SVCHOST Sending thousand smtp connection (Resolved)

Unknown · May 2009

Hi all,
I think I've some kind of malware... i've svchost process that send smtp connection to many server, this cause me trouble with Internet Provider, but first of all this thing should not happen

Please help me, i tried already karpesky online, ad-aware, spy-bot, Avast, but without success, they told me that's all right! sigh
Here my HiJack log:

thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.46.43, on 10/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\libusbd-nt.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Alberto\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\servicing\TrustedInstaller.exe
\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
E:\VIRUS WAR\PROCESSEXPLORER\PROCESSEXPLORER\PROCEXP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-835447037-2755494302-2274692882-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Alberto')
O4 - HKUS\S-1-5-21-835447037-2755494302-2274692882-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Alberto')
O4 - HKUS\S-1-5-21-835447037-2755494302-2274692882-1000\..\Run: [Google Update] "C:\Users\Alberto\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'Alberto')
O4 - S-1-5-21-835447037-2755494302-2274692882-1000 Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Alberto')
O4 - S-1-5-21-835447037-2755494302-2274692882-1000 User Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Alberto')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing)
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEF150B5-2E0F-49B8-ACB5-CAFB02E07167}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FOIYYMAFQC - Unknown owner - C:\Users\ALBERT~1\AppData\Local\Temp\FOIYYMAFQC.exe (file missing)
O23 - Service: FYYHPKQ - Unknown owner - C:\Users\ALBERT~1\AppData\Local\Temp\FYYHPKQ.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: TJO - Unknown owner - C:\Users\ALBERT~1\AppData\Local\Temp\TJO.exe (file missing)
--
End of file - 12596 bytes

Katana · May 2009

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Download and Run RSIT

Please download Random's System Information Tool by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
- log.txt will be opened maximized.
- info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.

rigamondis · May 2009

thanks for helping me
here logs files

Malwarebytes' Anti-Malware 1.36
Database version: 2104
Windows 6.0.6001 Service Pack 1
10/05/2009 15.57.54
mbam-log-2009-05-10 (15-57-54).txt
Scan type: Full Scan (C:\|D:\|E:\|G:\|)
Objects scanned: 600504
Time elapsed: 1 hour(s), 2 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7aa32fc7-133b-4ae7-998e-ced0d9829b12} (Trojan.Dialer) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

rigamondis · May 2009

Log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Alberto admin at 2009-05-10 16:01:23
MicrosoftÂ® Windows Vistaâ„¢ Ultimate Service Pack 1
System drive C: has 40 GB (28%) free of 142 GB
Total RAM: 3070 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.01.36, on 10/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\libusbd-nt.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Alberto\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Alberto\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Alberto admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-835447037-2755494302-2274692882-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Alberto')
O4 - HKUS\S-1-5-21-835447037-2755494302-2274692882-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Alberto')
O4 - HKUS\S-1-5-21-835447037-2755494302-2274692882-1000\..\Run: [Google Update] "C:\Users\Alberto\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'Alberto')
O4 - S-1-5-21-835447037-2755494302-2274692882-1000 Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Alberto')
O4 - S-1-5-21-835447037-2755494302-2274692882-1000 User Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Alberto')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing)
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEF150B5-2E0F-49B8-ACB5-CAFB02E07167}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FOIYYMAFQC - Unknown owner - C:\Users\ALBERT~1\AppData\Local\Temp\FOIYYMAFQC.exe (file missing)
O23 - Service: FYYHPKQ - Unknown owner - C:\Users\ALBERT~1\AppData\Local\Temp\FYYHPKQ.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HJCLO - Sysinternals - www.sysinternals.com - C:\Users\ALBERT~1\AppData\Local\Temp\HJCLO.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: TJO - Unknown owner - C:\Users\ALBERT~1\AppData\Local\Temp\TJO.exe (file missing)
--
End of file - 12821 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-835447037-2755494302-2274692882-1000.job
C:\Windows\tasks\User_Feed_Synchronization-{960128C5-C708-4F1C-AD98-74DFAEA6E299}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Guida per l'accesso a Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E31CE47F-C268-41ba-897B-B415E613947D}]
Microsoft Web Test Recorder 9.0 Helper - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll [2007-11-08 64088]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"ThreatFire"=C:\Program Files\ThreatFire\TFTray.exe [2009-03-03 263440]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-03-17 61440]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2007-04-09 200704]
"Launch LGDCore"=C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [2007-04-26 1132056]
"Launch LCDMon"=C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe [2007-04-26 774168]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-09-12 182808]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-04-06 401040]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-04-06 1277584]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
C:\Program Files\Curse\CurseClient.exe [2009-05-03 1836032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMDict]
C:\Program Files\JMDict.NET\JMDict.NET.exe [2007-09-03 552960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe [2008-03-26 1232896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-04-16 1079808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regtd]
E:\Giochi ISo\Warhammer.40000.Dawn.of.War.II.DOW2.Multilenguage.+crack.by.Nando\DoW2\nvscp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-09-25 868352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SyncQuick]
C:\Program Files\SyncQuick\SyncQuick Backup V 4.0\syncquick.exe [2008-07-02 442368]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-08-24 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
oobefldr.dll,ShowWelcomeCenter []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Alberto admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Ryanair Bargains 1.0.lnk]
C:\PROGRA~1\RYANAI~1\1.0\RYANAI~1.EXE []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-09-25 233888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 3 months======
2009-05-10 14:00:13 ----A---- C:\Windows\system32\PerfStringBackup.TMP
2009-05-10 13:53:24 ----D---- C:\Avenger
2009-05-10 13:53:23 ----A---- C:\avenger.txt
2009-05-10 12:35:41 ----D---- C:\Users\Alberto admin\AppData\Roaming\Malwarebytes
2009-05-10 12:35:32 ----D---- C:\ProgramData\Malwarebytes
2009-05-10 12:35:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-10 10:29:42 ----D---- C:\rsit
2009-05-09 23:50:32 ----A---- C:\Windows\ntbtlog.txt
2009-05-09 22:54:16 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-05-09 22:54:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-09 14:04:41 ----A---- C:\Windows\system32\aswBoot.exe
2009-05-09 12:18:53 ----D---- C:\Program Files\ThreatExpert Memory Scanner
2009-05-09 10:54:13 ----D---- C:\Users\Alberto admin\AppData\Roaming\Uniblue
2009-05-09 10:41:36 ----D---- C:\ProgramData\SecTaskMan
2009-05-09 10:41:29 ----D---- C:\Program Files\Security Task Manager
2009-05-09 00:44:05 ----D---- C:\ProgramData\Lavasoft
2009-05-09 00:44:05 ----D---- C:\Program Files\Lavasoft
2009-05-08 23:13:12 ----D---- C:\Program Files\Trend Micro
2009-05-08 22:17:10 ----D---- C:\Program Files\Panda Security
2009-05-08 21:40:45 ----D---- C:\Windows\pss
2009-05-08 20:31:51 ----D---- C:\Program Files\Alwil Software
2009-05-08 20:30:20 ----D---- C:\ProgramData\PC Tools
2009-05-08 20:30:20 ----D---- C:\Program Files\ThreatFire
2009-05-08 20:23:16 ----D---- C:\Program Files\EsetOnlineScanner
2009-05-07 23:01:55 ----D---- C:\ProgramData\ATI
2009-05-07 22:56:53 ----D---- C:\Program Files\AMD
2009-05-07 22:49:39 ----D---- C:\ATI
2009-04-25 09:30:26 ----D---- C:\Program Files\7-Zip
2009-04-15 18:40:46 ----A---- C:\Windows\system32\winhttp.dll
2009-04-15 18:40:45 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-15 18:40:45 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-15 18:40:23 ----A---- C:\Windows\system32\rpcss.dll
2009-04-15 18:40:23 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-15 18:40:23 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-15 18:40:23 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-15 18:40:22 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-15 18:40:22 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-15 18:40:22 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-15 18:40:22 ----A---- C:\Windows\system32\iashost.exe
2009-04-15 18:40:22 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-15 18:40:22 ----A---- C:\Windows\system32\iasads.dll
2009-04-15 18:40:21 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-15 18:40:21 ----A---- C:\Windows\system32\kernel32.dll
2009-04-15 18:40:20 ----A---- C:\Windows\system32\secur32.dll
2009-04-15 18:40:20 ----A---- C:\Windows\system32\apilogen.dll
2009-04-15 18:40:20 ----A---- C:\Windows\system32\amxread.dll
2009-04-15 18:40:19 ----A---- C:\Windows\system32\mshtml.dll
2009-04-15 18:40:18 ----A---- C:\Windows\system32\ieframe.dll
2009-04-15 18:40:17 ----A---- C:\Windows\system32\urlmon.dll
2009-04-15 18:40:17 ----A---- C:\Windows\system32\iertutil.dll
2009-04-15 18:40:17 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-15 18:40:16 ----A---- C:\Windows\system32\wininet.dll
2009-04-15 18:40:16 ----A---- C:\Windows\system32\occache.dll
2009-04-15 18:40:16 ----A---- C:\Windows\system32\mstime.dll
2009-04-15 18:40:16 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-15 18:40:16 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-15 18:40:16 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-15 18:40:16 ----A---- C:\Windows\system32\ieencode.dll
2009-04-15 18:40:16 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-14 20:14:43 ----D---- C:\Program Files\The Last Remnant
2009-03-31 23:35:38 ----D---- C:\Program Files\WinHTTrack
2009-03-31 23:21:22 ----D---- C:\Program Files\Wave Editor
2009-03-31 22:26:14 ----D---- C:\Program Files\Declan's Japanese FlashCards
2009-03-22 21:36:01 ----D---- C:\Program Files\Acronis
2009-03-22 21:07:01 ----D---- C:\Program Files\Windows Imaging
2009-03-22 20:04:35 ----A---- C:\Windows\system32\difxapi.dll
2009-03-22 20:04:26 ----D---- C:\Intel
2009-03-16 22:28:00 ----A---- C:\Windows\system32\ATIDEMGX.dll
2009-03-16 22:27:34 ----A---- C:\Windows\system32\atieclxx.exe
2009-03-16 22:27:06 ----A---- C:\Windows\system32\atiesrxx.exe
2009-03-16 22:25:30 ----A---- C:\Windows\system32\Oemdspif.dll
2009-03-16 22:25:22 ----A---- C:\Windows\system32\atimuixx.dll
2009-03-16 22:25:14 ----A---- C:\Windows\system32\ati2edxx.dll
2009-03-16 22:21:58 ----A---- C:\Windows\system32\atidxx32.dll
2009-03-16 21:57:52 ----A---- C:\Windows\system32\atioglxx.dll
2009-03-16 21:41:56 ----A---- C:\Windows\system32\amdpcom32.dll
2009-03-16 21:41:54 ----A---- C:\Windows\system32\atimpc32.dll
2009-03-16 21:41:22 ----A---- C:\Windows\system32\atiadlxx.dll
2009-03-16 21:36:18 ----A---- C:\Windows\system32\aticalrt.dll
2009-03-16 21:36:06 ----A---- C:\Windows\system32\aticalcl.dll
2009-03-16 21:35:00 ----A---- C:\Windows\system32\aticaldd.dll
2009-03-11 22:02:52 ----D---- C:\Users\Alberto admin\AppData\Roaming\Downloaded Installations
2009-03-11 21:29:56 ----A---- C:\Windows\system32\wmp.dll
2009-03-11 21:29:55 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-11 21:29:55 ----A---- C:\Windows\system32\spwmp.dll
2009-03-11 21:29:55 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-11 21:29:53 ----A---- C:\Windows\system32\schannel.dll
2009-03-07 11:50:49 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-03-05 01:04:03 ----D---- C:\Windows\system32\AGEIA
2009-03-05 01:04:03 ----D---- C:\Program Files\AGEIA Technologies
2009-03-03 22:07:28 ----D---- C:\Program Files\LibUSB-Win32-0.1.10.1
2009-03-03 22:07:28 ----A---- C:\Windows\system32\libusbd-nt.exe
2009-03-03 22:07:28 ----A---- C:\Windows\system32\libusbd-9x.exe
2009-03-03 22:07:28 ----A---- C:\Windows\system32\libusb0.dll
2009-03-03 21:56:00 ----A---- C:\Windows\system32\atibtmon.exe
2009-03-01 11:44:39 ----A---- C:\Windows\system32\XAudio2_3.dll
2009-03-01 11:44:39 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2009-03-01 11:44:39 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-03-01 11:44:39 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-03-01 11:44:39 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-03-01 11:44:38 ----A---- C:\Windows\system32\xactengine3_3.dll
2009-03-01 11:44:38 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2009-02-28 23:36:24 ----D---- C:\Program Files\No-IP
2009-02-18 19:55:20 ----A---- C:\Windows\system32\ATIODE.exe
2009-02-15 12:00:04 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-15 12:00:04 ----A---- C:\Windows\system32\EncDec.dll
2009-02-14 13:18:40 ----D---- C:\ProgramData\2DBoy
2009-02-14 13:18:32 ----D---- C:\Program Files\WorldOfGoo
2009-02-12 21:58:24 ----D---- C:\Program Files\Spectromancer
2009-02-12 02:21:42 ----D---- C:\Windows\SQLTools9_KB960089_ENU
2009-02-12 02:20:09 ----D---- C:\Windows\SQL9_KB960089_ENU
======List of files/folders modified in the last 3 months======
2009-05-10 16:01:26 ----D---- C:\Windows\Temp
2009-05-10 14:33:28 ----D---- C:\Windows\Prefetch
2009-05-10 14:31:39 ----D---- C:\Windows\system32\drivers
2009-05-10 14:00:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-10 14:00:13 ----D---- C:\Windows\System32
2009-05-10 14:00:13 ----D---- C:\Windows\inf
2009-05-10 13:56:18 ----D---- C:\Windows\Tasks
2009-05-10 13:54:06 ----AD---- C:\ProgramData\TEMP
2009-05-10 13:53:24 ----D---- C:\Windows
2009-05-10 12:35:32 ----RD---- C:\Program Files
2009-05-10 12:35:32 ----HD---- C:\ProgramData
2009-05-10 11:40:45 ----D---- C:\Windows\tracing
2009-05-10 11:10:14 ----SD---- C:\ProgramData\Microsoft
2009-05-10 11:10:02 ----D---- C:\Program Files\UI Central
2009-05-10 11:09:43 ----D---- C:\Program Files\aMule
2009-05-10 00:08:30 ----SHD---- C:\Windows\Installer
2009-05-10 00:04:20 ----D---- C:\ProgramData\Google Updater
2009-05-09 13:34:34 ----SHD---- C:\Config.Msi
2009-05-09 13:31:12 ----DC---- C:\Windows\system32\DRVSTORE
2009-05-09 13:06:18 ----D---- C:\Windows\system32\catroot2
2009-05-09 13:06:16 ----SHD---- C:\System Volume Information
2009-05-09 11:46:50 ----SD---- C:\Windows\Downloaded Program Files
2009-05-09 10:02:39 ----D---- C:\Windows\system32\LogFiles
2009-05-09 00:47:14 ----D---- C:\Program Files\Common Files
2009-05-09 00:45:32 ----D---- C:\Windows\system32\Tasks
2009-05-09 00:45:28 ----D---- C:\Windows\system32\catroot
2009-05-08 21:52:44 ----SHD---- C:\$Recycle.Bin
2009-05-08 21:23:52 ----D---- C:\temp
2009-05-08 20:17:15 ----D---- C:\ProgramData\Adobe
2009-05-08 20:17:12 ----D---- C:\Program Files\Common Files\Adobe
2009-05-08 20:17:11 ----D---- C:\Program Files\Adobe
2009-05-07 23:01:48 ----D---- C:\Program Files\ATI
2009-05-07 22:53:49 ----RSD---- C:\Windows\assembly
2009-05-07 22:53:37 ----D---- C:\Program Files\ATI Technologies
2009-05-07 22:50:47 ----D---- C:\Windows\winsxs
2009-05-04 21:11:16 ----D---- C:\World of Warcraft
2009-05-03 18:33:02 ----D---- C:\Program Files\Curse
2009-05-01 13:01:27 ----D---- C:\ProgramData\Microsoft Help
2009-04-24 20:34:30 ----D---- C:\Program Files\Common Files\Steam
2009-04-16 19:14:20 ----D---- C:\Windows\system32\wbem
2009-04-16 19:14:20 ----D---- C:\Program Files\Windows Mail
2009-04-16 19:14:19 ----D---- C:\Windows\system32\manifeststore
2009-04-16 19:14:19 ----D---- C:\Windows\AppPatch
2009-04-16 19:14:19 ----D---- C:\Program Files\Internet Explorer
2009-04-06 16:57:24 ----A---- C:\Windows\system32\mrt.exe
2009-03-22 20:04:35 ----D---- C:\Program Files\Intel
2009-03-22 20:04:25 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-19 02:09:40 ----D---- C:\Program Files\Microsoft SQL Server
2009-03-19 02:07:47 ----D---- C:\Program Files\Common Files\microsoft shared
2009-03-19 02:07:08 ----D---- C:\Windows\Registration
2009-03-16 22:26:02 ----A---- C:\Windows\system32\atitmmxx.dll
2009-03-16 22:25:44 ----A---- C:\Windows\system32\atipdlxx.dll
2009-03-16 22:11:16 ----A---- C:\Windows\system32\atiumdag.dll
2009-03-16 21:53:54 ----A---- C:\Windows\system32\atiumdva.dll
2009-03-12 21:36:57 ----D---- C:\Windows\system32\directx
2009-03-12 20:19:47 ----D---- C:\Program Files\Windows Media Player
2009-03-05 01:15:47 ----A---- C:\Windows\system32\wrap_oal.dll
2009-03-05 01:15:47 ----A---- C:\Windows\system32\OpenAL32.dll
2009-03-05 01:03:59 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-05 00:08:18 ----D---- C:\ProgramData\Media Center Programs
2009-03-05 00:06:42 ----D---- C:\Windows\system32\appmgmt
2009-02-27 22:27:47 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-02-26 19:36:57 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-20 21:22:43 ----D---- C:\Windows\Minidump
2009-02-16 20:30:09 ----D---- C:\Windows\Microsoft.NET
2009-02-16 20:29:19 ----D---- C:\Windows\ehome
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-09-25 12664]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-19 350720]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2007-12-14 278984]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2007-11-04 25416]
R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2009-03-22 44704]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-09-25 318464]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-02-20 95760]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-03-16 4361216]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\Windows\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2007-09-25 7680]
R3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2009-03-03 33040]
R3 usbaudio;Driver audio USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-31 278528]
S2 ASInsHelp;ASInsHelp; \??\C:\Windows\system32\drivers\AsInsHelp32.sys []
S3 ATIAVAIW;ATI T200 Unified AVStream service; C:\Windows\system32\DRIVERS\atinavt2.sys [2009-02-04 175232]
S3 az27gpvl;az27gpvl; C:\Windows\system32\drivers\az27gpvl.sys []
S3 drmkaud;Decodificatore audio DRM del kernel Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Driver di funzioni Microsoft 1.1 UAA per servizio High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Proxy di servizio di flusso Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy clock di flusso Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy di gestione qualitÃ di flusso Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertitore a T/Sito a sito per flusso Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2007-11-29 19328]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2007-07-31 76800]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]
S3 usbscan;Driver scanner USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\DRIVERS\usbser.sys [2008-01-19 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]
S3 VSPerfDrv90;Performance Tools Driver 9.0; \??\C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [2007-09-04 55664]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-01-19 131000]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-03-16 180224]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-09-12 354840]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\Windows\system32\libusbd-nt.exe [2005-03-09 18944]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 tapiui32;MicrosoftÂ® Windows(TM) Telephony API UI DLL; tapiui32.dll,yxip []
R2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe [2009-03-03 70928]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 FOIYYMAFQC;FOIYYMAFQC; C:\Users\ALBERT~1\AppData\Local\Temp\FOIYYMAFQC.exe []
S3 FYYHPKQ;FYYHPKQ; C:\Users\ALBERT~1\AppData\Local\Temp\FYYHPKQ.exe []
S3 HJCLO;HJCLO; C:\Users\ALBERT~1\AppData\Local\Temp\HJCLO.exe [2009-05-10 482176]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-04-22 322032]
S3 TJO;TJO; C:\Users\ALBERT~1\AppData\Local\Temp\TJO.exe []
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 usnjsvc;Servizio Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-19 917504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 AODService;AODService; C:\Program Files\AMD\OverDrive\AODAssist.exe [2009-04-22 124256]
S4 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-14 2808664]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2008-07-29 3201024]
S4 THQTCKRK;THQTCKRK; C:\Users\ALBERT~1\AppData\Local\Temp\THQTCKRK.exe []

