Trojan Generic 12.BYMI

Printable View

2009-03-22, 21:06
Edo85

Trojan Generic 12.BYMI

Dear All,

It is 2days that when i start my computer and my desktop appear, my AVG show me there is a Trojan.Generic12.BYMI on system startup.
On the window is shown that it found the virus on the file GOASI.CN/EX/A.PHP in C:\Windows\System32\winlogon.exe

AVG don't let me make anything, i can just close the window and nothing else. I have tried with Spybot and Malwarebyte, but nothing found with them.

Could anyone help me?

Thanks!
2009-03-26, 00:24
katana
Quote:

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. Please Read All Instructions Carefully
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you
4. Please continue to respond until I give you the "All Clear"
  (Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------

Download and Run RSIT
- Please download Random's System Information Tool by random/random from here and save it to your desktop.
- Double click on RSIT.exe to run RSIT.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open:
  - log.txt will be opened maximized.
  - info.txt will be opened minimized.
- Please post the contents of both log.txt and info.txt.
2009-03-26, 02:34
Edo85

Here there are the txt files

Here below i attach You the txt files You've asked.

1- log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dicati at 2009-03-26 02:28:58
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 76 GB (50%) free of 153 GB
Total RAM: 1471 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2.30.04, on 26/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Programmi\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\richcomm\PowerManagerII\OpenHelp.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\Philips\SPC230NC\Monitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\D-Link\AirPlus G DWL-G510\AirGCFG.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Philips\Philips SPC230NC Webcam\TrayMin230.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\richcomm\PowerManagerII\PMService.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Windows Live\Mail\wlmail.exe
C:\Documents and Settings\Dicati\Desktop\RSIT.exe
C:\Programmi\Trend Micro\HijackThis\Dicati.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PowerManagerII] C:\Programmi\richcomm\PowerManagerII\\PowerManager.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PMServiceOpenHelp] C:\Programmi\richcomm\PowerManagerII\OpenHelp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SPC230NC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [SPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UVS12 Preload] C:\Programmi\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [D-Link AirPlus G DWL-G510] C:\Programmi\D-Link\AirPlus G DWL-G510\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Programmi\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QUAD Windows service] C:\Programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h
O4 - HKCU\..\Run: [QUAD Scheduler] C:\Programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O4 - Global Startup: TrayMin230.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1224333848000
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: emucsy.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PMService - Unknown owner - C:\Programmi\richcomm\PowerManagerII\PMService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10829 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{03B57298-0D61-4EAB-9D12-33B1C9B7C18B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-29 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Programmi\AVG\AVG8\avgssie.dll [2009-01-08 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Programmi\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\Programmi\AVG\AVG8\avgtoolbar.dll [2009-01-08 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programmi\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\Programmi\AVG\AVG8\avgtoolbar.dll [2009-01-08 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"=C:\WINDOWS\System32\sistray.EXE [2002-05-09 323584]
"SiSUSBRG"=C:\WINDOWS\sisUSBrg.exe [2002-04-25 53248]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2002-02-05 64512]
"PowerManagerII"=C:\Programmi\richcomm\PowerManagerII\\PowerManager.exe [2007-10-15 421888]
"RemoteControl"=C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe [2007-02-12 86016]
"PCMService"=C:\Programmi\CyberLink\PowerCinema\PCMService.exe [2007-02-09 180224]
