Solve : malware smartbizsearch-com help- DNS change, pop up, spybot & – InterviewSolution

InterviewSolution

1.	Solve : malware smartbizsearch-com help- DNS change, pop up, spybot & mbam doesnt work?
Answer» Hello. im really tired trying to clean this redirect. I really need help. Logfile of random's system information tool 1.06 (written by random/random) Run by Familia at 2009-05-31 05:36:04 Microsoft® Windows Vista™ Home Premium System drive C: has 151 GB (32%) free of 477 GB Total RAM: 2046 MB (63% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5.36.18, on 31/05/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\mobsync.exe C:\Users\Familia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GEE5IBP0\RSIT[1].exe C:\Program Files\trend micro\Familia.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE') O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~3\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx O16 - DPF: {389956FE-3A45-469C-B944-70308E06BAAC} (CVServerObject Object) - http://telebingomessina.no-ip.org/videocom.cab O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} (Remote200 Control) - http://telebingo.no-ip.org/RemoteWeb.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldes-us.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1240257580096&h=88ef6d73759c3c78146248b2da232b95/&filename=jinstall-6u13-windows-i586-jc.cab O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.98,85.255.112.137 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.98,85.255.112.137 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.98,85.255.112.137 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll -- End of file - 5711 bytes ======Scheduled tasks folder====== C:\Windows\tasks\User_Feed_Synchronization-{1A0F8AAF-C754-49F8-857F-096C00F7C877}.job C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-28 1107224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Guida per l'accesso a Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-20 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] Locked [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "MSConfig"=C:\Windows\system32\msconfig.exe [2006-11-02 222208] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY] C:\PROGRA~3\AVG\AVG8\avgtray.exe [2009-05-28 1947928] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] C:\Windows\ehome\ehTray.exe [2006-11-02 125440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe [2008-08-04 160800] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Windows\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Windows\RtHDVCpl.exe [2007-09-19 4702208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-20 148888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000] C:\Windows\vVX1000.exe [2008-08-04 721936] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [2009-04-16 1006264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsServicesStartup] C:\Users\Familia\AppData\Local\Temp\svchost.exe 1 [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="avgrsstx.dll" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2009-05-31 05:36:04 ----D---- C:\rsit 2009-05-30 19:23:22 ----D---- C:\Program Files\ESET 2009-05-30 19:17:06 ----A---- C:\lopR.txt 2009-05-30 19:16:34 ----D---- C:\Lop SD 2009-05-30 19:08:15 ----D---- C:\Program Files\Trend Micro 2009-05-29 11:21:24 ----D---- C:\ProgramData\Malwarebytes 2009-05-29 11:21:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-05-28 12:06:26 ----HD---- C:\$AVG8.VAULT$ 2009-05-28 12:04:06 ----A---- C:\Windows\system32\avgrsstx.dll 2009-05-28 12:04:01 ----D---- C:\ProgramData\avg8 2009-05-28 12:04:01 ----D---- C:\Program Files\AVG 2009-05-28 11:34:38 ----A---- C:\Windows\ntbtlog.txt 2009-05-28 11:11:15 ----D---- C:\ProgramData\Spybot - Search & Destroy 2009-05-28 11:11:15 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-05-27 11:40:33 ----D---- C:\Windows\Sun 2009-05-26 08:35:26 ----D---- C:\Windows\pss 2009-05-23 15:08:56 ----A---- C:\Windows\system32\picn20.dll 