Penserai mica di salvarti così facilmente ora, vero? Su su racconta

 

 

Penserai mica di salvarti così facilmente ora, vero? Su su racconta

Meglio di no dai, sarà una storia colma di intrighi di potere, di pizzini e fucili a canne mozze puntati dietro la nuca...

 

 

Semplicemente ogni tanto mi piace fare qualcosa di nuovo sul PC, vuoi un overclock che non mi servirà mai, vuoi mettere sul il norton al posto di avira

 

ho scaricato la solita versione Trial e l'ho poi aggiornato con i file scaricabili (mizzica 32 MB ogni file... ma sono matti???)

 

Or ora mi accingo a fare la scansione totale e vedo se ha ancora i problemi di crash e lentezza totale... e sopratutto se mi toglie i residui di bagle che avira VEDEVA e non toglieva

 

 

edit del dopo-scansione

 

beh che dire.... da tempo qualcosa non mi sorprendeva così!

 

scansione eseguita senza problemi e rimosso sia il worm su quela cartella nascosta, di systema e inaccessibile di windows sia un altro worm che non sapevo di avere.....

 

sto veramente pensando di comprarlo.... PAZZESCO

 

l'unica scocciatura è che gli aggiornamenti dovrò scaricarli dal PC aziendale e poi la sera installarli su quello di casa :-) perchè con la mia UMTS-PACCO sennò la vedo dura

 

 

Aggiornamento: sul Pc di casa tutto bene, anche gli updates ho scoperto che usando il live bastano pochi MB per tenere tutto in ordine

 

Però c'è stato un problema sul Pc dei downloads.... per uno sfortuito sbalzo di corrente (diciamola tutta, c'è un UPS ma mio babbo ha staccato per sbaglio la spina a muro ) il pc ha subito un brusco spegnimento.

al riavvio la rete era totalmente bloccata, nessun IP e sk di rete con ! giallo su gestione risorse.. al che ho notato che il caro norton installa dei drivers di periferca virtuali per gestire in sicurezza le connessioni di rete.....dopo la disinstallazione, 3 riavvii, 1 ora e mezza buttata e "araquanti" scancheramenti il tutto s'è risolto bene.... su quel PC sono tornato con Avira

 

 

Per caso hai provato anche Kasperky Internet Security 2009?

 

Se si, qual'è meglio?

 

 

Non serve nemmeno metterli a confronto

 

KIS senza dubbi e incertezze

 

 

purtroppo m'è scaduta la trial e mi accingo a disinstallarlo..... penso metterò avira a questo punto

 

 

Prova la versione Premium di Avira gratuita per 6 mesi, link per richiedere il key è questo

 

 

figata! grazie Toe! ma poi il rinnovo si paga immagino? quindi è premium solo x sei mesi con rinnovi ogni 30 giorni?

 

 

Dunque, la chiave dura 6 mesi diretti e vale per molte versioni in realtà

 

- Premium normale Ita (link download)

 

- Premium Security Suite Ita (Link Download).

 

La puoi inserire durante l'installazione oppure dopo l'installazione, una volta scaduti i 6 mesi, sarai avvisato e probabilmente ti verrà proposta un upgrade di 6 mesi ad un prezzo inferiore oppure una licenza annuale sempre a buon prezzo, io ad esempio ho preso la Premium normale per un anno a 9€.

 

 

allora non mi spiego questo....

 

Product name: Avira AntiVir Premium - 1 Year

Your promotional license is valid until: 2009-05-06

 

che sarebbe il 6 maggio

 

 

 

Ma porc...hanno cambiato offerta

 

Prima durava 6 mesi, tant'è che la mia scade il 13 agosto, gli ho scritto

 

 

E' normale che il firewall di Avira o l'AntivirGuard si chiude da solo e si riattiva qualche volta se sei fortunato?

 

Ultimamente ho notato che il firewall di Avira, il servizio, si chiude automaticamente all'accensione del pc o durante il surfing in internet e quindi lo devo attivare manualmente!

 

Come mai?

 

 

Ti si presenta qualche errore prima di chiudersi?

 

Guarda se hai processi strani nel Taskmanager, è uno dei comportamenti di Bagle a quanto ricordo

 

 

Tutto regolare...solo all'avvio avevo una strana voce la quale apriva solo una pubblicità internet o se non ero in internet mi chiedeva di connettermi!

 

Quando lo fa non da nessun avviso!

 

 

Ultimamente ho notato che appena accendo il computer mi appare la scirtta di riprovare a collegarmi su internet o Work offline, solo che io non ho aperto nulla ed ho cominciato le ricerche del problema!

 

Risultato???

 

Ho scoperto, msconfig su run, che ho una voce strana, cioè un *.dll che fa aprire questa paggina con titotlo " RON ads by horizonads" che mi apre varie pubblicità e per fortuna non porno.