EOF

rigamondis · May 2009

info.txt

info.txt logfile of random's system information tool 1.06 2009-05-10 16:01:39
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0410-0000-0000000FF1CE} /uninstall {B9896689-DF51-4A16-AAD5-002622D86C72}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0410-0000-0000000FF1CE} /uninstall {B9896689-DF51-4A16-AAD5-002622D86C72}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
ActiveState ActivePython 2.5.2.2-->MsiExec.exe /I{A2E24BD9-085B-410F-AAD0-5EB5FA5D73D2}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Altova AltovaXML 2008 -->MsiExec.exe /I{98C2D61A-581A-46C1-8F4B-9D599E59C4A2}
AMD OverDrive-->MsiExec.exe /X{EB0F4554-AD4F-4C8C-9764-66AC2CF8D184}
Anteprima (Windows Live Toolbar)-->MsiExec.exe /X{AC0A04F7-2BBE-4323-B64C-1B71F2BDBF0D}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Assistente per l'accesso a Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ATI AVIVO Codecs-->MsiExec.exe /X{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
Chinese Traditional Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-2448-0000-800000000003}
Combinazioni di suoni Windows-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
Componente aggiuntivo dei servizi di conferenza Microsoft per Microsoft Office Outlook-->MsiExec.exe /I{813B302C-2014-4166-B5D2-8C211AE4F22E}
Crystal Reports Basic for Visual Studio 2008-->MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
Curse Client-->C:\Program Files\Curse\uninstall.exe
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Declan's Japanese FlashCards v1.6-->"C:\Program Files\Declan's Japanese FlashCards\unins000.exe"
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Drakensang-->"E:\Games\Drakensang\unins000.exe"
eMulev0.48a.-MorphXTv10.3-->"E:\eMule\unins000.exe"
Eschalon Book 1 v1.04-->"E:\games\Eschalon Book I\unins000.exe"
ESET Online Scanner-->C:\Windows\system32\OnlineScannerUninstaller.exe
Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly
Fantasy Wars-->"E:\games\Fantasy Wars\unins000.exe"
Free Games Offer, Desktop Shortcut-->MsiExec.exe /X{31DABA20-10A1-4746-9D9F-57955B8DFF66}
G15_TeamSpeak (NSIS)-->"C:\Program Files\Schmads Inc\G15_TeamSpeak\uninstall.exe"
Galactic Civilizations II - Ultimate Edition-->E:\games\GALCIV~1\UNWISE.EXE E:\games\GALCIV~1\INSTALL.LOG
Geneforge 5-->MsiExec.exe /X{405FA152-1638-4FC1-9233-62DB6F2D4C98}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GPRO Organiser-->MsiExec.exe /I{28198541-2B43-465D-B8AE-1AF88C5D7AD7}
GPRO Organiser-->MsiExec.exe /I{B6672A2E-70F0-4203-B935-91343E248959}
Heroes of Annihilated Empires-->"E:\games\HeroesOfAE\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio Team System 2008 Team Suite - ENU (KB952241)-->C:\Windows\system32\msiexec.exe /package {80C06CCD-7D07-3DB6-86CD-B57B3F0614D8} /uninstall {DC93B23E-0882-46A9-B45F-3B6F279EFB39} /qb+ REBOOTPROMPT=""
Hotfix for Office (KB950278)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {FED55BA1-5A70-44B4-8EB1-E72274AED780}
Hotfix for Office (KB950278)-->msiexec /package {91120000-0017-0000-0000-0000000FF1CE} /uninstall {FED55BA1-5A70-44B4-8EB1-E72274AED780}
Hotfix for Office (KB950278)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {FED55BA1-5A70-44B4-8EB1-E72274AED780}
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Imperivm Civitas II-->C:\Program Files\FX Uninstall Information\Disinst_Civitas_II.exe
Impulse-->"C:\ProgramData\{1EB63B4B-5639-4477-8E24-05C31B5F8019}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE
Impulse-->C:\ProgramData\{1EB63B4B-5639-4477-8E24-05C31B5F8019}\Impulse_setup.exe
IndeoÂ® software-->C:\Windows\IsUn0410.exe -f"C:\Program Files\Intel\Indeo\Indeo Uninstall.isu" -c"C:\Windows\system32\SavedSystemFiles\indounin.dll"
Intel(R) Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JMDict.NET Japanese Multi-lingual Dictionary version 1.0b-->"C:\Program Files\JMDict.NET\unins000.exe"
King's Bounty. The Legend (Remove Only)-->"E:\games\King's Bounty. The Legend\unins000.exe"
K-Lite Codec Pack 3.4.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LastChaos-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0AF3FEAE-B651-4421-97EF-4808A588B4E5}\setup.exe" -l0x9 -removeonly
Lemmings Revolution-->C:\Windows\IsUn0410.exe -f"e:\games\Lemmings\Lemmings Revolution.isu"
LibUSB-Win32-0.1.10.1-->"C:\Program Files\LibUSB-Win32-0.1.10.1\unins000.exe"
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech G15 Keyboard Software 1.04-->MsiExec.exe /X{3E354FBA-C7CE-402A-BB0D-225230BB1918}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
marvell 61xx-->C:\Program Files\Marvell\61xx\uninst-61xx.exe
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Menu intelligenti (Windows Live Toolbar)-->MsiExec.exe /X{B3EABECF-D820-4246-94B8-0CF300CA505A}
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ASP.NET 2.0 AJAX Extensions 1.0-->MsiExec.exe /X{082BDF7B-4810-4599-BF0D-E3AC44EC8524}
Microsoft Device Emulator version 3.0 - ENU-->MsiExec.exe /X{B32E7732-B2FB-3FD0-81AC-6025B1104C66}
Microsoft Document Explorer 2005 - Language Pack (italiano)-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005 Language Pack - ITA\install.exe
Microsoft Document Explorer 2005 Language Pack - ITA-->MsiExec.exe /X{05EB1EF7-9E2F-4822-8715-EA56D5444F7D}
Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Document Explorer 2008-->C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008-->MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Office Access MUI (Italian) 2007-->MsiExec.exe /X{90120000-0015-0410-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)-->msiexec /package {90120000-0016-0410-0000-0000000FF1CE} /uninstall {9F57BDED-B51B-4D2F-B360-5B4EFAAF0F1A}
Microsoft Office Excel MUI (Italian) 2007-->MsiExec.exe /X{90120000-0016-0410-0000-0000000FF1CE}
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840410-6000-11D3-8CFE-0150048383C9}
Microsoft Office Groove MUI (Italian) 2007-->MsiExec.exe /X{90120000-00BA-0410-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Italian) 2007-->MsiExec.exe /X{90120000-0044-0410-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Italian) 2007-->MsiExec.exe /X{90120000-00A1-0410-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Italian) 2007-->MsiExec.exe /X{90120000-001A-0410-0000-0000000FF1CE}
Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)-->msiexec /package {90120000-0018-0410-0000-0000000FF1CE} /uninstall {C76C02F1-B07F-4974-876A-A18DEC9887C8}
Microsoft Office PowerPoint MUI (Italian) 2007-->MsiExec.exe /X{90120000-0018-0410-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (Italian) 2007-->MsiExec.exe /X{90120000-002C-0410-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Italian) 2007-->MsiExec.exe /X{90120000-0019-0410-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (Italian) 2007-->MsiExec.exe /X{90120000-006E-0410-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-0017-0410-0000-0000000FF1CE} /uninstall {27A2726B-EA47-4E18-86F3-11F2B13B5430}
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)-->msiexec /package {91120000-0017-0000-0000-0000000FF1CE} /uninstall {37180755-CA2B-40AD-9637-89FB0CE7CB36}
Microsoft Office SharePoint Designer 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall SHAREPOINTDESIGNERR /dll OSETUP.DLL
Microsoft Office SharePoint Designer 2007-->MsiExec.exe /X{91120000-0017-0000-0000-0000000FF1CE}
Microsoft Office SharePoint Designer MUI (Italian) 2007-->MsiExec.exe /X{90120000-0017-0410-0000-0000000FF1CE}
Microsoft Office Visio Viewer 2003 (Italiano)-->MsiExec.exe /I{90520410-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007-->MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft Office Word 2007 Help - Aggiornamento (KB963665)-->msiexec /package {90120000-001B-0410-0000-0000000FF1CE} /uninstall {E5B82DB3-DD7D-4C45-BC5E-09864B26F9BC}
Microsoft Office Word MUI (Italian) 2007-->MsiExec.exe /X{90120000-001B-0410-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Mobile [ITA] Developer Tools-->MsiExec.exe /X{8B460123-0F2E-4AAA-9508-89E0C6DC9D75}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft SQL Server Compact 3.5 for Devices ENU-->MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504}
Microsoft SQL Server Compact 3.5 SP1 Design Tools English-->MsiExec.exe /X{0C19D563-5F25-4621-BF10-01F741BD283F}
Microsoft SQL Server Compact 3.5 SP1 English-->MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}
Microsoft SQL Server Database Publishing Wizard 1.3-->MsiExec.exe /I{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft SQL Server Management Studio Express-->MsiExec.exe /I{8162ACC6-2C11-403C-B992-9D8CDD374483}
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft Team Foundation Server 2008 Power Tools - December 2007 release-->MsiExec.exe /I{FA564F28-4D97-411F-80C4-645E619552B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual J# 2.0 Redistributable - Language Pack (italiano)-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable - Language Pack (italiano)\install.exe
Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Professional Edition - ITA Service Pack 1 (KB926608)-->C:\Windows\system32\msiexec.exe /promptrestart /uninstall {A7011AAC-E92B-469C-B562-C768DDF06BF8} /package {E0610410-A9F8-4D31-A5BC-3BAAA86CE4D2}
Microsoft Visual Studio 2005 Professional Edition - ITA-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ITA\setup.exe
Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio 2008 Performance Collection Tools - ENU-->MsiExec.exe /I{EB3F5C2A-0754-38B8-8722-7B537006BF46}
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU-->MsiExec.exe /I{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}
Microsoft Visual Studio 2008 Team Explorer - ENU Service Pack 1 (KB945140)-->C:\Windows\system32\msiexec.exe /package {766B3A7A-B5AE-33F5-9858-75E692799C84} /uninstall {8CA89076-2A6D-42C3-AA24-F203C9E5DBF3} /qb+ REBOOTPROMPT=""
Microsoft Visual Studio 2008 Team Explorer - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Team Explorer - ENU\setup.exe
Microsoft Visual Studio Team System 2008 Team Suite - ENU Service Pack 1 (KB945140)-->C:\Windows\system32\msiexec.exe /package {80C06CCD-7D07-3DB6-86CD-B57B3F0614D8} /uninstall {8CA89076-2A6D-42C3-AA24-F203C9E5DBF3} /qb+ REBOOTPROMPT=""
Microsoft Visual Studio Team System 2008 Team Suite - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio Team System 2008 Team Suite - ENU\setup.exe
Microsoft Visual Studio Web Authoring Component-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu-->MsiExec.exe /X{05EC21B8-4593-3037-A781-A6B5AFFCB19D}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense-->MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f}
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools-->MsiExec.exe /X{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools-->MsiExec.exe /X{B268E9A1-04A9-40D0-9866-846BE2B74BA7}
Microsoft XNA Framework Redistributable 1.0 Refresh-->MsiExec.exe /I{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}
Mozilla Firefox (2.0.0.20)-->C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
NavyFIELD NorthAmerica-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D6D425D2-803F-40E8-9D65-3DC00D577C11}\setup.exe" -l0x9 -removeonly
NetSend-->"C:\Program Files\NetSend\unins000.exe"
No-IP.com DUC (remove only)-->"C:\Program Files\No-IP\DUC20.exe" -uninstall
Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia PC Suite-->C:\ProgramData\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_ita_web.exe
Nokia PC Suite-->MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}
On the Rain-Slick Precipice of Darkness, Episode One-->E:\games\Precipice of Darkness\uninstall.exe
On the Rain-Slick Precipice of Darkness, Episode Two-->E:\games\Precipice of Darkness, Episode Two\uninstall.exe
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Pacchetto driver Windows - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ce5ad925\nokia_bluetooth.inf
Pacchetto driver Windows - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_674398ba\nokbtmdm.inf
Pacchetto driver Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
PageFlowSample-->MsiExec.exe /I{C3984008-FED8-4A9A-AC16-9171D0D63F26}
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
Pcsx2 0.9.6-->MsiExec.exe /I{0E2B767B-EA6A-489B-BF83-8083FE1DB661}
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PL-2303 Vista Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}\setup.exe" -l0x9 -removeonly
PlayNC Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remote Desktop Manager 3.0.0.2 (remove only)-->"C:\Program Files\Devolutions\RemoteDesktopManager\uninst.exe"