"NeroFilterCheck"=C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe [2006-01-12 176128]
"EPSON Stylus DX4800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE [2005-02-02 118784]
"DataLayer"=C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe [2005-06-07 837632]
"PMServiceOpenHelp"=C:\Programmi\richcomm\PowerManagerII\OpenHelp.exe [2007-08-15 40960]
"SunJavaUpdateSched"=C:\Programmi\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"SPC230NC_Monitor"=C:\WINDOWS\Philips\SPC230NC\Monitor.exe [2007-12-10 344064]
"SPC_Monitor"=C:\WINDOWS\Philips\SPC230NC\Monitor.exe [2007-12-10 344064]
"Adobe Reader Speed Launcher"=C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"UVS12 Preload"=C:\Programmi\Corel\Corel VideoStudio 12\uvPL.exe [2008-06-09 397456]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-08 1601304]
"ISUSPM Startup"=C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-06-16 241664]
"ISUSScheduler"=C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe [2004-06-16 102400]
"D-Link AirPlus G DWL-G510"=C:\Programmi\D-Link\AirPlus G DWL-G510\AirGCFG.exe [2007-10-24 1572864]
"ANIWZCS2Service"=C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 69632]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Programmi\Skype\Phone\Skype.exe [2008-11-07 21633320]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe [2007-01-15 167936]
"Philips Intelligent Agent"=C:\Programmi\Philips\Intelligent Agent\Philips Intelligent Agent.exe [2008-02-21 613792]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 33280]
"QUAD Windows service"=C:\Programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h []
"QUAD Scheduler"=C:\Programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe []
"SpybotSD TeaTimer"=C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2278400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe [2008-10-05 235936]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE
Porta Symantec Fax Starter Edition.lnk - C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
TrayMin230.lnk - C:\Programmi\Philips\Philips SPC230NC Webcam\TrayMin230.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="emucsy.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-01-08 10520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ddcYqOhh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"ConsentPromptBehaviorAdmin"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\CyberLink\PowerCinema\PowerCinema.exe"="C:\Programmi\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\Programmi\CyberLink\PowerCinema\PCMService.exe"="C:\Programmi\CyberLink\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\eMule AdunanzA\eMule_AdnzA.exe"="D:\eMule AdunanzA\eMule_AdnzA.exe:*:Enabled:eMule"
"D:\BitTorrent\bittorrent.exe"="D:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"D:\Vuze\Azureus.exe"="D:\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Programmi\Philips\Intelligent Agent\Philips Intelligent Agent.exe"="C:\Programmi\Philips\Intelligent Agent\Philips Intelligent Agent.exe:*:Enabled:Philips Intelligent Agent"
"C:\Programmi\AVG\AVG8\avgam.exe"="C:\Programmi\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Programmi\AVG\AVG8\avgemc.exe"="C:\Programmi\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Programmi\AVG\AVG8\avgupd.exe"="C:\Programmi\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Programmi\AVG\AVG8\avgnsx.exe"="C:\Programmi\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Programmi\Infogrames\mc.exe"="C:\Programmi\Infogrames\mc.exe:*:Enabled:Monopoly Tycoon"
"C:\Programmi\Lphant\eLePhantClient.exe"="C:\Programmi\Lphant\eLePhantClient.exe:*:Enabled:Lphant"
"D:\RamaLopster\Lopster.exe"="D:\RamaLopster\Lopster.exe:*:Enabled:Lopster"
"D:\DC++\DCPlusPlus.exe"="D:\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Documents and Settings\Dicati\Desktop\zmDC++[Operating]-[zM4]-[691]\zmDC++.exe"="C:\Documents and Settings\Dicati\Desktop\zmDC++[Operating]-[zM4]-[691]\zmDC++.exe:*:Enabled:zmDC++[Opereting]"
"D:\zmDC++[Operating]-[zM4]-[691]\zmDC++.exe"="D:\zmDC++[Operating]-[zM4]-[691]\zmDC++.exe:*:Enabled:zmDC++[Opereting]"
"C:\Programmi\Skype\Phone\Skype.exe"="C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{970f4a86-a234-11dd-b794-001cf09115e0}]
shell\AutoRun\command - xih9.cmd
shell\explore\command - xih9.cmd
shell\open\command - xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9196c42-a4f2-11dd-b796-001cf09115e0}]
shell\AutoRun\command - WDSetup.exe