 

Comunque Avira, Spyboot & SuperAntiSpyware non rilevano niente, usato tool ecc per cancellarlo e disattivarlo solo che si rigenera subito al secondo avvio!

 

Perchè una volta cancellato o disattivato dall'avvio è riavviii non da problemi, ma se riavvi un altra volta riesce!

Che devo fare?

 

 

Fai una scansione in modalità provvisoria con Malwarebytes, con SmitfraudFix e con ComboFix, dopo posta un log con HijackThis

 

 

Ecco il log i hijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

 

Scan saved at 21:28:48, on 4/15/2009

 

Platform: Windows XP SP3 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

 

Boot mode: Normal

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

 

C:\WINDOWS\system32\winlogon.exe

 

C:\WINDOWS\system32\services.exe

 

C:\WINDOWS\system32\lsass.exe

 

C:\WINDOWS\system32\Ati2evxx.exe

 

C:\WINDOWS\system32\svchost.exe

 

C:\WINDOWS\System32\svchost.exe

 

C:\WINDOWS\system32\Ati2evxx.exe

 

C:\WINDOWS\system32\spoolsv.exe

 

C:\Program Files\Avira\AntiVir Desktop\sched.exe

 

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

 

C:\WINDOWS\Explorer.EXE

 

C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe

 

C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

 

C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe

 

C:\WINDOWS\RTHDCPL.EXE

 

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

 

C:\WINDOWS\system32\ctfmon.exe

 

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

 

C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe

 

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

 

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

 

C:\Program Files\Java\jre6\bin\jqs.exe

 

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

 

C:\WINDOWS\system32\IoctlSvc.exe

 

C:\WINDOWS\system32\PnkBstrA.exe

 

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

 

C:\Program Files\M1HS\Modem.exe

 

C:\Program Files\MSN Messenger\usnsvc.exe

 

C:\Program Files\Internet Explorer\IEXPLORE.EXE

 

C:\WINDOWS\System32\regsvr32.exe

 

C:\Program Files\MSN Messenger\msnmsgr.exe

 

C:\Program Files\Mozilla Firefox\firefox.exe

 

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

 

R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll

 

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

 

O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll

 

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

 

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

 

O2 - BHO: horizonads browser enhancer - {A8EFCEF4-C47B-A645-83A6-7A005004BE54} - C:\WINDOWS\system32\fgmlftrrfmfwdaa.dll

 

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

 

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

 

O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll

 

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

 

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

 

O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe" -r

 

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

 

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

 

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

 

O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"

 

O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"

 

O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"

 

O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe"

 

O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"

 

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

 

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

 

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

 

O4 - HKLM\..\Run: [kyivgoepacwbjcjig] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\fgmlftrrfmfwdaa.dll"

 

O4 - HKLM\..\Run: [zawuwadisa] Rundll32.exe "C:\WINDOWS\system32\patafudi.dll",s

 

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

 

O4 - HKCU\..\Run: [iSUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler

 

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

 

O4 - Global Startup: Bluetooth Manager.lnk = ?

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

 

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

 

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

 

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

 

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

 

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

 

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

 

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

 

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{C5B9F163-5A75-4F1D-A1FB-3065032578CA}: NameServer = 213.230.129.94 213.230.128.222

 

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

 

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe

 

O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe

 

O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

 

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

 

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

 

O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

 

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

 

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

 

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

 

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

 

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

 

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

 

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

 

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)

 

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

 

--

 

End of file - 8975 bytes

Avira non lascia che scarico SmitfraudFix e ComboFix...faccio ignora la prossima perhcè son dei FP?

 

 

Fixa le seguenti cose con HiJackThis

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

O4 - HKLM\..\Run: [kyivgoepacwbjcjig] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\fgmlftrrfmfwdaa.dll"

 

O4 - HKLM\..\Run: [zawuwadisa] Rundll32.exe "C:\WINDOWS\system32\patafudi.dll",s

 

O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe

Quel patafudi.dll se non ricordo male è Vundo purtroppo, prova a fare una scansione anche con VundoFix.

Se necessario disattivalo o disinstallalo l'Antivirus, che in questi casi è solo un fastidio di troppo.

 

 

mi sembrava strano anke quel patafudi.dll....boh!

 

Sto avira non è un gran che mi sà...visto che scade fra 20 giorni provero Kaspersky per un mese tanto poi non si accendera per altri 3 mesi sto computer...

 

 

Avira non ha nessuna colpa, ha fatto il suo dovere probabilmente, visto che riesci ancora a navigare, Vundo di solito blocca tutto. Non si può dare una paragone per un AV universalmente riconsociuto come il o uno dei migliori, un prodotto può essere buono quanto uno vuole, ma se si naviga o si aprono files pericolosi, prima o poi ci si infetta

 

I tools ti hanno trovato qualcosa?

