
aiuto virus Win32:VBStat-C

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

aiuto virus Win32:VBStat-C

Postdi maxbale » 03/06/07 20:05

ciao a tutti purtroppo il mio pc è infettato dal virus Win32:VBStat-C e Avast non riesce ad eliminarlo ho provato ad riavviare in modalità provvisoria per poter fare una scansione antivirus ma il pc si impianta come posso fare per elimnarlo vi posto anche il mio log
ciao grazie

Logfile of HijackThis v1.99.1
Scan saved at 21.01.49, on 03/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Programmi\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Max\Documenti\Hijackthis-199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WebCam Go Sti Service Application] wbcgosvc
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\vanhmnkg.dll",realset
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\cbyywx.dll",realset
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Taskbar] C:\Programmi\Creative\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - ...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - ...
O17 - HKLM\System\CCS\Services\Tcpip\..\{441141DD-C6CC-458F-8CDB-D5E6FF0F9C14}: NameServer =,
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Programmi\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
Utente Junior
Post: 61
Iscritto il: 29/12/05 18:22


Postdi Luke57 » 03/06/07 20:17

Ciao, scarica avenger sul desktop

scompatta il estraendo avenger.exe sul desktop
chidi le applicazioni aperte

Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla (Ctrl+V)le scritte in neretto:

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | setup

Files to delete:

Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes o Sì
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi maxbale » 04/06/07 16:33

ciao luke57 ho fatto come mi hai detto tu ma purtroppo appena apro internet explorer avast mi blocca subito un virus e fra l altro si alternano fra:Win32:VBStat-C Win32:Agent-GQG Win32:Agent-HHN o altrimenti mi arrivano dei messaggi di window internet explorer in cui c è scritto che il mio pc potrebbe essere infettato e di scaricare win doctor o mi si aprono pagine che publicizzano software tipo spyware o antivirus
ti prego aiutami non so piu dove sbattere la testa ho disabilitato kerio mettendo però come firewall quello di windows perchè ogni 10 secondi mi usciva una finestra dicendo che ha bloccatto un tentativo di intrusione da parte del file (LOGON)
ciao e grazie
Utente Junior
Post: 61
Iscritto il: 29/12/05 18:22

Postdi Luke57 » 04/06/07 17:30

Ciao, se possibile scarica systemscan da qui (ne leggi anche le proprietà così)
aprilo ed assicurati che tutte le opzioni siano spuntate, chiudi tutti i programmi e le applicazioni aperti, clicca su "Scan Now" al termine della scansione verrà rilasciato in C:\suspectfile un file con estensione .zip (
Vai su carica il file e nella tua prossima risposta scrivi l'URL per scaricarlo , il primo che ti sarà fornito(il report è molto lungo)
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi maxbale » 04/06/07 18:49

ciao luke57 e grazie ancora ho fatto come mi hai detto nche se con systemscan ho dovuto disabilitare hidden object perchè crashava il computer comnque sono andato avanti e il risultato su easy-share è questa:

<a target="_blank" href="">download</a>


poi non ho ben capito cosa dovrei fare.....scusa la mia ignoranza

Utente Junior
Post: 61
Iscritto il: 29/12/05 18:22

Postdi Luke57 » 05/06/07 09:12

Ciao, devi reinserire il file perchè mi hai dato il link per cancellarlo. Fino a che non lo avrò esaminato non devi fare niente ;)
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi maxbale » 05/06/07 14:22

ciao e grazie nuovamente per la tua pazienza luke57 non ci capisco molto di queste cose ti incollo quello che ho scaricato da easy-share sperando che sia la cosa giusta

SystemScan - - ver. 3.1.1

Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS

Date: 04/06/2007
Time: 19.28.33

Output limited to:
-Recent files
-PC accounts
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Running Services
-Duplicates in BAK folders
-Device Driver Services
-Svchost.exe instances
-Network settings
-Include HOSTS file
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Suspicious Files
-Include hijackthis.log
-Installed Applications

===================== Accounts on this PC =====================

Users on this computer:
Is Admin? | Username
Yes | Administrator
| Guest (Disabled)
| HelpAssistant (Disabled)
Yes | Max
| SUPPORT_388945a0 (Disabled)

### users folders

16/06/2006 22.39.25 (DIR) 0 byte 353 days old -- Default User
21/06/2006 19.43.29 (DIR) 0 byte 348 days old -- All Users
29/01/2007 18.11.12 (DIR) 0 byte 126 days old -- NetworkService
29/01/2007 18.11.12 (DIR) 0 byte 126 days old -- LocalService
04/06/2007 18.52.24 (DIR) 0 byte 0 days old -- Max

===================== Recent files (60 days old)=====================

----- recent files in C:\
06/05/2007 15.25.25 (DIR) 0 byte 29 days old -- Temp
03/06/2007 19.41.07 211 byte 1 days old -- boot.ini
04/06/2007 16.37.39 (DIR) 0 byte 0 days old -- Documents and Settings
04/06/2007 16.37.52 1730 byte 0 days old -- avenger.txt
04/06/2007 16.38.02 (DIR) 0 byte 0 days old -- avenger
04/06/2007 16.44.20 (DIR) 0 byte 0 days old -- Config.Msi
04/06/2007 16.47.24 (DIR) 0 byte 0 days old -- Programmi
04/06/2007 18.38.49 (DIR) 0 byte 0 days old -- VundoFix Backups
04/06/2007 18.42.42 6460 byte 0 days old -- VundoFix.txt
04/06/2007 18.56.50 (DIR) 0 byte 0 days old -- System Volume Information
04/06/2007 19.27.10 1610612736 byte 0 days old -- pagefile.sys
04/06/2007 19.27.11 (DIR)1073074176 byte 0 days old -- hiberfil.sys
04/06/2007 19.27.33 (DIR) 0 byte 0 days old -- WINDOWS
04/06/2007 19.28.33 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
08/04/2007 15.36.23 (DIR) 0 byte 57 days old -- Fonts
08/04/2007 15.58.39 (DIR) 0 byte 57 days old -- Minidump
08/04/2007 16.36.40 771 byte 57 days old -- ULEAD32.INI
11/04/2007 15.30.20 (DIR) 0 byte 54 days old -- $NtUninstallKB932168$
11/04/2007 15.30.29 (DIR) 0 byte 54 days old -- $NtUninstallKB930178$
11/04/2007 15.30.34 (DIR) 0 byte 54 days old -- $NtUninstallKB931261$
11/04/2007 15.30.40 (DIR) 0 byte 54 days old -- $NtUninstallKB931784$
11/04/2007 16.00.48 (DIR) 0 byte 54 days old -- msagent
24/04/2007 17.46.53 (DIR) 0 byte 41 days old -- pss
01/05/2007 09.28.36 0 byte 34 days old -- Sti_Trace.log
09/05/2007 15.33.21 (DIR) 0 byte 26 days old -- $NtUninstallKB930916$
09/05/2007 15.33.41 (DIR) 0 byte 26 days old -- ie7updates
10/05/2007 19.14.39 (DIR) 0 byte 25 days old -- Debug
25/05/2007 20.42.41 (DIR) 0 byte 10 days old -- $hf_mig$
25/05/2007 20.42.44 (DIR) 0 byte 10 days old -- $NtUninstallKB927891$
02/06/2007 21.46.37 229 byte 2 days old -- NeroDigital.ini
03/06/2007 09.37.15 106469 byte 1 days old -- byyvvs.dll
03/06/2007 09.55.11 106562 byte 1 days old -- mlijkl.dll
03/06/2007 10.18.54 106342 byte 1 days old -- ljijkj.dll
03/06/2007 10.20.56 (DIR) 0 byte 1 days old -- Prefetch
03/06/2007 11.44.42 106619 byte 1 days old -- nnmjgg.dll
03/06/2007 12.36.54 106456 byte 1 days old -- fcbyvt.dll
03/06/2007 12.45.38 1101199 byte 1 days old -- tvybcf.ini
03/06/2007 13.19.39 1101318 byte 1 days old -- utvwwa.ini
03/06/2007 14.22.09 1101617 byte 1 days old -- ceeeeg.ini
03/06/2007 19.41.07 277 byte 1 days old -- system.ini
03/06/2007 19.41.07 507 byte 1 days old -- win.ini
03/06/2007 19.54.14 1101139 byte 1 days old -- jkmmoq.ini
03/06/2007 20.07.03 (DIR) 0 byte 1 days old -- BDOSCAN8
03/06/2007 20.07.25 1101199 byte 1 days old -- xwyybc.ini
03/06/2007 21.17.41 (DIR) 0 byte 1 days old -- inf
03/06/2007 21.17.45 (DIR) 0 byte 1 days old -- Downloaded Program Files
03/06/2007 21.59.17 106604 byte 1 days old -- urpono.dll
04/06/2007 14.51.36 1101235 byte 0 days old -- onopru.ini
04/06/2007 14.52.55 1067888 byte 0 days old -- twaaay.ini
04/06/2007 15.45.00 1060402 byte 0 days old -- mpopoq.ini
04/06/2007 16.44.12 (DIR) 0 byte 0 days old -- Installer
04/06/2007 16.51.38 32516 byte 0 days old -- SchedLgU.Txt
04/06/2007 18.50.20 106493 byte 0 days old -- nnkklj.dll
04/06/2007 18.52.12 3206968 byte 0 days old -- {00000002-00000000-00000009-00001102-00000004-00521102}.BAK
04/06/2007 18.52.12 3206968 byte 0 days old -- {00000002-00000000-00000009-00001102-00000004-00521102}.CDF
04/06/2007 18.53.19 (DIR) 0 byte 0 days old -- system32
04/06/2007 19.17.57 537 byte 0 days old -- setupapi.log
04/06/2007 19.24.10 (DIR) 0 byte 0 days old -- Temp
04/06/2007 19.27.10 0 byte 0 days old -- MEMORY.DMP
04/06/2007 19.27.13 2048 byte 0 days old -- bootstat.dat
04/06/2007 19.27.14 (DIR) 0 byte 0 days old -- CSC
04/06/2007 19.27.18 531694 byte 0 days old -- WindowsUpdate.log
04/06/2007 19.27.18 50 byte 0 days old -- wiaservc.log
04/06/2007 19.27.20 159 byte 0 days old -- wiadebug.log
04/06/2007 19.27.21 0 byte 0 days old -- 0.log
04/06/2007 19.27.33 1060570 byte 0 days old -- jlkknn.ini