======List of files/folders created in the last 1 months======

2009-03-26 02:28:58 ----D---- C:\rsit
2009-03-21 19:02:48 ----D---- C:\Programmi\xerox
2009-03-13 00:05:29 ----D---- C:\WINDOWS\system32\FxsTmp
2009-03-13 00:05:06 ----A---- C:\WINDOWS\system32\fxssend.exe
2009-03-13 00:05:06 ----A---- C:\WINDOWS\system32\fxsroute.dll
2009-03-13 00:05:06 ----A---- C:\WINDOWS\system32\fxsperf.ini
2009-03-13 00:05:05 ----A---- C:\WINDOWS\system32\fxsclntR.dll
2009-03-13 00:03:15 ----A---- C:\WINDOWS\system32\fxscfgwz.dll
2009-03-11 19:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 19:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 19:00:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-10 00:44:05 ----D---- C:\Programmi\Free PDF to Word Doc Converter
2009-03-10 00:43:20 ----D---- C:\Programmi\MSECache
2009-03-02 13:59:38 ----D---- C:\Programmi\EPDCalc
2009-03-02 13:59:25 ----N---- C:\WINDOWS\Setup1.exe
2009-03-02 13:59:22 ----A---- C:\WINDOWS\ST6UNST.EXE

======List of files/folders modified in the last 1 months======

2009-03-26 02:28:39 ----D---- C:\WINDOWS\Prefetch
2009-03-26 02:28:30 ----D---- C:\WINDOWS\Temp
2009-03-26 02:24:33 ----D---- C:\Documents and Settings\Dicati\Dati applicazioni\Skype
2009-03-26 01:03:27 ----D---- C:\WINDOWS\system32
2009-03-26 00:36:54 ----SHD---- C:\WINDOWS\Installer
2009-03-25 11:40:35 ----D---- C:\WINDOWS\system32\drivers
2009-03-25 09:09:09 ----HD---- C:\$AVG8.VAULT$
2009-03-25 08:00:20 ----D---- C:\Documents and Settings\Dicati\Dati applicazioni\skypePM
2009-03-24 10:26:04 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-24 01:32:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-23 21:02:43 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-21 19:02:48 ----RD---- C:\Programmi
2009-03-21 13:53:25 ----D---- C:\WINDOWS
2009-03-21 05:44:25 ----D---- C:\Programmi\Spybot - Search & Destroy
2009-03-20 15:39:31 ----SD---- C:\WINDOWS\Tasks
2009-03-20 15:39:30 ----A---- C:\WINDOWS\wininit.ini
2009-03-20 09:40:25 ----D---- C:\Programmi\PDFCreator
2009-03-19 02:35:14 ----D---- C:\Documents and Settings\Dicati\Dati applicazioni\dvdcss
2009-03-18 09:20:20 ----D---- C:\Documents and Settings
2009-03-16 07:55:38 ----D---- C:\WINDOWS\security
2009-03-13 00:06:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-13 00:05:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-13 00:05:06 ----D---- C:\WINDOWS\addins
2009-03-11 19:01:06 ----HD---- C:\WINDOWS\inf
2009-03-11 19:01:06 ----A---- C:\WINDOWS\imsins.BAK
2009-03-11 19:00:41 ----D---- C:\WINDOWS\WinSxS
2009-03-11 09:24:21 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-10 21:12:10 ----SD---- C:\Documents and Settings\Dicati\Dati applicazioni\Microsoft
2009-03-10 10:00:06 ----D---- C:\WINDOWS\Help
2009-03-10 10:00:02 ----D---- C:\WINDOWS\Cursors
2009-03-10 09:59:58 ----D---- C:\Programmi\Windows NT
2009-03-10 00:44:24 ----RSD---- C:\WINDOWS\Fonts
2009-03-06 01:10:04 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-17 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-08 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-01-08 107272]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\drivers\srvkp.sys [2002-04-02 5760]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R3 3xHybrid;ASUSTek SAA713x PCI Card; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-01-25 2831232]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-02-04 278908]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-01-08 29208]
R3 ms_mpu401;Driver Microsoft MPU-401 MIDI UART; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 PAEAFLT.sys;USB Composite Device; C:\WINDOWS\system32\DRIVERS\PAEAFLT.sys [2007-09-26 8576]
R3 RT61;D-Link Wireless Driver; C:\WINDOWS\System32\DRIVERS\RT61.sys [2007-05-12 380928]
R3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2002-08-01 216448]
R3 SISNIC;Driver per scheda Fast Ethernet PCI SiS; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-04 32768]
R3 SPC230NC;Philips SPC230NC Webcam; C:\WINDOWS\system32\DRIVERS\SPC230NC.SYS [2007-12-31 461056]
R3 usbccgp;Driver principale generico USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Driver Miniport controller enhanced host USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Hub abilitato USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Driver miniport per controller open host USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Driver archiviazione di massa USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 aoktcsuo;aoktcsuo; C:\WINDOWS\system32\drivers\aoktcsuo.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-01-08 29208]
S3 CCDECODE;Decoder sottotitoli codificati; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertitore a T/Sito a sito per flusso Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connesione TV/Video Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2005-05-27 7288]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2005-05-27 11001]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2005-05-27 128295]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Classe stampanti USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Driver scanner USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Serial emulation modem driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 WSTCODEC;Codec World Standard Teletext; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-01-08 903960]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-08 298264]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2009-01-17 1339600]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2007-02-09 278608]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programmi\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 PMService;PMService; C:\Programmi\richcomm\PowerManagerII\PMService.exe [2007-10-15 167936]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programmi\CyberLink\Shared files\RichVideo.exe [2007-02-09 262247]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe [2008-06-09 53392]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 56832]
R3 NMIndexingService;NMIndexingService; C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe [2007-01-15 286720]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2007-01-19 69632]
S2 CLSched;CyberLink Task Scheduler (CTS); C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2007-02-09 110677]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 286208]
S2 StarWindService;StarWind iSCSI Service; C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 235520]
S3 aspnet_state;Servizio stato di ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 NBService;NBService; C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 794624]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programmi\Windows Live\installer\WLSetupSvc.exe [2007-10-25 284160]

-----------------EOF-----------------

2- info.txt:

info.txt logfile of random's system information tool 1.06 2009-03-26 02:30:13

======Uninstall list======

-->"C:\Programmi\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
-->C:\Programmi\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 - Italiano-->MsiExec.exe /I{AC76BA86-7AD7-1040-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AdunanzA-->"D:\eMule AdunanzA\Disinstallazione eMule AdunanzA.exe"
Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Aggiornamento della protezione per Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Aggiornamento della protezione per Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Aggiornamento per Windows Internet Explorer 8 (KB961813)-->"C:\WINDOWS\ie8updates\KB961813-IE8\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Aggiornamento per Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Aggiornamento rapido per Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
AirPlus G DWL-G510-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{8B128562-681D-4FFA-BEBF-A825985B2CB9}\setup.exe" -l0x10 -removeonly
Alive MP3 WAV Converter 3.8.0.9-->C:\Programmi\AliveMedia\MP3 WAV Converter\uninst.exe
Alive Video Converter (version 3.1.2.8)-->"C:\Programmi\AliveMedia\Video Converter\unins000.exe"
ANIO Service-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
ASUS MyCinema Series-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{D70666B2-7E6B-46F0-85E2-06C30C1269C0}\setup.exe" -l0x9
ASUS TSSI-->MsiExec.exe /I{76A2DC7C-D385-498E-9C6B-CF9626F8BE1E}
Avance AC'97 Audio-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
AVG 8.0-->C:\Programmi\AVG\AVG8\setup.exe /UNINSTALL
Chi Vuol Essere Milionario Seconda Edizione-->MsiExec.exe /I{28E68FAA-FA6B-44C4-8707-0B4E6C8BD611}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0410-0000-0000000FF1CE}
Corel VideoStudio 12-->C:\Programmi\InstallShield Installation Information\{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}\setup.exe -runfromtemp -l0x0409
DC++ 0.7091-->"D:\DC++\uninstall.exe"
DivX Web Player-->C:\Programmi\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EPSON Attach To Email-->C:\Programmi\File comuni\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x10 -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\SETUP.EXE" -l0x10 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x10 UNINST
EPSON Image Clip Palette-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x10 -u
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x10 -u
EPSON Scan-->C:\Programmi\epson\escndv\setup\setup.exe /r
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x10 -anything
ESDX4800_4200 Guida utente-->C:\Programmi\EPSON\TPMANUAL\ESDX4800_4200\USE_G\DOCUNINS.EXE
EuroMonopolio Deluxe-->C:\PROGRAMMI\EuroMonopolio Deluxe\Uninstal.exe
Free PDF to Word Doc Converter v1.1-->"C:\Programmi\Free PDF to Word Doc Converter\unins000.exe"
Garmin City Navigator Europe NT 2009 Update-->MsiExec.exe /X{1240A058-8BCE-4A3B-BF82-6E5B801D71BA}
Garmin Communicator Plugin-->MsiExec.exe /X{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}
Garmin POI Loader-->MsiExec.exe /X{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}
HijackThis 2.0.2-->"C:\Programmi\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Indeo® XP Software-->C:\WINDOWS\IsUninst.exe -fC:\Programmi\Ligos\Indeo\UninstXP.isu
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Malwarebytes' Anti-Malware-->"C:\Programmi\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1 Italian Language Pack-->MsiExec.exe /X{F2D2B58B-B2FD-46D1-8319-DCE564079934}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ITA-->MsiExec.exe /I{71CB2612-627C-3D58-8D82-B77444B27B6A}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000410-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Monopoly Tycoon v1.4 Patch-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{B975F4A1-63B6-11D4-BFEC-005004AF2D32}\Setup.exe" -l0x9
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Ultra Edition-->MsiExec.exe /I{C0794D51-7A5E-4186-8416-AD8D61F01040}
Nero Reloaded PlugIn Pack 2.0.4 by GEAR-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{F3D7915D-6B42-49FA-9FC8-5020479A6A57}\setup.exe" -l0x9 -removeonly
Nokia Connectivity Cable Driver-->C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3D249F10-79EC-48D4-93E5-C470ABE523FA} /l1040
Nokia PC Suite-->C:\PROGRA~1\FILECO~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{617095DB-B523-4D11-BBFD-2D74C2AD98B8} /l1040
PDFCreator 0.8.0-->C:\Programmi\PDFCreator\unins000.exe
Philips Intelligent Agent-->"C:\Programmi\Philips\Intelligent Agent\Uninst\unins000.exe"
Philips SPC230NC Webcam-->C:\Programmi\InstallShield Installation Information\{05F350C6-FA6A-40D0-A130-FB941B39152C}\Setup.exe -runfromtemp -l0x0010 -removeonly
PIF DESIGNER-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x10 anything
PowerCinema MakeDisc Module-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
PowerCinema-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
PowerManagerII-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{6BF64324-3562-46E5-9022-B2840D486E62}\Setup.exe"
Projection Distance Calculator-->C:\WINDOWS\st6unst.exe -n "C:\Programmi\EPDCalc\ST6UNST.LOG"
RunAlyzer-->"C:\Programmi\Safer Networking\RunAlyzer\unins000.exe"
SiS 650_651_M650_740-->RUNDLL32 setuplib.dll,UnInstall ,315&ISUNINST -f"C:\PROGRA~1\SISCOM~1.09B\DeIsL1.isu"&P.U 4 sisgr.inf&-1
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Software per stampante EPSON-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Programmi\Spybot - Search & Destroy\unins000.exe"
TVUPlayer 2.3.3.2-->C:\Programmi\TVUPlayer\uninst.exe
Utilità di backup di Windows-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoLAN VLC media player 0.8.6a-->C:\Programmi\VideoLAN\VLC\uninstall.exe
Webcam Video Viewer-->RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{CECB7782-F35F-45CE-97C0-74BBBDC51C22}\Setup.exe" -l0x10
Windows Internet Explorer 8 Release Candidate 1-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{CD199CDB-00AE-42BB-B6E9-64C69D8730EF}
Windows Live Mail-->MsiExec.exe /I{7FDEE06E-736C-4515-9476-EF4CB0186E6D}
Windows Media Format Runtime-->"C:\Programmi\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Programmi\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Internet Security Network Edition
FW: AVG Firewall