 

 

Ma li scarico o no allora?

 

Comunque se li prendo li provo doma perchè sto facendo CW su Warrock...! Scusate!

 

 

Se vuoi risolvere non è che hai molte altre soluzioni

 

 

Scaricati ed uttilizzati tutti oggi...ecco i risultati:

 

1) Malwarebyte's Anti malware: trovati 7

 

Files Infected:

 

C:\Documents and Settings\Hello Yje & CJ\Local Settings\Application Data\Microsoft\Messenger\yje_e_arte@hotmail.com\Sharing Folders\romeo6680@live.it\activator_vista\one click activator\VistaActivator.exe (Trojan.Agent) -> Quarantined and deleted successfully.

 

C:\Documents and Settings\Hello Yje & CJ\Local Settings\Temporary Internet Files\Content.IE5\OPA7CPAB\36-horizonads_3000[1].exe (Adware.BHO) -> Quarantined and deleted successfully.

 

C:\Program Files\Trend Micro\HijackThis\backups\backup-20090416-073515-364.dll (Adware.HorizonAds) -> Quarantined and deleted successfully.

 

C:\WINDOWS\system32\fgmlftrrfmfwdaa.dll (Adware.HorizonAds) -> Quarantined and deleted successfully.

 

C:\WINDOWS\system32\kgbiskjztadz.exe (Adware.HorizonAds) -> Quarantined and deleted successfully.

 

C:\WINDOWS\system32\wafofozu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

2)ComboFix: trovati...boh...

 

ComboFix 09-04-16.02 - Hello Yje & CJ 04/16/2009 15:31.1 - NTFSx86 MINIMAL

 

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1760 [GMT 2:00]

 

Running from: c:\documents and settings\Hello Yje & CJ\Desktop\ComboFix.exe

 

AV: AntiVir Desktop *On-access scanning enabled* (Updated)

 

FW: Avira Firewall *enabled*

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

.

 

Error: Cfolders.dat

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

C:\autorun.inf

 

c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013

 

c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

 

c:\windows\system32\golosufu.dll

 

c:\windows\system32\jugoreha.dll

 

c:\windows\system32\patafudi.dll

 

c:\windows\system32\tudotipi.dll

 

c:\windows\system32\vowikewa.dll

 

c:\windows\system32\vunakifa.dll

 

D:\Autorun.inf

 

.

 

((((((((((((((((((((((((( Files Created from 2009-03-16 to 2009-04-16 )))))))))))))))))))))))))))))))

 

.

 

2009-04-16 13:11 . 2009-04-16 13:11 -------- d-----w C:\VundoFix Backups

 

2009-04-16 05:37 . 2009-04-16 05:37 -------- d-----w C:\3678884ba967eecedd29c172080f59

 

2009-04-16 05:35 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll

 

2009-04-16 05:35 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll

 

2009-04-16 05:35 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe

 

2009-04-16 05:35 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll

 

2009-04-16 05:35 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll

 

2009-04-16 05:35 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll

 

2009-04-16 05:35 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll

 

2009-04-16 05:35 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll

 

2009-04-16 05:35 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe

 

2009-04-16 05:27 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll

 

2009-04-16 05:27 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb

 

2009-04-16 05:27 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe

 

2009-04-15 19:45 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

 

2009-04-15 19:45 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

 

2009-04-12 12:50 . 2009-04-12 12:50 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!

 

2009-04-09 16:20 . 2009-04-09 16:20 -------- d-----w c:\documents and settings\All Users\Application Data\ATI

 

2009-04-09 08:44 . 2009-04-09 08:44 -------- d-----r c:\windows\AsDmiHtm

 

2009-04-08 19:39 . 2008-10-01 12:29 290816 ----a-w c:\windows\vncutil.exe

 

2009-04-08 19:39 . 2008-11-20 14:51 34816 ----a-w c:\windows\system32\RtkCoInstXP.dll

 

2009-04-08 19:39 . 2008-06-24 12:46 104992 ----a-w c:\windows\RtkAudioService.exe

 

2009-04-08 19:39 . 2006-01-04 13:41 1389056 ----a-w c:\windows\system32\drivers\Monfilt.sys

 

2009-04-08 19:39 . 2008-08-05 18:10 1684736 ----a-w c:\windows\system32\drivers\Ambfilt.sys

 

2009-04-07 19:51 . 2009-04-07 19:51 -------- d-----w c:\documents and settings\Hello Yje & CJ\Tracing

 

2009-04-07 18:58 . 2009-04-07 18:58 0 ----a-w c:\windows\tosOBEX.INI

 

2009-04-07 16:16 . 2008-10-16 12:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui

 

2009-04-07 16:16 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll

 

2009-04-07 16:16 . 2008-10-16 12:06 208744 ----a-w c:\windows\system32\muweb.dll

 