2009-05-23 15:08:55 ----D---- C:\Program Files\Common Files\Ahead 2009-05-23 15:08:55 ----A---- C:\Windows\system32\NeroCheck.exe 2009-05-23 15:08:55 ----A---- C:\Windows\system32\ImagXpr5.dll 2009-05-23 15:08:55 ----A---- C:\Windows\system32\imagx5.dll 2009-05-23 15:08:55 ----A---- C:\Windows\system32\imagr5.dll 2009-05-23 15:08:51 ----D---- C:\Program Files\Ahead 2009-05-21 12:28:59 ----A---- C:\Windows\system32\msvcp71.dll 2009-05-21 12:24:03 ----D---- C:\Program Files\TVersity 2009-05-11 16:27:53 ----A---- C:\Windows\system32\mshtmler.dll 2009-05-11 16:27:53 ----A---- C:\Windows\system32\mshtmled.dll 2009-05-11 16:27:53 ----A---- C:\Windows\system32\jsproxy.dll 2009-05-11 16:27:53 ----A---- C:\Windows\system32\ieui.dll 2009-05-11 16:27:53 ----A---- C:\Windows\system32\icardie.dll 2009-05-11 16:27:53 ----A---- C:\Windows\system32\admparse.dll 2009-05-11 16:27:52 ----A---- C:\Windows\system32\occache.dll 2009-05-11 16:27:52 ----A---- C:\Windows\system32\msls31.dll 2009-05-11 16:27:52 ----A---- C:\Windows\system32\msfeedsbs.dll 2009-05-11 16:27:52 ----A---- C:\Windows\system32\licmgr10.dll 2009-05-11 16:27:52 ----A---- C:\Windows\system32\inseng.dll 2009-05-11 16:27:52 ----A---- C:\Windows\system32\imgutil.dll 2009-05-11 16:27:52 ----A---- C:\Windows\system32\iernonce.dll 2009-05-11 16:27:52 ----A---- C:\Windows\system32\iepeers.dll 2009-05-11 16:27:52 ----A---- C:\Windows\system32\ieaksie.dll 2009-05-11 16:27:52 ----A---- C:\Windows\system32\ieakeng.dll 2009-05-11 16:27:52 ----A---- C:\Windows\system32\dxtrans.dll 2009-05-11 16:27:52 ----A---- C:\Windows\system32\dxtmsft.dll 2009-05-11 16:27:52 ----A---- C:\Windows\system32\corpol.dll 2009-05-11 16:27:51 ----A---- C:\Windows\system32\WinFXDocObj.exe 2009-05-11 16:27:51 ----A---- C:\Windows\system32\wextract.exe 2009-05-11 16:27:51 ----A---- C:\Windows\system32\webcheck.dll 2009-05-11 16:27:51 ----A---- C:\Windows\system32\pngfilt.dll 2009-05-11 16:27:51 ----A---- C:\Windows\system32\mstime.dll 2009-05-11 16:27:51 ----A---- C:\Windows\system32\msrating.dll 2009-05-11 16:27:51 ----A---- C:\Windows\system32\msfeedssync.exe 2009-05-11 16:27:51 ----A---- C:\Windows\system32\msfeeds.dll 2009-05-11 16:27:51 ----A---- C:\Windows\system32\iesetup.dll 2009-05-11 16:27:51 ----A---- C:\Windows\system32\ieakui.dll 2009-05-11 16:27:51 ----A---- C:\Windows\system32\advpack.dll 2009-05-11 16:27:50 ----A---- C:\Windows\system32\vbscript.dll 2009-05-11 16:27:50 ----A---- C:\Windows\system32\url.dll 2009-05-11 16:27:50 ----A---- C:\Windows\system32\jscript.dll 2009-05-11 16:27:50 ----A---- C:\Windows\system32\iedkcs32.dll 2009-05-11 16:27:50 ----A---- C:\Windows\system32\ieapfltr.dll 2009-05-11 16:27:49 ----A---- C:\Windows\system32\wininet.dll 2009-05-11 16:27:49 ----A---- C:\Windows\system32\urlmon.dll 2009-05-11 16:27:49 ----A---- C:\Windows\system32\SetIEInstalledDate.exe 2009-05-11 16:27:49 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2009-05-11 16:27:49 ----A---- C:\Windows\system32\PDMSetup.exe 2009-05-11 16:27:49 ----A---- C:\Windows\system32\mshta.exe 2009-05-11 16:27:49 ----A---- C:\Windows\system32\iexpress.exe 2009-05-11 16:27:49 ----A---- C:\Windows\system32\ieUnatt.exe 2009-05-11 16:27:49 ----A---- C:\Windows\system32\iesysprep.dll 2009-05-11 16:27:49 ----A---- C:\Windows\system32\iertutil.dll 2009-05-11 16:27:49 ----A---- C:\Windows\system32\ie4uinit.exe 2009-05-11 16:27:48 ----A---- C:\Windows\system32\mshtml.dll 2009-05-11 16:27:48 ----A---- C:\Windows\system32\ieframe.dll 2009-05-11 04:03:25 ----A---- C:\Windows\vbaddin.ini 2009-05-11 02:59:22 ----D---- C:\Users\Familia\AppData\Roaming\Autodesk 2009-05-11 02:59:22 ----D---- C:\ProgramData\Autodesk 2009-05-11 02:58:14 ----D---- C:\Program Files\Common Files\Autodesk Shared 2009-05-11 02:58:14 ----D---- C:\Program Files\Autodesk 2009-05-11 02:57:59 ----A---- C:\Windows\system32\d3dx9_30.dll 2009-05-02 10:48:29 ----D---- C:\Users\Familia\AppData\Roaming\Canon 2009-05-02 10:48:23 ----D---- C:\Program Files\Canon 2009-05-02 