======System event log======

Computer Name: DICATI-HOME
Event Code: 7035
Message: Invio di un controllo avvio da parte del servizio Servizio COM di masterizzazione CD IMAPI riuscito.

Record Number: 28719
Source Name: Service Control Manager
Time Written: 20090128115152.000000+060
Event Type: Informazione
User: NT AUTHORITY\SYSTEM

Computer Name: DICATI-HOME
Event Code: 7036
Message: Il servizio Servizio COM di masterizzazione CD IMAPI è ora in modalità esecuzione.

Record Number: 28718
Source Name: Service Control Manager
Time Written: 20090128115152.000000+060
Event Type: Informazione
User:

Computer Name: DICATI-HOME
Event Code: 9
Message: La periferica \Device\Ide\IdePort1 non ha risposto entro il tempo di attesa.

Record Number: 28717
Source Name: atapi
Time Written: 20090128114852.000000+060
Event Type: Errore
User:

Computer Name: DICATI-HOME
Event Code: 9
Message: La periferica \Device\Ide\IdePort1 non ha risposto entro il tempo di attesa.

Record Number: 28716
Source Name: atapi
Time Written: 20090128114817.000000+060
Event Type: Errore
User:

Computer Name: DICATI-HOME
Event Code: 12
Message: Superata la capacità del buffer circolare che memorizza i dati provenienti dal mouse (la dimensione del buffer è configurabile dalle proprietà mouse PS/2 in Gestione periferiche).

Record Number: 28715
Source Name: i8042prt
Time Written: 20090128114412.000000+060
Event Type: Informazione
User:

=====Application event log=====

Computer Name: DICATI-HOME
Event Code: 1517
Message: È stato salvato il registro dell'utente DICATI-HOME\Dicati mentre un'applicazione o servizio lo stava ancora utilizzando durante la disconnessione. La memoria utilizzata del registro dell'utente non è stata liberata. Il registro sarà scaricato non sarà più utilizzato.

L'errore è spesso causato da servizi eseguiti come un account utente. Provare a configurare l'esecuzione dei servizi come account LocalService o NetworkService.

Record Number: 1685
Source Name: Userenv
Time Written: 20081222234812.000000+060
Event Type: Attenzione
User: NT AUTHORITY\SYSTEM

Computer Name: DICATI-HOME
Event Code: 101
Message: wlmail (1132) Motore del database interrotto.

Record Number: 1684
Source Name: ESENT
Time Written: 20081222145101.000000+060
Event Type: Informazione
User:

Computer Name: DICATI-HOME
Event Code: 103
Message: wlmail (1132) WindowsLiveMail0: Il motore del database ha interrotto un'istanza (0).

Record Number: 1683
Source Name: ESENT
Time Written: 20081222145101.000000+060
Event Type: Informazione
User:

Computer Name: DICATI-HOME
Event Code: 213
Message: wlmail (1132) WindowsLiveMail0: Procedura di backup completata.

Record Number: 1682
Source Name: ESENT
Time Written: 20081222081748.000000+060
Event Type: Informazione
User:

Computer Name: DICATI-HOME
Event Code: 224
Message: wlmail (1132) WindowsLiveMail0: Eliminazione dei file di registro C:\Documents and Settings\Dicati\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Mail\edb0003B.log per C:\Documents and Settings\Dicati\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Mail\edb0003B.log in corso...

Record Number: 1681
Source Name: ESENT
Time Written: 20081222081748.000000+060
Event Type: Informazione
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programmi\File comuni\Ulead Systems\MPEG
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0103
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Looking forward to Your reply. Thanks for all Your help!
2009-03-26, 11:28
katana
Information

REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

AdunanzA

Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.

----------------------------------------------------------- -----------------------------------------------------------

Please ensure that any USB/Flash/External drives are connected whilst we are cleaning your machine.

----------------------------------------------------------- -----------------------------------------------------------

Step 1

Flash Disinfector by sUBs
Please download Flash_Disinfector.exe by sUBs and save it to your desktop:
- Double-click Flash_Disinfector.exe to run it.
- Follow any prompts that may appear.
- Wait until the program has finished scanning, then please exit the program.
  The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.
Please restart your computer.