2009-04-06 15:10 . 2009-04-06 15:10 0 ----a-w c:\windows\ativpsrm.bin

 

2009-04-01 15:23 . 2004-11-25 05:07 79679 ----a-w c:\windows\system32\E_FLMAAE.DLL

 

2009-04-01 15:23 . 2004-09-10 20:12 49152 ----a-w c:\windows\system32\E_DCINST.DLL

 

2009-04-01 15:23 . 2003-05-21 02:27 64000 ----a-w c:\windows\system32\E_FBCBAAE.DLL

 

2009-04-01 15:23 . 2000-06-07 01:01 34304 ----a-w c:\windows\system32\E_FBCHAAE.DLL

 

2009-04-01 15:23 . 2008-04-13 22:17 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys

 

2009-04-01 15:23 . 2008-04-13 22:17 25856 ----a-w c:\windows\system32\drivers\usbprint.sys

 

2009-03-31 18:58 . 2008-01-04 11:34 11832 ----a-w c:\windows\system32\drivers\AsInsHelp64.sys

 

2009-03-31 18:58 . 2008-01-04 11:34 10216 ----a-w c:\windows\system32\drivers\AsInsHelp32.sys

 

2009-03-29 14:40 . 2009-03-29 14:40 -------- d-----w c:\documents and settings\Hello Yje & CJ\Shared

 

2009-03-29 14:40 . 2009-03-29 14:40 -------- d-----w c:\documents and settings\Hello Yje & CJ\Incomplete

 

2009-03-29 14:39 . 2009-03-29 18:30 -------- d-----w c:\documents and settings\Hello Yje & CJ\Local Settings\Application Data\P2P_Energy

 

2009-03-29 14:39 . 2009-03-29 14:41 -------- d-----w c:\documents and settings\Hello Yje & CJ\Application Data\LimeWireTurbo

 

2009-03-25 06:25 . 2009-03-16 13:18 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll

 

2009-03-25 06:25 . 2009-03-16 13:18 517448 ----a-w c:\windows\system32\XAudio2_4.dll

 

2009-03-25 06:25 . 2009-03-09 14:27 453456 ----a-w c:\windows\system32\d3dx10_41.dll

 

2009-03-25 06:25 . 2009-03-09 14:27 4178264 ----a-w c:\windows\system32\D3DX9_41.dll

 

2009-03-25 06:25 . 2009-03-09 14:27 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll

 

2009-03-25 06:25 . 2009-03-16 13:18 235352 ----a-w c:\windows\system32\xactengine3_4.dll

 

2009-03-25 06:25 . 2009-03-16 13:18 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll

 

2009-03-24 22:29 . 2009-03-24 22:30 -------- d-----w c:\windows\system32\amd dragon platform technology dir

 

2009-03-24 22:29 . 2009-03-24 22:29 520192 ----a-w c:\windows\system32\amd dragon platform technology.scr

 

2009-03-24 17:27 . 2009-03-24 17:54 -------- d-----w c:\documents and settings\All Users\Application Data\Autodesk

 

2009-03-24 17:27 . 2009-03-24 17:27 -------- d-----w c:\documents and settings\Hello Yje & CJ\Local Settings\Application Data\Autodesk

 

2009-03-24 17:24 . 2009-03-24 17:24 -------- d-----w c:\windows\system32\XPSViewer

 

2009-03-24 17:23 . 2006-06-29 12:07 14048 ------w c:\windows\system32\spmsg2.dll

 

2009-03-24 17:22 . 2009-03-24 17:54 -------- d-----w c:\documents and settings\Hello Yje & CJ\Application Data\Autodesk

 

2009-03-22 20:51 . 2009-03-22 20:51 -------- d-----w c:\windows\Icons

 

2009-03-21 14:19 . 2009-03-29 19:39 944 ----a-w C:\config.ini

 

2009-03-21 06:24 . 2008-10-01 19:52 584 ----a-w c:\windows\system32\oeminfo.ini

 

2009-03-21 06:24 . 2005-05-03 14:38 61614 ----a-r c:\windows\system32\oemlogo.bmp

 

2009-03-20 18:44 . 2009-04-11 13:10 99 ----a-w c:\windows\WirelessFTP.INI

 

2009-03-20 18:41 . 2009-03-20 18:41 -------- d-----w c:\documents and settings\Hello Yje & CJ\Local Settings\Application Data\Toshiba

 

2009-03-20 18:32 . 2006-11-30 18:55 113792 ----a-w c:\windows\system32\drivers\tosrfbd.sys

 

2009-03-20 18:32 . 2006-11-20 16:55 36480 ----a-w c:\windows\system32\drivers\tosrfbnp.sys

 

2009-03-20 18:32 . 2006-10-27 23:29 40960 ----a-w c:\windows\system32\drivers\tosrfusb.sys

