service Control Manager | ID = 7000
Description = Il servizio Eutron-Emu non è stato avviato per il seguente errore:
%%2

Error - 2009-02-23 04:02:40 | Computer Name = PC-MIGLIORI | Source = Service Control Manager | ID = 7000
Description = Il servizio Utilità di pianificazione non è stato avviato per il seguente
errore: %%1083

Error - 2009-02-23 04:04:38 | Computer Name = PC-MIGLIORI | Source = Service Control Manager | ID = 7026
Description = All'avvio non è stato possibile caricare i seguenti driver: kl1

Error - 2009-02-23 10:18:24 | Computer Name = PC-MIGLIORI | Source = Removable Storage Service | ID = 262255
Description = Impossibile caricare il supporto nell'unità Unità 0 della libreria
Sony Storage Media USB Device.

Error - 2009-02-23 11:00:22 | Computer Name = PC-MIGLIORI | Source = Removable Storage Service | ID = 262255
Description = Impossibile caricare il supporto nell'unità Unità 0 della libreria
Sony Storage Media USB Device.


< End of report >
Flegias
Regular Member
 
Posts: 28
Joined: February 3rd, 2009, 6:38 am

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby peku006 » February 23rd, 2009, 1:16 pm

Hi Flegias

plug in your pendrive
Now scan your USB drive with the mbam
Run full scan with it and post back its report.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby Flegias » February 24th, 2009, 5:44 am

Hello peku006,

I run the full scan of Malwarebytes' Anti Malware and the pendrive was connected as I:\

I temorarily disabled KAV to leave the file infected in the drive but,

This is the log:

Malwarebytes' Anti-Malware 1.34
Versione del database: 1798
Windows 5.0.2195 Service Pack 4

2009-02-24 10:38:39
mbam-log-2009-02-24 (10-38-39).txt

Tipo di scansione: Scansione completa (A:\|C:\|D:\|E:\|F:\|G:\|I:\|)
Elementi scansionati: 111893
Tempo trascorso: 1 hour(s), 9 minute(s), 40 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
Flegias
Regular Member
 
Posts: 28
Joined: February 3rd, 2009, 6:38 am

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby peku006 » February 24th, 2009, 6:48 am

Hi Flegias

1 - Download and Run F-Downadup
Please visit this webpage for download links, and instructions for running the tool:
http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml

2 - Scan With ComboFix

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable Anti-virus

Please include the C:\ComboFix.txt in your next reply for further review.

2 - Status Check
Please reply with

1. the ComboFix log(C:\ComboFix.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby Flegias » February 24th, 2009, 7:34 am

Hello peku006,

I run F-Downadup with the disinfect option enabled. The readme.txt says that the tool include the scanning of root folders of removable (USB) and network drives, but I don't know if the pendrive was scanned and looking at the log I don't think so.


Looking at the combofix log I still see c:\winnt\system32\seszv.dll and KAV still detect it.

C:\Documents and Settings\Administrator\Desktop>f-downadup.exe --disinfect
F-Secure Malware Removal Tool, version 8.00.15030
Copyright (c) 2005-2009, F-Secure Corporation. All rights reserved.
Please see accompanied readme.txt for usage and copyright information
F-Secure Anti-Virus product installation: (none)

Start scanning
C:\ is clean
C:\DOCUMENTS AND SETTINGS is clean
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP is clean
C:\DOCUMENTS AND SETTINGS\ALL USERS is clean
C:\DOCUMENTS AND SETTINGS\ALL USERS\DATI APPLICAZIONI\ZYLOM\ZYLOMGAMESPL
AYER is clean
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\MENU AVVIO\PROGRAMMI\ESECUZIONE A
UTOMATICA is clean
C:\PROGRAM FILES\MICROSOFT WINDOWS SCRIPT\WINDOWS SCRIPT CONTROL is clea
n
C:\PROGRAMMI is clean
C:\PROGRAMMI\ACD SYSTEMS\ACDSEE\8.0.PRO is clean
C:\PROGRAMMI\ADOBE is clean
C:\PROGRAMMI\ADOBE\READER 9.0\READER is clean
C:\PROGRAMMI\ADOBE\READER 9.0\READER\PLUG_INS is clean
C:\PROGRAMMI\ANALOG DEVICES\SOUNDMAX is clean
C:\PROGRAMMI\ANALOG DEVICES\SOUNDMAX is clean
C:\PROGRAMMI\AUTOPLAY MEDIA STUDIO 6.0 is clean
C:\PROGRAMMI\AUTOPLAY MEDIA STUDIO 6.0\TOOLS is clean
C:\PROGRAMMI\AUTOPLAY MEDIA STUDIO 6.0\TOOLS is clean
C:\PROGRAMMI\CCLEANER is clean
C:\PROGRAMMI\COMMON FILES is clean
C:\PROGRAMMI\COMMON FILES is clean
C:\PROGRAMMI\COMMON FILES is clean

Start scanning System
Scanning complete:
No infections found and removed

Here's the combofix log:

ComboFix 09-02-21.01 - Administrator 2009-02-24 11:26:41.4 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1040.18.511.271 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-01-24 to 2009-02-24 )))))))))))))))))))))))))))))))
.

2009-02-19 17:43 . 99-09-25 07:55 771,824 --a--c--- c:\winnt\system32\dllcache\winacisa.sys
2009-02-19 17:43 . 99-10-20 22:49 28,432 --a--c--- c:\winnt\system32\dllcache\tos4mo.sys
2009-02-19 17:43 . 99-10-20 21:51 19,728 --a--c--- c:\winnt\system32\dllcache\w840nd.sys
2009-02-19 17:43 . 99-09-25 18:34 7,568 --a--c--- c:\winnt\system32\dllcache\twotrack.sys
2009-02-19 17:39 . 99-12-22 22:59 421,648 --a--c--- c:\winnt\system32\dllcache\spxports.dll
2009-02-19 17:39 . 99-12-22 22:12 281,456 --a--c--- c:\winnt\system32\dllcache\stlnata.sys
2009-02-19 17:39 . 99-12-22 22:59 188,688 --a--c--- c:\winnt\system32\dllcache\sisv256.dll
2009-02-19 17:39 . 99-12-22 22:59 179,792 --a--c--- c:\winnt\system32\dllcache\sis6306v.dll
2009-02-19 17:39 . 99-12-22 22:59 176,400 --a--c--- c:\winnt\system32\dllcache\stlnprop.dll
2009-02-19 17:39 . 03-06-19 12:05 104,656 --a--c--- c:\winnt\system32\dllcache\skfpwin.sys
2009-02-19 17:39 . 99-09-28 04:02 71,280 --a--c--- c:\winnt\system32\dllcache\sis6306p.sys
2009-02-19 17:39 . 99-09-28 04:02 49,904 --a--c--- c:\winnt\system32\dllcache\sisv.sys
2009-02-19 17:39 . 99-12-22 22:59 28,432 --a--c--- c:\winnt\system32\dllcache\sma032.dll
2009-02-19 17:39 . 99-09-25 03:17 17,712 --a--c--- c:\winnt\system32\dllcache\tsbmce.sys
2009-02-19 17:39 . 03-06-19 12:05 10,288 --a--c--- c:\winnt\system32\dllcache\stkmc.sys
2009-02-19 17:38 . 99-12-22 22:59 32,528 --a--c--- c:\winnt\system32\dllcache\sm8132.dll
2009-02-19 17:38 . 99-12-22 22:59 32,016 --a--c--- c:\winnt\system32\dllcache\sm8732.dll
2009-02-19 17:38 . 99-12-22 22:59 25,872 --a--c--- c:\winnt\system32\dllcache\sm9132.dll
2009-02-19 17:38 . 99-12-22 22:59 25,872 --a--c--- c:\winnt\system32\dllcache\sm8c32.dll
2009-02-19 17:38 . 99-12-22 22:59 24,848 --a--c--- c:\winnt\system32\dllcache\sm5932.dll
2009-02-19 17:38 . 99-12-22 22:59 23,824 --a--c--- c:\winnt\system32\dllcache\sm9032.dll
2009-02-19 17:38 . 99-12-22 22:59 23,824 --a--c--- c:\winnt\system32\dllcache\sm8d32.dll
2009-02-19 17:38 . 99-12-22 22:59 23,824 --a--c--- c:\winnt\system32\dllcache\sm8a32.dll
2009-02-19 17:38 . 99-12-22 22:59 23,824 --a--c--- c:\winnt\system32\dllcache\sm8932.dll
2009-02-19 17:38 . 99-09-25 03:17 18,704 --a--c--- c:\winnt\system32\dllcache\rtl8029.sys
2009-02-19 17:38 . 99-12-22 22:10 13,968 --a--c--- c:\winnt\system32\dllcache\rnbo3531.sys
2009-02-19 17:36 . 99-11-02 00:42 801,072 --a--c--- c:\winnt\system32\dllcache\3cpciadi.sys
2009-02-19 11:41 . 09-02-19 15:55 101,287 --a------ c:\winnt\system32\drivers\klin.dat
2009-02-19 11:41 . 09-02-19 15:55 89,601 --a------ c:\winnt\system32\drivers\klick.dat
2009-02-19 10:28 . 09-02-19 10:28 16,384 --a----t- c:\winnt\system32\Perflib_Perfdata_280.dat
2009-02-19 09:15 . 09-02-19 09:15 <DIR> d-------- C:\fsaua.data
2009-02-13 17:42 . 09-02-13 17:42 410,984 --a------ c:\winnt\system32\deploytk.dll
2009-02-13 09:24 . 09-02-13 09:26 1,410 --a------ c:\winnt\imsins.BAK
2009-02-10 16:39 . 09-02-10 16:39 <DIR> d-------- C:\Lop SD
2009-02-02 16:33 . 09-02-19 13:00 <DIR> d-------- c:\programmi\EsetOnlineScanner
2009-02-02 16:21 . 09-02-02 16:21 <DIR> d-------- C:\_OTMoveIt
2009-02-02 14:12 . 09-02-02 16:15 <DIR> d-------- c:\programmi\TVAnts
2009-01-29 15:27 . 09-01-29 15:28 <DIR> d-------- c:\winnt\ERUNT
2009-01-29 15:13 . 09-01-29 15:53 <DIR> d-------- C:\SDFix
2009-01-29 14:47 . 09-01-29 16:30 <DIR> d-------- C:\Rooter$
2009-01-29 09:16 . 09-01-29 09:17 250 --a------ c:\winnt\gmer.ini
2009-01-27 11:12 . 03-07-16 14:14 31,744 --a------ c:\winnt\system32\E_DCINST.DLL
2009-01-27 11:12 . 01-09-04 03:04 182 --a------ c:\winnt\system32\EBPPORT4.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 10:36 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-02-24 08:37 --------- d-----w c:\programmi\Mozilla Thunderbird
2009-02-20 13:10 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-02-20 10:22 --------- d-----w c:\programmi\Spybot - Search & Destroy
2009-02-19 14:55 33,808 ----a-w c:\winnt\system32\drivers\klbg.sys
2009-02-13 16:41 --------- d-----w c:\programmi\Java
2009-02-12 13:55 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-02-11 09:19 38,496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\winnt\system32\drivers\mbam.sys
2009-02-09 08:24 --------- d-----w c:\programmi\Look@LAN
2009-01-30 16:14 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Thunderbird
2009-01-29 14:08 --------- d-----w c:\programmi\MessengerPlus! 3
2009-01-29 10:23 --------- d-----w c:\programmi\EvilLyrics
2009-01-27 10:17 --------- d-----w c:\programmi\EPSON Print CD
2009-01-21 11:29 --------- d-----w c:\programmi\CCleaner
2009-01-19 11:06 --------- d-----w c:\programmi\Nsasoft
2009-01-16 09:46 --------- d-----w c:\programmi\Mplayerc
2009-01-12 11:05 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Media Player Classic
2009-01-09 11:25 --------- d-----w c:\programmi\File comuni\Real
2009-01-09 11:24 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-09 11:24 --------- d-----w c:\programmi\Mozilla Sunbird
2009-01-09 11:24 --------- d-----w c:\programmi\File comuni\FLIR Systems
2009-01-09 11:24 --------- d-----w c:\programmi\EPSON
2009-01-09 09:09 --------- d-----w c:\programmi\OO Software
2009-01-08 16:43 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\SDProget
2009-01-08 16:43 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\SDProget
2009-01-08 10:05 720,896 ----a-w c:\winnt\iun6002.exe
2008-04-10 13:24 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2007-01-05 10:26 271 ---h--w c:\programmi\desktop.ini
2007-01-05 10:26 22,075 ---h--w c:\programmi\folder.htt
2007-07-26 23:06 479,232 ----a-w c:\programmi\mozilla firefox\plugins\msvcm80.dll
2007-07-26 23:06 548,864 ----a-w c:\programmi\mozilla firefox\plugins\msvcp80.dll
2007-07-26 23:06 626,688 ----a-w c:\programmi\mozilla firefox\plugins\msvcr80.dll
2006-06-21 06:52 171,926 --sha-r c:\winnt\system32\seszv.dll
.