RF Online Episode 2-->"E:\games\RF Online\unins000.exe"
Sacred 2-->MsiExec.exe /I{1023383E-D9F6-478C-A965-23A4657B3C9A}
sancho (remove only)-->C:\Program Files\sancho\Uninst.exe
Security Task Manager 1.7h-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0017-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0017-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0017-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0017-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update per Microsoft Visual Studio 2005 Professional Edition - ITA (KB937061)-->C:\Windows\system32\msiexec.exe /promptrestart /uninstall {94E2AAC1-CAE5-4F73-B0D1-C471BA1F8E2A} /package {E0610410-A9F8-4D31-A5BC-3BAAA86CE4D2}
Security Update per Microsoft Visual Studio 2005 Professional Edition - ITA (KB947738)-->C:\Windows\system32\msiexec.exe /promptrestart /uninstall {66DA9ADD-B1C4-4891-84D6-706E216B411B} /package {E0610410-A9F8-4D31-A5BC-3BAAA86CE4D2}
Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x10 -removeonly
Sid Meier's Civilization IV Colonization-->C:\Program Files\InstallShield Installation Information\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}\setup.exe -runfromtemp -l0x0010 -removeonly
SimCityâ„¢ Societies-->MsiExec.exe /X{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}
Sins of a Solar Empire-->"C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Sins of a Solar Empire-->C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe
SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0010 -removeonly
Spectromancer-->"C:\Program Files\Spectromancer\Uninstall.exe" "C:\Program Files\Spectromancer\install.log"
Spectromancer-->"E:\Steam\steam.exe" steam://uninstall/22500
Spellforce 2 Gold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{746F49C9-3789-4F8E-AF3A-3A4B42ACFAF8}\setup.exe" -l0x10 -removeonly
SpellForce 2 Patch-->MsiExec.exe /I{7E8242F8-BD2A-44D7-BCED-9B231A02B367}
SPOREâ„¢-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0010 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
StreamMyGame software-->"c:\Program Files\StreamMyGame\uninstall.exe"
SyncQuick Backup V 4.0-->MsiExec.exe /I{66DCB72F-0176-4127-A127-8CBE7BC3936D}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TFS Outlook Addin-->MsiExec.exe /I{8B3B7D33-A9F4-4CB8-9868-C72BF109BD75}
Tftpd32 Standalone Edition-->"C:\Program Files\Tftpd32\uninstall.exe"
The Last Remnant-->"E:\games\The Last Remnant\Uninstall\unins000.exe"
The Lord of the Rings Onlineâ„¢: Shadows of Angmarâ„¢ v07.12.30.70-->"E:\games\The Lord of the Rings Online\unins000.exe"
The Witcher-->"C:\Program Files\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0010 -removeonly
ThreatExpert Memory Scanner 1.0-->"C:\Program Files\ThreatExpert Memory Scanner\unins000.exe"
ThreatFire-->"C:\Program Files\ThreatFire\unins000.exe"
TMRecorder-->MsiExec.exe /I{D01CDF0C-129A-43CD-A8A2-6F8FB1CB7FB4}
TMRecorder-->MsiExec.exe /I{FF61EEBA-FA4F-44A5-94A5-CCEE8BF87F2B}
TortoiseSVN 1.5.0.13316 (32 bit)-->MsiExec.exe /X{B90E6024-C511-4B34-88BC-6DA46B0DECC4}
UBCD4Win 3.22-->"G:\UBCD4Win\unins000.exe"
UFO Afterlight-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47AF4245-CD81-4353-BFC0-0A21A6EF483A}\setup.exe" -l0x9
UFO:AI 2.2.1-->E:\games\Ufo AI\UFOAI-2.2.1\uninst.exe
Ultimate Extras sounds from MicrosoftÂ® Tinkerâ„¢-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound2.inf,Uninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0017-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0410-0000-0000000FF1CE} /uninstall {F9CE58F3-9B2B-4DE4-9506-BF82230EB84D}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Visual Studio Web Authoring Component (KB945140)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {F9DE79A2-9049-4589-9787-815147371581}
Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}
Update per Microsoft Visual Studio 2005 Professional Edition - ITA (KB932235)-->C:\Windows\system32\msiexec.exe /promptrestart /uninstall {933DE972-2F3B-41CA-92C0-3BA4846F0211} /package {E0610410-A9F8-4D31-A5BC-3BAAA86CE4D2}
VC Runtimes MSI-->MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Visual C++ 2008 IA64 Runtime - (v9.0.30729)-->MsiExec.exe /X{22E23C71-C27A-3F30-8849-BB6129E50679}
Visual C++ 2008 IA64 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {22E23C71-C27A-3F30-8849-BB6129E50679} /qb+ REBOOTPROMPT=""
Visual C++ 2008 x64 Runtime - (v9.0.30729)-->MsiExec.exe /X{0DF3AE91-E533-3960-8516-B23737F8B7A2}
Visual C++ 2008 x64 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {0DF3AE91-E533-3960-8516-B23737F8B7A2} /qb+ REBOOTPROMPT=""
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visual Studio 2005 Tools per Office Second Edition Runtime-->C:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)-->C:\Windows\system32\msiexec.exe /package {8FB53850-246A-3507-8ADE-0060093FFEA6} /uninstall {1AF8622B-42B6-472C-A634-487025BD7B38} /qb+ REBOOTPROMPT=""
Visual Studio Tools for the Office system 3.0 Runtime-->C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
Warhammer Online - Age of Reckoning-->"E:\games\Warhammer\unins000.exe"
Wave Editor 3.0.1.6-->"C:\Program Files\Wave Editor\unins000.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Automated Installation Kit-->MsiExec.exe /I{31E8F586-4EF7-4500-844D-BA8756474FF1}
Windows Live Favorites per Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{CD199CDB-00AE-42BB-B6E9-64C69D8730EF}
Windows Live Messenger-->MsiExec.exe /X{518B3E76-4C05-4F30-A802-D87FB2086B67}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{3F35D1A3-92AD-401B-ABE2-FA27682F4112}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Mobile 5.0 SDK R2 for Pocket PC-->MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876}
Windows Mobile 5.0 SDK R2 for Smartphone-->MsiExec.exe /I{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}
WinHTTrack Website Copier 3.43-4-->"C:\Program Files\WinHTTrack\unins000.exe"
WinRAR gestione archivi-->C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.1.8-->"C:\Program Files\WinSCP\unins000.exe"
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft Public Test-PTR\Uninstall.exe
Xenocide 0.4-->E:\games\Ufo Xenocide\Xenocide\uninst.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
=====HijackThis Backups=====
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-05-09]
O23 - Service: THQTCKRK - Unknown owner - C:\Users\ALBERT~1\AppData\Local\Temp\THQTCKRK.exe (file missing) [2009-05-10]
======Hosts File======
127.0.0.1
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
======Security center information======
AS: Spybot - Search and Destroy (disabled)
======System event log======
Computer Name: PC-Alberto
Event Code: 7036
Message: Il servizio avast! Web Scanner Ã¨ ora in modalitÃ arrestato.
Record Number: 184533
Source Name: Service Control Manager
Time Written: 20090510123749.000000-000
Event Type: Informazioni
User:
Computer Name: PC-Alberto
Event Code: 7036
Message: Il servizio avast! Mail Scanner Ã¨ ora in modalitÃ arrestato.
Record Number: 184534
Source Name: Service Control Manager
Time Written: 20090510123755.000000-000
Event Type: Informazioni
User:
Computer Name: PC-Alberto
Event Code: 7036
Message: Il servizio Servizio rilevamento automatico proxy WinHTTP Ã¨ ora in modalitÃ arrestato.
Record Number: 184535
Source Name: Service Control Manager
Time Written: 20090510123934.000000-000
Event Type: Informazioni
User:
Computer Name: PC-Alberto
Event Code: 4226
Message: TCP/IP: Ã¨ stato raggiunto il limite di protezione imposto sul numero di tentativi temporanei di connessione TCP.
Record Number: 184536
Source Name: Tcpip
Time Written: 20090510124240.457008-000
Event Type: Avviso
User:
Computer Name: PC-Alberto
Event Code: 4226
Message: TCP/IP: Ã¨ stato raggiunto il limite di protezione imposto sul numero di tentativi temporanei di connessione TCP.
Record Number: 184537
Source Name: Tcpip
Time Written: 20090510124810.169008-000
Event Type: Avviso
User:
=====Application event log=====
Computer Name: PC-Alberto
Event Code: 1
Message: Client Servizi certificati avviato.
Record Number: 71150
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090510120445.090008-000
Event Type: Informazioni
User: PC-Alberto\Alberto
Computer Name: PC-Alberto
Event Code: 4609
Message: Il sistema di gestione degli eventi COM+ ha rilevato un codice restituito non valido durante l'elaborazione interna. Valore HRESULT 80070422 nella riga 45 di d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp. Comunicare il problema al Servizio Supporto Tecnico Clienti Microsoft.
Record Number: 71151
Source Name: Microsoft-Windows-EventSystem
Time Written: 20090510120523.000000-000
Event Type: Errore
User:
Computer Name: PC-Alberto
Event Code: 4609
Message: Il sistema di gestione degli eventi COM+ ha rilevato un codice restituito non valido durante l'elaborazione interna. Valore HRESULT 80070422 nella riga 45 di d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp. Comunicare il problema al Servizio Supporto Tecnico Clienti Microsoft.
Record Number: 71152
Source Name: Microsoft-Windows-EventSystem
Time Written: 20090510121745.000000-000
Event Type: Errore
User:
Computer Name: PC-Alberto
Event Code: 6000
Message: Sottoscrittore delle notifiche di Winlogon <Sens>: impossibile gestire un evento di notifica.
Record Number: 71153
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090510135306.000000-000
Event Type: Informazioni
User:
Computer Name: PC-Alberto
Event Code: 6000
Message: Sottoscrittore delle notifiche di Winlogon <Sens>: impossibile gestire un evento di notifica.
Record Number: 71154
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090510135308.000000-000
Event Type: Informazioni
User:
=====Security event log=====
Computer Name: PC-Alberto
Event Code: 5038
Message: Il controllo di integritÃ del codice ha determinato che l'hash dell'immagine di un file non Ã¨ valido. Il file potrebbe essere danneggiato a causa di una modifica non autorizzata oppure l'hash non valido potrebbe indicare un errore potenziale del disco.
Nome file: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 76629
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090510140135.484008-000
Event Type: Controllo non riuscito
User:
Computer Name: PC-Alberto
Event Code: 5038
Message: Il controllo di integritÃ del codice ha determinato che l'hash dell'immagine di un file non Ã¨ valido. Il file potrebbe essere danneggiato a causa di una modifica non autorizzata oppure l'hash non valido potrebbe indicare un errore potenziale del disco.
Nome file: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 76630
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090510140135.528008-000
Event Type: Controllo non riuscito
User:
Computer Name: PC-Alberto
Event Code: 5038
Message: Il controllo di integritÃ del codice ha determinato che l'hash dell'immagine di un file non Ã¨ valido. Il file potrebbe essere danneggiato a causa di una modifica non autorizzata oppure l'hash non valido potrebbe indicare un errore potenziale del disco.
Nome file: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 76631
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090510140135.574008-000
Event Type: Controllo non riuscito
User:
Computer Name: PC-Alberto
Event Code: 5038
Message: Il controllo di integritÃ del codice ha determinato che l'hash dell'immagine di un file non Ã¨ valido. Il file potrebbe essere danneggiato a causa di una modifica non autorizzata oppure l'hash non valido potrebbe indicare un errore potenziale del disco.
Nome file: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 76632
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090510140135.620008-000
Event Type: Controllo non riuscito
User:
Computer Name: PC-Alberto
Event Code: 5038
Message: Il controllo di integritÃ del codice ha determinato che l'hash dell'immagine di un file non Ã¨ valido. Il file potrebbe essere danneggiato a causa di una modifica non autorizzata oppure l'hash non valido potrebbe indicare un errore potenziale del disco.
Nome file: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 76633
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090510140135.664008-000
Event Type: Controllo non riuscito
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Python25\;C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\TortoiseSVN\bin;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Windows Imaging\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.py;.pyw
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"VS80COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
"VS90COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