----------------------------------------------------------- -----------------------------------------------------------
Step 2

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

----------------------------------------------------------- -----------------------------------------------------------
Step 3

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/par...avwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:
- Close any open programs.
- Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------- -----------------------------------------------------------
Step 4

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
- Combofix Log
- Kaspersky log
- How are things running now ?
----------------------------------------------------------- -----------------------------------------------------------

Additional Notes

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***
- Double-click on JavaRa.exe to start the program.
- From the drop-down menu, choose English and click on Select.
- JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
- Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
- A logfile will pop up. Please save it to a convenient location.
Now download and install Java Runtime Environment (JRE) .
(it comes with a toolbar pre-selected, so make sure you uncheck the box)
2009-03-26, 15:59
Edo85

Urgent urgent urgent!!!!

Dear Katana,

sorry but i have bad news, my pc it's going dead...AVG everytime i restar the pc found new and new virus, now i have the most exe files of Windows that are infected!!!

I have done what You asked, but i can't install the last version of Java and so i was not able to make the scanning with Kaspersky... Here below the ComboFix log:

ComboFix 09-03-25.03 - Dicati 2009-03-26 14.08.36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1471.924 [GMT 1:00]
Eseguito da: c:\documents and settings\Dicati\Desktop\ComboFix.exe
AV: AVG Internet Security Network Edition *On-access scanning disabled* (Updated)
FW: AVG Firewall *enabled*
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\avswvety.ini
c:\windows\system32\mdm.exe
c:\windows\system32\sxlcpylm.ini

c:\windows\system32\userinit.exe . . . è infetto!!

c:\windows\system32\spoolsv.exe . . . è infetto!!

c:\windows\explorer.exe . . . è infetto!!

.
((((((((((((((((((((((((( Files Creati Da 2009-02-26 al 2009-03-26 )))))))))))))))))))))))))))))))))))
.

2009-03-26 14:18 . 2009-03-26 14:18 37,376 --a------ c:\documents and settings\Dicati\reader_s.exe
2009-03-26 14:17 . 2009-03-26 14:18 11,294 --a------ c:\windows\system32\4.tmp
2009-03-26 14:17 . 2009-03-26 14:17 124 --a------ c:\windows\system32\3.tmp
2009-03-26 13:34 . 2009-03-26 13:36 <DIR> d-------- c:\documents and settings\Dicati\.SunDownloadManager
2009-03-26 02:28 . 2009-03-26 02:30 <DIR> d-------- C:\rsit
2009-03-21 13:53 . 2009-03-25 00:46 26 --a------ c:\windows\Zone.Identifier
2009-03-18 09:20 . 2009-03-18 09:20 <DIR> d-------- c:\documents and settings\EnZo
2009-03-13 00:05 . 2009-03-13 00:05 <DIR> d-------- c:\windows\system32\FxsTmp
2009-03-13 00:05 . 2002-09-10 13:00 138,240 --a------ c:\windows\system32\fxsclntR.dll
2009-03-13 00:05 . 2002-09-10 13:00 138,240 --a--c--- c:\windows\system32\dllcache\fxsclntr.dll
2009-03-13 00:05 . 2002-09-10 13:00 31,744 --a------ c:\windows\system32\fxsroute.dll
2009-03-13 00:05 . 2002-09-10 13:00 31,744 --a--c--- c:\windows\system32\dllcache\fxsroute.dll
2009-03-13 00:05 . 2002-09-10 13:00 29,184 --a------ c:\windows\system32\fxssend.exe
2009-03-13 00:05 . 2002-09-10 13:00 29,184 --a--c--- c:\windows\system32\dllcache\fxssend.exe
2009-03-13 00:05 . 2002-09-10 13:00 3,476 --a------ c:\windows\system32\fxsperf.ini
2009-03-13 00:05 . 2002-09-10 13:00 1,361 --a------ c:\windows\system32\fxscount.h
2009-03-13 00:05 . 2009-03-13 00:05 550 --a------ c:\windows\system32\mapisvc.inf
2009-03-13 00:03 . 2002-09-10 13:00 112,128 --a------ c:\windows\system32\fxscfgwz.dll
2009-03-13 00:03 . 2002-09-10 13:00 112,128 --a--c--- c:\windows\system32\dllcache\fxscfgwz.dll
2009-03-10 00:44 . 2009-03-10 00:44 <DIR> d-------- c:\programmi\Free PDF to Word Doc Converter
2009-03-10 00:43 . 2009-03-10 00:43 <DIR> d-------- c:\programmi\MSECache
2009-03-02 13:59 . 2009-03-02 13:59 <DIR> d-------- c:\programmi\EPDCalc
2009-03-02 13:59 . 2009-03-02 13:59 270,336 --------- c:\windows\Setup1.exe
2009-03-02 13:59 . 2009-03-02 13:59 91,136 --a------ c:\windows\ST6UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-26 13:18 213,120 ----a-w c:\windows\system32\drivers\ndis.sys
2009-03-26 13:17 --------- d-----w c:\documents and settings\Dicati\Dati applicazioni\Skype
2009-03-26 12:54 --------- d-----w c:\documents and settings\Dicati\Dati applicazioni\skypePM
2009-03-26 12:40 --------- d-----w c:\programmi\Java
2009-03-26 12:22 --------- d-----w c:\programmi\PDFCreator
2009-03-26 03:16 325,640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-26 03:15 108,552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-03-21 04:44 --------- d-----w c:\programmi\Spybot - Search & Destroy
2009-03-19 01:35 --------- d-----w c:\documents and settings\Dicati\Dati applicazioni\dvdcss
2009-02-26 06:48 --------- d-----w c:\programmi\Microsoft Silverlight
2009-02-20 18:15 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-02-20 18:05 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-02-18 14:27 --------- d-----w c:\programmi\Google
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-03 11:21 --------- d-----w c:\programmi\BlackAngelSuite
2009-01-29 09:52 --------- d--h--w c:\programmi\InstallShield Installation Information
1999-03-10 12:53 99,840 ------w c:\programmi\File comuni\IRAABOUT.DLL
1998-12-08 23:53 70,144 ------w c:\programmi\File comuni\IRAMDMTR.DLL
1998-12-08 23:53 48,640 ------w c:\programmi\File comuni\IRALPTTR.DLL
1998-12-08 23:53 31,744 ------w c:\programmi\File comuni\IRAWEBTR.DLL
1998-12-08 23:53 186,368 ------w c:\programmi\File comuni\IRAREG.DLL
1998-12-08 23:53 17,920 ------w c:\programmi\File comuni\IRASRIAL.DLL
2008-10-19 13:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008101920081020\index.dat
.