((((((((((((((((((((((((((((( SnapShot@gio 2009-02-12_17.52.55.64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-08 13:38:44 290,816 ----a-w c:\winnt\Downloaded Program Files\auc_lib.dll
+ 2008-01-11 13:45:50 495,616 ----a-w c:\winnt\Downloaded Program Files\daas_s.dll
+ 2008-01-25 14:19:20 262,144 ----a-w c:\winnt\Downloaded Program Files\fscax.dll
+ 2008-01-25 14:11:06 588,392 ----a-w c:\winnt\Downloaded Program Files\gatelauncher.exe
- 2006-06-21 06:52:54 743,696 -c--a-w c:\winnt\Driver Cache\i386\kernel32.dll
+ 2007-04-16 12:44:39 743,696 ----a-w c:\winnt\Driver Cache\i386\kernel32.dll
- 2006-09-13 06:32:20 1,867,904 -c--a-w c:\winnt\Driver Cache\i386\ntkrnlmp.exe
+ 2007-03-06 04:04:01 1,867,968 ----a-w c:\winnt\Driver Cache\i386\ntkrnlmp.exe
- 2006-09-13 06:32:21 1,867,008 -c--a-w c:\winnt\Driver Cache\i386\ntkrnlpa.exe
+ 2007-03-06 04:04:02 1,867,008 ----a-w c:\winnt\Driver Cache\i386\ntkrnlpa.exe
- 2006-09-13 06:32:21 1,889,280 -c--a-w c:\winnt\Driver Cache\i386\ntkrpamp.exe
+ 2007-03-06 04:04:02 1,889,280 ----a-w c:\winnt\Driver Cache\i386\ntkrpamp.exe
- 2006-09-13 06:32:21 1,844,352 -c--a-w c:\winnt\Driver Cache\i386\ntoskrnl.exe
+ 2007-03-06 04:04:02 1,844,352 ----a-w c:\winnt\Driver Cache\i386\ntoskrnl.exe
- 2005-10-07 06:17:49 1,638,768 -c----w c:\winnt\Driver Cache\i386\win32k.sys
+ 2007-03-06 11:15:14 1,642,032 ------w c:\winnt\Driver Cache\i386\win32k.sys
- 2005-09-23 11:04:12 245,520 -c--a-w c:\winnt\Driver Cache\i386\winsrv.dll
+ 2007-03-13 09:45:26 246,032 ----a-w c:\winnt\Driver Cache\i386\winsrv.dll
+ 2003-06-19 11:05:04 40,752 -c--a-w c:\winnt\system32\dllcache\1394bus.sys
+ 1999-10-07 22:29:12 22,992 -c--a-w c:\winnt\system32\dllcache\15_16wdm.sys
+ 1999-09-25 06:55:14 792,176 -c--a-w c:\winnt\system32\dllcache\3cisaadi.sys
+ 1999-09-25 06:55:14 774,928 -c--a-w c:\winnt\system32\dllcache\3cisati.sys
+ 1999-09-25 06:55:14 763,024 -c--a-w c:\winnt\system32\dllcache\3cwmcru.sys
+ 2003-06-19 11:05:04 10,928 -c--a-w c:\winnt\system32\dllcache\4mmdat.sys
+ 1999-12-22 21:57:56 38,320 -c--a-w c:\winnt\system32\dllcache\8514a.dll
+ 1999-12-22 21:57:56 92,432 -c--a-w c:\winnt\system32\dllcache\acq32.dll
+ 2003-06-19 11:05:04 53,008 -c--a-w c:\winnt\system32\dllcache\adrot.dll
+ 1999-12-22 21:55:44 7,440 -c--a-w c:\winnt\system32\dllcache\af450.dll
+ 1999-09-25 02:16:56 17,168 -c--a-w c:\winnt\system32\dllcache\amb8002.sys
+ 1999-10-21 22:09:46 42,192 -c--a-w c:\winnt\system32\dllcache\atibt829.sys
+ 1999-10-21 22:09:46 16,976 -c--a-w c:\winnt\system32\dllcache\atitvsnd.sys
+ 1999-10-12 22:35:48 31,888 -c--a-w c:\winnt\system32\dllcache\brzwlan.sys
+ 1999-09-30 22:03:56 39,680 -c--a-w c:\winnt\system32\dllcache\cb325.sys
+ 2003-06-19 11:05:04 36,112 -c--a-w c:\winnt\system32\dllcache\controt.dll
+ 1999-12-22 21:58:18 107,792 -c--a-w c:\winnt\system32\dllcache\digidbp.dll
+ 1999-12-22 21:58:18 203,536 -c--a-w c:\winnt\system32\dllcache\digifwrk.dll
+ 1999-12-22 21:58:18 61,712 -c--a-w c:\winnt\system32\dllcache\digihlc.dll
+ 1999-12-22 21:58:18 53,008 -c--a-w c:\winnt\system32\dllcache\digiinf.dll
+ 1999-12-22 21:58:18 27,408 -c--a-w c:\winnt\system32\dllcache\digiisdn.dll
+ 1999-12-22 21:59:42 605,968 -c--a-w c:\winnt\system32\dllcache\digiview.exe
+ 1999-09-25 02:17:00 23,216 -c--a-w c:\winnt\system32\dllcache\dlh5xnd5.sys
+ 2003-06-19 11:05:04 44,208 -c--a-w c:\winnt\system32\dllcache\dot4.sys
+ 2003-06-19 11:05:04 12,688 -c--a-w c:\winnt\system32\dllcache\dot4prt.sys
+ 1999-09-25 17:34:46 8,752 -c--a-w c:\winnt\system32\dllcache\dot4scan.sys
+ 1999-12-22 21:56:08 7,440 -c--a-w c:\winnt\system32\dllcache\dr3020.dll
+ 1999-12-22 21:56:10 13,072 -c--a-w c:\winnt\system32\dllcache\dspimg32.dll
+ 1999-10-14 23:57:22 19,824 -c--a-w c:\winnt\system32\dllcache\e100isa4.sys
+ 1999-09-30 22:03:46 51,472 -c--a-w c:\winnt\system32\dllcache\e100snt5.sys
+ 1999-12-22 20:54:30 100,656 -c--a-w c:\winnt\system32\dllcache\eccommdd.sys
+ 1999-12-22 20:54:30 7,744 -c--a-w c:\winnt\system32\dllcache\ecdtrace.sys
+ 1999-10-01 04:28:02 23,664 -c--a-w c:\winnt\system32\dllcache\eclandd.sys
+ 1999-12-22 20:54:30 39,072 -c--a-w c:\winnt\system32\dllcache\ecnb.sys
+ 1999-12-22 21:56:12 33,792 -c--a-w c:\winnt\system32\dllcache\ecpagex.dll
+ 1999-12-22 21:58:24 21,680 -c--a-w c:\winnt\system32\dllcache\ecpinst.dll
+ 1999-10-01 04:28:02 8,960 -c--a-w c:\winnt\system32\dllcache\ecsnadd.sys
+ 1999-10-01 04:28:02 7,648 -c--a-w c:\winnt\system32\dllcache\ecvbus.sys
+ 1999-10-01 04:28:02 17,856 -c--a-w c:\winnt\system32\dllcache\ecwandd.sys
+ 1999-12-22 20:54:40 46,352 -c--a-w c:\winnt\system32\dllcache\el515.sys
+ 1999-11-05 22:55:46 156,496 -c--a-w c:\winnt\system32\dllcache\essm2e.sys
+ 1999-11-05 22:19:34 32,528 -c--a-w c:\winnt\system32\dllcache\forehe.sys
- 2005-12-30 16:16:30 233,744 -c--a-w c:\winnt\system32\dllcache\GDI32.DLL
+ 2007-03-06 11:18:21 235,280 -c--a-w c:\winnt\system32\dllcache\GDI32.DLL
+ 1999-12-22 21:58:28 17,680 -c--a-w c:\winnt\system32\dllcache\hr132.dll
+ 1999-10-04 20:56:00 28,944 -c--a-w c:\winnt\system32\dllcache\ibmexmp.sys
+ 1999-12-22 21:56:26 8,704 -c--a-w c:\winnt\system32\dllcache\ibmsgnet.dll
+ 1999-10-08 21:06:40 100,112 -c--a-w c:\winnt\system32\dllcache\ibmtok.sys
+ 2003-06-19 11:05:04 104,720 -c--a-w c:\winnt\system32\dllcache\ibmtrp.sys
+ 2003-06-19 11:05:04 140,016 -c--a-w c:\winnt\system32\dllcache\icam3.sys
+ 1999-12-22 21:58:32 27,920 -c--a-w c:\winnt\system32\dllcache\icam3ext.dll
- 1999-12-23 00:00:00 60,688 -c--a-w c:\winnt\system32\dllcache\iexplore.exe
+ 2002-08-30 18:28:48 91,136 -c--a-w c:\winnt\system32\dllcache\iexplore.exe