EOF

Katana · May 2009

Information

IMPORTANT
I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire 4.18.8
I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall any P2P programs
Please note: you must NOT use any P2P whilst we are cleaning your machine.

Step 1

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Step 2

Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK

Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV
When the scan is finished, a report will be generated
Next to Scan Details click the small export to notepad button and save the report to your desktop.
Please post the report in your reply.

Step 3

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

Combofix Log
Active Scan Log
How are things running now ?

rigamondis · May 2009

things are going better, no more smtp spamming

here your logs

Combofix:
ComboFix 09-05-09.05 - Alberto admin 11/05/2009 0.19.52.1 - NTFSx86
MicrosoftÂ® Windows Vistaâ„¢ Ultimate 6.0.6001.1.1252.39.1040.18.3070.1856 [GMT 2:00]
Eseguito da: c:\users\Alberto\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Alberto\AppData\Roaming\.#
d:\recycler\chkfiles.txt
d:\recycler\granny.dll
d:\recycler\idx-s15.nfo
d:\recycler\Sacred.exe
d:\recycler\Sacred.ims
.
((((((((((((((((((((((((( Files Creati Da 2009-04-10 al 2009-05-10 )))))))))))))))))))))))))))))))))))
.
2009-05-10 12:09 . 2009-05-10 12:09

d

w c:\users\Alberto\AppData\Roaming\Malwarebytes
2009-05-10 10:35 . 2009-05-10 10:35

d

w c:\users\Alberto admin\AppData\Roaming\Malwarebytes
2009-05-10 10:35 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-10 10:35 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 10:35 . 2009-05-10 10:35

d

w c:\programdata\Malwarebytes
2009-05-10 10:35 . 2009-05-10 10:35

d

w c:\users\All Users\Malwarebytes
2009-05-10 10:35 . 2009-05-10 10:35

d

w c:\program files\Malwarebytes' Anti-Malware
2009-05-10 08:29 . 2009-05-10 14:01

d

w C:\rsit
2009-05-09 21:54 . 2009-05-09 21:54

d

w c:\users\Alberto\AppData\Local\Mozilla
2009-05-09 20:54 . 2009-05-09 21:03

d

w c:\programdata\Spybot - Search & Destroy
2009-05-09 20:54 . 2009-05-09 21:03

d

w c:\users\All Users\Spybot - Search & Destroy
2009-05-09 20:54 . 2009-05-09 21:04

d

w c:\program files\Spybot - Search & Destroy
2009-05-09 12:04 . 2009-02-05 20:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-05-09 11:00 . 2009-03-24 14:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-09 10:18 . 2009-05-10 12:08

d

w c:\program files\ThreatExpert Memory Scanner
2009-05-09 09:05 . 2009-05-09 09:05 102752 ----a-w c:\users\Alberto\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-09 08:54 . 2009-05-09 08:54

d

w c:\users\Alberto admin\AppData\Roaming\Uniblue
2009-05-09 08:41 . 2009-05-09 08:56

d

w c:\programdata\SecTaskMan
2009-05-09 08:41 . 2009-05-09 08:56

d

w c:\users\All Users\SecTaskMan
2009-05-09 08:41 . 2009-05-09 08:41

d

w c:\program files\Security Task Manager
2009-05-08 22:44 . 2009-05-09 11:31

d

w c:\program files\Lavasoft
2009-05-08 22:44 . 2009-05-09 11:31

d

w c:\programdata\Lavasoft
2009-05-08 22:44 . 2009-05-09 11:31

d

w c:\users\All Users\Lavasoft
2009-05-08 21:13 . 2009-05-08 21:13

d

w c:\program files\Trend Micro
2009-05-08 20:17 . 2009-05-09 09:46

d

w c:\program files\Panda Security
2009-05-08 19:23 . 2009-05-08 19:23

d

w c:\temp\is120en_vista
2009-05-08 18:31 . 2009-05-08 18:31

d

w c:\program files\Alwil Software
2009-05-08 18:30 . 2009-03-03 10:19 39184 ----a-w c:\windows\system32\drivers\TfSysMon.sys
2009-05-08 18:30 . 2009-03-03 10:19 33040 ----a-w c:\windows\system32\drivers\TfNetMon.sys
2009-05-08 18:30 . 2009-03-03 10:19 12560 ----a-w c:\windows\system32\drivers\TfKbMon.sys
2009-05-08 18:30 . 2009-03-03 10:19 51472 ----a-w c:\windows\system32\drivers\TfFsMon.sys
2009-05-08 18:30 . 2009-05-08 18:31

d

w c:\program files\ThreatFire
2009-05-08 18:30 . 2009-05-08 22:32

d

w c:\programdata\PC Tools
2009-05-08 18:30 . 2009-05-08 22:32

d

w c:\users\All Users\PC Tools
2009-05-08 18:23 . 2009-05-08 18:46

d

w c:\program files\EsetOnlineScanner
2009-05-08 18:09 . 2009-05-08 18:09

d

w c:\users\Alberto\.housecall6.6
2009-05-07 21:01 . 2009-05-07 21:01

d

w c:\programdata\ATI
2009-05-07 21:01 . 2009-05-07 21:01

d

w c:\users\All Users\ATI
2009-05-07 20:56 . 2009-05-07 20:56

d

w c:\program files\AMD
2009-05-07 20:56 . 2009-05-07 20:56

d

w c:\users\Alberto admin\AppData\Local\Downloaded Installations
2009-05-07 20:49 . 2009-05-07 20:49

d

w C:\ATI
2009-04-25 07:30 . 2009-04-25 07:30

d

w c:\program files\7-Zip
2009-04-14 18:14 . 2009-04-14 18:14

d

w c:\program files\The Last Remnant
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 22:16 . 2007-11-24 11:17 427224 ----a-w c:\windows\system32\perfh011.dat
2009-05-10 22:16 . 2007-11-24 11:17 123228 ----a-w c:\windows\system32\perfc011.dat
2009-05-10 22:16 . 2006-11-06 01:51 721946 ----a-w c:\windows\system32\perfh010.dat
2009-05-10 22:16 . 2006-11-06 01:51 143466 ----a-w c:\windows\system32\perfc010.dat
2009-05-10 09:10 . 2007-09-26 19:21

d

w c:\program files\UI Central
2009-05-10 09:09 . 2009-01-25 00:12

d

w c:\program files\aMule
2009-05-08 18:17 . 2008-02-27 23:19

d

w c:\program files\Common Files\Adobe
2009-05-07 21:01 . 2007-09-25 19:31

d

w c:\program files\ATI
2009-05-07 20:53 . 2007-09-25 19:30

d

w c:\program files\ATI Technologies
2009-05-07 20:51 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-07 20:51 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-05-07 20:51 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-03 16:33 . 2008-04-20 22:20

d

w c:\program files\Curse
2009-04-24 18:34 . 2007-09-25 19:31

d

w c:\program files\Common Files\Steam
2009-04-16 17:14 . 2006-11-02 11:18

d

w c:\program files\Windows Mail
2009-03-31 21:35 . 2009-03-31 21:35

d

w c:\program files\WinHTTrack
2009-03-31 21:21 . 2009-03-31 21:21

d

w c:\program files\Wave Editor
2009-03-31 20:26 . 2009-03-31 20:26

d

w c:\program files\Declan's Japanese FlashCards
2009-03-22 19:36 . 2009-03-22 19:36 540000 ----a-w c:\windows\system32\drivers\timntr.sys
2009-03-22 19:36 . 2009-03-22 19:36 44704 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2009-03-22 19:36 . 2009-03-22 19:36

d

w c:\program files\Acronis
2009-03-22 19:34 . 2007-11-08 09:19 101920 ----a-w c:\users\Alberto admin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-22 19:07 . 2009-03-22 19:07

d

w c:\program files\Windows Imaging
2009-03-22 18:04 . 2007-11-30 19:19

d

w c:\program files\Intel
2009-03-22 18:04 . 2007-09-25 19:43

d--h--w c:\program files\InstallShield Installation Information
2009-03-19 00:09 . 2007-12-17 10:40