10:39:56 ----HD---- C:\ProgramData\CanonBJ 2009-05-02 10:39:34 ----HD---- C:\Windows\system32\CanonIJ Uninstaller Information 2009-05-02 10:38:39 ----HD---- C:\Program Files\CanonBJ 2009-05-02 10:24:21 ----D---- C:\Users\Familia\AppData\Roaming\TomTom 2009-05-02 10:24:21 ----D---- C:\Users\Familia\AppData\Roaming\Mozilla 2009-05-01 17:53:19 ----D---- C:\ProgramData\MSScanAppDataDir ======List of files/folders modified in the last 1 months====== 2009-05-31 05:36:16 ----D---- C:\Windows\Prefetch 2009-05-31 05:36:08 ----D---- C:\Windows\Temp 2009-05-31 05:31:45 ----D---- C:\Windows\System32 2009-05-31 05:31:45 ----D---- C:\Windows\inf 2009-05-31 05:31:45 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-05-31 05:29:32 ----D---- C:\Windows\system32\drivers 2009-05-31 05:29:07 ----RD---- C:\Program Files 2009-05-31 05:27:22 ----D---- C:\Windows\Minidump 2009-05-31 05:27:15 ----D---- C:\Windows 2009-05-31 05:15:03 ----D---- C:\Windows\winsxs 2009-05-31 05:15:03 ----D---- C:\Program Files\Internet Explorer 2009-05-31 05:15:00 ----SHD---- C:\Windows\Installer 2009-05-31 05:14:58 ----D---- C:\Program Files\Common Files\microsoft shared 2009-05-31 05:14:13 ----D---- C:\Windows\system32\catroot 2009-05-30 19:42:23 ----RAD---- C:\Incoming 2009-05-30 19:41:40 ----SHD---- C:\System Volume Information 2009-05-30 19:23:23 ----SD---- C:\Windows\Downloaded Program Files 2009-05-30 19:08:21 ----D---- C:\Windows\system32\Tasks 2009-05-29 11:21:24 ----HD---- C:\ProgramData 2009-05-29 10:50:44 ----D---- C:\Windows\system32\catroot2 2009-05-28 23:53:20 ----SHD---- C:\RECYCLER 2009-05-28 12:41:07 ----D---- C:\Windows\Tasks 2009-05-28 12:38:19 ----SD---- C:\Users\Familia\AppData\Roaming\Microsoft 2009-05-26 22:46:50 ----D---- C:\Windows\LiveKernelReports 2009-05-26 08:33:09 ----RSD---- C:\Windows\assembly 2009-05-26 08:33:06 ----D---- C:\Windows\Help 2009-05-26 08:33:04 ----RSD---- C:\Windows\Fonts 2009-05-25 11:19:23 ----D---- C:\Windows\system32\WDI 2009-05-23 15:08:55 ----D---- C:\Program Files\Common Files 2009-05-21 01:22:09 ----D---- C:\Program Files\Windows Mail 2009-05-17 20:52:57 ----D---- C:\Windows\WindowsMobile 2009-05-17 10:48:00 ----D---- C:\Windows\system32\LogFiles 2009-05-17 10:47:03 ----D---- C:\Program Files\Microsoft 2009-05-16 19:29:57 ----SHD---- C:\$Recycle.Bin 2009-05-12 01:54:52 ----D---- C:\Windows\system32\migration 2009-05-12 01:54:52 ----D---- C:\Windows\system32\it-IT 2009-05-12 01:54:52 ----D---- C:\Windows\system32\en-US 2009-05-12 01:54:52 ----D---- C:\Windows\PolicyDefinitions 2009-05-11 04:03:35 ----A---- C:\Windows\ODBC.INI 2009-05-11 04:03:06 ----SD---- C:\ProgramData\Microsoft 2009-05-11 04:03:06 ----D---- C:\Program Files\Microsoft Office 2009-05-11 03:01:51 ----D---- C:\Windows\Microsoft.NET 2009-05-11 02:57:42 ----D---- C:\Program Files\Common Files\DESIGNER 2009-05-10 14:27:18 ----D---- C:\Windows\servicing 2009-05-07 09:16:29 ----A---- C:\Windows\system32\mrt.exe 2009-05-06 09:50:47 ----RD---- C:\Users 2009-05-01 01:24:07 ----D---- C:\Windows\system32\config ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-05-28 325896] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-05-28 27784] R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-05-28 108552] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-02-26 4385792] R3 HdAudAddService;Driver di funzioni Microsoft 1.1 UAA per servizio High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] R3 HdAudAddService;Driver di funzioni Microsoft 1.1 UAA per servizio High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-19 1959832] R3 MSPQM;Proxy di gestione qualità di flusso Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] R3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136] R3 RTL8169;Driver Realtek 8169 per NT; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544] R3 usbaudio;Driver audio USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552] R3 VX1000;VX-1000; C:\Windows\system32\DRIVERS\VX1000.sys [2008-08-04 