+ 1999-12-22 21:56:34 7,440 -c--a-w c:\winnt\system32\dllcache\is01.dll
+ 1999-12-22 21:56:34 7,440 -c--a-w c:\winnt\system32\dllcache\is410.dll
+ 1999-12-22 21:56:34 7,440 -c--a-w c:\winnt\system32\dllcache\is450.dll
+ 1999-12-22 21:56:34 7,440 -c--a-w c:\winnt\system32\dllcache\is4x.dll
+ 1999-09-25 02:17:08 35,856 -c--a-w c:\winnt\system32\dllcache\jt1nd5.sys
+ 1999-12-22 21:58:40 17,168 -c--a-w c:\winnt\system32\dllcache\jupi32.dll
- 2006-06-21 06:52:54 743,696 -c----w c:\winnt\system32\dllcache\kernel32.dll
+ 2007-04-16 12:44:39 743,696 -c----w c:\winnt\system32\dllcache\kernel32.dll
+ 1999-12-22 21:58:42 10,000 -c--a-w c:\winnt\system32\dllcache\lgdeskew.dll
+ 1999-12-22 21:56:38 32,528 -c--a-w c:\winnt\system32\dllcache\lginstsc.dll
+ 1999-12-22 21:56:38 36,624 -c--a-w c:\winnt\system32\dllcache\lgmntr.dll
+ 1999-12-22 21:56:38 91,408 -c--a-w c:\winnt\system32\dllcache\lgpusb.dll
+ 1999-12-22 21:01:20 16,144 -c--a-w c:\winnt\system32\dllcache\lit220p.sys
+ 1999-12-22 21:56:40 15,120 -c--a-w c:\winnt\system32\dllcache\lvui32.dll
+ 1999-12-22 21:56:40 25,360 -c--a-w c:\winnt\system32\dllcache\lvui32rc.dll
+ 1999-10-21 21:51:40 18,576 -c--a-w c:\winnt\system32\dllcache\lwadihid.sys
+ 1999-10-22 21:51:46 19,408 -c--a-w c:\winnt\system32\dllcache\lwusbhid.sys
+ 1999-12-22 21:56:40 7,440 -c--a-w c:\winnt\system32\dllcache\mf3.dll
- 2005-06-03 14:25:56 37,136 -c--a-w c:\winnt\system32\dllcache\mf3216.dll
+ 2007-03-06 11:18:21 38,160 -c--a-w c:\winnt\system32\dllcache\mf3216.dll
+ 1999-12-22 21:56:42 7,440 -c--a-w c:\winnt\system32\dllcache\mfs06cx.dll
+ 1999-12-22 21:56:42 7,440 -c--a-w c:\winnt\system32\dllcache\mfs06cz.dll
+ 1999-12-22 21:56:42 7,440 -c--a-w c:\winnt\system32\dllcache\mfs06sp.dll
+ 1999-12-22 21:56:42 7,440 -c--a-w c:\winnt\system32\dllcache\mfs08sp.dll
+ 1999-12-22 21:56:42 7,440 -c--a-w c:\winnt\system32\dllcache\mfs12cx.dll
+ 1999-12-22 21:56:42 7,440 -c--a-w c:\winnt\system32\dllcache\mfs12sp.dll
+ 1999-12-22 21:58:46 23,824 -c--a-w c:\winnt\system32\dllcache\miscan32.dll
+ 1999-09-25 17:34:58 16,144 -c--a-w c:\winnt\system32\dllcache\modemcsa.sys
+ 1999-12-22 21:56:44 6,928 -c--a-w c:\winnt\system32\dllcache\mphase32.dll
- 2005-06-03 14:26:00 57,104 -c--a-w c:\winnt\system32\dllcache\mpr.dll
+ 2007-04-16 12:44:39 54,032 -c--a-w c:\winnt\system32\dllcache\mpr.dll
- 2005-06-03 14:26:00 217,360 -c----w c:\winnt\system32\dllcache\mqads.dll
+ 2003-06-19 11:05:04 217,360 -c--a-w c:\winnt\system32\dllcache\mqads.dll
- 2005-06-03 14:26:00 76,560 -c----w c:\winnt\system32\dllcache\mqdscli.dll
+ 2003-06-19 11:05:04 76,560 -c--a-w c:\winnt\system32\dllcache\mqdscli.dll
- 2005-06-03 14:26:00 42,256 -c----w c:\winnt\system32\dllcache\mqdssrv.dll
+ 2003-06-19 11:05:04 42,256 -c--a-w c:\winnt\system32\dllcache\mqdssrv.dll
- 2005-06-03 14:26:02 230,160 -c----w c:\winnt\system32\dllcache\mqoa.dll
+ 2003-06-19 11:05:04 230,160 -c--a-w c:\winnt\system32\dllcache\mqoa.dll
+ 1999-12-22 21:56:50 7,440 -c--a-w c:\winnt\system32\dllcache\msf06cx.dll
+ 1999-12-22 21:56:50 7,440 -c--a-w c:\winnt\system32\dllcache\msf06cz.dll
+ 1999-12-22 21:56:50 7,440 -c--a-w c:\winnt\system32\dllcache\msf06sp.dll
+ 1999-12-22 21:56:50 7,440 -c--a-w c:\winnt\system32\dllcache\msf08sp.dll
+ 1999-12-22 21:56:50 7,440 -c--a-w c:\winnt\system32\dllcache\msf12cx.dll
+ 1999-12-22 21:56:50 7,440 -c--a-w c:\winnt\system32\dllcache\msf12sp.dll
+ 1999-09-25 17:36:30 5,776 -c--a-w c:\winnt\system32\dllcache\msfsio.sys
+ 2007-04-05 07:18:14 2,854,400 -c----w c:\winnt\system32\dllcache\msi.dll
+ 1999-12-22 21:56:52 26,384 -c--a-w c:\winnt\system32\dllcache\msmgr32.dll
+ 1999-09-25 17:36:34 12,208 -c--a-w c:\winnt\system32\dllcache\msriffwv.sys
+ 1999-12-22 21:58:56 8,464 -c--a-w c:\winnt\system32\dllcache\mssti.dll
+ 1999-12-22 21:06:02 92,080 -c--a-w c:\winnt\system32\dllcache\netflx3.sys
+ 2003-06-19 11:05:04 55,568 -c--a-w c:\winnt\system32\dllcache\nextlink.dll
+ 1999-09-25 02:17:08 30,992 -c--a-w c:\winnt\system32\dllcache\ngrpci.sys
- 2005-06-03 14:25:56 938,768 -c--a-w c:\winnt\system32\dllcache\ntdsa.dll
+ 2007-04-23 06:22:34 939,280 -c--a-w c:\winnt\system32\dllcache\ntdsa.dll
- 2006-09-13 06:32:20 1,867,904 -c--a-w c:\winnt\system32\dllcache\NTKRNLMP.EXE
+ 2007-03-06 04:04:01 1,867,968 -c--a-w c:\winnt\system32\dllcache\NTKRNLMP.EXE
- 2006-09-13 06:32:21 1,867,008 -c----w c:\winnt\system32\dllcache\ntkrnlpa.exe
+ 2007-03-06 04:04:02 1,867,008 -c----w c:\winnt\system32\dllcache\ntkrnlpa.exe
- 2006-09-13 06:32:21 1,889,280 -c--a-w c:\winnt\system32\dllcache\NTKRPAMP.EXE
+ 2007-03-06 04:04:02 1,889,280 -c--a-w c:\winnt\system32\dllcache\NTKRPAMP.EXE
- 2006-09-13 06:32:21 1,844,352 -c----w c:\winnt\system32\dllcache\ntoskrnl.exe
+ 2007-03-06 04:04:02 1,844,352 -c----w c:\winnt\system32\dllcache\ntoskrnl.exe
+ 1999-12-22 21:08:26 44,464 -c--a-w c:\winnt\system32\dllcache\otceth5.sys
+ 2003-06-19 11:05:04 35,088 -c--a-w c:\winnt\system32\dllcache\pagecnt.dll
+ 1999-09-25 02:17:00 30,064 -c--a-w c:\winnt\system32\dllcache\pca200e.sys
- 2005-06-03 14:26:08 16,656 -c----w c:\winnt\system32\dllcache\rpcproxy.dll
+ 2003-06-19 11:05:04 16,656 -c--a-w c:\winnt\system32\dllcache\rpcproxy.dll
- 2006-05-03 06:57:52 288,256 -c--a-w c:\winnt\system32\dllcache\sp3res.dll
+ 2007-04-19 05:06:44 288,256 -c--a-w c:\winnt\system32\dllcache\sp3res.dll
- 2005-06-03 12:59:48 419,600 -c----w c:\winnt\system32\dllcache\USER32.DLL
+ 2007-03-06 11:18:22 381,200 -c--a-w c:\winnt\system32\dllcache\USER32.DLL
- 2005-10-07 06:17:49 1,638,768 -c----w c:\winnt\system32\dllcache\win32k.sys