d

w c:\program files\Microsoft SQL Server
2009-03-17 03:38 . 2009-04-15 16:40 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 16:40 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-16 21:33 . 2009-03-16 21:33 4361216 ----a-w c:\windows\system32\drivers\atikmdag.sys
2009-03-16 20:28 . 2009-03-16 20:28 442368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-03-16 20:27 . 2009-03-16 20:27 290816 ----a-w c:\windows\system32\atieclxx.exe
2009-03-16 20:27 . 2009-03-16 20:27 180224 ----a-w c:\windows\system32\atiesrxx.exe
2009-03-16 20:26 . 2007-08-22 01:56 159744 ----a-w c:\windows\system32\atitmmxx.dll
2009-03-16 20:25 . 2007-08-22 01:56 348160 ----a-w c:\windows\system32\atipdlxx.dll
2009-03-16 20:25 . 2009-03-16 20:25 274432 ----a-w c:\windows\system32\Oemdspif.dll
2009-03-16 20:25 . 2009-03-16 20:25 11776 ----a-w c:\windows\system32\atimuixx.dll
2009-03-16 20:25 . 2009-03-16 20:25 43520 ----a-w c:\windows\system32\ati2edxx.dll
2009-03-16 20:21 . 2009-03-16 20:21 2381312 ----a-w c:\windows\system32\atidxx32.dll
2009-03-16 20:11 . 2007-08-22 01:43 3837440 ----a-w c:\windows\system32\atiumdag.dll
2009-03-16 19:57 . 2009-03-16 19:57 11520000 ----a-w c:\windows\system32\atioglxx.dll
2009-03-16 19:53 . 2007-08-22 01:29 4950528 ----a-w c:\windows\system32\atiumdva.dll
2009-03-16 19:41 . 2009-03-16 19:41 51712 ----a-w c:\windows\system32\amdpcom32.dll
2009-03-16 19:41 . 2009-03-16 19:41 51712 ----a-w c:\windows\system32\atimpc32.dll
2009-03-16 19:41 . 2009-03-16 19:41 151552 ----a-w c:\windows\system32\atiadlxx.dll
2009-03-16 19:36 . 2009-03-16 19:36 53248 ----a-w c:\windows\system32\aticalrt.dll
2009-03-16 19:36 . 2009-03-16 19:36 53248 ----a-w c:\windows\system32\aticalcl.dll
2009-03-16 19:35 . 2009-03-16 19:35 3272704 ----a-w c:\windows\system32\aticaldd.dll
2009-03-16 19:27 . 2009-03-16 19:27 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-03-04 23:15 . 2007-09-25 22:51 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-04 23:15 . 2007-09-25 22:51 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-03 19:56 . 2009-03-03 19:56 118784 ----a-w c:\windows\system32\atibtmon.exe
2009-03-03 04:46 . 2009-04-15 16:40 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 16:40 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 16:40 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 16:40 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 16:40 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 16:40 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 16:40 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 16:40 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 16:40 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 16:40 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 16:40 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 16:40 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 16:40 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-23 21:39 . 2009-02-23 21:39 184394 ----a-w c:\windows\system32\atiicdxx.dat
2009-02-20 05:17 . 2009-02-20 05:17 95760 ----a-w c:\windows\system32\drivers\AtiHdmi.sys
2009-02-18 17:55 . 2009-02-18 17:55 294912 ----a-w c:\windows\system32\ATIODE.exe
2009-02-13 08:49 . 2009-04-15 16:40 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-15 16:40 1255936 ----a-w c:\windows\system32\lsasrv.dll
2008-05-25 07:59 . 2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini
2008-12-25 16:25 . 2008-11-29 18:02 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-25 16:25 . 2008-11-29 18:02 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-25 16:25 . 2008-11-29 18:02 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-25 16:25 . 2008-11-29 18:02 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-25 16:25 . 2008-11-29 18:02 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2009-03-03 263440]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 1132056]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-26 774168]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
c:\users\Alberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKLM\~\startupfolder\C:^Users^Alberto admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Ryanair Bargains 1.0.lnk]
path=c:\users\Alberto admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ryanair Bargains 1.0.lnk
backup=c:\windows\pss\Ryanair Bargains 1.0.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{F2138315-D066-4EE0-977A-2E2FFCB915F9}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F9B26A62-6098-482B-A74A-E585E5BE9905}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{29E7E96D-0AE3-4E75-B8AC-4F4F4D204364}e:\\games\\the lord of the rings online\\lotroclient.exe"= UDP:e:\games\the lord of the rings online\lotroclient.exe:lotroclient
"UDP Query User{F8BA43C5-6639-46DE-9613-9F2F147F556E}e:\\games\\the lord of the rings online\\lotroclient.exe"= TCP:e:\games\the lord of the rings online\lotroclient.exe:lotroclient
"{2090ED98-4EA8-4B88-80D9-FBD3F0D1248C}"= UDP:e:\emule\emule.exe:eMuleMorphXT
"{A6555802-F007-48A4-A462-B6A97D3DC233}"= TCP:e:\emule\emule.exe:eMuleMorphXT
"TCP Query User{5018C7E7-9D7E-4670-9261-DB22006990FE}e:\\steam\\steam.exe"= UDP:e:\steam\steam.exe:Steam
"UDP Query User{687BF6CE-95A5-4A2B-9796-8086B0A54775}e:\\steam\\steam.exe"= TCP:e:\steam\steam.exe:Steam
"TCP Query User{664F8878-9ADF-4C2C-A159-34114378129F}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{B3B8C330-ECB7-4664-90E1-0A69DE510DFA}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{03BB2627-E0A6-4BC9-BD04-A4E5E282ACCD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{FF52DC26-5E28-45CA-B3E8-D9A6218E6E2A}c:\\program files\\thq\\company of heroes\\archive.exe"= UDP:c:\program files\thq\company of heroes\archive.exe:Archive
"UDP Query User{FA46B92E-F0BD-4D2D-B7F1-DAE9C8073EAD}c:\\program files\\thq\\company of heroes\\archive.exe"= TCP:c:\program files\thq\company of heroes\archive.exe:Archive
"TCP Query User{6D303A40-86ED-4919-BEA0-2D2A8B6E1929}e:\\games\\warhammer mark of chaos\\warhammer.exe"= UDP:e:\games\warhammer mark of chaos\warhammer.exe:WarhammerÂ®: Mark of Chaosâ„¢
"UDP Query User{45A8C50C-E3BE-4A9D-BE40-232E3DE95190}e:\\games\\warhammer mark of chaos\\warhammer.exe"= TCP:e:\games\warhammer mark of chaos\warhammer.exe:WarhammerÂ®: Mark of Chaosâ„¢
"TCP Query User{DFFED864-76F1-4B24-A964-8995EED858AE}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{C7EB1DF4-AD70-40C9-B913-FE3DD191FB50}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java(TM) Platform SE binary
"{EEB928CC-A393-48A2-8F4D-E920DA43D999}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{42244B07-F8E5-4309-9C76-CDF4C990E60A}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7FCF30E9-760F-4AA7-BEAE-2B8F177473BE}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7EDFB432-F5A2-41D1-B992-812F3C16D89A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{66C67118-2CED-4FD2-86D0-F20E84ECD2F8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F4A6AB5A-33CF-4FFF-AAF3-D547E0685291}"= TCP:2799:Altova License Metering Port (UDP)
"{BD007B65-CE48-49F3-8123-EFE67EC81C4D}"= UDP:2799:Altova License Metering Port (TCP)
"TCP Query User{C9A65EAE-E349-467D-B93A-A8020507F26C}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{E6658218-F8B7-48C1-89EB-A2097A01E568}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{8BB6ECB7-B78D-43BB-8D33-B209113B196E}"= UDP:e:\games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{A804E4C1-E169-437E-B141-0669EEC0211E}"= TCP:e:\games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{5462C763-49C5-4D38-A032-0F815EA7679F}"= UDP:e:\games\SupremeCommander\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{4C9B0499-EB5D-4275-9C6B-48A0BD203BFE}"= TCP:e:\games\SupremeCommander\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"TCP Query User{DEB0D099-E0C2-4BCE-B32C-160E04A2A1BB}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{BEE2C8E1-2E52-49E9-917F-BA5FC12D35B3}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{484A01CE-90D4-478E-BB91-9C38C38409B0}c:\\program files\\streammygame\\streamer_server.exe"= UDP:c:\program files\streammygame\streamer_server.exe:Streamer Server
"UDP Query User{D644499D-03D3-48C8-8380-2756779C7916}c:\\program files\\streammygame\\streamer_server.exe"= TCP:c:\program files\streammygame\streamer_server.exe:Streamer Server
"{2711FCF6-F408-499B-AB4A-405326515E1D}"= UDP:c:\program files\uTorrent\uTorrent.exe:ÂµTorrent (TCP-In)
"{90B91C07-44C2-4034-94A9-7E930163D7EE}"= TCP:c:\program files\uTorrent\uTorrent.exe:ÂµTorrent (UDP-In)
"{1C1F5D29-FC97-42A5-8BEE-9D1F0F900AD4}"= Disabled:UDP:e:\games\Assassin\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{0B362E20-40E2-4B66-BA51-914D63F3F869}"= Disabled:TCP:e:\games\Assassin\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{E8E4A1B7-D786-400F-A274-B4CAA09BBAD8}"= Disabled:UDP:e:\games\Assassin\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{5CEE3AA4-65C9-489F-9F70-6E56DE04F00F}"= Disabled:TCP:e:\games\Assassin\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{DC0AF1B3-F7F9-407C-A92E-551498364F88}"= Disabled:UDP:e:\games\Assassin\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{2B395E09-99DD-4F75-B333-DD69A432E3D4}"= Disabled:TCP:e:\games\Assassin\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{69EAB8E6-0F98-4342-9871-AF7969FEC117}c:\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{0AC567F6-B205-4754-BA74-2312BEC0B28C}c:\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{17A34DA8-4F1C-4A97-B8FC-81AAFE4519FF}e:\\games\\dreamlords\\dreamlords.exe"= UDP:e:\games\dreamlords\dreamlords.exe:Dreamlords Game Client
"UDP Query User{22278823-FC55-4176-8AB6-E24990321B43}e:\\games\\dreamlords\\dreamlords.exe"= TCP:e:\games\dreamlords\dreamlords.exe:Dreamlords Game Client
"TCP Query User{33FCA821-0678-406B-B465-ED4A723960C5}e:\\games\\rf online\\rf.exe"= UDP:e:\games\rf online\rf.exe:RFLauncher
"UDP Query User{6C46F562-BBB4-4F9A-B013-53E68E1FA75D}e:\\games\\rf online\\rf.exe"= TCP:e:\games\rf online\rf.exe:RFLauncher
"{32635E7A-9A0E-49E4-9555-E8FE5EF5ED72}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{B9B88AC8-FF7F-4021-BFDE-72A1D41ED6A4}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"TCP Query User{9D2EAC38-21B2-4CC7-93F1-40A3B31F4719}c:\\program files\\curse\\curseclient.exe"= UDP:c:\program files\curse\curseclient.exe:CurseClient
"UDP Query User{83C3D15B-0CD9-437A-9D37-D4DEC38F0F24}c:\\program files\\curse\\curseclient.exe"= TCP:c:\program files\curse\curseclient.exe:CurseClient
"TCP Query User{45EA53F9-DFB9-4604-8472-CE1C679CBED8}c:\\program files\\tftpd32\\tftpd32.exe"= UDP:c:\program files\tftpd32\tftpd32.exe:TFTP server
"UDP Query User{2B1E21B5-C1CA-441E-BEB1-C0BA8CABE546}c:\\program files\\tftpd32\\tftpd32.exe"= TCP:c:\program files\tftpd32\tftpd32.exe:TFTP server
"TCP Query User{6222781F-7E0D-44A2-BB07-8EFFD182BA6E}c:\\utility\\tftpd32\\tftpd32.exe"= UDP:c:\utility\tftpd32\tftpd32.exe:TFTP server
"UDP Query User{2AF70FCE-E124-4912-BB07-4D2E24C1E567}c:\\utility\\tftpd32\\tftpd32.exe"= TCP:c:\utility\tftpd32\tftpd32.exe:TFTP server
"{02A71DFF-663B-4353-8574-BE9CCE3ED1F6}"= UDP:c:\world of warcraft\Wow.exe:Wow
"{47DFACE2-84FD-408C-A57A-2D73E80D20CC}"= TCP:c:\world of warcraft\Wow.exe:Wow
"TCP Query User{FFDD1735-FC0C-416C-AD15-06E1343F1CA2}c:\\users\\alberto\\appdata\\local\\temp\\blizzard launcher temporary - 24ad4718\\launcher.exe"= UDP:c:\users\alberto\appdata\local\temp\blizzard launcher temporary - 24ad4718\launcher.exe:launcher.exe
"UDP Query User{52DC28E1-6BD9-4C47-BAB1-DFC892623758}c:\\users\\alberto\\appdata\\local\\temp\\blizzard launcher temporary - 24ad4718\\launcher.exe"= TCP:c:\users\alberto\appdata\local\temp\blizzard launcher temporary - 24ad4718\launcher.exe:launcher.exe
"{0F04D218-D116-4C9D-B11F-B33BCF976516}"= UDP:e:\games\Colonization\Colonization.exe:Sid Meier's Civilization IV Colonization
"{D65E9157-09A4-4AA8-9944-2B6625C74B93}"= TCP:e:\games\Colonization\Colonization.exe:Sid Meier's Civilization IV Colonization
"TCP Query User{87F11F28-C321-4CB8-AB74-10106E9A2858}c:\\users\\alberto\\documents\\downloads\\wow-3.0.1.8874-ptr-eu-installer-downloader.exe"= UDP:c:\users\alberto\documents\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe:wow-3.0.1.8874-ptr-eu-installer-downloader.exe
"UDP Query User{31F2FD3E-FF81-413C-85B6-C94A23B6B57A}c:\\users\\alberto\\documents\\downloads\\wow-3.0.1.8874-ptr-eu-installer-downloader.exe"= TCP:c:\users\alberto\documents\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe:wow-3.0.1.8874-ptr-eu-installer-downloader.exe
"TCP Query User{50A0B397-7146-46A8-A1BB-18B34C9BF73F}c:\\users\\alberto\\documents\\downloads\\wow-3.0.1.8874-ptr-eu-installer-downloader (1).exe"= UDP:c:\users\alberto\documents\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader (1).exe:wow-3.0.1.8874-ptr-eu-installer-downloader (1).exe
"UDP Query User{60564064-2026-4B90-8E67-CC5826963D71}c:\\users\\alberto\\documents\\downloads\\wow-3.0.1.8874-ptr-eu-installer-downloader (1).exe"= TCP:c:\users\alberto\documents\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader (1).exe:wow-3.0.1.8874-ptr-eu-installer-downloader (1).exe
"TCP Query User{ACE0AEA3-33DD-45C2-B0A1-FC3943A692AD}c:\\users\\alberto\\documents\\downloads\\wow-3.0.1.8874-ptr-eu-installer-downloader (2).exe"= UDP:c:\users\alberto\documents\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader (2).exe:wow-3.0.1.8874-ptr-eu-installer-downloader (2).exe
"UDP Query User{DA296DBE-33ED-4B09-838B-70182037865B}c:\\users\\alberto\\documents\\downloads\\wow-3.0.1.8874-ptr-eu-installer-downloader (2).exe"= TCP:c:\users\alberto\documents\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader (2).exe:wow-3.0.1.8874-ptr-eu-installer-downloader (2).exe
"TCP Query User{3BC2FDA9-22F0-4A20-BD42-84A51841432D}e:\\world of warcraft public test\\launcher.exe"= UDP:e:\world of warcraft public test\launcher.exe:Blizzard Launcher
"UDP Query User{8F8EE0D6-D6EC-4C75-BC37-38ABCB411DB4}e:\\world of warcraft public test\\launcher.exe"= TCP:e:\world of warcraft public test\launcher.exe:Blizzard Launcher
"TCP Query User{3A65F100-3E6B-4D35-909A-9717BE255E5E}c:\\users\\alberto\\documents\\downloads\\wow-3.0.1.8874-ptr-eu-installer-downloader (3).exe"= UDP:c:\users\alberto\documents\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader (3).exe:wow-3.0.1.8874-ptr-eu-installer-downloader (3).exe
"UDP Query User{DABC748D-4BEB-448B-84FA-3642348269FE}c:\\users\\alberto\\documents\\downloads\\wow-3.0.1.8874-ptr-eu-installer-downloader (3).exe"= TCP:c:\users\alberto\documents\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader (3).exe:wow-3.0.1.8874-ptr-eu-installer-downloader (3).exe
"{516F762D-91AE-4B06-BA4C-086F86A47D0F}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.1.0-enGB-downloader.exe:Blizzard Downloader
"{144B37D6-C3B0-4F55-A6D0-8B3185D56F93}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.1.0-enGB-downloader.exe:Blizzard Downloader
"{13D33D99-33D7-44B7-A9ED-C294ACC355B1}"= UDP:3724:Blizzard Downloader: 3724
"{2B035969-742B-40D5-BF12-CCBBE14D4D8B}"= UDP:e:\steam\steamapps\common\spectromancer\Spectromancer.exe:Spectromancer
"{1B1FB6F6-5C59-4241-B5B1-7F66342226A6}"= TCP:e:\steam\steamapps\common\spectromancer\Spectromancer.exe:Spectromancer
"{69A1E3C2-B53E-4FED-A2A8-A157E13F38AB}"= UDP:e:\games\sacred\system\s2gs.exe:Sacred 2 Game Server
"{675A3842-9C8D-47F4-96A4-E0E1375F8B6D}"= TCP:e:\games\sacred\system\s2gs.exe:Sacred 2 Game Server
"{5022571A-D6D2-41CE-AD9A-1FBC271A4007}"= UDP:e:\games\sacred\system\sacred2.exe:Sacred 2
"{081F57F0-D576-4780-A40E-E38DA97AC260}"= TCP:e:\games\sacred\system\sacred2.exe:Sacred 2
"TCP Query User{FF6C8264-8718-4F6C-8C37-43287BB2ACF4}e:\\games\\dow2\\dow2.exe"= UDP:e:\games\dow2\dow2.exe:DOW2
"UDP Query User{25511F16-F632-4409-810A-AB2F3C0BC8AA}e:\\games\\dow2\\dow2.exe"= TCP:e:\games\dow2\dow2.exe:DOW2
"{E48FB498-8CA9-4AAC-85D5-CFC0D5A67E04}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0DAB53BF-6E6F-46F2-BB2A-C6E112E7A04B}"= UDP:9866:messenger
"{7C4F8368-8534-48CD-81CF-7B291D669C5E}"= UDP:25:DNS
"TCP Query User{9A6D4D9F-7FE7-4003-835C-C1E9D4A31C9D}c:\\world of warcraft\\launcher.exe"= UDP:c:\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{7B3B06B3-8EC0-44AB-B502-1ECB2344E6E3}c:\\world of warcraft\\launcher.exe"= TCP:c:\world of warcraft\launcher.exe:Blizzard Launcher
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)
R0 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.sys [25/05/2007 5.29.02 137728]
R0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMon.sys [08/05/2009 20.30.21 51472]
R0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSysMon.sys [08/05/2009 20.30.21 39184]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [09/05/2009 14.04.52 114768]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [16/03/2009 22.27.06 180224]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [09/05/2009 14.04.52 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [09/05/2009 14.04.41 51792]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [09/05/2009 22.54.23 1153368]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\System32\drivers\AtiHdmi.sys [20/02/2009 7.17.50 95760]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\System32\drivers\libusb0.sys [03/03/2009 22.07.28 33792]
R3 TfNetMon;TfNetMon;c:\windows\System32\drivers\TfNetMon.sys [08/05/2009 20.30.21 33040]
S2 tapiui32;MicrosoftÂ® Windows(TM) Telephony API UI DLL;c:\windows\system32\rundll32.exe tapiui32.dll,yxip --> c:\windows\system32\rundll32.exe tapiui32.dll,yxip [?]
S3 FOIYYMAFQC;FOIYYMAFQC;c:\users\ALBERT~1\AppData\Local\Temp\FOIYYMAFQC.exe --> c:\users\ALBERT~1\AppData\Local\Temp\FOIYYMAFQC.exe [?]
S3 FYYHPKQ;FYYHPKQ;c:\users\ALBERT~1\AppData\Local\Temp\FYYHPKQ.exe --> c:\users\ALBERT~1\AppData\Local\Temp\FYYHPKQ.exe [?]
S3 HJCLO;HJCLO;c:\users\ALBERT~1\AppData\Local\Temp\HJCLO.exe --> c:\users\ALBERT~1\AppData\Local\Temp\HJCLO.exe [?]
S3 TJO;TJO;c:\users\ALBERT~1\AppData\Local\Temp\TJO.exe --> c:\users\ALBERT~1\AppData\Local\Temp\TJO.exe [?]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [04/09/2007 17.53.34 55664]
S4 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [22/04/2009 12.01.30 124256]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [14/02/2007 4.13.40 2808664]
S4 THQTCKRK;THQTCKRK;c:\users\ALBERT~1\AppData\Local\Temp\THQTCKRK.exe --> c:\users\ALBERT~1\AppData\Local\Temp\THQTCKRK.exe [?]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A9E4F13B-7EEA-4C83-85DF-0F447BF4DE7B}]
c:\windows\system32\msiexec.exe /qn /fpu {A9E4F13B-7EEA-4C83-85DF-0F447BF4DE7B}
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contenuto della cartella 'Scheduled Tasks'
2009-05-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-27 20:31]
2009-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-835447037-2755494302-2274692882-1000.job
- c:\users\Alberto\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-30 16:54]
2009-05-10 c:\windows\Tasks\User_Feed_Synchronization-{960128C5-C708-4F1C-AD98-74DFAEA6E299}.job
- c:\windows\system32\msfeedssync.exe [2008-05-24 07:33]
.
.

Scansione supplementare

.
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {CEF150B5-2E0F-49B8-ACB5-CAFB02E07167} = 192.168.1.1
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game13.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath -
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 00:25
Windows 6.0.6001 Service Pack 1 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.

CHIAVI DI REGISTRO BLOCCATE

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-835447037-2755494302-2274692882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*o*m*@*ÃÅ’Â¾|KNÃ—eâ€¹â€¢â€”_'`\OpenWithList]
@Class="Shell"
[HKEY_USERS\S-1-5-21-835447037-2755494302-2274692882-1000\Software\SecuROM\License information*]
"datasecu"=hex:02,48,79,4c,1f,13,e9,16,bb,7c,10,48,7b,5c,ac,54,9c,01,18,d6,3a,
f5,79,d1,61,81,0e,9b,73,f3,6f,fc,ec,34,cb,5a,b7,3b,5b,e8,8d,17,18,21,c4,e1,\
"rkeysecu"=hex:1b,0f,fc,05,e9,f1,b1,1d,42,48,c4,d6,7e,9d,f1,10
[HKEY_USERS\S-1-5-21-835447037-2755494302-2274692882-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6a,6b,1a,17,a3,9e,4a,c7,02,f5,03,d5,af,2f,b0,69,36,d4,16,b5,8f,f2,0a,
ed,ec,09,3b,6d,29,f1,32,09,65,fa,f8,a7,e3,28,72,af,78,43,45,cc,39,3d,9e,e1,\
"??"=hex:45,d6,f6,d2,79,fd,76,b0,00,4b,2a,fa,33,bf,e4,c6
[HKEY_USERS\S-1-5-21-835447037-2755494302-2274692882-1004\Software\SecuROM\License information*]
"datasecu"=hex:39,79,ec,ad,eb,1e,0b,94,aa,fe,4a,c0,b2,8e,81,31,85,6d,6d,34,34,
e3,35,56,37,7b,97,e2,b5,0b,75,29,65,eb,9a,ab,ff,c3,fe,66,69,ed,95,fb,06,48,\
"rkeysecu"=hex:75,9b,e9,6a,9c,1a,d0,cf,61,2d,b1,18,fc,39,32,ea
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.

Dlls caricate dai processi in esecuzione

- - - - - - - > 'winlogon.exe'(916)
c:\program files\ThreatFire\TFWAH.dll
- - - - - - - > 'lsass.exe'(808)
c:\program files\ThreatFire\TFWAH.dll
.
Ora fine scansione: 2009-05-10 0.27.47
ComboFix-quarantined-files.txt 2009-05-10 22:27
Pre-Run: 44.186.894.336 byte disponibili
Post-Run: 44.260.204.544 byte disponibili
409 --- E O F --- 2009-05-07 16:20

rigamondis · May 2009

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-05-11 07:55:40
PROTECTIONS: 1
MALWARE: 27
SUSPECTS: 12
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Spybot - Search and Destroy 1.0.0.6 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto_admin@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Alberto\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto_admin@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Alberto\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto@atdmt[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto_admin@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto_admin@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto_admin@mediaplex[1].txt
00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto_admin@sexlist[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\alberto_admin@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Alberto\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto@com[1].txt
00167706 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto_admin@counter3.sextracker[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Alberto\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto@statcounter[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto_admin@statcounter[2].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto_admin@counter.hitslink[1].txt
00167770 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto_admin@counter15.sextracker[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Alberto\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto_admin@ad.yieldmanager[2].txt
00168058 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto_admin@counter4.sextracker[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto_admin@apmebf[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\alberto_admin@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto_admin@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Alberto\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\alberto_admin@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto_admin@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Alberto\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto@bs.serving-sys[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto_admin@adtech[1].txt
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto_admin@sextracker[1].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto_admin@www5.addfreestats[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\alberto_admin@atwola[2].txt
00509861 Hacktool/AngryScan HackTools No 1 Yes No C:\Users\Alberto\Desktop\ipscan.exe
02261869 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Alberto admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\alberto_admin@counter12.sextracker[1].txt
02917651 W32/Bagle.KV.worm Virus No 0 Yes No C:\Users\Alberto\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\29771F75-000000C7.eml[SQL Server 2005 Decryptor 1.1.zip][SQL Server 2005 Decryptor 1.1.exe]
03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Users\Alberto\AppData\Local\DNA\Cache\FE122A00B8A047C4159A84D4DB0DF0EF25124F28
03899070 Generic Malware Virus/Trojan No 0 Yes No C:\Windows\Downloaded Program Files\securelogin.ocx
03904226 Generic Trojan Virus/Trojan No 0 Yes No D:\Mp3\___DA SCOMPATTARE E SMISTARE ___\crack-AliveMP3Converter.zip[keygen.exe]
05083617 Generic Trojan Virus/Trojan No 0 Yes No E:\games\Precipice of Darkness, Episode Two\On the Rain-Slick Precipice of Darkness - Episode Two Crack.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½9
;===================================================================================================================================================================================
No C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c69 ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½9
No C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c69[32788R22FWJFW\n.com] ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½9
No C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c69[32788R22FWJFW\NirCmd.cfexe]
No C:\Users\Alberto\Desktop\ComboFix.exe[32788R22FWJFW\n.com] ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½9
No C:\Users\Alberto\Desktop\ComboFix.exe[32788R22FWJFW\NirCmd.cfexe] ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½9
No C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c69[32788R22FWJFW\n.com] ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½9
No C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c69[32788R22FWJFW\NirCmd.cfexe]
No C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c69[32788R22FWJFW\n.com] ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½9
No C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c69[32788R22FWJFW\NirCmd.cfexe]
No C:\Windows\NIRCMD.exe ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½9
No E:\VIRUS WAR\ComboFix.exe[32788R22FWJFW\NirCmd.cfexe] ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½9
No E:\VIRUS WAR\ComboFix.exe[32788R22FWJFW\n.com] ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½9
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½9
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Katana · May 2009

Information

Cracks, Keygens and Warez

D:\Mp3\___DA SCOMPATTARE E SMISTARE ___\crack-AliveMP3Converter.zip[keygen.exe]
E:\games\Precipice of Darkness, Episode Two\On the Rain-Slick Precipice of Darkness - Episode Two Crack.exe

In doing the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product.
The distribution and use of cracked copies is illegal in almost every developed country.
They are also one of the biggest causes of infection.

This applies to Cracks, Keygens and Warez

In the future I strongly suggest you stay away from using cracks and/or Keygens.

You Active Scan log also shows an infected E-Mail in the Windows Mail Inbox folder
C:\Users\Alberto\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\29771F75-000000C7.eml
You should delete any e-mails with attachments (SQL Server 2005 Decryptor 1.1.exe)

Step 1

Disable Teatimer
We need to disable Teatimer as it may interfere with the cleaning.
Please do not re-enable it until I give instructions.