 

2009-03-20 18:32 . 2006-10-05 15:07 73600 ----a-w c:\windows\system32\drivers\Tosrfhid.sys

 

2009-03-20 18:32 . 2005-01-06 12:42 18612 ----a-w c:\windows\system32\drivers\tosrfnds.sys

 

2009-03-20 18:32 . 2006-11-22 15:09 53504 ----a-w c:\windows\system32\drivers\TosRfSnd.sys

 

2009-03-20 18:32 . 2005-08-01 15:45 64896 ----a-w c:\windows\system32\drivers\tosrfcom.sys

 

2009-03-20 18:32 . 2006-10-10 18:33 41600 ----a-w c:\windows\system32\drivers\tosporte.sys

 

.

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

2009-04-16 13:25 . 2009-04-16 13:11 330 ----a-w C:\VundoFix.txt

 

2009-04-16 05:37 . 2009-02-09 21:03 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

 

2009-04-16 05:36 . 2009-02-02 16:07 -------- d-----w c:\program files\M1HS

 

2009-04-15 19:45 . 2009-04-15 19:45 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

 

2009-04-15 19:28 . 2009-04-15 19:28 -------- d-----w c:\program files\Trend Micro

 

2009-04-15 17:39 . 2009-02-18 22:44 -------- d-----w c:\program files\Metin2_Italiano

 

2009-04-14 11:02 . 2009-04-09 10:40 -------- d-----w c:\program files\Sacred

 

2009-04-13 15:42 . 2009-02-13 21:07 -------- d-----w c:\documents and settings\Hello Yje & CJ\Application Data\teamspeak2

 

2009-04-12 19:22 . 2009-02-18 18:37 -------- d-----w c:\documents and settings\Hello Yje & CJ\Application Data\LimeWire

 

2009-04-12 16:31 . 2009-02-10 20:08 -------- d-----w c:\documents and settings\Hello Yje & CJ\Application Data\Skype

 

2009-04-12 16:21 . 2009-02-10 20:09 -------- d-----w c:\documents and settings\Hello Yje & CJ\Application Data\skypePM

 

2009-04-12 12:36 . 2009-04-12 12:36 -------- d-----w c:\program files\Messenger Plus! Live

 

2009-04-12 12:36 . 2009-04-12 12:36 -------- d-----w c:\program files\Windows Live

 

2009-04-12 12:36 . 2009-04-07 20:13 -------- d-----w c:\program files\MSN Messenger

 

2009-04-11 17:37 . 2009-02-02 19:32 -------- d-----w c:\documents and settings\Hello Yje & CJ\Application Data\uTorrent

 

2009-04-09 21:35 . 2009-02-03 20:51 -------- d-----w c:\program files\eMule

 

2009-04-09 15:47 . 2009-02-02 16:15 -------- d-----w c:\program files\WarRock

 

2009-04-09 15:21 . 2009-02-02 15:56 -------- d-----w c:\program files\ATI Technologies

 

2009-04-09 12:13 . 2009-02-06 20:06 138464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

 

2009-04-09 12:13 . 2009-02-06 20:06 111928 ----a-w c:\windows\system32\PnkBstrB.exe

 

2009-04-09 10:45 . 2009-04-09 10:40 -------- d--h--w c:\program files\FX Uninstall Information

 

2009-04-09 08:52 . 2009-02-02 15:47 -------- d--h--w c:\program files\InstallShield Installation Information

 

2009-04-09 08:52 . 2009-02-02 15:40 -------- d-----w c:\program files\Intel

 

2009-04-09 08:16 . 2009-04-07 19:50 -------- d-----w c:\program files\Microsoft Silverlight

 

2009-04-08 20:28 . 2009-03-05 06:14 -------- d-----w c:\program files\HWiNFO32

 

2009-04-08 17:15 . 2009-02-09 15:50 -------- d-----w c:\program files\TweakNow PowerPack Pro

 

2009-04-07 19:49 . 2009-04-07 19:49 -------- d-----w c:\program files\Microsoft

 

2009-04-07 19:48 . 2009-04-07 19:48 -------- d-----w c:\program files\Windows Live SkyDrive

 

2009-04-06 19:17 . 2009-04-06 19:17 -------- d-----w c:\program files\Common Files\Windows Live

 

2009-04-05 12:21 . 2009-04-05 12:21 -------- d-----w c:\program files\Intel Corporation

 

2009-04-05 10:42 . 2009-04-05 10:42 -------- d-----w c:\program files\RivaTuner v2.24

 

2009-04-03 18:20 . 2009-04-03 18:20 -------- d-----w c:\program files\NovaTech Network

 

2009-04-02 17:51 . 2009-02-02 16:04 101640 ----a-w c:\documents and settings\Hello Yje & CJ\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

 

2009-04-02 17:46 . 2009-04-02 17:46 -------- d-----w c:\program files\SoftWareClub.ws