+ 2007-03-06 11:15:14 1,642,032 -c----w c:\winnt\system32\dllcache\win32k.sys
- 2005-09-23 11:04:12 245,520 -c----w c:\winnt\system32\dllcache\winsrv.dll
+ 2007-03-13 09:45:26 246,032 -c----w c:\winnt\system32\dllcache\winsrv.dll
- 2008-04-16 12:23:44 112,144 ----a-w c:\winnt\system32\drivers\kl1.sys
+ 2008-07-21 16:34:36 121,872 ----a-w c:\winnt\system32\drivers\kl1.sys
- 2009-02-10 10:26:05 215,824 ----a-w c:\winnt\system32\drivers\klif.sys
+ 2009-02-19 14:55:55 230,032 ----a-w c:\winnt\system32\drivers\klif.sys
- 2008-03-25 18:07:10 24,592 ----a-w c:\winnt\system32\drivers\klim5.sys
+ 2008-04-30 16:06:48 24,592 ----a-w c:\winnt\system32\drivers\klim5.sys
- 2008-04-25 16:21:06 26,964 ----a-w c:\winnt\system32\drivers\klopp.dat
+ 2008-11-11 18:58:54 25,601 ----a-w c:\winnt\system32\drivers\klopp.dat
- 2009-02-05 08:00:31 259,048 ----a-w c:\winnt\system32\FNTCACHE.DAT
+ 2009-02-16 08:05:46 259,048 ----a-w c:\winnt\system32\FNTCACHE.DAT
- 2005-12-30 16:16:30 233,744 ----a-w c:\winnt\system32\GDI32.DLL
+ 2007-03-06 11:18:21 235,280 ----a-w c:\winnt\system32\GDI32.DLL
- 2007-07-11 23:22:00 135,168 ----a-w c:\winnt\system32\java.exe
+ 2009-02-13 16:42:01 144,792 ----a-w c:\winnt\system32\java.exe
- 2007-07-11 23:22:04 135,168 ----a-w c:\winnt\system32\javaw.exe
+ 2009-02-13 16:42:01 144,792 ----a-w c:\winnt\system32\javaw.exe
- 2007-07-12 00:22:38 139,264 ----a-w c:\winnt\system32\javaws.exe
+ 2009-02-13 16:42:01 148,888 ----a-w c:\winnt\system32\javaws.exe
- 2006-06-21 06:52:54 743,696 ----a-w c:\winnt\system32\KERNEL32.DLL
+ 2007-04-16 12:44:39 743,696 ----a-w c:\winnt\system32\KERNEL32.DLL
- 2008-04-25 16:22:24 206,088 ----a-w c:\winnt\system32\klogon.dll
+ 2008-11-11 19:00:04 218,376 ----a-w c:\winnt\system32\klogon.dll
- 2005-06-03 14:25:56 37,136 -c--a-w c:\winnt\system32\mf3216.dll
+ 2007-03-06 11:18:21 38,160 ----a-w c:\winnt\system32\mf3216.dll
- 2005-06-03 14:26:00 57,104 ----a-w c:\winnt\system32\mpr.dll
+ 2007-04-16 12:44:39 54,032 ----a-w c:\winnt\system32\mpr.dll
- 2005-05-04 13:45:32 2,890,240 ----a-w c:\winnt\system32\msi.dll
+ 2007-04-05 07:18:14 2,854,400 ----a-w c:\winnt\system32\msi.dll
- 2005-06-03 14:25:56 938,768 -c--a-w c:\winnt\system32\ntdsa.dll
+ 2007-04-23 06:22:34 939,280 ----a-w c:\winnt\system32\ntdsa.dll
- 2006-09-13 06:32:21 1,867,008 ----a-w c:\winnt\system32\NTKRNLPA.EXE
+ 2007-03-06 04:04:02 1,867,008 ----a-w c:\winnt\system32\NTKRNLPA.EXE
- 2006-09-13 06:32:21 1,844,352 ----a-w c:\winnt\system32\NTOSKRNL.EXE
+ 2007-03-06 04:04:02 1,844,352 ----a-w c:\winnt\system32\NTOSKRNL.EXE
- 2005-04-08 11:51:24 151,312 ----a-w c:\winnt\system32\SCHANNEL.DLL
+ 2007-04-25 07:52:16 147,216 ----a-w c:\winnt\system32\SCHANNEL.DLL
- 2006-05-03 06:57:52 288,256 ----a-w c:\winnt\system32\sp3res.dll
+ 2007-04-19 05:06:44 288,256 ----a-w c:\winnt\system32\sp3res.dll
- 2005-06-03 12:59:48 419,600 ----a-w c:\winnt\system32\USER32.DLL
+ 2007-03-06 11:18:22 381,200 ----a-w c:\winnt\system32\USER32.DLL
- 2005-10-07 06:17:49 1,638,768 ----a-w c:\winnt\system32\WIN32K.SYS
+ 2007-03-06 11:15:14 1,642,032 ----a-w c:\winnt\system32\WIN32K.SYS
- 2005-09-23 11:04:12 245,520 ----a-w c:\winnt\system32\WINSRV.DLL
+ 2007-03-13 09:45:26 246,032 ----a-w c:\winnt\system32\WINSRV.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvLsnr"="c:\programmi\Analog Devices\SoundMAX\DrvLsnr.exe" [03-05-08 12:34 69632]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [03-07-28 14:19 4841472]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [09-02-13 17:42 148888]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [09-02-19 12:13 206088]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 111376 c:\winnt\system32\mobsync.exe]
"nwiz"="nwiz.exe" [03-07-28 14:19 323584 c:\winnt\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\programmi\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 188176]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-09-16 610365]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=3 (0x3)
"SCardSvr"=3 (0x3)
"SCardDrv"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"BITS"=3 (0x3)
"wuauserv"=2 (0x2)
"Messenger"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R?2 nolxwqs;Center Monitor;c:\winnt\system32\svchost.exe -k netsvcs [1999-12-23 7952]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\winnt\system32\drivers\klbg.sys [2008-01-29 33808]
R2 CameraMonitor;FLIR Camera Monitor;c:\programmi\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe [2006-06-08 140896]
R2 eugss;EUTRON SmartKey GSS2 Driver;c:\winnt\system32\drivers\eugss2k.sys [2008-01-18 63336]
R2 eusk2par;EUTRON SmartKey Parallel Driver;c:\winnt\system32\drivers\eusk2par.sys [2008-01-18 30656]
R2 T3Srv;FLIR Systems Camera Monitor;c:\programmi\FLIR Systems\Device Drivers\T3Srv.exe [2007-02-01 140896]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\winnt\system32\drivers\klim5.sys [2008-04-30 24592]
S2 Eutron-Emu;Eutron-Emu;c:\winnt\system32\drivers\Eutron-Emu.sys.SYS --> c:\winnt\system32\drivers\Eutron-Emu.sys.SYS [?]
S3 BT2KNDFL;Driver del server di accesso alla rete LAN Bluetooth - Filter;c:\winnt\system32\drivers\bt2kndfl.sys [2007-05-18 3879]
S3 eusk3usb;SmartKey 3 USB;c:\winnt\system32\Drivers\eusk3usb.sys --> c:\winnt\system32\Drivers\eusk3usb.sys [?]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\ADMINI~1\IMPOST~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\ADMINI~1\IMPOST~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 FLIRUSBRNDIS;FLIR Camera USB Network Device Driver;c:\winnt\system32\drivers\usb8023k.sys [2006-05-05 13824]