First step:

Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident

Second step, For Either Version :

Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Click Link >>> HERE <<< Link and select "save as" and save it to your desktop
Double click TTWipe.bat
Reboot your machine for the changes to take effect.

Step 2

Fix With HJT

Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing)

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

Step 3

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Driver::
tapiui32
FOIYYMAFQC
FYYHPKQ
HJCLO
TJO
THQTCKRK
RegNull::
[HKEY_USERS\S-1-5-21-835447037-2755494302-2274692882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*o*m*@*ÃÅ’Â¾|KNÃ—eâ€¹â€¢-_'`]
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts]
File::
C:\Users\Alberto\AppData\Local\DNA\Cache\FE122A00B8A047C4159A84D4DB0DF0EF25124F28
C:\Windows\Downloaded Program Files\securelogin.ocx
D:\Mp3\___DA SCOMPATTARE E SMISTARE ___\crack-AliveMP3Converter.zip[keygen.exe]
E:\games\Precipice of Darkness, Episode Two\On the Rain-Slick Precipice of Darkness - Episode Two Crack.exe

Ads::

Save this as CFScript.txt and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Step 4

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

Combofix Log
How are things running now, any problems still ?

Additional Notes

Your Java and Adobe are out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java and Adobe components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) from HERE
Scroll down to where it says "Java SE Runtime Environment (JRE)".
Click the "Download" button to the right.
- Platform = Windows
- Language = Multi Language
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Update Adobe Acrobat Reader
Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

Please go to this link Adobe Acrobat Reader Download Link
Cllick Download
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts

Now close all windows, including your browser.
Double click on the Java installation that you downloaded and follow the prompts.

Remove Programs
Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,
click on the program to highlight it, and click on remove.

Adobe Reader 8.1.3

Java(TM) 6 Update 10
Java(TM) 6 Update 5
Java(TM) 6 Update 7

Now close the Control Panel.

Reboot your machine.

rigamondis · May 2009

hi
i've tried to uninstall Java update 10 process was fine, but is still in the list, also after reboot...
Version 5 and 7 unistalled correctly, also Acrobat Reader 8.13

I've manually delete
D:\Mp3\___DA SCOMPATTARE E SMISTARE ___\crack-AliveMP3Converter.zip[keygen.exe]
E:\games\Precipice of Darkness, Episode Two\On the Rain-Slick Precipice of Darkness - Episode Two Crack.exe

here comobofix log

ComboFix 09-05-11.01 - Alberto admin 11/05/2009 19.47.14.2 - NTFSx86
MicrosoftÂ® Windows Vistaâ„¢ Ultimate 6.0.6001.1.1252.39.1040.18.3070.1831 [GMT 2:00]
Eseguito da: C:\Users\Alberto\Desktop\ComboFix.exe
Opzioni usate :: C:\Users\Alberto\Desktop\CFScript.txt
FILE ::
C:\Users\Alberto\AppData\Local\DNA\Cache\FE122A00B8A047C4159A84D4DB0DF0EF25124F28
C:\Windows\Downloaded Program Files\securelogin.ocx
D:\Mp3\___DA SCOMPATTARE E SMISTARE ___\crack-AliveMP3Converter.zip[keygen.exe]
E:\games\Precipice of Darkness, Episode Two\On the Rain-Slick Precipice of Darkness - Episode Two Crack.exe
.

Katana · May 2009

Katana wrote:

How are things running now, any problems still ?

Installed Programs

Please could you give me a list of the programs that are installed.

Start HijackThis
Click on the Misc Tools button
Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

rigamondis · May 2009

After reboot, it's all ok
no spam on smtp detected

i've tried to install java last version , same as unistalling, all ok but at the end was not in the list

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.65
ActiveState ActivePython 2.5.2.2
Adobe Flash Player 10 Plugin
AGEIA PhysX v7.11.13
Altova AltovaXML 2008
AMD OverDrive
Anteprima (Windows Live Toolbar)
Apple Software Update
Assistente per l'accesso a Windows Live
ATI AVIVO Codecs
avast! Antivirus
BS.Player FREE
Catalyst Control Center - Branding
Chinese Traditional Fonts Support For Adobe Reader 8
Combinazioni di suoni Windows
Componente aggiuntivo dei servizi di conferenza Microsoft per Microsoft Office Outlook
Crystal Reports Basic for Visual Studio 2008
Curse Client
CutePDF Writer 2.7
Declan's Japanese FlashCards v1.6
DivX Player
Drakensang
eMulev0.48a.-MorphXTv10.3
Eschalon Book 1 v1.04
ESET Online Scanner
Fallout 3
Fantasy Wars
Free Games Offer, Desktop Shortcut
G15_TeamSpeak (NSIS)
Galactic Civilizations II - Ultimate Edition
Geneforge 5
Google Earth
Google Updater
GPRO Organiser
GPRO Organiser
Heroes of Annihilated Empires
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio Team System 2008 Team Suite - ENU (KB952241)
Hotfix for Office (KB950278)
Hotfix for Office (KB950278)
Hotfix for Office (KB950278)
ImgBurn
Imperivm Civitas II
Impulse
Impulse
IndeoÂ® software
Intel(R) Matrix Storage Manager
Japanese Fonts Support For Adobe Reader 8
Java(TM) 6 Update 10
JMDict.NET Japanese Multi-lingual Dictionary version 1.0b
King's Bounty. The Legend (Remove Only)
K-Lite Codec Pack 3.4.5 Full
LastChaos
Lemmings Revolution
LibUSB-Win32-0.1.10.1
Logitech G15 Keyboard Software 1.04
Malwarebytes' Anti-Malware
marvell 61xx
Marvell Miniport Driver
Menu intelligenti (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ASP.NET 2.0 AJAX Extensions 1.0
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005 - Language Pack (italiano)
Microsoft Document Explorer 2005 Language Pack - ITA
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (Italian) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)
Microsoft Office Excel MUI (Italian) 2007
Microsoft Office Excel Viewer 2003
Microsoft Office Groove MUI (Italian) 2007
Microsoft Office InfoPath MUI (Italian) 2007
Microsoft Office OneNote MUI (Italian) 2007
Microsoft Office Outlook MUI (Italian) 2007
Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)
Microsoft Office PowerPoint MUI (Italian) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (Italian) 2007
Microsoft Office Publisher MUI (Italian) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Italian) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007
Microsoft Office SharePoint Designer 2007
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
Microsoft Office SharePoint Designer MUI (Italian) 2007
Microsoft Office Visio Viewer 2003 (Italiano)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word 2007 Help - Aggiornamento (KB963665)
Microsoft Office Word MUI (Italian) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [ITA] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Team Foundation Server 2008 Power Tools - December 2007 release
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# 2.0 Redistributable - Language Pack (italiano)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ITA
Microsoft Visual Studio 2005 Professional Edition - ITA Service Pack 1 (KB926608)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Performance Collection Tools - ENU
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
Microsoft Visual Studio 2008 Team Explorer - ENU
Microsoft Visual Studio 2008 Team Explorer - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio Team System 2008 Team Suite - ENU
Microsoft Visual Studio Team System 2008 Team Suite - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
Microsoft XNA Framework Redistributable 1.0 Refresh
Mozilla Firefox (2.0.0.20)
MSVC80_x86
NavyFIELD NorthAmerica
NetSend
No-IP.com DUC (remove only)
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
On the Rain-Slick Precipice of Darkness, Episode One
On the Rain-Slick Precipice of Darkness, Episode Two
OpenAL
Pacchetto driver Windows - Nokia Modem (03/05/2008 3.7)
Pacchetto driver Windows - Nokia Modem (03/13/2008 6.86.0.1)
Pacchetto driver Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
PageFlowSample
Panda ActiveScan 2.0
PC Connectivity Solution
Pcsx2 0.9.6
PL-2303 USB-to-Serial
PL-2303 Vista Driver Installer
PlayNC Launcher
PowerISO
QuickTime
RealPlayer
Remote Desktop Manager 3.0.0.2 (remove only)
RF Online Episode 2
Sacred 2
sancho (remove only)
Security Task Manager 1.7h
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Security Update per Microsoft Visual Studio 2005 Professional Edition - ITA (KB937061)
Security Update per Microsoft Visual Studio 2005 Professional Edition - ITA (KB947738)
Sid Meier's Civilization 4
Sid Meier's Civilization IV Colonization
SimCityâ„¢ Societies
Sins of a Solar Empire
Sins of a Solar Empire
SoundMAX
Spectromancer
Spectromancer
Spellforce 2 Gold
SpellForce 2 Patch
SPOREâ„¢
Spybot - Search & Destroy
SQL Server System CLR Types
StreamMyGame software
SyncQuick Backup V 4.0
System Requirements Lab
TeamSpeak 2 RC2
TFS Outlook Addin
Tftpd32 Standalone Edition
The Last Remnant
The Lord of the Rings Onlineâ„¢: Shadows of Angmarâ„¢ v07.12.30.70
The Witcher
ThreatExpert Memory Scanner 1.0
ThreatFire
TMRecorder
TMRecorder
TortoiseSVN 1.5.0.13316 (32 bit)
UBCD4Win 3.22
UFO Afterlight
UFO:AI 2.2.1
Ultimate Extras sounds from MicrosoftÂ® Tinkerâ„¢
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update per Microsoft Visual Studio 2005 Professional Edition - ITA (KB932235)
VC Runtimes MSI
Ventrilo Client
Visual C++ 2008 IA64 Runtime - (v9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - (v9.0.30729)
Visual C++ 2008 x64 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2005 Tools per Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
Warhammer Online - Age of Reckoning
Wave Editor 3.0.1.6
Winamp
Windows Automated Installation Kit
Windows Live Favorites per Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Player Firefox Plugin
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinHTTrack Website Copier 3.43-4
WinRAR gestione archivi
WinSCP 4.1.8
World of Warcraft
World of Warcraft FREE Trial
Xenocide 0.4
Xfire (remove only)

Katana · May 2009

i've tried to install java last version , same as unistalling, all ok but at the end was not in the list

To be honest, I have no idea what is wrong with Java, you will need to ask in a software room about that

Congratulations your logs look clean

Let's see if I can help you keep it that way

First lets tidy up

Please delete RSIT.exe and C:\RSIT (entire folder)
You can also delete any logs we have produced, and empty your Recycle bin.

Uninstall Combofix

This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START, type RUN into the search box, then click Enter
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

The following is some info to help you stay safe and clean.

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

AntiSpyware isnot the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
[*]Spybot - Search & Destroy <<< A must have program

It includes host protection and registry protection
A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites

[*] MalwareBytes Anti-malware <<< A New and effective program
[*]a-squared Free <<< A good "realtime" or "on demand" scanner
[*]superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

Winpatrol
- An excellent startup manager and then some !!
- Notifies you if programs are added to startup
- Allows delayed startup
- A must have addition
SpywareBlaster 4.0
- SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2
- SpywareGuard provides real-time protection against spyware.
- Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut
- Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS
- This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
- For information on how to download and install, please read this tutorial by WinHelp2002.
- Not required if you are using other host file protections

Internet Browsers

Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys. Using a different web browser can help stop malware getting on your machine.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
  - Change the Download signed ActiveX controls to Prompt
  - Change the Download unsigned ActiveX controls to Disable
  - Change the Initialise and script ActiveX controls not marked as safe to Disable
  - Change the Installation of desktop items to Prompt
  - Change the Launching programs and files in an IFRAME to Prompt
  - Change the Navigate sub-frames across different domains to Prompt
  - When all these settings have been made, click on the OK button.
  - If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.

FireFox
- With many addons available that make customization easy this is a very popular choice
- NoScript and AdBlockPlus addons are essential
Opera
- Another popular alternative
Netscape
- Another popular alternative
- Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

ATF Cleaner
- Free and very simple to use
CCleaner
- Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again

If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

rigamondis · May 2009

Thank you very much for helping me!

SVCHOST Sending thousand smtp connection (Resolved)

Comments