1964432] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560] S3 drmkaud;Decodificatore audio DRM del KERNEL Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2009-03-26 16608] S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [] S3 MSKSSRV;Proxy di servizio di flusso Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Proxy clock di flusso Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSTEE;Convertitore a T/Sito a sito per flusso Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 UMPass;Driver Microsoft UMPass; C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 7168] S3 usb_rndisx;Scheda RNDIS USB; C:\Windows\system32\DRIVERS\usb8023x.sys [2006-11-02 14848] S3 usbscan;Driver scanner USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328] S3 winusb;Driver WinUsb; C:\Windows\system32\DRIVERS\winusb.sys [2006-11-02 31616] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2008-08-04 164896] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-02-25 733184] S4 avg8wd;AVG Free8 WatchDog; C:\PROGRA~3\AVG\AVG8\avgwdsvc.exe [2009-05-28 298776] S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2009-05-31 05:36:20 ======Uninstall list====== -->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B} Adobe Reader 9.1 - Italiano-->MsiExec.exe /I{AC76BA86-7AD7-1040-7B44-A91000000001} AdunanzA-->"C:\Program Files\eMule AdunanzA\Disinstallazione eMule AdunanzA.exe" Assistente per l'accesso a Windows Live-->MsiExec.exe /I{DC7B9AB3-2635-45AA-957D-90FDE7CD51D7} Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057} AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini Canon MP160-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0010 Centro gestione dispositivi Windows Mobile-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917} Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe ffdshow [rev 1723] [2007-12-24]-->"C:\Program Files\K-Lite Codec Pack\ffdshow\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} K-Lite Codec Pack 4.7.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - ita\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - ita-->MsiExec.exe /I{55CA4086-0D2C-30E3-A7B5-C76BA737CECE} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Corporation-->MsiExec.exe /I{7B08D306-7266-4647-A926-2F78817ED1E0} Microsoft LifeCam-->MsiExec.exe /X{6BCB7EAA-598C-4836-B7EA-3642E41AA222} Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-0410-0000-0000000FF1CE} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110410-6000-11D3-8CFE-0150048383C9} Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510410-6000-11D3-8CFE-0150048383C9} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Nokia Flashing Cable Driver-->MsiExec.exe /X{A4E0CA0F-1903-440A-9B98-FEA6CB049999} Nokia Internet Tablet Software Update Wizard-->RunDll32 C:\PROGRA~3\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D198D2E7-B557-4404-A286-77F249625172}\setup.exe" -l0x10 -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~3\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x10 -removeonly Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins003.exe" Strumento di caricamento di Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Live Call-->MsiExec.exe /I{49C77D21-F91F-4296-B7DF-19C5FF51AF4D} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{E171E280-0BAE-4460-9F47-CA96D17828B6} Windows Live Messenger-->MsiExec.exe /X{5AE2BE5E-930A-481C-817E-C373E8910C8A} WinRAR gestione archivi-->C:\Program Files\WinRAR\uninstall.exe ======Security center information====== AV: AVG Anti-Virus Free AS: AVG Anti-Virus Free (disabled) AS: Windows Defender ======System event log====== Computer Name: PC-Familia Event Code: 7036 Message: Il servizio Informazioni applicazioni è ora in modalità esecuzione. Record Number: 100965 Source Name: Service Control Manager Time Written: 20090531033507.000000-000 Event Type: Informazioni User: Computer Name: PC-Familia Event Code: 7036 Message: Il servizio Servizio trasferimento intelligente in background è ora in modalità