S3 motccgp;Motorola USB Composite Device Driver;c:\winnt\system32\drivers\motccgp.sys [2007-12-03 17920]
S3 motccgpfl;MotCcgpFlService;c:\winnt\system32\drivers\motccgpfl.sys [2007-12-03 7680]
S3 MotDev;Motorola Inc. USB Device;c:\winnt\system32\drivers\motodrv.sys [2007-12-03 42112]
S3 skeyusb;SmartKey USB;c:\winnt\system32\drivers\skeyusb.sys [2008-01-18 43968]
S3 UALFDrv2;UALFDrv2;c:\winnt\system32\drivers\UALFDrv2.sys [2006-09-12 46309]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xkiyxi
nolxwqs
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: Invia a &Bluetooth - c:\programmi\IBM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: %SystemRoot%\system32\msafd.dll
TCP: {46AA183D-08D8-4F06-99CC-5F02635E7636} = 151.99.125.1
TCP: {E5E72B87-5298-4953-BD78-BAD92DCB4C6F} = 151.99.125.1
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - hxxp://plug-in.reallusion.com/CrazyTalk4.cab
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\yyauvfjj.default\
FF - prefs.js: browser.startup.homepage - hxxp://it.start2.mozilla.com/firefox?cl ... t:official
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 11:38:03
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nolxwqs]
"ServiceDll"="c:\winnt\system32\seszv.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="E97A55E4D2F53F29ACDF51D0358BB99892AB3AFEBC9E127BECC74CFEBC9E127
BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11
EC38DE3D5D575E7D6A3B98088EDD5E5BE2F6E66748C29376B5BF93AD996DA3D540B7B7A28C30BDAAF90702B2653C632
D81E95BBE89A38A8C28E26D44ADE76214F7938F033F9EEFE0912B06BEB5A4F5A9D85B15901B5D2A1772E76140F70BC12
60F419EB5842BC8220928117AAEED492ACEF0DDBFEEB3C2C4A1C7AD85E924780DA18F9844E94D82E128C76A2C1C5ABB3
1F80C3375ADCFF74C381AA43E29640DCEBDF045F5AFE02A96ABF470DFFA8D81475F31261FB140C164AC1E2C578DE45D7
4E6FB7FD9CC2321BA42BF90E2FE91A0F8808ADB6A8A76EBCBE6B4BF82A11E1A8C936D3642EB391E4C12DB52CA8C50F4D
4CCE20D4E7D471742C8646C34A86FC8293022EC4668AAAACF31224B6CC09C2B6EA8AC8701FEEBB48BA0D7D426959A405
E9A1EBCBE53E1A4492C8CA7E5E928C6DDEDFBAC7EBE028FF0B6DA2ED49246AE47A5874D4AF4AFBD4603BCA992880EA03
E698AF187180BC03F44604502F8FC9400992AE04AC346FAD32A752498D4C861AFDB34E0A1216C39C7767F76B25DAD47AB
B073C966EFBC38838920015E383A08D6FAFA9592A0703DDD71EF34300129EE6E19F7EE875A10A0ED7CC6BA0ED2266759EE
83C1E691C2E25B499185065EA60873F66ECBDC179EB7AD541B6218F5B4276455152CF0A475971C096484082141E468E1B07
0D7F0AB5360D3EF9BAF28F241A63F1F2B43BCFE1C01AE905FC9A97628FD64BEFEAEE4DE1B29B3BC9F4A25500454B031AE35
F0B6816F2C5E57A48D29CB6A7C3A30DBA5C3102E209E3A24D8A114A5A480B7648E5C30CEE6BB4436141F1D661E6B4D1D164
9811B3855CBBC699FE5D406E5D9AF1310658C393B8FDFB904BAB0303CB6F4D343161D11C348572AE5C52237DDBF3DB256AF
98F113B745B0649B8A0DBBDFA828E8C76831F1B87A27F551510D0B26F2559A74E8D21CCF50DAB488B9851D50C397D66333178
C39719E347D2BCFAFDEFD96A8E87490D4FB2E544A1D07DA37A213D58A0CB7B0E3F84B03E78EF8BDB5CD4FC4331B3957DEF
85166DFCAC2C585062A4DE7B635636B3D5B7BBDA18C072BEE99644E68B6438093EC1313D4BA6EA5BEDE9BB7AD6D063A5EB
9E147A3B7503FCCD52D7408F2E6A3AE7B8E67D647F65B23C912230EA7E48CC8BFC4F6D7D334C70AC08A827E7649563FB84
242BB42710E9E4BB5BBCA2E40C27C0EE6A7D43C3EBEDB591CB929CC6349D1A7486E440763C7AF0441F3A750CC618C863F9
486CFEF3F8A6335BFB7872453828C749A0679C9B6EB5AA122C0E0B18EA251F65C2AF2BE0A75E85C1E2E3AEB6F0570C8D968
FE93AF7879778302358A97FAD86E86530C13"
"OODEFRAG11.00.00.01WORKSTATION"="EDCF803DF2C1AF95C7E8FE3C80FC30E2DC07148B2F37609DFAA42AF7FBBF71E5
ADD561F583661C956A3C48044D773B651605DE1B03B8BF29CD73E838FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127B
ECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3
B9808A9C6AECB7A5D1407B0B14DB991E48DCB30998C87BD00B565D28D1826A18E87FBD27CD4EA37A2C100E4329235EFBFDB
87E064FA2981EAD74E39C7CE7784486DC7C3336E396C49FAC6D6DB3C5C3FEC462AA614C41C2B0B19A10B2ABC0AE7B61E837
E47CB2B62A71CA67A6DADA34240745E1EF81AEC37157A77AA3501A3198D194DC60A99605D93C4E81A2CC0A352D1C0B6B
5659F4E308035C7CA6E2C2FFA4792A7B4CFF51AB5A6C4B653DA3F965B7B39A4AD33EE13380B34EFF15FC6390320F2F837F3
7341D23FA2A198C76BDCDCDBA104A0BC153684B297B27D13C8F5BC9AD78B8C521ADE38FE171BAE3FF6FAECD86E0EF66192
525E3CB1331D1B203844F9110E4B4E6423774D11FCAF148C1932964D65EF055DAAA3300BFB548BB07CCDC8A3925ACBC060B
6D2B1010B1E45026982998D1E905DA2C4DBDFF9F97D4FDE1F54C611F836148CB27E4DC600B7B227E2C8E76FE8EC70C3C74D
1E003C0D45A2922DE9E036FAB344BA836E51A43E591A83607D568A0D66BA45D9E9C118DB522C15A82AC3778AEA46B156520
9E4163195427E56F3916206D66B191A5AE20EA707AB5FDDD8F55B78740F326BB87CA4A4732C1D9FDB61E48710F9E73CC4444
C6A60E92F8CA9BDE69056DC14DD8F7E5595B4627E3C863190187E47E60EE43742360AFBB8749D2F2B5996BBBF04A1CF95577B
172242500B65D85DBD78037F0D2318F81F61848580A8EE84DEB96AE5A9D9321294D27D7ACC66DD8E5846433CE72012C826
53E11339E6DE130E4DD3379B1861E2B6186B292B1BB096293BAAAAC0751A3776F9E55CB66DAC5823873557864A957E6C44BE
63AB904F1F5688483BE25D1B250B871BDBA9CB4F8F0E3CB7669FEF7299BBE8DE96AAD3A97518A160C3EC98721AF1F0C3EE17
13B298D2803A6E710B900ABBDCE49454FBA4093D3F697DD5ECF2BD4EEE535A5658B47487AE4DD8D9237BCC99BB200FAC1E9
A7025DC0F85E1A2605FD5FE73449536A8CB58E4B5760941340115E593208BD5576245BB315D2F06F670D2E2FEB4D5495668030
5EE7987F5ACEC027C75441B449BBDA85FE36AAC676587A21E081B6BB3F73A5DB5A47B2D53CE7549682F5AD88C1E036A8F6DF
61E9DCA5D38FB53CA7F1BBCD34C61397528EEF62868D2E0A819D58655BE59CA2F9BFE3FD19A8858F90D29486A4D344248F9E
3F2356CAC5CD6024CF100678BA92410E74DE36394C342E70CAFDBED2388B679D188707C28A7718E1F726F40BBEECDBB3BF03C"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(228)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL

- - - - - - - > 'explorer.exe'(1596)
c:\winnt\AppPatch\AcLayers.DLL
.
Completion time: 2009-02-24 11:47:01 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2009-02-24 10:46:31
ComboFix2.txt 2009-02-12 16:56:40

Pre-Run: 2,981,257,216 byte disponibili
Post-Run: 3,219,501,056 byte disponibili

388 --- E O F --- 2009-02-13 08:26:50
Flegias
Regular Member
 
Posts: 28
Joined: February 3rd, 2009, 6:38 am

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby peku006 » February 24th, 2009, 9:47 am

Hi Flegias

Open Notepad.
Copy the text from the box to an empty file.
Save it as export.bat to your desktop.
Choose save as all types
Code: Select all
regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost"

Close Notepad.

Locate Export.bat on your Desktop and double-click on it It will create a file called look.txt in C:\
Copy the entire text and past it to your reply here in this topic.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby Flegias » February 24th, 2009, 10:22 am

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=hex(7):45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,00,00,49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,\
00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,\
4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,\
00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,\
00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,\
00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,\
61,00,63,00,63,00,65,00,73,00,73,00,00,00,54,00,61,00,70,00,69,00,73,00,72,\
00,76,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,77,00,7a,00,\
63,00,73,00,76,00,63,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,78,00,6b,00,69,00,79,00,78,00,69,00,00,00,6e,00,6f,00,6c,00,78,00,\
77,00,71,00,73,00,00,00,00,00
"rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"wugroup"=hex(7):77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,00,00
"BITSgroup"=hex(7):42,00,49,00,54,00,53,00,00,00,00,00
"HPZ12"=hex(7):50,00,6d,00,6c,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,20,\
00,48,00,50,00,5a,00,31,00,32,00,00,00,4e,00,65,00,74,00,20,00,44,00,72,00,\
69,00,76,00,65,00,72,00,20,00,48,00,50,00,5a,00,31,00,32,00,00,00,00,00
"hpdevmgmt"=hex(7):68,00,70,00,71,00,63,00,78,00,73,00,30,00,38,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BITSGroup]
"DefaultRpcStackSize"=dword:00000008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wugroup]
"CoInitializeSecurityParam"=dword:00000001
Flegias
Regular Member
 
Posts: 28
Joined: February 3rd, 2009, 6:38 am

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby peku006 » February 24th, 2009, 10:58 am

Hi Flegias

Run CFScript

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\winnt\system32\seszv.dll

RegLockDeL::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nolxwqs]

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=hex(7):45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,00,00,49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,\
00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,\
4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,\
00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,\
00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,\
00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,\
61,00,63,00,63,00,65,00,73,00,73,00,00,00,54,00,61,00,70,00,69,00,73,00,72,\
00,76,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,77,00,7a,00,\
63,00,73,00,76,00,63,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00

Driver::
nolxwqs



Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please reply with

1. the ComboFix log(C:\ComboFix.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby Flegias » February 24th, 2009, 11:43 am

I run Combofix 2 times because it crashed the first one.
The second attempt results good:

ComboFix 09-02-21.01 - Administrator 2009-02-24 16:21:03.6 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1040.18.511.362 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Administrator\Desktop\CFScript.txt

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
c:\winnt\system32\seszv.dll
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\system32\seszv.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NOLXWQS
-------\Legacy_NOLXWQS


((((((((((((((((((((((((( Files Creati Da 2009-01-24 al 2009-02-24 )))))))))))))))))))))))))))))))))))
.

2009-02-24 16:27 . 09-02-24 16:27 16,384 --a----t- c:\winnt\system32\Perflib_Perfdata_274.dat
2009-02-19 17:43 . 99-09-25 07:55 771,824 --a--c--- c:\winnt\system32\dllcache\winacisa.sys
2009-02-19 17:43 . 99-10-20 22:49 28,432 --a--c--- c:\winnt\system32\dllcache\tos4mo.sys
2009-02-19 17:43 . 99-10-20 21:51 19,728 --a--c--- c:\winnt\system32\dllcache\w840nd.sys
2009-02-19 17:43 . 99-09-25 18:34 7,568 --a--c--- c:\winnt\system32\dllcache\twotrack.sys
2009-02-19 17:39 . 99-12-22 22:59 421,648 --a--c--- c:\winnt\system32\dllcache\spxports.dll
2009-02-19 17:39 . 99-12-22 22:12 281,456 --a--c--- c:\winnt\system32\dllcache\stlnata.sys
2009-02-19 17:39 . 99-12-22 22:59 188,688 --a--c--- c:\winnt\system32\dllcache\sisv256.dll
2009-02-19 17:39 . 99-12-22 22:59 179,792 --a--c--- c:\winnt\system32\dllcache\sis6306v.dll
2009-02-19 17:39 . 99-12-22 22:59 176,400 --a--c--- c:\winnt\system32\dllcache\stlnprop.dll
2009-02-19 17:39 . 03-06-19 12:05 104,656 --a--c--- c:\winnt\system32\dllcache\skfpwin.sys
2009-02-19 17:39 . 99-09-28 04:02 71,280 --a--c--- c:\winnt\system32\dllcache\sis6306p.sys
2009-02-19 17:39 . 99-09-28 04:02 49,904 --a--c--- c:\winnt\system32\dllcache\sisv.sys
2009-02-19 17:39 . 99-12-22 22:59 28,432 --a--c--- c:\winnt\system32\dllcache\sma032.dll
2009-02-19 17:39 . 99-09-25 03:17 17,712 --a--c--- c:\winnt\system32\dllcache\tsbmce.sys
2009-02-19 17:39 . 03-06-19 12:05 10,288 --a--c--- c:\winnt\system32\dllcache\stkmc.sys
2009-02-19 17:38 . 99-12-22 22:59 32,528 --a--c--- c:\winnt\system32\dllcache\sm8132.dll
2009-02-19 17:38 . 99-12-22 22:59 32,016 --a--c--- c:\winnt\system32\dllcache\sm8732.dll
2009-02-19 17:38 . 99-12-22 22:59 25,872 --a--c--- c:\winnt\system32\dllcache\sm9132.dll
2009-02-19 17:38 . 99-12-22 22:59 25,872 --a--c--- c:\winnt\system32\dllcache\sm8c32.dll
2009-02-19 17:38 . 99-12-22 22:59 24,848 --a--c--- c:\winnt\system32\dllcache\sm5932.dll
2009-02-19 17:38 . 99-12-22 22:59 23,824 --a--c--- c:\winnt\system32\dllcache\sm9032.dll
2009-02-19 17:38 . 99-12-22 22:59 23,824 --a--c--- c:\winnt\system32\dllcache\sm8d32.dll
2009-02-19 17:38 . 99-12-22 22:59 23,824 --a--c--- c:\winnt\system32\dllcache\sm8a32.dll
2009-02-19 17:38 . 99-12-22 22:59 23,824 --a--c--- c:\winnt\system32\dllcache\sm8932.dll
2009-02-19 17:38 . 99-09-25 03:17 18,704 --a--c--- c:\winnt\system32\dllcache\rtl8029.sys
2009-02-19 17:38 . 99-12-22 22:10 13,968 --a--c--- c:\winnt\system32\dllcache\rnbo3531.sys
2009-02-19 17:36 . 99-11-02 00:42 801,072 --a--c--- c:\winnt\system32\dllcache\3cpciadi.sys
2009-02-19 11:41 . 09-02-19 15:55 101,287 --a------ c:\winnt\system32\drivers\klin.dat
2009-02-19 11:41 . 09-02-19 15:55 89,601 --a------ c:\winnt\system32\drivers\klick.dat
2009-02-19 09:15 . 09-02-19 09:15 <DIR> d-------- C:\fsaua.data
2009-02-13 17:42 . 09-02-13 17:42 410,984 --a------ c:\winnt\system32\deploytk.dll
2009-02-13 09:24 . 09-02-13 09:26 1,410 --a------ c:\winnt\imsins.BAK
2009-02-10 16:39 . 09-02-10 16:39 <DIR> d-------- C:\Lop SD
2009-02-02 16:33 . 09-02-19 13:00 <DIR> d-------- c:\programmi\EsetOnlineScanner
2009-02-02 16:21 . 09-02-02 16:21 <DIR> d-------- C:\_OTMoveIt
2009-02-02 14:12 . 09-02-02 16:15 <DIR> d-------- c:\programmi\TVAnts
2009-01-29 15:27 . 09-01-29 15:28 <DIR> d-------- c:\winnt\ERUNT
2009-01-29 15:13 . 09-01-29 15:53 <DIR> d-------- C:\SDFix
2009-01-29 09:16 . 09-01-29 09:17 250 --a------ c:\winnt\gmer.ini
2009-01-27 11:12 . 03-07-16 14:14 31,744 --a------ c:\winnt\system32\E_DCINST.DLL
2009-01-27 11:12 . 01-09-04 03:04 182 --a------ c:\winnt\system32\EBPPORT4.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 15:28 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-02-24 13:17 --------- d-----w c:\programmi\Mozilla Thunderbird
2009-02-20 13:10 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-02-20 10:22 --------- d-----w c:\programmi\Spybot - Search & Destroy
2009-02-19 14:55 33,808 ----a-w c:\winnt\system32\drivers\klbg.sys
2009-02-13 16:41 --------- d-----w c:\programmi\Java
2009-02-12 13:55 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-02-11 09:19 38,496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\winnt\system32\drivers\mbam.sys
2009-02-09 08:24 --------- d-----w c:\programmi\Look@LAN
2009-01-30 16:14 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Thunderbird
2009-01-29 14:08 --------- d-----w c:\programmi\MessengerPlus! 3
2009-01-29 10:23 --------- d-----w c:\programmi\EvilLyrics
2009-01-27 10:17 --------- d-----w c:\programmi\EPSON Print CD
2009-01-21 11:29 --------- d-----w c:\programmi\CCleaner
2009-01-19 11:06 --------- d-----w c:\programmi\Nsasoft
2009-01-16 09:46 --------- d-----w c:\programmi\Mplayerc
2009-01-12 11:05 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Media Player Classic
2009-01-09 11:25 --------- d-----w c:\programmi\File comuni\Real
2009-01-09 11:24 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-09 11:24 --------- d-----w c:\programmi\Mozilla Sunbird
2009-01-09 11:24 --------- d-----w c:\programmi\File comuni\FLIR Systems
2009-01-09 11:24 --------- d-----w c:\programmi\EPSON
2009-01-09 09:09 --------- d-----w c:\programmi\OO Software
2009-01-08 16:43 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\SDProget
2009-01-08 16:43 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\SDProget
2009-01-08 10:05 720,896 ----a-w c:\winnt\iun6002.exe
2008-04-10 13:24 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2007-01-05 10:26 271 ---h--w c:\programmi\desktop.ini
2007-01-05 10:26 22,075 ---h--w c:\programmi\folder.htt
2007-07-26 23:06 479,232 ----a-w c:\programmi\mozilla firefox\plugins\msvcm80.dll
2007-07-26 23:06 548,864 ----a-w c:\programmi\mozilla firefox\plugins\msvcp80.dll
2007-07-26 23:06 626,688 ----a-w c:\programmi\mozilla firefox\plugins\msvcr80.dll
.