----- recent files in C:\WINDOWS\Downloaded Program Files\

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
08/04/2007 15.54.04 258248 byte 57 days old -- FNTCACHE.DAT
18/04/2007 18.14.23 2854400 byte 47 days old -- msi.dll
27/04/2007 22.45.12 14970328 byte 38 days old -- MRT.exe
30/04/2007 17.35.28 95872 byte 35 days old -- AVASTSS.scr
30/04/2007 17.46.10 745600 byte 35 days old -- aswBoot.exe
01/05/2007 09.29.51 2934 byte 34 days old -- CONFIG.NT
25/05/2007 20.42.46 (DIR) 0 byte 10 days old -- dllcache
02/06/2007 20.05.05 2228 byte 2 days old -- wpa.dbl
03/06/2007 01.01.40 77824 byte 1 days old -- chcdec.dll
03/06/2007 09.37.08 39124 byte 1 days old -- tmp7.tmp.dll
03/06/2007 09.54.59 39124 byte 1 days old -- tmpC.tmp.dll
03/06/2007 10.04.38 18944 byte 1 days old -- winowl32.dll
03/06/2007 10.10.40 39124 byte 1 days old -- tmp2C.tmp.dll
03/06/2007 10.19.02 125460 byte 1 days old -- rakvsnpc.dll
03/06/2007 10.19.15 2580 byte 1 days old -- peldtbvm.exe
03/06/2007 11.23.09 39124 byte 1 days old -- tmp35.tmp.dll
03/06/2007 11.44.32 39124 byte 1 days old -- tmp39.tmp.dll
03/06/2007 12.01.19 (DIR) 0 byte 1 days old -- appmgmt
03/06/2007 12.33.23 125460 byte 1 days old -- wwiuxtfr.dll
03/06/2007 12.33.36 39124 byte 1 days old -- tmp40.tmp.dll
03/06/2007 12.36.22 2580 byte 1 days old -- wtotxqjw.exe
03/06/2007 12.45.38 524 byte 1 days old -- qdthjxsw.ini
03/06/2007 12.54.26 2580 byte 1 days old -- rgpnvolk.exe
03/06/2007 14.02.25 125460 byte 1 days old -- jbpmhdwc.dll
03/06/2007 14.06.36 2580 byte 1 days old -- vbpimsgd.exe
03/06/2007 14.19.43 1101557 byte 1 days old -- ftnpmdwj.ini
03/06/2007 14.19.54 125460 byte 1 days old -- acdkfgtc.dll
03/06/2007 14.21.07 39124 byte 1 days old -- tmp5E.tmp.dll
03/06/2007 14.25.35 2580 byte 1 days old -- ibwsxfhj.exe
03/06/2007 14.31.43 39124 byte 1 days old -- tmp66.tmp.dll
03/06/2007 19.46.27 2580 byte 1 days old -- aaemkccm.exe
03/06/2007 19.52.52 39124 byte 1 days old -- tmp7D.tmp.dll
03/06/2007 19.53.23 2580 byte 1 days old -- vnuxtupj.exe
03/06/2007 20.49.05 2580 byte 1 days old -- rdgnabqo.exe
03/06/2007 21.05.13 39124 byte 1 days old -- tmp8C.tmp.dll
03/06/2007 21.07.42 143 byte 1 days old -- mcrh.tmp
03/06/2007 21.10.46 2580 byte 1 days old -- fuuvllpj.exe
03/06/2007 21.59.04 39124 byte 1 days old -- tmpB5.tmp.dll
04/06/2007 14.57.23 2580 byte 0 days old -- wotqivij.exe
04/06/2007 15.39.44 39124 byte 0 days old -- tmp3.tmp.dll
04/06/2007 16.44.20 (DIR) 0 byte 0 days old -- drivers
04/06/2007 18.01.28 19732 byte 0 days old -- BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-00521102}.rfx
04/06/2007 18.01.28 24 byte 0 days old -- DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-00521102}.dat
04/06/2007 18.01.28 24 byte 0 days old -- DVCState-{00000002-00000000-00000009-00001102-00000004-00521102}.dat
04/06/2007 18.01.28 19732 byte 0 days old -- BMXState-{00000002-00000000-00000009-00001102-00000004-00521102}.rfx
04/06/2007 18.01.28 1080 byte 0 days old -- settingsbkup.sfm
04/06/2007 18.01.28 27732 byte 0 days old -- BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-00521102}.rfx
04/06/2007 18.01.28 27732 byte 0 days old -- BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-00521102}.rfx
04/06/2007 18.01.28 1080 byte 0 days old -- settings.sfm
04/06/2007 18.03.18 (DIR) 0 byte 0 days old -- CatRoot2
04/06/2007 18.49.00 39124 byte 0 days old -- tmpC0.tmp.dll
04/06/2007 18.53.19 39124 byte 0 days old -- tmpCA.tmp.dll
04/06/2007 18.53.23 13457272 byte 0 days old -- dn_crash.log
04/06/2007 19.28.17 77 byte 0 days old -- chcdec.dns

----- recent files in C:\WINDOWS\system32\drivers\
30/04/2007 17.37.23 26888 byte 35 days old -- aavmker4.sys
30/04/2007 17.38.51 43176 byte 35 days old -- aswTdi.sys
30/04/2007 17.39.41 23416 byte 35 days old -- aswRdr.sys
30/04/2007 17.41.42 94552 byte 35 days old -- aswmon2.sys
30/04/2007 17.41.55 85952 byte 35 days old -- aswmon.sys
03/06/2007 19.37.14 1400 byte 1 days old -- fwdrv.err

----- recent files in C:\WINDOWS\temp\
02/06/2007 20.08.38 (DIR) 0 byte 2 days old -- {2655D01A-0275-4666-8084-10C9BD03840A}
03/06/2007 12.03.14 0 byte 1 days old -- win1.tmp
03/06/2007 12.03.14 0 byte 1 days old -- win2.tmp
03/06/2007 12.03.14 0 byte 1 days old -- win3.tmp
03/06/2007 12.03.14 0 byte 1 days old -- win4.tmp
03/06/2007 12.03.14 0 byte 1 days old -- win5.tmp
03/06/2007 12.05.14 0 byte 1 days old -- win7.tmp
03/06/2007 12.05.14 0 byte 1 days old -- win9.tmp
03/06/2007 12.05.14 0 byte 1 days old -- winA.tmp
03/06/2007 12.05.14 0 byte 1 days old -- win8.tmp
03/06/2007 12.05.14 0 byte 1 days old -- win6.tmp
03/06/2007 12.07.14 0 byte 1 days old -- winE.tmp
03/06/2007 12.07.14 0 byte 1 days old -- winF.tmp
03/06/2007 12.07.14 0 byte 1 days old -- winD.tmp
03/06/2007 12.07.14 0 byte 1 days old -- winB.tmp
03/06/2007 12.07.14 0 byte 1 days old -- winC.tmp
03/06/2007 12.09.14 0 byte 1 days old -- win11.tmp
03/06/2007 12.09.14 0 byte 1 days old -- win10.tmp
03/06/2007 12.09.14 0 byte 1 days old -- win12.tmp
03/06/2007 12.09.14 0 byte 1 days old -- win14.tmp
03/06/2007 12.09.14 0 byte 1 days old -- win13.tmp
03/06/2007 12.11.14 0 byte 1 days old -- win17.tmp
03/06/2007 12.11.14 0 byte 1 days old -- win18.tmp
03/06/2007 12.11.14 0 byte 1 days old -- win15.tmp
03/06/2007 12.11.14 0 byte 1 days old -- win16.tmp
03/06/2007 12.11.14 0 byte 1 days old -- win19.tmp
03/06/2007 12.13.14 0 byte 1 days old -- win1C.tmp
03/06/2007 12.13.14 0 byte 1 days old -- win1B.tmp
03/06/2007 12.13.14 0 byte 1 days old -- win1A.tmp
03/06/2007 12.13.14 0 byte 1 days old -- win1D.tmp
03/06/2007 12.15.14 0 byte 1 days old -- win24.tmp
03/06/2007 12.15.14 0 byte 1 days old -- win21.tmp
03/06/2007 12.15.14 0 byte 1 days old -- win22.tmp
03/06/2007 12.15.14 0 byte 1 days old -- win23.tmp
03/06/2007 12.17.48 0 byte 1 days old -- win20.tmp
03/06/2007 12.17.48 0 byte 1 days old -- win1E.tmp
03/06/2007 12.17.48 0 byte 1 days old -- win1F.tmp
03/06/2007 12.17.48 0 byte 1 days old -- win25.tmp
03/06/2007 12.18.01 (DIR) 0 byte 1 days old -- Cookies
03/06/2007 12.18.01 (DIR) 0 byte 1 days old -- History
03/06/2007 12.18.01 (DIR) 0 byte 1 days old -- Temporary Internet Files
03/06/2007 12.19.48 0 byte 1 days old -- win28.tmp
03/06/2007 12.19.48 0 byte 1 days old -- win29.tmp
03/06/2007 12.19.48 0 byte 1 days old -- win26.tmp
03/06/2007 12.19.48 0 byte 1 days old -- win27.tmp
03/06/2007 12.22.40 0 byte 1 days old -- win2B.tmp
03/06/2007 12.22.40 0 byte 1 days old -- win2A.tmp
03/06/2007 12.22.40 0 byte 1 days old -- win2D.tmp
03/06/2007 12.22.40 0 byte 1 days old -- win2C.tmp
03/06/2007 12.24.40 0 byte 1 days old -- win31.tmp
03/06/2007 12.24.40 0 byte 1 days old -- win32.tmp
03/06/2007 12.24.40 0 byte 1 days old -- win2F.tmp
03/06/2007 12.24.40 0 byte 1 days old -- win30.tmp
03/06/2007 12.26.40 0 byte 1 days old -- win33.tmp
03/06/2007 12.26.40 0 byte 1 days old -- win34.tmp
03/06/2007 12.26.40 0 byte 1 days old -- win36.tmp
03/06/2007 12.26.40 0 byte 1 days old -- win35.tmp
03/06/2007 12.30.08 0 byte 1 days old -- win39.tmp
03/06/2007 12.30.08 0 byte 1 days old -- win2E.tmp
03/06/2007 12.30.08 0 byte 1 days old -- win37.tmp
03/06/2007 12.30.08 0 byte 1 days old -- win38.tmp
03/06/2007 12.32.08 0 byte 1 days old -- win3D.tmp
03/06/2007 12.32.08 0 byte 1 days old -- win3E.tmp
03/06/2007 12.32.08 0 byte 1 days old -- win3C.tmp
03/06/2007 12.32.08 0 byte 1 days old -- win3F.tmp
03/06/2007 12.32.08 0 byte 1 days old -- win3B.tmp
03/06/2007 12.34.08 0 byte 1 days old -- win44.tmp
03/06/2007 12.34.08 0 byte 1 days old -- win43.tmp
03/06/2007 12.34.08 0 byte 1 days old -- win45.tmp
03/06/2007 12.34.08 0 byte 1 days old -- win46.tmp
03/06/2007 12.34.09 0 byte 1 days old -- win47.tmp
03/06/2007 12.36.09 0 byte 1 days old -- win4A.tmp
03/06/2007 12.38.09 0 byte 1 days old -- win50.tmp
03/06/2007 12.40.09 0 byte 1 days old -- win51.tmp
03/06/2007 13.01.20 0 byte 1 days old -- win3A.tmp
03/06/2007 13.03.20 0 byte 1 days old -- win40.tmp
03/06/2007 13.05.20 0 byte 1 days old -- win41.tmp
03/06/2007 13.07.20 0 byte 1 days old -- win42.tmp
03/06/2007 13.09.20 0 byte 1 days old -- win48.tmp
03/06/2007 13.31.20 0 byte 1 days old -- win4B.tmp
03/06/2007 13.41.20 0 byte 1 days old -- win52.tmp
03/06/2007 13.41.20 0 byte 1 days old -- win4E.tmp
03/06/2007 13.41.20 0 byte 1 days old -- win4D.tmp
03/06/2007 13.41.20 0 byte 1 days old -- win4C.tmp
03/06/2007 13.41.20 0 byte 1 days old -- win4F.tmp
03/06/2007 13.43.20 0 byte 1 days old -- win53.tmp
03/06/2007 13.43.25 0 byte 1 days old -- win54.tmp
03/06/2007 13.43.25 0 byte 1 days old -- win55.tmp
03/06/2007 13.43.25 0 byte 1 days old -- win56.tmp
03/06/2007 14.01.53 0 byte 1 days old -- win49.tmp
03/06/2007 14.03.53 0 byte 1 days old -- win57.tmp
03/06/2007 14.06.06 0 byte 1 days old -- win58.tmp
03/06/2007 14.08.06 0 byte 1 days old -- win59.tmp
03/06/2007 14.11.01 0 byte 1 days old -- win5A.tmp
03/06/2007 14.13.42 0 byte 1 days old -- win5B.tmp
03/06/2007 14.16.08 0 byte 1 days old -- win5C.tmp
03/06/2007 14.19.24 0 byte 1 days old -- win5D.tmp
03/06/2007 14.21.24 0 byte 1 days old -- win5F.tmp
03/06/2007 14.23.24 0 byte 1 days old -- win63.tmp
03/06/2007 14.25.24 0 byte 1 days old -- win64.tmp
03/06/2007 14.27.24 0 byte 1 days old -- win65.tmp
03/06/2007 14.48.27 0 byte 1 days old -- win5E.tmp
03/06/2007 14.48.56 16384 byte 1 days old -- Perflib_Perfdata_954.dat
03/06/2007 19.34.35 0 byte 1 days old -- win61.tmp
03/06/2007 19.34.35 0 byte 1 days old -- win60.tmp
03/06/2007 19.34.35 0 byte 1 days old -- win66.tmp
03/06/2007 19.34.35 0 byte 1 days old -- win62.tmp
03/06/2007 19.37.20 0 byte 1 days old -- win68.tmp
03/06/2007 19.37.20 0 byte 1 days old -- win67.tmp
03/06/2007 19.37.21 0 byte 1 days old -- win6A.tmp
03/06/2007 19.37.21 0 byte 1 days old -- win69.tmp
03/06/2007 19.39.21 0 byte 1 days old -- win6B.tmp
03/06/2007 19.39.21 0 byte 1 days old -- win6E.tmp
03/06/2007 19.39.21 0 byte 1 days old -- win6D.tmp
03/06/2007 19.39.21 0 byte 1 days old -- win6C.tmp
03/06/2007 19.42.31 0 byte 1 days old -- win70.tmp
03/06/2007 19.42.31 0 byte 1 days old -- win71.tmp
03/06/2007 19.42.31 0 byte 1 days old -- win6F.tmp
03/06/2007 19.42.31 0 byte 1 days old -- win72.tmp
03/06/2007 19.44.31 0 byte 1 days old -- win74.tmp
03/06/2007 19.44.31 0 byte 1 days old -- win73.tmp
03/06/2007 19.44.31 0 byte 1 days old -- win76.tmp
03/06/2007 19.44.31 0 byte 1 days old -- win75.tmp
03/06/2007 19.46.31 0 byte 1 days old -- win78.tmp
03/06/2007 19.46.31 0 byte 1 days old -- win77.tmp
03/06/2007 19.46.31 0 byte 1 days old -- win79.tmp
03/06/2007 19.46.31 0 byte 1 days old -- win7A.tmp
03/06/2007 19.48.31 0 byte 1 days old -- win7B.tmp
03/06/2007 19.50.31 0 byte 1 days old -- win7C.tmp
03/06/2007 20.10.31 0 byte 1 days old -- win87.tmp
03/06/2007 20.32.31 0 byte 1 days old -- win88.tmp
03/06/2007 20.54.32 0 byte 1 days old -- win8B.tmp
03/06/2007 21.16.32 0 byte 1 days old -- win92.tmp
03/06/2007 21.36.32 0 byte 1 days old -- winB0.tmp
03/06/2007 21.46.32 0 byte 1 days old -- winB3.tmp
03/06/2007 21.46.32 0 byte 1 days old -- winB1.tmp
03/06/2007 21.46.32 0 byte 1 days old -- winB2.tmp
03/06/2007 21.56.32 0 byte 1 days old -- winB4.tmp
04/06/2007 14.51.17 0 byte 0 days old -- win7D.tmp
04/06/2007 14.51.17 0 byte 0 days old -- win7E.tmp
04/06/2007 14.51.17 0 byte 0 days old -- win7F.tmp
04/06/2007 14.51.17 0 byte 0 days old -- win80.tmp
04/06/2007 14.51.22 16384 byte 0 days old -- Perflib_Perfdata_778.dat
04/06/2007 14.53.17 0 byte 0 days old -- win86.tmp
04/06/2007 14.53.17 0 byte 0 days old -- win89.tmp
04/06/2007 14.53.17 0 byte 0 days old -- win8A.tmp
04/06/2007 14.53.18 0 byte 0 days old -- win8C.tmp
04/06/2007 14.55.18 0 byte 0 days old -- win8D.tmp
04/06/2007 14.57.18 0 byte 0 days old -- win8E.tmp
04/06/2007 14.59.18 0 byte 0 days old -- win90.tmp
04/06/2007 15.19.34 0 byte 0 days old -- win81.tmp
04/06/2007 15.22.59 0 byte 0 days old -- win82.tmp
04/06/2007 15.24.59 0 byte 0 days old -- win83.tmp
04/06/2007 15.26.59 0 byte 0 days old -- win84.tmp
04/06/2007 15.28.59 0 byte 0 days old -- win85.tmp
04/06/2007 15.30.59 0 byte 0 days old -- win8F.tmp
04/06/2007 15.51.50 0 byte 0 days old -- win91.tmp
04/06/2007 15.53.50 0 byte 0 days old -- win93.tmp
04/06/2007 15.55.50 0 byte 0 days old -- win94.tmp
04/06/2007 15.58.32 0 byte 0 days old -- win95.tmp
04/06/2007 15.58.35 16384 byte 0 days old -- Perflib_Perfdata_4dc.dat
04/06/2007 16.00.32 0 byte 0 days old -- win96.tmp
04/06/2007 16.02.32 0 byte 0 days old -- win97.tmp
04/06/2007 16.04.32 0 byte 0 days old -- win98.tmp
04/06/2007 16.07.52 0 byte 0 days old -- win99.tmp
04/06/2007 16.09.52 0 byte 0 days old -- win9A.tmp
04/06/2007 16.11.52 0 byte 0 days old -- win9B.tmp
04/06/2007 16.13.52 0 byte 0 days old -- win9C.tmp
04/06/2007 16.15.52 0 byte 0 days old -- win9D.tmp
04/06/2007 16.37.55 0 byte 0 days old -- win9E.tmp
04/06/2007 16.39.55 0 byte 0 days old -- winA5.tmp
04/06/2007 16.41.44 0 byte 0 days old -- win9F.tmp
04/06/2007 16.43.44 0 byte 0 days old -- winA0.tmp
04/06/2007 16.46.03 0 byte 0 days old -- winA1.tmp
04/06/2007 16.48.03 0 byte 0 days old -- winA2.tmp
04/06/2007 16.50.03 0 byte 0 days old -- winA3.tmp
04/06/2007 16.53.09 0 byte 0 days old -- winA4.tmp
04/06/2007 16.55.09 0 byte 0 days old -- winA8.tmp
04/06/2007 16.55.09 0 byte 0 days old -- winA9.tmp
04/06/2007 16.55.09 0 byte 0 days old -- winA7.tmp
04/06/2007 16.55.09 0 byte 0 days old -- winA6.tmp
04/06/2007 16.57.09 0 byte 0 days old -- winAC.tmp
04/06/2007 16.57.09 0 byte 0 days old -- winAD.tmp
04/06/2007 16.57.09 0 byte 0 days old -- winAB.tmp
04/06/2007 16.57.09 0 byte 0 days old -- winAA.tmp
04/06/2007 17.00.22 0 byte 0 days old -- winAF.tmp
04/06/2007 17.00.22 0 byte 0 days old -- winAE.tmp
04/06/2007 17.00.23 0 byte 0 days old -- winB5.tmp
04/06/2007 17.00.23 0 byte 0 days old -- winB6.tmp
04/06/2007 17.00.26 16384 byte 0 days old -- Perflib_Perfdata_4d8.dat
04/06/2007 17.02.25 0 byte 0 days old -- winBD.tmp
04/06/2007 17.02.25 1186 byte 0 days old -- winBC.tmp
04/06/2007 17.02.26 0 byte 0 days old -- winBF.tmp
04/06/2007 17.02.27 0 byte 0 days old -- winC0.tmp
04/06/2007 17.02.27 0 byte 0 days old -- winC1.tmp
04/06/2007 17.02.28 0 byte 0 days old -- winC3.tmp
04/06/2007 17.02.28 0 byte 0 days old -- winC4.tmp
04/06/2007 17.02.28 0 byte 0 days old -- winC2.tmp
04/06/2007 17.02.29 0 byte 0 days old -- winC6.tmp
04/06/2007 17.02.29 0 byte 0 days old -- winC5.tmp
04/06/2007 17.02.30 0 byte 0 days old -- winC8.tmp
04/06/2007 17.02.30 0 byte 0 days old -- winC9.tmp
04/06/2007 17.02.30 0 byte 0 days old -- winC7.tmp
04/06/2007 17.02.31 0 byte 0 days old -- winCA.tmp
04/06/2007 17.02.31 0 byte 0 days old -- winCB.tmp
04/06/2007 17.02.32 0 byte 0 days old -- winCC.tmp
04/06/2007 17.02.32 0 byte 0 days old -- winCD.tmp
04/06/2007 17.02.33 0 byte 0 days old -- winCF.tmp
04/06/2007 17.02.33 0 byte 0 days old -- winCE.tmp
04/06/2007 17.02.35 30720 byte 0 days old -- winD0.tmp.exe
04/06/2007 17.02.35 0 byte 0 days old -- winD1.tmp
04/06/2007 17.02.35 0 byte 0 days old -- winD2.tmp
04/06/2007 17.02.36 0 byte 0 days old -- winD3.tmp
04/06/2007 17.02.37 30720 byte 0 days old -- winD4.tmp.exe
04/06/2007 17.15.40 16384 byte 0 days old -- Perflib_Perfdata_4e4.dat
04/06/2007 17.23.37 30720 byte 0 days old -- winB7.tmp.exe
04/06/2007 17.45.39 30720 byte 0 days old -- winBE.tmp.exe
04/06/2007 18.02.50 16384 byte 0 days old -- Perflib_Perfdata_69c.dat
04/06/2007 18.06.47 0 byte 0 days old -- winB7.tmp
04/06/2007 18.08.47 0 byte 0 days old -- winB8.tmp
04/06/2007 19.02.48 1186 byte 0 days old -- winD0.tmp
04/06/2007 19.12.49 30720 byte 0 days old -- winD4.tmp
04/06/2007 19.14.50 30720 byte 0 days old -- winD5.tmp.exe
04/06/2007 19.27.27 (DIR) 0 byte 0 days old -- _avast4_

----- recent files in C:\Programmi\
08/04/2007 15.36.21 (DIR) 0 byte 57 days old -- Ulead Systems
09/05/2007 15.33.47 (DIR) 0 byte 26 days old -- Internet Explorer
03/06/2007 09.46.41 (DIR) 0 byte 1 days old -- eMule
03/06/2007 09.53.25 (DIR) 0 byte 1 days old -- Spybot - Search & Destroy
03/06/2007 10.14.29 (DIR) 0 byte 1 days old -- Windows Media Connect 2

----- recent files in C:\Programmi\File comuni\

===================== Duplicates in BAK folders =====================

No BAK folders found

===================== REGISTRY SCAN =====================


"WebCam Go Sti Service Application"="wbcgosvc"
"CloneCDTray"="\"C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe\" /s"
"CTStartup"="C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run\00\00\00\00\00\00\00hö\12\00å‚Ýs\14÷\12\00”\Àwˆ ¾wÿÿÿÿÎÿwçÿw4\00\00\00°ö\12\00.Ä¿w4\00\00\00\00\00\00\004\00\00\00TAÔs4\00\00\00\02\01\01\00l:2\00ü„9~¤…9~\02\01\01\00\01\00\00\00\„Ç\00\„Ç\00ôþ\12\00\14÷\12\00U·9~…·9~\„Ç\00\„Ç\00ôþ\12\00Øu`\00ìö\12\00ŒC@\00\„Ç\00\„Ç\00\09ðÙs\02\01\01\00\„Ç\00»\11Ôs\„Ç\00P:2\00A\10ÔsP:2\00ŒC@\00xþ\12\00`|Áw\„Ç\00â\13@"
"setup"="rundll32.exe \"C:\WINDOWS\nnkklj.dll\",realset"






"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe\""





-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----



#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"


#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
#### HKCR\CLSID\{E5225210-F293-40FE-BB2F-D5A3C7F13C47}\InprocServer32 @="C:\WINDOWS\system32\nnnnopp.dll"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""


"@="Senza fili"

"@="Folder Redirection"

"@="Quota disco Microsoft"

"@="Utilità di pianificazione pacchetti QoS"


"@="Internet Explorer Zonemapping"


"@="Internet Explorer Branding"

"@="EFS recovery"

"@="Microsoft Offline Files"

"@="Installazione software"

"@="Protezione IP"


















-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"


"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----









"CTStartup"="\"C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE\" /play\00\00\00\00hö\12\00å‚Ýs\14÷\12\00”\Àwˆ ¾wÿÿÿÿÎÿwçÿw4\00\00\00°ö\12\00.Ä¿w4\00\00\00\00\00\00\004\00\00\00TAÔs4\00\00\00\02\01\01\00l:2\00ü„9~¤…9~\02\01\01\00\01\00\00\00\„Ç\00\„Ç\00ôþ\12\00\14÷\12\00U·9~…·9~\„Ç\00\„Ç\00ôþ\12\00Øu`\00ìö\12\00ŒC@\00\„Ç\00\„Ç\00\09ðÙs\02\01\01\00\„Ç\00»\11Ôs\„Ç\00P:2\00A\10ÔsP:2\00ŒC@\00xþ\12\00`|Áw\„Ç\00â\13@"



-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----


-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----




-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----


"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\Browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\Browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
#### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"

[Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[Browser Helper Objects\{AE32AA4F-C90F-4EE1-A683-8F8B9F925BA8}]
#### HKCR\CLSID\{AE32AA4F-C90F-4EE1-A683-8F8B9F925BA8}\InprocServer32 @="C:\WINDOWS\system32\acdkfgtc.dll"

[Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

[Browser Helper Objects\{bfc723ce-4229-44ae-b63a-666aea8b7935}]
#### HKCR\CLSID\{bfc723ce-4229-44ae-b63a-666aea8b7935}\InprocServer32 @="C:\WINDOWS\system32\chcdec.dll"

[Browser Helper Objects\{DEBEB52F-CFA6-4647-971F-3EDB75B63AFA}]
#### HKCR\CLSID\{DEBEB52F-CFA6-4647-971F-3EDB75B63AFA}\InprocServer32 @="C:\WINDOWS\system32\tmpCA.tmp.dll"

[Browser Helper Objects\{E5225210-F293-40FE-BB2F-D5A3C7F13C47}]
#### HKCR\CLSID\{E5225210-F293-40FE-BB2F-D5A3C7F13C47}\InprocServer32 @="C:\WINDOWS\system32\nnnnopp.dll"

[Browser Helper Objects\{FD0C6E0A-3105-4F24-A634-0D2F1F89F490}]
#### HKCR\CLSID\{FD0C6E0A-3105-4F24-A634-0D2F1F89F490}\InprocServer32 @="C:\WINDOWS\system32\vtsqo.dll"

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----


[startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Acrobat Speed Launcher.lnk]
"path"="C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Acrobat Speed Launcher.lnk"
"backup"="C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe "
"item"="Adobe Acrobat Speed Launcher"

[startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^EPSON Status Monitor 3 Environment Check.lnk]
"path"="C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\EPSON Status Monitor 3 Environment Check.lnk"
"backup"="C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE "
"item"="EPSON Status Monitor 3 Environment Check"

[startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Ulead Photo Express SE Calendar Checker.lnk]
"path"="C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Ulead Photo Express SE Calendar Checker.lnk"
"backup"="C:\WINDOWS\pss\Ulead Photo Express SE Calendar Checker.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\ULEADS~1\ULEADP~1.0SE\CalCheck.exe "
"item"="Ulead Photo Express SE Calendar Checker"

-----HKCU\Control Panel\Desktop\-----




@="\"%1\" %*"


@="\"%1\" %*"


@="\"%1\" %*"


@="\"%1\" %*"


@="\"%1\" /S"


@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"







"Authentication Packages"=multi:"msv1_0\00\00"
"Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
"Notification Packages"=multi:"scecli\00\00"

"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]















"Comment"="Digest SSPI Authentication Package"

"Comment"="DPA Security Package"

"Comment"="MSN Security Package"


"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"






"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programmi\MSN Messenger\livecall.exe"="C:\Programmi\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"






"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programmi\MSN Messenger\livecall.exe"="C:\Programmi\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"






-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----








-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----




-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

[VB and VBA Program Settings]

[VB and VBA Program Settings\CCleaner]

[VB and VBA Program Settings\CCleaner\Options]

[VB and VBA Program Settings\Euro Add-in]

[VB and VBA Program Settings\Euro Add-in\Wizard Options]





























Utente Junior
Post: 61
Iscritto il: 29/12/05 18:22

Postdi Luke57 » 05/06/07 14:51

Ciao, hai il computer pieno di file infetti del trojan vundo, devo vederlo per intero però, il report non può entrare tutto in un post, devi inserirlo come hai fatto su easyshare premendo sfoglia, caricando il file con upload e incollare in un post il link fornito per poterlo vedere (il primo).
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi maxbale » 05/06/07 15:28

ciao luke spero di aver capito questo è il primo file URL fornitomi da easy-share...........[url]

Utente Junior
Post: 61
Iscritto il: 29/12/05 18:22

Postdi Luke57 » 05/06/07 17:06

Ciao, scarica avenger sul desktop
scompatta il
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | setup

Registry keys to delete:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winowl32
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE32AA4F-C90F-4EE1-A683-8F8B9F925BA8}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DEBEB52F-CFA6-4647-971F-3EDB75B63AFA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5225210-F293-40FE-BB2F-D5A3C7F13C47}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD0C6E0A-3105-4F24-A634-0D2F1F89F490}

Folders to delete:

Files to delete:

Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

Il programma rilascia un log con le operazioni eseguite.

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script.

Poi apri il registro di sistema (start>esegui>regedit>OK)

Ciccando sul segno + accanto alle singole voci segui questi percorsi
click sull’ultima voce ed elimini sulla parte destra
Click tasto dx
Lo stesso fai con le voci in neretto
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi maxbale » 05/06/07 18:10

ciao luke per ora sono riuscito a fare in parte quello che tu mi hai scritto ....ti posto il log di avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:


Script file located at: \??\C:\dbfsofba.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger


Beginning to process script file:

Folder C:\windows\temp deleted successfully.

File C:\WINDOWS\nnkklj.dll not found!
Deletion of file C:\WINDOWS\nnkklj.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\byyvvs.dll not found!
Deletion of file C:\WINDOWS\byyvvs.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\mlijkl.dll not found!
Deletion of file C:\WINDOWS\mlijkl.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\ljijkj.dll not found!
Deletion of file C:\WINDOWS\ljijkj.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\nnmjgg.dll not found!
Deletion of file C:\WINDOWS\nnmjgg.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\fcbyvt.dll not found!
Deletion of file C:\WINDOWS\fcbyvt.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\tvybcf.ini not found!
Deletion of file C:\WINDOWS\tvybcf.ini failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\utvwwa.ini not found!
Deletion of file C:\WINDOWS\utvwwa.ini failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\ceeeeg.ini not found!
Deletion of file C:\WINDOWS\ceeeeg.ini failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\jkmmoq.ini not found!
Deletion of file C:\WINDOWS\jkmmoq.ini failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\xwyybc.ini not found!
Deletion of file C:\WINDOWS\xwyybc.ini failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\urpono.dll not found!
Deletion of file C:\WINDOWS\urpono.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\onopru.ini not found!
Deletion of file C:\WINDOWS\onopru.ini failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\twaaay.ini not found!
Deletion of file C:\WINDOWS\twaaay.ini failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\mpopoq.ini not found!
Deletion of file C:\WINDOWS\mpopoq.ini failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\nnkklj.dll not found!
Deletion of file C:\WINDOWS\nnkklj.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\jlkknn.ini not found!
Deletion of file C:\WINDOWS\jlkknn.ini failed!

Could not process line:
Status: 0xc0000034

Error: C:\WINDOWS\system32\ is a folder, not a file!
Deletion of file C:\WINDOWS\system32\ failed!

Could not process line:
Status: 0xc00000ba

File C:\WINDOWS\system32\chcdec.dll not found!
Deletion of file C:\WINDOWS\system32\chcdec.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\tmp7.tmp.dll not found!
Deletion of file C:\WINDOWS\system32\tmp7.tmp.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\tmpC.tmp.dll not found!
Deletion of file C:\WINDOWS\system32\tmpC.tmp.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\winowl32.dll not found!
Deletion of file C:\WINDOWS\system32\winowl32.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\tmp2C.tmp.dll not found!
Deletion of file C:\WINDOWS\system32\tmp2C.tmp.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\rakvsnpc.dll not found!
Deletion of file C:\WINDOWS\system32\rakvsnpc.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\peldtbvm.exe not found!
Deletion of file C:\WINDOWS\system32\peldtbvm.exe failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\tmp35.tmp.dll not found!
Deletion of file C:\WINDOWS\system32\tmp35.tmp.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\tmp39.tmp.dll not found!
Deletion of file C:\WINDOWS\system32\tmp39.tmp.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\wwiuxtfr.dll not found!
Deletion of file C:\WINDOWS\system32\wwiuxtfr.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\tmp40.tmp.dll not found!
Deletion of file C:\WINDOWS\system32\tmp40.tmp.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\wtotxqjw.exe not found!
Deletion of file C:\WINDOWS\system32\wtotxqjw.exe failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\qdthjxsw.ini not found!
Deletion of file C:\WINDOWS\system32\qdthjxsw.ini failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\rgpnvolk.exe not found!
Deletion of file C:\WINDOWS\system32\rgpnvolk.exe failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\jbpmhdwc.dll not found!
Deletion of file C:\WINDOWS\system32\jbpmhdwc.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\vbpimsgd.exe not found!
Deletion of file C:\WINDOWS\system32\vbpimsgd.exe failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\ftnpmdwj.ini not found!
Deletion of file C:\WINDOWS\system32\ftnpmdwj.ini failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\acdkfgtc.dll not found!
Deletion of file C:\WINDOWS\system32\acdkfgtc.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\tmp5E.tmp.dll not found!
Deletion of file C:\WINDOWS\system32\tmp5E.tmp.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\ibwsxfhj.exe not found!
Deletion of file C:\WINDOWS\system32\ibwsxfhj.exe failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\tmp66.tmp.dll not found!
Deletion of file C:\WINDOWS\system32\tmp66.tmp.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\aaemkccm.exe not found!
Deletion of file C:\WINDOWS\system32\aaemkccm.exe failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\tmp7D.tmp.dll not found!
Deletion of file C:\WINDOWS\system32\tmp7D.tmp.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\vnuxtupj.exe not found!
Deletion of file C:\WINDOWS\system32\vnuxtupj.exe failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\rdgnabqo.exe not found!
Deletion of file C:\WINDOWS\system32\rdgnabqo.exe failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\tmp8C.tmp.dll not found!
Deletion of file C:\WINDOWS\system32\tmp8C.tmp.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\mcrh.tmp not found!
Deletion of file C:\WINDOWS\system32\mcrh.tmp failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\fuuvllpj.exe not found!
Deletion of file C:\WINDOWS\system32\fuuvllpj.exe failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\tmpB5.tmp.dll not found!
Deletion of file C:\WINDOWS\system32\tmpB5.tmp.dll failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\wotqivij.exe not found!
Deletion of file C:\WINDOWS\system32\wotqivij.exe failed!

Could not process line:
Status: 0xc0000034

File C:\WINDOWS\system32\tmp3.tmp.dll not found!
Deletion of file C:\WINDOWS\system32\tmp3.tmp.dll failed!

Could not process line:
Status: 0xc0000034

Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|setup
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|setup failed!
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winowl32 not found!
Deletion of registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winowl32 failed!
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE32AA4F-C90F-4EE1-A683-8F8B9F925BA8} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE32AA4F-C90F-4EE1-A683-8F8B9F925BA8} failed!
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} failed!
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5225210-F293-40FE-BB2F-D5A3C7F13C47} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5225210-F293-40FE-BB2F-D5A3C7F13C47} failed!
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD0C6E0A-3105-4F24-A634-0D2F1F89F490} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD0C6E0A-3105-4F24-A634-0D2F1F89F490} failed!
Status: 0xc0000034

Completed script processing.


Finished! Terminate.

poi sono andato nel registro di sistema ma non riesco a trovare quello che tu mi hai scritto nemmeno con trova l unica cosa che trova è questo:AE32AA4F-C90F-4EE1-A683-8F8B9F925BA8} e le cartelle iniziano tutte con:HKEY ......
grazie e scusami ancora per la mia ignoranza
Utente Junior
Post: 61
Iscritto il: 29/12/05 18:22

Postdi Luke57 » 06/06/07 17:36

Ciao, fai una nuova scansione con systemscan e posta il suo report con le medesime modalità.
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi maxbale » 06/06/07 21:40

ciao luke grazie al tuo prezioso aiuto penso di essere riuscito a fare qualcosa..... ora però ho acceso anche i due hard disk esterni e facendo un scan on line con bitdefender mi ha trovato questo e no riesco a capire se gli ha rimossi o no...............ti posto come mi hai chiesto anche il report di systemscan e anche questa volta e non so se è importante ho dovuto togliere il segno di spunta a HIDDEN OBIECTS perchè altrimenti il pc mi va in crash...........grazie grazie grazie

G:\System Volume Information\_restore{87BF420B-1FC2-4A36-9E61-3F8AC3A7329F}\RP350\A0076482.exe=>(RAR Sfx o)=>keygen.exe
Infected with: Trojan.Downloader.Small.BHH

G:\System Volume Information\_restore{87BF420B-1FC2-4A36-9E61-3F8AC3A7329F}\RP350\A0076482.exe=>(RAR Sfx o)=>keygen.exe
Infected with: Trojan.Downloader.Small.BHH

G:\System Volume Information\_restore{87BF420B-1FC2-4A36-9E61-3F8AC3A7329F}\RP350\A0076482.exe=>(RAR Sfx o)=>keygen.exe
Disinfection failed

G:\System Volume Information\_restore{87BF420B-1FC2-4A36-9E61-3F8AC3A7329F}\RP350\A0076482.exe=>(RAR Sfx o)=>keygen.exe
Disinfection failed

G:\System Volume Information\_restore{87BF420B-1FC2-4A36-9E61-3F8AC3A7329F}\RP350\A0076482.exe=>(RAR Sfx o)=>keygen.exe

G:\System Volume Information\_restore{87BF420B-1FC2-4A36-9E61-3F8AC3A7329F}\RP350\A0076482.exe=>(RAR Sfx o)=>keygen.exe

G:\System Volume Information\_restore{87BF420B-1FC2-4A36-9E61-3F8AC3A7329F}\RP350\A0076482.exe=>(RAR Sfx o)
Update failed

G:\System Volume Information\_restore{87BF420B-1FC2-4A36-9E61-3F8AC3A7329F}\RP350\A0076482.exe=>(RAR Sfx o)
Update failed

G:\System Volume Information\_restore{87BF420B-1FC2-4A36-9E61-3F8AC3A7329F}\RP350\A0076482.exe=>(RAR Sfx o)=>crack.exe
Infected with: Trojan.Peed.Gen

G:\System Volume Information\_restore{87BF420B-1FC2-4A36-9E61-3F8AC3A7329F}\RP350\A0076482.exe=>(RAR Sfx o)=>crack.exe
Infected with: Trojan.Peed.Gen

G:\System Volume Information\_restore{87BF420B-1FC2-4A36-9E61-3F8AC3A7329F}\RP350\A0076482.exe=>(RAR Sfx o)=>crack.exe
Disinfection failed

G:\System Volume Information\_restore{87BF420B-1FC2-4A36-9E61-3F8AC3A7329F}\RP350\A0076482.exe=>(RAR Sfx o)=>crack.exe
Disinfection failed

G:\System Volume Information\_restore{87BF420B-1FC2-4A36-9E61-3F8AC3A7329F}\RP350\A0076482.exe=>(RAR Sfx o)=>crack.exe

G:\System Volume Information\_restore{87BF420B-1FC2-4A36-9E61-3F8AC3A7329F}\RP350\A0076482.exe=>(RAR Sfx o)=>crack.exe

G:\System Volume Information\_restore{87BF420B-1FC2-4A36-9E61-3F8AC3A7329F}\RP350\A0076482.exe=>(RAR Sfx o)
Update failed

G:\System Volume Information\_restore{87BF420B-1FC2-4A36-9E61-3F8AC3A7329F}\RP350\A0076482.exe=>(RAR Sfx o)
Update failed

SystemScan - - ver. 3.1.1

Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS

Date: 06/06/2007
Time: 22.15.35

Output limited to:
-Recent files
-PC accounts
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Running Services
-Duplicates in BAK folders
-Device Driver Services
-Svchost.exe instances
-Network settings
-Include HOSTS file
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Suspicious Files
-Include hijackthis.log
-Installed Applications

===================== Accounts on this PC =====================

Users on this computer:
Is Admin? | Username
Yes | Administrator
| Guest (Disabled)
| HelpAssistant (Disabled)
Yes | Max
| SUPPORT_388945a0 (Disabled)

### users folders

16/06/2006 22.39.25 (DIR) 0 byte 355 days old -- Default User
21/06/2006 19.43.29 (DIR) 0 byte 350 days old -- All Users
29/01/2007 18.11.12 (DIR) 0 byte 128 days old -- NetworkService
29/01/2007 18.11.12 (DIR) 0 byte 128 days old -- LocalService
06/06/2007 22.01.19 (DIR) 0 byte 0 days old -- Max

===================== Recent files (60 days old)=====================

----- recent files in C:\
06/05/2007 15.25.25 (DIR) 0 byte 31 days old -- Temp
04/06/2007 16.37.39 (DIR) 0 byte 2 days old -- Documents and Settings
04/06/2007 16.44.20 (DIR) 0 byte 2 days old -- Config.Msi
04/06/2007 16.47.24 (DIR) 0 byte 2 days old -- Programmi
04/06/2007 18.56.50 (DIR) 0 byte 2 days old -- System Volume Information
05/06/2007 18.28.16 7042 byte 1 days old -- VundoFix.txt
05/06/2007 18.43.55 (DIR) 0 byte 1 days old -- Program Files
05/06/2007 18.44.37 12928 byte 1 days old -- avenger 2.txt
05/06/2007 18.51.06 22552 byte 1 days old -- avenger.txt
05/06/2007 18.51.26 22554 byte 1 days old -- avenger 3.txt
06/06/2007 14.32.47 (DIR) 0 byte 0 days old -- Media
06/06/2007 16.42.38 1570 byte 0 days old -- rapport.txt
06/06/2007 16.51.04 211 byte 0 days old -- boot.ini
06/06/2007 20.16.35 (DIR) 0 byte 0 days old -- VundoFix Backups
06/06/2007 20.16.46 (DIR) 0 byte 0 days old -- avenger
06/06/2007 22.14.17 1610612736 byte 0 days old -- pagefile.sys
06/06/2007 22.14.20 (DIR)1073074176 byte 0 days old -- hiberfil.sys
06/06/2007 22.14.43 (DIR) 0 byte 0 days old -- WINDOWS
06/06/2007 22.15.35 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
08/04/2007 15.36.23 (DIR) 0 byte 59 days old -- Fonts
08/04/2007 15.58.39 (DIR) 0 byte 59 days old -- Minidump
08/04/2007 16.36.40 771 byte 59 days old -- ULEAD32.INI
11/04/2007 15.30.20 (DIR) 0 byte 56 days old -- $NtUninstallKB932168$
11/04/2007 15.30.29 (DIR) 0 byte 56 days old -- $NtUninstallKB930178$
11/04/2007 15.30.34 (DIR) 0 byte 56 days old -- $NtUninstallKB931261$
11/04/2007 15.30.40 (DIR) 0 byte 56 days old -- $NtUninstallKB931784$
11/04/2007 16.00.48 (DIR) 0 byte 56 days old -- msagent
24/04/2007 17.46.53 (DIR) 0 byte 43 days old -- pss
09/05/2007 15.33.21 (DIR) 0 byte 28 days old -- $NtUninstallKB930916$
09/05/2007 15.33.41 (DIR) 0 byte 28 days old -- ie7updates
10/05/2007 19.14.39 (DIR) 0 byte 27 days old -- Debug
25/05/2007 20.42.41 (DIR) 0 byte 12 days old -- $hf_mig$
25/05/2007 20.42.44 (DIR) 0 byte 12 days old -- $NtUninstallKB927891$
03/06/2007 21.17.45 (DIR) 0 byte 3 days old -- Downloaded Program Files
04/06/2007 16.44.12 (DIR) 0 byte 2 days old -- Installer
04/06/2007 19.42.31 131168 byte 2 days old -- urrppp.dll
05/06/2007 15.15.51 1060810 byte 1 days old -- ppprru.ini
05/06/2007 15.19.39 143 byte 1 days old -- mcrh.tmp
06/06/2007 14.32.38 (DIR) 0 byte 0 days old -- Media
06/06/2007 14.34.14 317 byte 0 days old -- SBWIN.INI
06/06/2007 16.04.45 (DIR) 0 byte 0 days old -- Prefetch
06/06/2007 16.51.04 277 byte 0 days old -- system.ini
06/06/2007 16.51.04 507 byte 0 days old -- win.ini
06/06/2007 16.52.45 0 byte 0 days old -- Sti_Trace.log
06/06/2007 17.05.59 (DIR) 0 byte 0 days old -- inf
06/06/2007 17.06.09 (DIR) 0 byte 0 days old -- Help
06/06/2007 17.06.13 (DIR) 0 byte 0 days old -- SoftwareDistribution
06/06/2007 17.17.17 229 byte 0 days old -- NeroDigital.ini
06/06/2007 20.17.39 (DIR) 0 byte 0 days old -- BDOSCAN8
06/06/2007 22.14.17 (DIR) 0 byte 0 days old -- system32
06/06/2007 22.14.17 0 byte 0 days old -- MEMORY.DMP
06/06/2007 22.14.22 2048 byte 0 days old -- bootstat.dat
06/06/2007 22.14.23 (DIR) 0 byte 0 days old -- CSC
06/06/2007 22.14.25 740 byte 0 days old -- SchedLgU.Txt
06/06/2007 22.14.29 3206968 byte 0 days old -- {00000002-00000000-00000009-00001102-00000004-00521102}.CDF
06/06/2007 22.14.35 50 byte 0 days old -- wiaservc.log
06/06/2007 22.14.37 38829 byte 0 days old -- WindowsUpdate.log
06/06/2007 22.14.37 159 byte 0 days old -- wiadebug.log
06/06/2007 22.14.43 0 byte 0 days old -- 0.log
06/06/2007 22.14.52 (DIR) 0 byte 0 days old -- TEMP

----- recent files in C:\WINDOWS\Downloaded Program Files\

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
08/04/2007 15.54.04 258248 byte 59 days old -- FNTCACHE.DAT
09/04/2007 11.25.04 444928 byte 58 days old -- CTAPO32.dll
09/04/2007 11.25.26 45568 byte 58 days old -- ctppld.dll
09/04/2007 11.25.36 48400 byte 58 days old -- AddCat.exe
09/04/2007 12.19.02 48640 byte 58 days old -- devreg.dll
09/04/2007 12.19.18 5120 byte 58 days old -- enlocstr.exe
09/04/2007 12.19.44 274587 byte 58 days old -- ctsbas2w.dat
09/04/2007 12.22.04 50176 byte 58 days old -- ctedasio.dll
09/04/2007 12.22.04 205312 byte 58 days old -- ct_oal.dll
09/04/2007 12.24.30 46273 byte 58 days old -- ctdnlstr.dat
09/04/2007 12.29.28 934400 byte 58 days old -- CTxfispi.exe
09/04/2007 12.29.30 10752 byte 58 days old -- Ct20xspi.dll
09/04/2007 12.29.30 43520 byte 58 days old -- Ctxfireg.exe
09/04/2007 12.32.20 10240 byte 58 days old -- ctdcres.dll
09/04/2007 12.32.20 227840 byte 58 days old -- ctdc0000.dll
09/04/2007 12.32.22 335872 byte 58 days old -- ctdc0001.dll
09/04/2007 12.32.22 131072 byte 58 days old -- ctdcifce.dll
09/04/2007 12.32.22 78336 byte 58 days old -- ctscal.dll
09/04/2007 12.32.24 69632 byte 58 days old -- ctthxcal.dll
09/04/2007 12.32.24 9216 byte 58 days old -- ctpres.dll
09/04/2007 12.32.28 12800 byte 58 days old -- ctmmep.dll
09/04/2007 12.32.30 56832 byte 58 days old -- CTpcmcia.dll
09/04/2007 12.32.32 19968 byte 58 days old -- Ctxfihlp.exe
09/04/2007 12.32.32 37888 byte 58 days old -- psconv.exe
09/04/2007 12.32.34 46592 byte 58 days old -- CTxfiSpk.dll
09/04/2007 12.32.34 35840 byte 58 days old -- CTxfiBtn.dll
09/04/2007 12.32.36 38400 byte 58 days old -- readreg.exe
09/04/2007 12.33.36 86016 byte 58 days old -- ctcoinst.dll
09/04/2007 12.33.36 163328 byte 58 days old -- ctdvinst.dll
09/04/2007 12.33.38 11776 byte 58 days old -- inres.dll
09/04/2007 12.33.50 43520 byte 58 days old -- CTBurst.dll
09/04/2007 12.55.14 97785 byte 58 days old -- instwdm.ini
10/04/2007 06.11.58 8009 byte 57 days old -- CTAPO32.UDA
11/04/2007 21.33.20 83248 byte 56 days old -- SilSupp.cpl
12/04/2007 08.10.16 546048 byte 55 days old -- CTAUDFX.DLL
12/04/2007 08.10.18 168192 byte 55 days old -- CTEAPSFX.DLL
12/04/2007 08.10.20 280320 byte 55 days old -- CTEDSPFX.DLL
12/04/2007 08.10.20 94976 byte 55 days old -- CTERFXFX.DLL
12/04/2007 08.10.22 323328 byte 55 days old -- CTEDSPSY.DLL
12/04/2007 08.10.22 128768 byte 55 days old -- CTEDSPIO.DLL
12/04/2007 08.10.24 1317632 byte 55 days old -- CTEXFIFX.DLL
12/04/2007 08.10.26 66816 byte 55 days old -- CTHWIUT.DLL
12/04/2007 08.10.26 164608 byte 55 days old -- CT20XUT.DLL
12/04/2007 08.10.28 105728 byte 55 days old -- APOMgrH.dll
16/04/2007 22.45.12 38232 byte 51 days old -- wucltui.dll.mui
16/04/2007 22.45.20 53080 byte 51 days old -- wuauclt.exe
16/04/2007 22.45.20 43352 byte 51 days old -- wups2.dll
16/04/2007 22.45.28 92504 byte 51 days old -- cdm.dll
16/04/2007 22.45.36 203096 byte 51 days old -- wuweb.dll
16/04/2007 22.45.40 216408 byte 51 days old -- wuaucpl.cpl
16/04/2007 22.45.42 21336 byte 51 days old -- wuaueng.dll.mui
16/04/2007 22.45.42 325976 byte 51 days old -- wucltui.dll
16/04/2007 22.45.48 549720 byte 51 days old -- wuapi.dll
16/04/2007 22.45.54 1710936 byte 51 days old -- wuaueng.dll
16/04/2007 22.47.04 30040 byte 51 days old -- wuapi.dll.mui
16/04/2007 22.47.32 30040 byte 51 days old -- wuaucpl.cpl.mui
16/04/2007 22.47.36 33624 byte 51 days old -- wups.dll
18/04/2007 18.14.23 2854400 byte 49 days old -- msi.dll
27/04/2007 22.45.12 14970328 byte 40 days old -- MRT.exe
30/04/2007 17.35.28 95872 byte 37 days old -- AVASTSS.scr
30/04/2007 17.46.10 745600 byte 37 days old -- aswBoot.exe
01/05/2007 09.29.51 2934 byte 36 days old -- CONFIG.NT
03/06/2007 12.01.19 (DIR) 0 byte 3 days old -- appmgmt
04/06/2007 18.49.00 39124 byte 2 days old -- tmpC0.tmp.dll
04/06/2007 18.53.19 39124 byte 2 days old -- tmpCA.tmp.dll
04/06/2007 19.41.31 39124 byte 2 days old -- tmp4.tmp.dll
05/06/2007 15.31.12 13457536 byte 1 days old -- dn_crash.log
05/06/2007 18.29.15 39124 byte 1 days old -- tmp6.tmp.dll
05/06/2007 18.42.25 77 byte 1 days old -- chcdec.dns
06/06/2007 14.15.47 2228 byte 0 days old -- wpa.dbl
06/06/2007 14.19.47 (DIR) 0 byte 0 days old -- Data
06/06/2007 14.32.58 63016 byte 0 days old -- perfc009.dat
06/06/2007 14.32.58 1001600 byte 0 days old -- PerfStringBackup.INI
06/06/2007 14.32.59 402406 byte 0 days old -- perfh009.dat
06/06/2007 14.32.59 74926 byte 0 days old -- perfc010.dat
06/06/2007 14.32.59 448752 byte 0 days old -- perfh010.dat
06/06/2007 14.35.31 (DIR) 0 byte 0 days old -- drivers
06/06/2007 14.36.33 11564 byte 0 days old -- DVCState-{00000002-00000000-00000009-00001102-00000004-00521102}.rfx
06/06/2007 14.38.03 (DIR) 0 byte 0 days old -- Defaults
06/06/2007 16.42.23 1918 byte 0 days old -- tmp.reg
06/06/2007 16.42.23 0 byte 0 days old -- tmp.txt
06/06/2007 17.01.46 19104 byte 0 days old -- BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-00521102}.rfx
06/06/2007 17.01.46 19104 byte 0 days old -- BMXState-{00000002-00000000-00000009-00001102-00000004-00521102}.rfx
06/06/2007 17.01.46 23472 byte 0 days old -- BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-00521102}.rfx
06/06/2007 17.01.46 23472 byte 0 days old -- BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-00521102}.rfx
06/06/2007 17.01.46 1080 byte 0 days old -- settings.sfm
06/06/2007 17.01.46 1080 byte 0 days old -- settingsbkup.sfm
06/06/2007 17.01.46 24 byte 0 days old -- DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-00521102}.dat
06/06/2007 17.01.46 24 byte 0 days old -- DVCState-{00000002-00000000-00000009-00001102-00000004-00521102}.dat
06/06/2007 22.14.44 (DIR) 0 byte 0 days old -- CatRoot2
06/06/2007 22.14.50 (DIR) 0 byte 0 days old -- dllcache

----- recent files in C:\WINDOWS\system32\drivers\
10/04/2007 04.21.06 347128 byte 57 days old -- ctdvda2k.sys
10/04/2007 04.31.18 163112 byte 57 days old -- haP16v2k.sys
10/04/2007 04.32.06 189736 byte 57 days old -- haP17v2k.sys
10/04/2007 04.32.34 16168 byte 57 days old -- pfmodnt.sys
10/04/2007 06.03.12 1164072 byte 57 days old -- ha20x2k.sys
11/04/2007 21.32.48 110384 byte 56 days old -- SI3114r.sys
11/04/2007 21.32.52 17328 byte 56 days old -- SiWinAcc.sys
30/04/2007 17.37.23 26888 byte 37 days old -- aavmker4.sys
30/04/2007 17.38.51 43176 byte 37 days old -- aswTdi.sys
30/04/2007 17.39.41 23416 byte 37 days old -- aswRdr.sys
30/04/2007 17.41.42 94552 byte 37 days old -- aswmon2.sys
30/04/2007 17.41.55 85952 byte 37 days old -- aswmon.sys
03/06/2007 19.37.14 1400 byte 3 days old -- fwdrv.err
06/06/2007 16.32.15 (DIR) 0 byte 0 days old -- etc

----- recent files in C:\WINDOWS\temp\
06/06/2007 17.03.14 16384 byte 0 days old -- Perflib_Perfdata_674.dat
06/06/2007 22.14.25 (DIR) 0 byte 0 days old -- _avast4_
06/06/2007 22.14.26 16384 byte 0 days old -- Perflib_Perfdata_678.dat

----- recent files in C:\Programmi\
08/04/2007 15.36.21 (DIR) 0 byte 59 days old -- Ulead Systems
09/05/2007 15.33.47 (DIR) 0 byte 28 days old -- Internet Explorer
03/06/2007 09.53.25 (DIR) 0 byte 3 days old -- Spybot - Search & Destroy
03/06/2007 10.14.29 (DIR) 0 byte 3 days old -- Windows Media Connect 2
06/06/2007 14.32.49 (DIR) 0 byte 0 days old -- Creative
06/06/2007 14.35.52 (DIR) 0 byte 0 days old -- InstallShield Installation Information
06/06/2007 21.18.42 (DIR) 0 byte 0 days old -- eMule

----- recent files in C:\Programmi\File comuni\

===================== Duplicates in BAK folders =====================

No BAK folders found

===================== REGISTRY SCAN =====================


"WebCam Go Sti Service Application"="wbcgosvc"
"CloneCDTray"="\"C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe\" /s"
"CTStartup"="C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run\00\00\00\00\00\00\00hö\12\00å‚Ýs\14÷\12\00”\Àwˆ ¾wÿÿÿÿÎÿwçÿw4\00\00\00°ö\12\00.Ä¿w4\00\00\00\00\00\00\004\00\00\00TAÔs4\00\00\00à\00\01\00l:2\00ü„9~¤…9~à\00\01\00\01\00\00\00\„Ç\00\„Ç\00ôþ\12\00\14÷\12\00U·9~…·9~\„Ç\00\„Ç\00ôþ\12\00Xú`\00ìö\12\00ŒC@\00\„Ç\00\„Ç\00\09ðÙsà\00\01\00\„Ç\00»\11Ôs\„Ç\00P:2\00A\10ÔsP:2\00ŒC@\00xþ\12\00`|Áw\„Ç\00â\13@"






"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe\""






-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----



#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"


#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""


"@="Senza fili"

"@="Folder Redirection"

"@="Quota disco Microsoft"

"@="Utilità di pianificazione pacchetti QoS"


"@="Internet Explorer Zonemapping"


"@="Internet Explorer Branding"

"@="EFS recovery"

"@="Microsoft Offline Files"

"@="Installazione software"

"@="Protezione IP"
















-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"


"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----










"CTStartup"="\"C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE\" /play\00\00\00\00hö\12\00å‚Ýs\14÷\12\00”\Àwˆ ¾wÿÿÿÿÎÿwçÿw4\00\00\00°ö\12\00.Ä¿w4\00\00\00\00\00\00\004\00\00\00TAÔs4\00\00\00à\00\01\00l:2\00ü„9~¤…9~à\00\01\00\01\00\00\00\„Ç\00\„Ç\00ôþ\12\00\14÷\12\00U·9~…·9~\„Ç\00\„Ç\00ôþ\12\00Xú`\00ìö\12\00ŒC@\00\„Ç\00\„Ç\00\09ðÙsà\00\01\00\„Ç\00»\11Ôs\„Ç\00P:2\00A\10ÔsP:2\00ŒC@\00xþ\12\00`|Áw\„Ç\00â\13@"



-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----


-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----




-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----


"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\Browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\Browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
#### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"

[Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----


[startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Acrobat Speed Launcher.lnk]
"path"="C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Acrobat Speed Launcher.lnk"
"backup"="C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe "
"item"="Adobe Acrobat Speed Launcher"

[startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^EPSON Status Monitor 3 Environment Check.lnk]
"path"="C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\EPSON Status Monitor 3 Environment Check.lnk"
"backup"="C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE "
"item"="EPSON Status Monitor 3 Environment Check"

[startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Ulead Photo Express SE Calendar Checker.lnk]
"path"="C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Ulead Photo Express SE Calendar Checker.lnk"
"backup"="C:\WINDOWS\pss\Ulead Photo Express SE Calendar Checker.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\ULEADS~1\ULEADP~1.0SE\CalCheck.exe "
"item"="Ulead Photo Express SE Calendar Checker"

-----HKCU\Control Panel\Desktop\-----




@="\"%1\" %*"


@="\"%1\" %*"


@="\"%1\" %*"


@="\"%1\" %*"


@="\"%1\" /S"


@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"







"Authentication Packages"=multi:"msv1_0\00\00"
"Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
"Notification Packages"=multi:"scecli\00\00"

"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]















"Comment"="Digest SSPI Authentication Package"

"Comment"="DPA Security Package"

"Comment"="MSN Security Package"


"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"






"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programmi\MSN Messenger\livecall.exe"="C:\Programmi\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"






"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programmi\MSN Messenger\livecall.exe"="C:\Programmi\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Programmi\NetMeeting\conf.exe"="C:\Programmi\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"






-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----








-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----




-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

[VB and VBA Program Settings]

[VB and VBA Program Settings\CCleaner]

[VB and VBA Program Settings\CCleaner\Options]

[VB and VBA Program Settings\Euro Add-in]

[VB and VBA Program Settings\Euro Add-in\Wizard Options]











































"_LabelFromReg"="Disco esterno"




@="U.S.Robotics Installation CD"












-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----



"Text"="Send IDN server names"

"Text"="Show Information bar for encoded addresses"

"Text"="Send IDN server names for Intranet addresses"

"Text"="Always show encoded addresses"

"Text"="Use UTF-8 for mailto links"

"Text"="Send UTF-8 URLs"

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @
Utente Junior
Post: 61
Iscritto il: 29/12/05 18:22

Postdi maxbale » 06/06/07 22:06

scusa luke mi sono dimenticato di aggiungere che con HijackThis ci sono due punti interrogativi su
C:\DOCUME~1\Max\IMPOST~1\Temp\nsx2.tmp\runme.exe Fuzzy Algorithmcheck (3.1 / 5.00), Neutral

e su

Fuzzy Algorithmcheck (3.08 / 5.00), Neutral

puoi dirmi se sono cose tranquille o se le devo fixarle

ciao e grazie
Utente Junior
Post: 61
Iscritto il: 29/12/05 18:22

Postdi Luke57 » 07/06/07 07:13

Ciao, il report di systemscan va inserito, come il precedent, nel sito di easyshare, non entra in un post.
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi maxbale » 07/06/07 14:50

ciao luke questo è il file url :

ti volevo chiedere se posso riattivare il ripristino di configurazione del sistema che avevo in precedenza disattivato grazie
Utente Junior
Post: 61
Iscritto il: 29/12/05 18:22

Postdi Luke57 » 07/06/07 15:45

Ciao, sembra che vada bene, semmai elimina tutti i file temporanei scaricando un programma apposti come ccleaner da qui:

Puoi riattivare il ripristino.
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi maxbale » 07/06/07 15:59

Ciao luke allora posso stare tranquillo anche per quanto riguarda quel log di HijackThis C:\DOCUME~1\Max\IMPOST~1\Temp\nsx2.tmp\runme.exe Fuzzy Algorithmcheck (3.1 / 5.00), Neutral ho cercato di capirci qualcosa e quando ho visto questo pensavo che non fosse finita.................comunque grazie mille per la tua disponibilità competenza gentilezza e pazienza spero un giorno chissa magari di poterti conoscere e imparare qualcosa
Utente Junior
Post: 61
Iscritto il: 29/12/05 18:22

Postdi Luke57 » 07/06/07 16:42

maxbale ha scritto:Ciao luke allora posso stare tranquillo anche per quanto riguarda quel log di HijackThis C:\DOCUME~1\Max\IMPOST~1\Temp\nsx2.tmp\runme.exe Fuzzy Algorithmcheck (3.1 / 5.00), Neutral ho cercato di capirci qualcosa e quando ho visto questo pensavo che non fosse finita.................comunque grazie mille per la tua disponibilità competenza gentilezza e pazienza spero un giorno chissa magari di poterti conoscere e imparare qualcosa

Ciao, penso che sia riferito a systemscan.
Post: 6413
Iscritto il: 11/08/05 19:10

Torna a Sicurezza e Privacy

Topic correlati a "aiuto virus Win32:VBStat-C":

aiuto windows 10
Autore: mod360
Forum: Software Windows
Risposte: 1
aiuto installazione
Autore: mod360
Forum: Software Windows
Risposte: 3

Chi c’è in linea

Visitano il forum: Nessuno e 62 ospiti