esecuzione. Record Number: 100966 Source Name: Service Control Manager Time Written: 20090531033526.000000-000 Event Type: Informazioni User: Computer Name: PC-Familia Event Code: 7036 Message: Il servizio KtmRm per Distributed Transaction Coordinator è ora in modalità esecuzione. Record Number: 100967 Source Name: Service Control Manager Time Written: 20090531033527.000000-000 Event Type: Informazioni User: Computer Name: PC-Familia Event Code: 7036 Message: Il servizio Centro sicurezza PC è ora in modalità esecuzione. Record Number: 100968 Source Name: Service Control Manager Time Written: 20090531033527.000000-000 Event Type: Informazioni User: Computer Name: PC-Familia Event Code: 7036 Message: Il servizio Windows Update è ora in modalità esecuzione. Record Number: 100969 Source Name: Service Control Manager Time Written: 20090531033528.000000-000 Event Type: Informazioni User: =====Application event log===== Computer Name: PC-Familia Event Code: 1 Message: Client Servizi certificati avviato. Record Number: 3443 Source Name: Microsoft-Windows-CertificateServicesClient Time Written: 20090531033327.533209-000 Event Type: Informazioni User: PC-Familia\Familia Computer Name: PC-Familia Event Code: 1 Message: Client Servizi certificati avviato. Record Number: 3444 Source Name: Microsoft-Windows-CertificateServicesClient Time Written: 20090531033329.051409-000 Event Type: Informazioni User: NT AUTHORITY\SYSTEM Computer Name: PC-Familia Event Code: 1001 Message: Bucket errato 0x8E_nt!MiMapViewOfImageSection+815, tipo 0 Nome evento: BlueScreen Risposta: Nessuno ID CAB: 0 Firma problema: P1: P2: P3: P4: P5: P6: P7: P8: P9: P10: File allegati: C:\Users\Familia\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report0479028f\Mini053109-02.dmp C:\Users\Familia\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report0479028f\WER-43711-0.sysdata.xml C:\Users\Familia\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report0479028f\WERF565.tmp.version.txt I file potrebbero essere disponibili qui: C:\Users\Familia\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0fc0c725 Record Number: 3445 Source Name: Windows Error Reporting Time Written: 20090531033337.000000-000 Event Type: Informazioni User: Computer Name: PC-Familia Event Code: 1 Message: Record Number: 3446 Source Name: MBAMService Time Written: 20090531033512.000000-000 Event Type: Errore User: Computer Name: PC-Familia Event Code: 1 Message: Servizio Centro sicurezza PC Windows avviato. Record Number: 3447 Source Name: SecurityCenter Time Written: 20090531033527.000000-000 Event Type: Informazioni User: =====Security event log===== Computer Name: PC-Familia Event Code: 4672 Message: Privilegi speciali assegnati a nuovo accesso. Soggetto: ID protezione:S-1-5-18 Nome ACCOUNT:SYSTEM Dominio account:NT AUTHORITY ID accesso:0x3e7 Privilegi:SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 26299 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090531033316.795394-000 Event Type: Controllo riuscito User: Computer Name: PC-Familia Event Code: 4648 Message: È stato tentato un accesso utilizzando credenziali esplicite. Soggetto: ID protezione:S-1-5-18 Nome account:PC-FAMILIA$ Dominio account:WORKGROUP ID accesso:0x3e7 GUID accesso:{00000000-0000-0000-0000-000000000000} Account di cui sono state utilizzate le credenziali: Nome account:SYSTEM Dominio account:NT AUTHORITY GUID accesso:{00000000-0000-0000-0000-000000000000} Server di destinazione: Nome server di destinazione:localhost Informazioni aggiuntive:localhost Informazioni sul processo: ID processo:0x288 Nome processo:C:\Windows\System32\services.exe Informazioni di rete: Indirizzo di rete:- Porta:- Questo evento viene generato quando un processo tenta di far accedere un account specificando esplicitamente le credenziali dell'account. Generalmente si verifica in configurazioni di tipo batch, ad esempio attività pianificate, oppure quando si utilizza il comando RUNAS. Record Number: 26300 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090531033316.920195-000 Event Type: Controllo riuscito User: Computer Name: PC-Familia Event Code: 4624 Message: Accesso di un account riuscito. Soggetto: ID protezione:S-1-5-18 Nome account:PC-FAMILIA$ Dominio account:WORKGROUP ID accesso:0x3e7 Tipo di accesso:5 Nuovo accesso: ID protezione:S-1-5-18 Nome account:SYSTEM Dominio account:NT AUTHORITY ID accesso:0x3e7 GUID accesso:{00000000-0000-0000-0000-000000000000} Informazioni sul processo: ID processo:0x288 Nome processo:C:\Windows\System32\services.exe Informazioni di rete: Nome workstation: Indirizzo rete di ORIGINE:- Porta di origine:- Informazioni di autenticazione dettagliate: Processo di accesso:Advapi Pacchetto di autenticazione:Negotiate Servizi transitati:- Nome pacchetto (solo NTLM):- Lunghezza chiave:0 Questo evento viene generato quando viene creata una sessione di accesso. Viene generato nel computer in cui è stato effettuato l'accesso. Il campo Soggetto indica l'account nel sistema locale che ha richiesto l'accesso. Generalmente si tratta di un servizio, quale il servizio Server, o di un processo locale, ad esempio Winlogon.exe o Services.exe. Il campo Tipo di accesso indica il tipo di accesso che è stato effettuato. I tipi più comuni sono 2 (interattivo) e 3 (rete). Il campo Nuovo accesso indica l'account per il quale è stato creato il nuovo accesso, vale a dire l'account che ha effettuato l'accesso. Il campo Informazioni di rete indica l'origine della richiesta di accesso remota. Il nome della workstation non è sempre disponibile e può essere vuoto in alcuni casi. Il campo Informazioni di autenticazione fornisce informazioni dettagliate sulla specifica richiesta di accesso. - GUID accesso è un identificatore univoco che può essere utilizzato per correlare questo evento a un evento KDC. - Servizi transitati indica quali servizi intermedi hanno partecipato alla richiesta di accesso. - Nome pacchetto indica quale sottoprotocollo dei protocolli NTLM è stato utilizzato. - Lunghezza chiave indica la lunghezza della chiave di sessione generata. Se non è stata richiesta alcuna chiave di sessione, la lunghezza sarà pari a zero. Record Number: 26301 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090531033316.920195-000 Event Type: Controllo riuscito User: Computer Name: PC-Familia Event Code: 4672 Message: Privilegi speciali assegnati a nuovo accesso. Soggetto: ID protezione:S-1-5-18 Nome account:SYSTEM Dominio account:NT AUTHORITY ID accesso:0x3e7 Privilegi:SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 26302 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090531033316.920195-000 Event Type: Controllo riuscito User: Computer Name: PC-Familia Event Code: 5024 Message: Il servizio Windows Firewall è stato avviato correttamente. Record Number: 26303 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090531033319.435209-000 Event Type: Controllo riuscito User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\CMD.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel "PROCESSOR_REVISION"=0f0b "NUMBER_OF_PROCESSORS"=2 -----------------EOF----------------- --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft® Windows Vista™ Home Premium ( v6.0.6000 ) X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz ) BIOS : Award Modular BIOS v6.00PG USER : Familia ( Administrator ) BOOT : Normal boot Antivirus : AVG Anti-Virus Free 8.5 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:465 Go (Free:144 Go) D:\ (CD or DVD) E:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008\|23:40 ) Option : [2] ( 31/05/2009\| 5.07 ) [ UAC => 1 ] \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing folders in Local [26/04/2009\|16.23] C:\Users\Familia\AppData\Local\Adobe [11/05/2009\|02.59] C:\Users\Familia\AppData\Local\Autodesk [26/03/2009\|03.31] C:\Users\Familia\AppData\Local\Cronologia [30/05/2009\|18.36] C:\Users\Familia\AppData\Local\d3d9caps.dat [26/03/2009\|03.31] C:\Users\Familia\AppData\Local\Dati applicazioni [30/05/2009\|20.06] C:\Users\Familia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [26/05/2009\|08.37] C:\Users\Familia\AppData\Local\GDIPFONTCACHEV1.DAT [11/05/2009\|04.03] C:\Users\Familia\AppData\Local\Microsoft [10/04/2009\|16.48] C:\Users\Familia\AppData\Local\Microsoft Games [31/05/2009\|05.07] C:\Users\Familia\AppData\Local\Temp [26/03/2009\|03.31] C:\Users\Familia\AppData\Local\Temporary Internet Files [02/05/2009\|10.24] C:\Users\Familia\AppData\Local\TomTom [29/05/2009\|14.23] C:\Users\Familia\AppData\Local\VirtualStore [3\|File] C:\Users\Familia\AppData\Local\byte [12\|Directory] C:\Users\Familia\AppData\Local\byte disponibili --------------------\\ Scheduled Tasks located in C:\Windows\Tasks [31/05/2009 05.00][--ah-----] C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job [31/05/2009 04.55][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{1A0F8AAF-C754-49F8-857F-096C00F7C877}.job [30/05/2009 19.09][--ah-----] C:\Windows\tasks\SA.DAT [30/05/2009 17.50][--a------] C:\Windows\tasks\SCHEDLGU.TXT --------------------\\ Listing Folders in C:\ProgramData [21/04/2009\|17.32] C:\ProgramData\Adobe [02/11/2006\|15.02] C:\ProgramData\Application Data [26/05/2009\|08.33] C:\ProgramData\Autodesk [28/05/2009\|16.17] C:\ProgramData\avg8 [02/05/2009\|10.39] C:\ProgramData\CanonBJ [26/03/2009\|03.29] C:\ProgramData\Dati applicazioni [02/11/2006\|15.02] C:\ProgramData\Desktop [26/03/2009\|03.29] C:\ProgramData\Documenti [02/11/2006\|15.02] C:\ProgramData\Documents [05/04/2009\|04.33] C:\ProgramData\eMule AdunanzA [02/11/2006\|15.02] C:\ProgramData\Favorites [29/05/2009\|11.21] C:\ProgramData\Malwarebytes [26/03/2009\|03.29] C:\ProgramData\Menu Avvio [11/04/2009\|13.19] C:\ProgramData\Messenger Plus! [11/05/2009\|04.03] C:\ProgramData\Microsoft [26/03/2009\|03.29] C:\ProgramData\Modelli [01/05/2009\|17.53] C:\ProgramData\MSScanAppDataDir [26/03/2009\|03.29] C:\ProgramData\Preferiti [28/05/2009\|11.38] C:\ProgramData\Spybot - Search & Destroy [02/11/2006\|15.02] C:\ProgramData\Start Menu [02/11/2006\|15.02] C:\ProgramData\Templates [0\|File] C:\ProgramData\byte [23\|Directory] C:\ProgramData\byte disponibili --------------------\\ Listing Folders in C:\Program Files [21/04/2009\|17.32] C:\Program Files\Adobe [23/05/2009\|15.08] C:\Program Files\Ahead [26/03/2009\|04.40] C:\Program Files\ATI [26/03/2009\|04.40] C:\Program Files\ATI Technologies [11/05/2009\|02.58] C:\Program Files\Autodesk [28/05/2009\|12.04] C:\Program Files\AVG [02/05/2009\|10.48] C:\Program Files\Canon [02/05/2009\|10.38] C:\Program Files\CanonBJ [23/05/2009\|15.08] C:\Program Files\Common Files [05/04/2009\|04.33] C:\Program Files\eMule AdunanzA [30/05/2009\|19.23] C:\Program Files\ESET [26/03/2009\|03.29] C:\Program Files\File comuni [C:\Program Files\Common Files] [26/04/2009\|02.20] C:\Program Files\InstallShield Installation Information [26/03/2009\|04.14] C:\Program Files\Intel [12/05/2009\|01.54] C:\Program Files\Internet Explorer [20/04/2009\|21.58] C:\Program Files\Java [26/03/2009\|17.34] C:\Program Files\K-Lite Codec Pack [11/05/2009\|04.00] C:\Program Files\MagicDisc [29/05/2009\|11.21] C:\Program Files\Malwarebytes' Anti-Malware [10/04/2009\|21.54] C:\Program Files\Messenger Plus! Live [17/05/2009\|10.47] C:\Program Files\Microsoft [02/11/2006\|14.37] C:\Program Files\Microsoft Games [10/04/2009\|21.48] C:\Program Files\Microsoft LifeCam [11/05/2009\|04.03] C:\Program Files\Microsoft Office [26/03/2009\|04.56] C:\Program Files\Microsoft Office Outlook Connector [10/04/2009\|22.34] C:\Program Files\Microsoft Silverlight [26/03/2009\|03.35] C:\Program Files\Microsoft.NET [02/11/2006\|14.42] C:\Program Files\Movie Maker [02/11/2006\|14.37] C:\Program Files\MSBuild [24/04/2009\|14.11] C:\Program Files\MSECache [02/11/2006\|14.37] C:\Program Files\MSN [26/04/2009\|02.21] C:\Program Files\Nokia [26/03/2009\|03.54] C:\Program Files\obj [26/03/2009\|04.13] C:\Program Files\Realtek [02/11/2006\|14.37] C:\Program Files\Reference Assemblies [28/05/2009\|11.36] C:\Program Files\Spybot - Search & Destroy [27/03/2009\|23.23] C:\Program Files\TomTom DesktopSuite [30/05/2009\|19.08] C:\Program Files\Trend Micro [21/05/2009\|12.24] C:\Program Files\TVersity [02/11/2006\|15.01] C:\Program Files\Uninstall Information [16/04/2009\|08.44] C:\Program Files\Windows Calendar [02/11/2006\|14.42] C:\Program Files\Windows Collaboration [16/04/2009\|08.44] C:\Program Files\Windows Defender [02/11/2006\|14.42] C:\Program Files\Windows Journal [26/03/2009\|04.55] C:\Program Files\Windows Live [26/03/2009\|04.54] C:\Program Files\Windows Live SkyDrive [21/05/2009\|01.22] C:\Program Files\Windows Mail [12/04/2009\|19.57] C:\Program Files\Windows Media Player [26/03/2009\|03.29] C:\Program Files\Windows NT [02/11/2006\|14.42] C:\Program Files\Windows Photo Gallery [12/04/2009\|19.57] C:\Program Files\Windows Sidebar [27/03/2009\|23.10] C:\Program Files\WinRAR [0\|File] C:\Program Files\byte [54\|Directory] C:\Program Files\byte disponibili --------------------\\ Listing Folders in C:\Program Files\Common Files [21/04/2009\|17.32] C:\Program Files\Common Files\Adobe [23/05/2009\|15.08] C:\Program Files\Common Files\Ahead [26/05/2009\|08.33] C:\Program Files\Common Files\Autodesk Shared [11/05/2009\|02.57] C:\Program Files\Common Files\DESIGNER [29/03/2009\|18.25] C:\Program Files\Common Files\InstallShield [17/05/2009\|10.47] C:\Program Files\Common Files\microsoft shared [02/11/2006\|13.18] C:\Program Files\Common Files\Services [02/11/2006\|13.18] C:\Program Files\Common Files\SpeechEngines [16/04/2009\|08.44] C:\Program Files\Common Files\System [26/03/2009\|04.52] C:\Program Files\Common Files\Windows Live [0\|File] C:\Program Files\Common Files\byte [12\|Directory] C:\Program Files\Common Files\byte disponibili --------------------\\ Process ( 49 Processes ) ... OK ! --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders No Lop folder found ! --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-31 05:07:58 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden files ... disk error: C:\Windows\System32\ please note that you need administrator rights to perform deep scan --------------------\\ Searching for other infections [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters] NameServer REG_SZ 85.255.112.98,85.255.112.137 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters] NameServer REG_SZ 85.255.112.98,85.255.112.137 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] NameServer REG_SZ 85.255.112.98,85.255.112.137 ==> WAREOUT <== --------------------\\ Cracks & Keygens .. C:\Users\Familia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GNASK89S\88x31_crack[1].jpg C:\Users\Familia\AppData\Roaming\Microsoft\Windows\Recent\AutoCAD-2008-keygen.rar.lnk C:\Users\Familia\AppData\Roaming\Microsoft\Windows\Recent\AutoCAD-2008-keygen.[wnet.co.il].rar.lnk C:\Users\Familia\AppData\Roaming\Microsoft\Windows\Recent\rebuilt.AutoCAD.2008.Keygen.Only-XFORCE.rar.lnk C:\Users\Familia\AppData\Roaming\Microsoft\Windows\Recent\SERIALI OFFICE 2003 CRACK.TXT.lnk C:\Users\Familia\AppData\Roaming\Microsoft\Windows\Recent\[pocket pc wm5] TomTom Navigator 6 + mappe italia v6.6 + istruzioni + PDI + crack HOMER.lnk [F:3398][D:108]-> C:\Users\Familia\AppData\Local\Temp [F:127][D:1]-> C:\Users\Familia\AppData\Roaming\MICROS~1\Windows\Cookies [F:1075][D:4]-> C:\Users\Familia\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5 [F:15][D:5]-> C:\$Recycle.Bin 1 - "C:\Lop SD\LopR_1.txt" - 30/05/2009\|19.17 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 30/05/2009\|19.19 - Option : [2] 3 - "C:\Lop SD\LopR_3.txt" - 31/05/2009\| 5.07 - Option : [1] 4 - "C:\Lop SD\LopR_4.txt" - 31/05/2009\| 5.08 - Option : [2] --------------------\\ Scan completed at 5.08.09 [ UAC => 1 ] Any help? ESET on line scanner v3 DOESNT find any thread. AVG is disabled by thread. DNS is set now to automatic retrieve (was modified before by thread). Spybot y mbam doesn work. Thank you

Discussion

No Comment Found

Related InterviewSolutions