((((((((((((((((((((((((((((( SnapShot_mar 2009-02-24_11.43.25.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-12 13:08:18 1,744 ----a-w c:\winnt\system32\d3d9caps.dat
+ 2009-02-24 13:42:26 1,744 ----a-w c:\winnt\system32\d3d9caps.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvLsnr"="c:\programmi\Analog Devices\SoundMAX\DrvLsnr.exe" [03-05-08 12:34 69632]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [03-07-28 14:19 4841472]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [09-02-13 17:42 148888]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [09-02-19 12:13 206088]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 111376 c:\winnt\system32\mobsync.exe]
"nwiz"="nwiz.exe" [03-07-28 14:19 323584 c:\winnt\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\programmi\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 188176]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-09-16 610365]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=3 (0x3)
"SCardSvr"=3 (0x3)
"SCardDrv"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"BITS"=3 (0x3)
"wuauserv"=2 (0x2)
"Messenger"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\winnt\system32\drivers\klbg.sys [2008-01-29 33808]
R2 CameraMonitor;FLIR Camera Monitor;c:\programmi\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe [2006-06-08 140896]
R2 eugss;EUTRON SmartKey GSS2 Driver;c:\winnt\system32\drivers\eugss2k.sys [2008-01-18 63336]
R2 eusk2par;EUTRON SmartKey Parallel Driver;c:\winnt\system32\drivers\eusk2par.sys [2008-01-18 30656]
R2 T3Srv;FLIR Systems Camera Monitor;c:\programmi\FLIR Systems\Device Drivers\T3Srv.exe [2007-02-01 140896]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\winnt\system32\drivers\klim5.sys [2008-04-30 24592]
S2 Eutron-Emu;Eutron-Emu;c:\winnt\system32\drivers\Eutron-Emu.sys.SYS --> c:\winnt\system32\drivers\Eutron-Emu.sys.SYS [?]
S3 BT2KNDFL;Driver del server di accesso alla rete LAN Bluetooth - Filter;c:\winnt\system32\drivers\bt2kndfl.sys [2007-05-18 3879]
S3 eusk3usb;SmartKey 3 USB;c:\winnt\system32\Drivers\eusk3usb.sys --> c:\winnt\system32\Drivers\eusk3usb.sys [?]
S3 FLIRUSBRNDIS;FLIR Camera USB Network Device Driver;c:\winnt\system32\drivers\usb8023k.sys [2006-05-05 13824]
S3 motccgp;Motorola USB Composite Device Driver;c:\winnt\system32\drivers\motccgp.sys [2007-12-03 17920]
S3 motccgpfl;MotCcgpFlService;c:\winnt\system32\drivers\motccgpfl.sys [2007-12-03 7680]
S3 MotDev;Motorola Inc. USB Device;c:\winnt\system32\drivers\motodrv.sys [2007-12-03 42112]
S3 skeyusb;SmartKey USB;c:\winnt\system32\drivers\skeyusb.sys [2008-01-18 43968]
S3 UALFDrv2;UALFDrv2;c:\winnt\system32\drivers\UALFDrv2.sys [2006-09-12 46309]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
v
n
t
S
y
s
t
m