 

2009-04-01 16:34 . 2009-03-07 21:57 -------- d-----w c:\program files\SUPERAntiSpyware

 

2009-04-01 14:00 . 2009-04-01 14:00 -------- d-----w c:\program files\Vodafone

 

2009-04-01 11:43 . 2009-04-01 11:43 -------- d-----w c:\program files\Gameforge4D

 

2009-03-31 18:59 . 2009-02-02 15:50 -------- d-----w c:\program files\ASUS

 

2009-03-30 12:07 . 2009-03-30 12:07 -------- d-----w c:\program files\Microsoft Games

 

2009-03-29 16:32 . 2009-03-29 14:39 -------- d-----w c:\program files\P2P_Energy

 

2009-03-29 10:00 . 2009-03-29 09:54 -------- d-----w c:\program files\Download Direct

 

2009-03-24 22:18 . 2009-02-02 15:48 -------- d-----w c:\program files\Common Files\InstallShield

 

2009-03-24 17:30 . 2009-03-24 17:22 -------- d-----w c:\program files\Common Files\Autodesk Shared

 

2009-03-24 17:30 . 2009-03-24 17:27 -------- d-----w c:\program files\AutoCAD 2009

 

2009-03-24 17:26 . 2009-02-09 21:13 -------- d-----w c:\program files\MSBuild

 

2009-03-24 17:23 . 2009-03-24 17:23 -------- d-----w c:\program files\Reference Assemblies

 

2009-03-24 17:22 . 2009-03-24 17:22 -------- d-----w c:\program files\Autodesk

 

2009-03-22 21:39 . 2009-03-22 21:39 -------- d-----w c:\program files\Common Files\aliaswavefront shared

 

2009-03-22 21:39 . 2009-03-22 21:39 -------- d-----w c:\program files\Common Files\Alias Shared

 

2009-03-22 21:39 . 2009-03-22 21:35 -------- d-----w c:\program files\Microsoft DirectX SDK (April 2007)

 

2009-03-22 21:11 . 2009-03-22 21:09 -------- d-----w c:\program files\ATITool

 

2009-03-21 20:04 . 2009-02-04 15:48 -------- d-----w c:\documents and settings\Hello Yje & CJ\Application Data\mIRC

 

2009-03-20 18:31 . 2009-03-20 18:31 -------- d-----w c:\program files\Toshiba

 

2009-03-17 19:05 . 2009-02-02 16:02 593920 ------w c:\windows\system32\ati2sgag.exe

 

2009-03-17 18:51 . 2009-03-17 18:47 -------- d-----w c:\program files\Sniper Elite

 

2009-03-17 13:54 . 2009-03-16 13:28 29480 ----a-w c:\windows\system32\msxml3a.dll

 

2009-03-17 13:54 . 2009-02-02 16:08 505128 ----a-w c:\windows\system32\msvcp71.dll

 

2009-03-17 13:54 . 2009-02-02 16:08 353576 ----a-w c:\windows\system32\msvcr71.dll

 

2009-03-17 06:18 . 2009-03-14 16:53 -------- d-----w c:\program files\Invisible IP Map

 

2009-03-16 21:33 . 2009-01-14 07:14 3597312 ----a-w c:\windows\system32\drivers\ati2mtag.sys

 

2009-03-16 20:27 . 2009-01-14 04:49 442368 ----a-w c:\windows\system32\ATIDEMGX.dll

 

2009-03-16 20:26 . 2009-01-14 04:47 328704 ----a-w c:\windows\system32\ati2dvag.dll

 

2009-03-16 20:17 . 2009-01-14 03:37 307200 ----a-w c:\windows\system32\atiiiexx.dll

 

2009-03-16 20:17 . 2009-01-14 04:36 204800 ----a-w c:\windows\system32\atipdlxx.dll

 

2009-03-16 20:16 . 2009-01-14 04:36 155648 ----a-w c:\windows\system32\Oemdspif.dll

 

2009-03-16 20:16 . 2009-01-14 04:36 26112 ----a-w c:\windows\system32\Ati2mdxx.exe

 

2009-03-16 20:16 . 2009-01-14 04:35 43520 ----a-w c:\windows\system32\ati2edxx.dll

 

2009-03-16 20:16 . 2009-01-14 04:35 155648 ----a-w c:\windows\system32\ati2evxx.dll

 

2009-03-16 20:15 . 2009-01-14 04:34 602112 ----a-w c:\windows\system32\ati2evxx.exe

 

2009-03-16 20:13 . 2009-01-14 04:32 53248 ----a-w c:\windows\system32\ATIDDC.DLL

 

2009-03-16 20:06 . 2009-01-14 04:22 3820736 ----a-w c:\windows\system32\ati3duag.dll

 

2009-03-16 20:04 . 2009-01-14 05:46 11563008 ----a-w c:\windows\system32\atioglxx.dll

 

2009-03-16 19:53 . 2009-01-14 04:05 2675328 ----a-w c:\windows\system32\ativvaxx.dll

 

2009-03-16 19:40 . 2009-03-16 19:40 49664 ----a-w c:\windows\system32\atimpc32.dll

 

2009-03-16 19:40 . 2009-01-14 03:50 49664 ----a-w c:\windows\system32\amdpcom32.dll

 

2009-03-16 19:36 . 2009-01-14 03:45 475136 ----a-w c:\windows\system32\atikvmag.dll

 

2009-03-16 19:35 . 2009-01-14 04:53 303104 ----a-w c:\windows\system32\atiok3x2.dll

 

2009-03-16 19:35 . 2009-02-04 02:43 45056 ----a-w c:\windows\system32\aticalrt.dll

 

2009-03-16 19:35 . 2009-01-14 03:44 131072 ----a-w c:\windows\system32\atiadlxx.dll

 

2009-03-16 19:34 . 2009-02-04 02:42 45056 ----a-w c:\windows\system32\aticalcl.dll

 

2009-03-16 19:34 . 2009-01-14 03:44 17408 ----a-w c:\windows\system32\atitvo32.dll

 

2009-03-16 19:34 . 2009-01-14 03:43 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll

 

2009-03-16 19:33 . 2009-02-04 02:40 3264512 ----a-w c:\windows\system32\aticaldd.dll

 

2009-03-16 19:28 . 2009-01-14 03:37 630784 ----a-w c:\windows\system32\ati2cqag.dll

 

2009-03-16 17:09 . 2009-02-05 20:38 -------- d-----w c:\documents and settings\Hello Yje & CJ\Application Data\CyberLink

 

2009-03-16 14:11 . 2009-02-05 20:35 -------- d-----w c:\program files\CyberLink

 

2009-03-16 13:29 . 2009-03-16 13:29 -------- d-----w c:\program files\Common Files\CyberLink

 

2009-03-16 13:28 . 2009-03-16 13:28 -------- d-----w c:\documents and settings\All Users\Application Data\Temp

 

2009-03-14 23:44 . 2009-03-14 23:25 -------- d-----w c:\documents and settings\Hello Yje & CJ\Application Data\Dev-Cpp

 

2009-03-14 18:30 . 2009-02-06 19:13 105984 ----a-w c:\windows\system32\c_dll.dll

 

2009-03-13 20:08 . 2009-02-04 15:51 -------- d-----w c:\program files\Common Files\Adobe

 

2009-03-13 17:14 . 2009-03-11 13:41 97096 ----a-w c:\windows\system32\drivers\avfwot.sys

 

2009-03-11 17:55 . 2009-02-02 20:49 -------- d-----w c:\program files\Spybot - Search & Destroy

 

2009-03-11 16:05 . 2009-03-11 13:41 69632 ----a-w c:\windows\system32\drivers\avfwim.sys

 

2009-03-11 13:55 . 2009-02-02 16:10 -------- d-----w c:\documents and settings\All Users\Application Data\Norton

 

2009-03-11 13:54 . 2009-02-02 16:10 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller

 

2009-03-11 13:48 . 2009-03-11 13:48 -------- d-----w c:\documents and settings\Hello Yje & CJ\Application Data\Avira

 

2009-03-11 13:41 . 2009-03-11 13:41 -------- d-----w c:\documents and settings\All Users\Application Data\Avira

 

2009-03-11 13:41 . 2009-03-11 13:41 -------- d-----w c:\program files\Avira

 

2009-03-09 22:20 . 2009-03-09 22:20 -------- d-----w c:\program files\Pando Networks

 

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

.

 

*Note* empty entries & legit default entries are not shown

 

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

 

"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-03-29 1883672]

 

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

 

2009-03-29 16:33 1883672 ----a-w c:\program files\P2P_Energy\tbP2P1.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

 

"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-03-29 1883672]

 

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

 

"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-03-29 1883672]

 

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]

 

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]

 

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]

 

"Six Engine"="c:\program files\ASUS\EPU-6 Engine\SixEngine.exe" [2008-09-30 5970944]

 

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]

 

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-11 209153]

 

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

 

"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]

 

"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]

 

"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2009-01-02 1427968]

 

"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-03-09 598528]

 

"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]

 

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]

 

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-17 17676288]

 

c:\documents and settings\Hello Yje & CJ\Start Menu\Programs\Startup\

 

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

 

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-18 2752512]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

 

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

 

2008-12-22 10:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

 

"VIDC.ACDV"= ACDV.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

 

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

 

"%windir%\\system32\\sessmgr.exe"=

 

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

 

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

 

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

 

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

 

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

 

R1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2009-03-13 97096]

 

R1 HWiNFO32;HWiNFO32 Kernel Driver; [x]

 

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-01 9968]

 

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-02-17 55024]

 

R2 .norton2009Reset;Norton2009 Reset;c:\program files\Norton2009Reset.exe [2008-09-17 549159]

 

R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2009-03-11 383745]

 

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-03-11 186625]

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-13 108289]

 

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-03-11 432897]

 

R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-07-02 89600]

 

R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2009-03-11 69632]

 

R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1e51x86.sys [2008-06-25 36864]

 

R3 ONDAUsbDiag;ONDA USB Diagnostics Port;c:\windows\system32\DRIVERS\ONDAUsbDiag.sys [2007-06-04 92928]

 

R3 ONDAUsbModem;ONDA USB MODEM DRIVER;c:\windows\system32\DRIVERS\ONDAUsbModem.sys [2007-06-04 92928]

 

R3 ONDAUsbNmea;ONDA USB NMEA Port;c:\windows\system32\DRIVERS\ONDAUsbNmea.sys [2007-06-04 92928]

 

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40fb9074-1ec5-11de-9ab0-b0d9d42ffecd}]

 

\Shell\AutoRun\command - E:\StartVMCLite.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40fb9075-1ec5-11de-9ab0-b0d9d42ffecd}]

 

\Shell\AutoRun\command - E:\StartVMCLite.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca369a26-056d-11de-9a1a-de28df4d1a8b}]

 

\Shell\AutoRun\command - H:\AUTORUN.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f700b4fc-05dc-11de-9a23-bccac5f4f479}]

 

\Shell\AutoRun\command - H:\StartVMCLite.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f700b4fd-05dc-11de-9a23-bccac5f4f479}]

 

\Shell\AutoRun\command - H:\StartVMCLite.exe

 

.

 

.

 

------- Supplementary Scan -------

 

.

 

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

 

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

 

FF - ProfilePath - c:\documents and settings\Hello Yje & CJ\Application Data\Mozilla\Firefox\Profiles\ejxalkb1.default\

 

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

 

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

 

Rootkit scan 2009-04-16 15:39

 

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

 

hidden files: 0

 

**************************************************************************

 

.

 

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(244)

 

c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(1124)

 

c:\program files\Windows Media Player\wmpband.dll

 

c:\program files\CyberLink\PowerDVD\deskband32.dll

 

c:\program files\Common Files\CyberLink\PowerDVD9\deskband32.dll

 

.

 

Completion time: 2009-04-16 15:46 - machine was rebooted

 

ComboFix-quarantined-files.txt 2009-04-16 13:46

 

Pre-Run: 3.870.511.104 bytes free

 

Post-Run: 4.091.740.160 bytes free

 

311 --- E O F --- 2009-04-08 21:36

3) SmitFraudFix: trovati...che ne so...non me ne sono accorto!

 

SmitFraudFix v2.408

 

Scan done at 15:48:26,26, Thu 04/16/2009

 

Run from

 

C:\Documents and Settings\Hello Yje & CJ\Desktop\SmitfraudFix

 

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

 

The filesystem type is NTFS

 

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

 

C:\WINDOWS\system32\winlogon.exe

 

C:\WINDOWS\system32\services.exe

 

C:\WINDOWS\system32\lsass.exe

 

C:\WINDOWS\system32\svchost.exe

 

C:\WINDOWS\system32\svchost.exe

 

C:\WINDOWS\explorer.exe

 

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HELLOY~1\LOCALS~1\Temp

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HELLOY~1\FAVORI~1

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

 

"Source"="About:Home"

 

"SubscribedURL"="About:Home"

 

"FriendlyName"="My Current Home Page"

 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch

 

!!!Attention, following keys are not inevitably infected!!!

 

o4Patch

 

Credits: Malware Analysis & Diagnostic

 

Code: S!Ri

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

 

!!!Attention, following keys are not inevitably infected!!!

 

IEDFix

 

Credits: Malware Analysis & Diagnostic

 

Code: S!Ri

 

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

 

!!!Attention, following keys are not inevitably infected!!!

 

Agent.OMZ.Fix

 

Credits: Malware Analysis & Diagnostic

 

Code: S!Ri

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

 

!!!Attention, following keys are not inevitably infected!!!

 

VACFix

 

Credits: Malware Analysis & Diagnostic

 

Code: S!Ri

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

 

!!!Attention, following keys are not inevitably infected!!!

 

404Fix

 

Credits: Malware Analysis & Diagnostic

 

Code: S!Ri

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

 

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

 

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

 

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

 

"AppInit_DLLs"=""

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

 

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

 

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

 

»»»»»»»»»»»»»»»»»»»»»»»» RK

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

 

"System"=""

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

»»»»»»»»»»»»»»»»»»»»»»»» End

Controllato il computer nessuno segno dei due file...WIN for US!!!