------- Sigcheck -------

2004-08-04 07:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2009-03-26 14:18 213120 539f03cff197e8313792a49266407407 c:\windows\system32\dllcache\ndis.sys
2009-03-26 14:18 213120 539f03cff197e8313792a49266407407 c:\windows\system32\drivers\ndis.sys

2008-04-14 03:14 1054208 47882abb39f2babea38a410eccb219c1 c:\windows\explorer.exe
2004-08-19 23:39 1052672 d35080a08bb729f75e15276c2d84ea0e c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 03:14 1054208 c8af12a4c17eff15ff790668042e94e4 c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-19 23:39 33280 323d6d39e517d274e6ac07cd253da0bb c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 03:14 33280 7a5fef00beca6f63a8b7f296b6b2cd22 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 03:14 33280 9df155ad3b0c90c97cf7dc8a797fe420 c:\windows\system32\ctfmon.exe

2005-06-11 01:17 75776 444b6cd4f6692ba88719f61e20d26d9e c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 00:53 75776 1e59a44da8fb5ae9826bdf25d4358ec7 c:\windows\$NtServicePackUninstall$\spoolsv.exe
2004-08-19 23:39 75776 3c66ef71bfed55a96cba6e7d37d1a198 c:\windows\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 03:14 75776 86e69cef087c87b3d942e65de58a74ba c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-14 03:14 75776 b4c9636f7b68c80cc59711e92c1a1224 c:\windows\system32\spoolsv.exe

2004-08-19 23:39 43008 4669684fbdacc7adffcc4813742bdb8f c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-14 03:14 44544 39db689ff6386ec769675a5926aa86bf c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 03:14 44544 5cc02024bba53c79d316f6f8b6f9c5b7 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 167936]
"Philips Intelligent Agent"="c:\programmi\Philips\Intelligent Agent\Philips Intelligent Agent.exe" [2008-02-21 613792]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 33280]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2278400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SiS Tray"="c:\windows\System32\sistray.EXE" [2002-05-09 323584]
"SiSUSBRG"="c:\windows\sisUSBrg.exe" [2002-04-25 53248]
"PowerManagerII"="c:\programmi\richcomm\PowerManagerII\\PowerManager.exe" [2007-10-15 421888]
"RemoteControl"="c:\programmi\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 86016]
"PCMService"="c:\programmi\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 180224]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 176128]
"EPSON Stylus DX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 118784]
"DataLayer"="c:\programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 837632]
"PMServiceOpenHelp"="c:\programmi\richcomm\PowerManagerII\OpenHelp.exe" [2007-08-15 40960]
"SPC230NC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 344064]
"SPC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 344064]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UVS12 Preload"="c:\programmi\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-26 1932568]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 241664]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-06-16 102400]
"D-Link AirPlus G DWL-G510"="c:\programmi\D-Link\AirPlus G DWL-G510\AirGCFG.exe" [2007-10-24 1572864]
"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 69632]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"reader_s"="c:\windows\System32\reader_s.exe" [2009-03-26 37376]
"SoundMan"="SOUNDMAN.EXE" [2002-02-05 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"reader_s"="c:\documents and settings\Dicati\reader_s.exe" [2009-03-26 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-26 04:16 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=emucsy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\CYBERL~1\POWERC~1\Kernel\Burner\MKDMP3Enc.ACM
"msacm.dvacm"= c:\progra~1\FILECO~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\FILECO~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\FILECO~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCSuiteTrayApplication"=c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Programmi\\CyberLink\\PowerCinema\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Philips\\Intelligent Agent\\Philips Intelligent Agent.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgam.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"d:\\DC++\\DCPlusPlus.exe"=
"d:\\zmDC++[Operating]-[zM4]-[691]\\zmDC++.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-01-08 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-08 325640]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-08 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-08 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-08 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-08 1356616]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2008-10-18 2831232]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-01-08 29208]
R3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [2008-12-17 8576]
R3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [2008-12-17 461056]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-01-08 29208]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - SFC
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fax
*Deregistered* - helpsvc
*Deregistered* - ImapiService
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NMIndexingService
*Deregistered* - PMService
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RichVideo
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - sfc
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UleadBurningHelper
*Deregistered* - UMWdf
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{970f4a86-a234-11dd-b794-001cf09115e0}]
\Shell\AutoRun\command - xih9.cmd
\Shell\explore\Command - xih9.cmd
\Shell\open\Command - xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9196c42-a4f2-11dd-b796-001cf09115e0}]
\Shell\AutoRun\command - WDSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-26 c:\windows\Tasks\User_Feed_Synchronization-{03B57298-0D61-4EAB-9D12-33B1C9B7C18B}.job
- c:\windows\system32\msfeedssync.exe []
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-QUAD Windows service - c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
HKCU-Run-QUAD Scheduler - c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
HKLM-Run-services - c:\windows\services.exe
HKU-Default-Run-services - c:\windows\services.exe
HKLM-Explorer_Run-services - c:\windows\services.exe
HKU-Default-Explorer_Run-services - c:\windows\services.exe

.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 14:18:04
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

c:\windows\adobe.bat 130 bytes
c:\windows\system32\reader_s.exe 37376 bytes executable

Scansione completata con successo
Files nascosti: 2

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,09,f4,7f,a6,b6,ff,4e,a8,ce,58,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,09,f4,7f,a6,b6,ff,4e,a8,ce,58,\
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\richcomm\PowerManagerII\PMService.exe
c:\programmi\CyberLink\Shared files\RichVideo.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\programmi\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\programmi\AVG\AVG8\avgcsrvx.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\AVG\AVG8\avgcsrvx.exe
c:\programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
c:\windows\services.ex_
c:\programmi\Internet Explorer\iexplore.exe
c:\programmi\Internet Explorer\iexplore.exe
c:\programmi\Internet Explorer\iexplore.exe
c:\programmi\Internet Explorer\iexplore.exe
c:\programmi\AVG\AVG8\aAvgApi.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Ora fine scansione: 2009-03-26 14:30:49 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-03-26 13:30:18

Pre-Run: 79.336.878.080 byte disponibili
Post-Run: 79,296,147,456 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

304 --- E O F --- 2009-03-16 02:08:02

Now i can't open some file and everytime AVG found some new files infected...
Please tell me if there is a solution...
2009-03-26, 21:00
katana

I have a terrible feeling that you have a file infector. I must warn you, if you do then the only safe solution is to reformat.

Let's check to find out.

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal
Copy/paste the the following file path into the window
c:\windows\system32\userinit.exe
Click Submit/Send File
Please post back, to let me know the results.

Please do the same for the following file
c:\windows\system32\spoolsv.exe
c:\windows\explorer.exe

If Virustotal is too busy please try Jotti
2009-03-28, 17:04
Edo85

Reformat

Hi Katana!

i'm sorry but what You thought it was true...i have reformat my pc, because i try to submit the files for analysis, but when i do the 2nd file, my wifi network failed and i never be able to connect again on the net, the virus infect all the system files and i had to reformat! :sad:

So now i'm clean and i'm trying to install everything as it was before...
thank You for Your help!

:bigthumb: You are doing a good job helping other people, :sad: THANKS... i think that without your help i would have lost everything, but when You said to me that maybe the virus was terrible, i have immediatly copy/paste every important doc on an external hard drive...

Bye Bye!
2009-03-28, 17:06
Edo85

errata corrige for last things...

:bigthumb: You are doing a good job helping other people, :) THANKS... i think that without your help i would have lost everything, but when You said to me that maybe the virus was terrible, i have immediatly copy/paste every important doc on an external hard drive...

Bye Bye!
2009-03-28, 17:13
katana
Quote:

Originally Posted by Edo85

when You said to me that maybe the virus was terrible, i have immediatly copy/paste every important doc on an external hard drive...

That's good news at least :)

Here is some info on the infection you had

Virut is a polymorphic file infector. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

Recent variants also modify htm, html, asp and php files.

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.

See miekiemoes' blog for similar comments here:
http://miekiemoes.blogspot.com/2009/...-throwing.html

I recommend that you do a full online scan of your machine ( including the backups you made )

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/par...avwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:
- Close any open programs.
- Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.