I
a
s


I
p
r
i
p


I
r
m
o
n


N
t
m
a
n


N
w
s
a
p
a
g
n
t


R
a
s
a
u
t
o


R
a
s
m
a
n


R
m
o
t
a
c
c
s
s


S
N
S


S
h
a
r
d
a
c
c
s
s


T
a
p
i
s
r
v


N
t
m
s
s
v
c


w
z
c
s
v
c


W
m
d
m
P
m
S
N
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: Invia a &Bluetooth - c:\programmi\IBM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: %SystemRoot%\system32\msafd.dll
TCP: {46AA183D-08D8-4F06-99CC-5F02635E7636} = 151.99.125.1
TCP: {E5E72B87-5298-4953-BD78-BAD92DCB4C6F} = 151.99.125.1
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - hxxp://plug-in.reallusion.com/CrazyTalk4.cab
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\yyauvfjj.default\
FF - prefs.js: browser.startup.homepage - hxxp://it.start2.mozilla.com/firefox?cl ... t:official
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 16:29:45
Windows 5.0.2195 Service Pack 4 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="E97A55E4D2F53F29ACDF51D0358BB99892AB3AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D5D575E7D6A3B98088EDD5E5BE2F6E66748C29376B5BF93AD996DA3D540B7B7A28C30BDAAF90702B2653C632D81E95BBE89A38A8C28E26D44ADE76214F7938F033F9EEFE0912B06BEB5A4F5A9D85B15901B5D2A1772E76140F70BC1260F419EB5842BC8220928117AAEED492ACEF0DDBFEEB3C2C4A1C7AD85E924780DA18F9844E94D82E128C76A2C1C5ABB31F80C3375ADCFF74C381AA43E29640DCEBDF045F5AFE02A96ABF470DFFA8D81475F31261FB140C164AC1E2C578DE45D74E6FB7FD9CC2321BA42BF90E2FE91A0F8808ADB6A8A76EBCBE6B4BF82A11E1A8C936D3642EB391E4C12DB52CA8C50F4D4CCE20D4E7D471742C8646C34A86FC8293022EC4668AAAACF31224B6CC09C2B6EA8AC8701FEEBB48BA0D7D426959A405E9A1EBCBE53E1A4492C8CA7E5E928C6DDEDFBAC7EBE028FF0B6DA2ED49246AE47A5874D4AF4AFBD4603BCA992880EA03E698AF187180BC03F44604502F8FC9400992AE04AC346FAD32A752498D4C861AFDB34E0A1216C39C7767F76B25DAD47ABB073C966EFBC38838920015E383A08D6FAFA9592A0703DDD71EF34300129EE6E19F7EE875A10A0ED7CC6BA0ED2266759EE83C1E691C2E25B499185065EA60873F66ECBDC179EB7AD541B6218F5B4276455152CF0A475971C096484082141E468E1B070D7F0AB5360D3EF9BAF28F241A63F1F2B43BCFE1C01AE905FC9A97628FD64BEFEAEE4DE1B29B3BC9F4A25500454B031AE35F0B6816F2C5E57A48D29CB6A7C3A30DBA5C3102E209E3A24D8A114A5A480B7648E5C30CEE6BB4436141F1D661E6B4D1D1649811B3855CBBC699FE5D406E5D9AF1310658C393B8FDFB904BAB0303CB6F4D343161D11C348572AE5C52237DDBF3DB256AF98F113B745B0649B8A0DBBDFA828E8C76831F1B87A27F551510D0B26F2559A74E8D21CCF50DAB488B9851D50C397D66333178C39719E347D2BCFAFDEFD96A8E87490D4FB2E544A1D07DA37A213D58A0CB7B0E3F84B03E78EF8BDB5CD4FC4331B3957DEF85166DFCAC2C585062A4DE7B635636B3D5B7BBDA18C072BEE99644E68B6438093EC1313D4BA6EA5BEDE9BB7AD6D063A5EB9E147A3B7503FCCD52D7408F2E6A3AE7B8E67D647F65B23C912230EA7E48CC8BFC4F6D7D334C70AC08A827E7649563FB84242BB42710E9E4BB5BBCA2E40C27C0EE6A7D43C3EBEDB591CB929CC6349D1A7486E440763C7AF0441F3A750CC618C863F9486CFEF3F8A6335BFB7872453828C749A0679C9B6EB5AA122C0E0B18EA251F65C2AF2BE0A75E85C1E2E3AEB6F0570C8D968FE93AF7879778302358A97FAD86E86530C13"
"OODEFRAG11.00.00.01WORKSTATION"="EDCF803DF2C1AF95C7E8FE3C80FC30E2DC07148B2F37609DFAA42AF7FBBF71E5ADD561F583661C956A3C48044D773B651605DE1B03B8BF29CD73E838FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B9808A9C6AECB7A5D1407B0B14DB991E48DCB30998C87BD00B565D28D1826A18E87FBD27CD4EA37A2C100E4329235EFBFDB87E064FA2981EAD74E39C7CE7784486DC7C3336E396C49FAC6D6DB3C5C3FEC462AA614C41C2B0B19A10B2ABC0AE7B61E837E47CB2B62A71CA67A6DADA34240745E1EF81AEC37157A77AA3501A3198D194DC60A99605D93C4E81A2CC0A352D1C0B6B5659F4E308035C7CA6E2C2FFA4792A7B4CFF51AB5A6C4B653DA3F965B7B39A4AD33EE13380B34EFF15FC6390320F2F837F37341D23FA2A198C76BDCDCDBA104A0BC153684B297B27D13C8F5BC9AD78B8C521ADE38FE171BAE3FF6FAECD86E0EF66192525E3CB1331D1B203844F9110E4B4E6423774D11FCAF148C1932964D65EF055DAAA3300BFB548BB07CCDC8A3925ACBC060B6D2B1010B1E45026982998D1E905DA2C4DBDFF9F97D4FDE1F54C611F836148CB27E4DC600B7B227E2C8E76FE8EC70C3C74D1E003C0D45A2922DE9E036FAB344BA836E51A43E591A83607D568A0D66BA45D9E9C118DB522C15A82AC3778AEA46B1565209E4163195427E56F3916206D66B191A5AE20EA707AB5FDDD8F55B78740F326BB87CA4A4732C1D9FDB61E48710F9E73CC4444C6A60E92F8CA9BDE69056DC14DD8F7E5595B4627E3C863190187E47E60EE43742360AFBB8749D2F2B5996BBBF04A1CF95577B172242500B65D85DBD78037F0D2318F81F61848580A8EE84DEB96AE5A9D9321294D27D7ACC66DD8E5846433CE72012C82653E11339E6DE130E4DD3379B1861E2B6186B292B1BB096293BAAAAC0751A3776F9E55CB66DAC5823873557864A957E6C44BE63AB904F1F5688483BE25D1B250B871BDBA9CB4F8F0E3CB7669FEF7299BBE8DE96AAD3A97518A160C3EC98721AF1F0C3EE1713B298D2803A6E710B900ABBDCE49454FBA4093D3F697DD5ECF2BD4EEE535A5658B47487AE4DD8D9237BCC99BB200FAC1E9A7025DC0F85E1A2605FD5FE73449536A8CB58E4B5760941340115E593208BD5576245BB315D2F06F670D2E2FEB4D54956680305EE7987F5ACEC027C75441B449BBDA85FE36AAC676587A21E081B6BB3F73A5DB5A47B2D53CE7549682F5AD88C1E036A8F6DF61E9DCA5D38FB53CA7F1BBCD34C61397528EEF62868D2E0A819D58655BE59CA2F9BFE3FD19A8858F90D29486A4D344248F9E3F2356CAC5CD6024CF100678BA92410E74DE36394C342E70CAFDBED2388B679D188707C28A7718E1F726F40BBEECDBB3BF03C"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(224)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
Ora fine scansione: 2009-02-24 16:37:35 - Il pc è stato riavviato [Administrator]
ComboFix-quarantined-files.txt 2009-02-24 15:36:55
ComboFix2.txt 2009-02-24 10:47:07
ComboFix3.txt 2009-02-12 16:56:40

Pre-Run: 3,295,105,024 byte disponibili
Post-Run: 3,213,643,776 byte disponibili

297 --- E O F --- 2009-02-13 08:26:50
Flegias
Regular Member
 
Posts: 28
Joined: February 3rd, 2009, 6:38 am

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby peku006 » February 24th, 2009, 1:03 pm

Hi Flegias

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this file
C:\look.txt

Locate Export.bat on your Desktop and double-click on it It will create a file called look.txt in C:\
Copy the entire text and past it to your reply here in this topic.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby Flegias » February 25th, 2009, 4:09 am

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=hex(7):45,00,00,00,76,00,00,00,65,00,00,00,6e,00,00,00,74,00,00,00,\
53,00,00,00,79,00,00,00,73,00,00,00,74,00,00,00,65,00,00,00,6d,00,00,00,00,\
00,00,00,49,00,00,00,61,00,00,00,73,00,00,00,00,00,00,00,49,00,00,00,70,00,\
00,00,72,00,00,00,69,00,00,00,70,00,00,00,00,00,00,00,49,00,00,00,72,00,00,\
00,6d,00,00,00,6f,00,00,00,6e,00,00,00,00,00,00,00,4e,00,00,00,65,00,00,00,\
74,00,00,00,6d,00,00,00,61,00,00,00,6e,00,00,00,00,00,00,00,4e,00,00,00,77,\
00,00,00,73,00,00,00,61,00,00,00,70,00,00,00,61,00,00,00,67,00,00,00,65,00,\
00,00,6e,00,00,00,74,00,00,00,00,00,00,00,52,00,00,00,61,00,00,00,73,00,00,\
00,61,00,00,00,75,00,00,00,74,00,00,00,6f,00,00,00,00,00,00,00,52,00,00,00,\
61,00,00,00,73,00,00,00,6d,00,00,00,61,00,00,00,6e,00,00,00,00,00,00,00,52,\
00,00,00,65,00,00,00,6d,00,00,00,6f,00,00,00,74,00,00,00,65,00,00,00,61,00,\
00,00,63,00,00,00,63,00,00,00,65,00,00,00,73,00,00,00,73,00,00,00,00,00,00,\
00,53,00,00,00,45,00,00,00,4e,00,00,00,53,00,00,00,00,00,00,00,53,00,00,00,\
68,00,00,00,61,00,00,00,72,00,00,00,65,00,00,00,64,00,00,00,61,00,00,00,63,\
00,00,00,63,00,00,00,65,00,00,00,73,00,00,00,73,00,00,00,00,00,00,00,54,00,\
00,00,61,00,00,00,70,00,00,00,69,00,00,00,73,00,00,00,72,00,00,00,76,00,00,\
00,00,00,00,00,4e,00,00,00,74,00,00,00,6d,00,00,00,73,00,00,00,73,00,00,00,\
76,00,00,00,63,00,00,00,00,00,00,00,77,00,00,00,7a,00,00,00,63,00,00,00,73,\
00,00,00,76,00,00,00,63,00,00,00,00,00,00,00,57,00,00,00,6d,00,00,00,64,00,\
00,00,6d,00,00,00,50,00,00,00,6d,00,00,00,53,00,00,00,4e,00,00,00,00,00,00,\
00
"rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"wugroup"=hex(7):77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,00,00
"BITSgroup"=hex(7):42,00,49,00,54,00,53,00,00,00,00,00
"HPZ12"=hex(7):50,00,6d,00,6c,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,20,\
00,48,00,50,00,5a,00,31,00,32,00,00,00,4e,00,65,00,74,00,20,00,44,00,72,00,\
69,00,76,00,65,00,72,00,20,00,48,00,50,00,5a,00,31,00,32,00,00,00,00,00
"hpdevmgmt"=hex(7):68,00,70,00,71,00,63,00,78,00,73,00,30,00,38,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BITSGroup]
"DefaultRpcStackSize"=dword:00000008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wugroup]
"CoInitializeSecurityParam"=dword:00000001
Flegias
Regular Member
 
Posts: 28
Joined: February 3rd, 2009, 6:38 am

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby peku006 » February 25th, 2009, 4:42 am

Hi Flegias

OTScanIt2

  • Download OTScanIt2 by Oldtimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

      NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Click the Scan All Users checkbox on the toolbar.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessry).

NOTE:Use the Add Reply button and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt2 folder and named OTScanIt.txt.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malwares on PC and Trojans on USB Pendrives

Unread postby Flegias » February 25th, 2009, 4:56 am

Hello peku006!

Done.
You do not have the required permissions to view the files attached to this post.
Flegias
Regular Member
 
Posts: 28
Joined: February 3rd, 2009, 6:38 am
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 295 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware