secure-and-protect.xorg.pl and other sites open time by time...

View previous topic View next topic Go down

secure-and-protect.xorg.pl and other sites open time by time...

Post by Paprika on Thu Apr 08, 2010 11:48 am

Hi, I've got this problem and I can't fix it alone...I've tryed a bunch of programs....avg, kaspersky, combofix, ad-aware, spybot, dr.web, malwarebyte's antimalware... nothing...

The problem is...when I'm surfing with Opera (latest stable version), sometimes a sites pop-up, like this secure-and-protect.xorg.pl, but others too...(http://chatplanet.com/search.php is another one...)... Plus, Chrome open only blank pages... plus, I've tryed to restore a old point from windows but it hangup in the process :/ ...and last but not lesat, I can't run some updates from windows updates!

When I try to install the last security upgrade for sql, something called "hotfix whatever" crashes, and the upgrade are not done.... I've got various error messages from this, like "Windo wsUpd ate _C000 000 5" <-- (I've added some spaces between because otherwise I've got the connection closed error!!!!) error, but when I put "Wind owsUp date_C0 00 0 0 05" into google, it don't even try to search, it says that the remote connection as closed... (wtf??!?)

Other searches or programs works fine...but I'm pretty frustated by this...cuz I can't even make use of the restore points... hope someone can help me, otherwise I've to format all :/

This is my ijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.42.46, on 08/04/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\DAODx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\eMule-0.47a-sivka-v17b1-alpha-bin\emule.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Opera10.51\opera.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Translate this web page with Babylon - [You must be registered and logged in to see this link.] Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - [You must be registered and logged in to see this link.] Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - [You must be registered and logged in to see this link.]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - [You must be registered and logged in to see this link.]
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll,avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - H:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - [You must be registered and logged in to see this link.] - C:\Windows\system32\libusbd-nt.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Senstic Pocket Service (SensticPocketService) - Senstic - C:\Program Files\Senstic\PocketControl\SensticPocketServiceWin.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 10618 bytes


Last edited by Paprika on Thu Apr 08, 2010 12:54 pm; edited 5 times in total (Reason for editing : I've edited only because I've got a bunch of "connection error" problems because I've writed that windows update error in the description...I've managed it adding some spaces...the real name of the problem is withouth spaces between of cou)

Paprika
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-04-08
OS : Windows 7

View user profile

Back to top Go down

Re: secure-and-protect.xorg.pl and other sites open time by time...

Post by Dr Jay on Thu Apr 08, 2010 7:34 pm

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: secure-and-protect.xorg.pl and other sites open time by time...

Post by Paprika on Fri Apr 09, 2010 9:37 am

Hi again, this is the combofix log:

ComboFix 10-04-08.02 - Kenshin 09/04/2010 11.25.57.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.3327.2213 [GMT 2:00]
Eseguito da: c:\users\Kenshin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Creati Da 2010-03-09 al 2010-04-09 )))))))))))))))))))))))))))))))))))
.

2010-04-09 09:34 . 2010-04-09 09:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-09 09:34 . 2010-04-09 09:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-07 07:45 . 2010-04-09 06:35 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-07 07:44 . 2010-04-07 07:44 -------- d-----w- c:\programdata\avg9
2010-04-07 07:32 . 2010-04-07 07:33 -------- d-----w- c:\program files\ERUNT
2010-04-06 21:37 . 2010-04-06 21:37 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-04-06 21:37 . 2010-04-06 21:38 -------- d-----w- c:\program files\Hamachi
2010-04-06 21:35 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-04-06 18:24 . 2010-04-06 19:07 200432 ----a-w- c:\windows\system32\drivers\dwshd.sys
2010-04-06 18:19 . 2010-04-06 18:19 -------- d-----w- c:\users\Kenshin\DoctorWeb
2010-04-06 18:09 . 2010-04-09 09:34 -------- d-----w- c:\users\Kenshin\AppData\Local\temp
2010-04-06 18:02 . 2010-04-06 18:02 21584 ----a-w- c:\windows\system32\drivers\dynswbvj.sys
2010-04-06 15:25 . 2010-04-06 15:25 21584 ----a-w- c:\windows\system32\drivers\hoeszswp.sys
2010-04-06 13:08 . 2010-04-06 13:08 -------- d-----w- c:\program files\ESET
2010-04-06 11:45 . 2010-04-06 11:45 21584 ----a-w- c:\windows\system32\drivers\hflqrrmu.sys
2010-04-06 11:44 . 2010-04-06 11:44 21584 ----a-w- c:\windows\system32\drivers\nwxsgqme.sys
2010-04-06 11:14 . 2010-04-06 11:14 21584 ----a-w- c:\windows\system32\drivers\rtqkxnkw.sys
2010-04-06 11:07 . 2009-12-08 11:40 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-06 11:07 . 2009-12-08 11:40 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-06 11:07 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-04-06 11:05 . 2010-02-24 08:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-06 10:53 . 2010-04-06 10:53 -------- d-----w- c:\program files\Trend Micro
2010-04-05 21:23 . 2010-04-05 21:23 -------- d-----w- c:\users\Kenshin\AppData\Roaming\Malwarebytes
2010-04-05 21:23 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-05 21:23 . 2010-04-05 21:23 -------- d-----w- c:\programdata\Malwarebytes
2010-04-05 21:23 . 2010-04-05 21:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-05 21:23 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-02 18:46 . 2010-04-09 09:20 -------- d-----w- c:\users\Kenshin\AppData\Roaming\Skype
2010-04-02 18:46 . 2010-04-02 18:46 -------- d-----w- c:\program files\Common Files\Skype
2010-04-02 18:46 . 2010-04-02 18:46 -------- d-----r- c:\program files\Skype
2010-03-30 09:57 . 2010-03-30 10:00 -------- d-----w- c:\program files\Windows Live Safety Center
2010-03-29 22:26 . 2010-03-30 05:29 -------- d-----w- c:\programdata\Kaspersky Lab
2010-03-29 09:57 . 2010-04-09 09:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-29 09:57 . 2010-04-09 09:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-27 19:15 . 2010-03-27 19:15 -------- d-----w- c:\program files\Smart PC Solutions
2010-03-23 06:28 . 2010-03-23 06:28 -------- d-----w- c:\program files\Opera10.51
2010-03-22 18:51 . 2010-03-22 18:51 -------- d-----w- c:\users\Kenshin\AppData\Local\Senstic
2010-03-22 18:46 . 2010-03-22 18:46 -------- d-----w- c:\program files\Senstic
2010-03-18 12:47 . 2010-03-18 12:47 -------- d-----w- c:\users\Kenshin\AppData\Local\Google Translator
2010-03-15 21:52 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-03-15 21:52 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-03-15 21:52 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-03-15 21:52 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-03-15 21:52 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-03-15 21:52 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-15 21:52 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-15 21:52 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-15 21:52 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-15 21:52 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-11 22:49 . 2010-03-11 23:43 -------- d-----w- c:\users\Kenshin\AppData\Roaming\VMware
2010-03-11 19:38 . 2009-10-21 23:13 51248 ----a-w- c:\windows\system32\vmnetbridge.dll
2010-03-11 19:38 . 2010-03-12 07:11 -------- d-----w- c:\programdata\VMware
2010-03-11 17:50 . 2010-03-11 17:50 -------- d-----w- c:\program files\ElcomSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 09:34 . 2009-10-16 17:07 -------- d-----w- c:\users\Kenshin\AppData\Roaming\Hamachi
2010-04-09 09:25 . 2009-07-27 20:14 875162 ----a-w- c:\windows\system32\perfh010.dat
2010-04-09 09:25 . 2009-07-27 20:14 188866 ----a-w- c:\windows\system32\perfc010.dat
2010-04-09 09:21 . 2008-07-12 15:47 -------- d-----w- c:\programdata\NVIDIA
2010-04-09 09:19 . 2010-04-07 12:46 -------- d-----w- c:\programdata\Lavasoft
2010-04-09 06:01 . 2008-07-12 16:55 -------- d-----w- c:\users\Kenshin\AppData\Roaming\skypePM
2010-04-08 14:39 . 2008-07-12 16:55 -------- d-----w- c:\users\Kenshin\AppData\Roaming\uTorrent
2010-04-08 06:29 . 2010-04-08 06:29 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-04-08 06:29 . 2010-04-08 06:29 333192 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-04-08 06:29 . 2010-04-08 06:29 28424 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-04-08 06:29 . 2010-04-07 07:45 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-08 06:29 . 2010-04-08 06:29 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-08 06:29 . 2010-04-07 07:45 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-08 06:29 . 2010-04-07 07:45 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-07 13:22 . 2010-03-04 20:28 -------- d-----w- c:\program files\TeamViewer
2010-04-07 13:18 . 2009-02-23 10:23 -------- d-----w- c:\users\Kenshin\AppData\Roaming\IGN_DLM
2010-04-07 13:17 . 2009-10-13 22:47 -------- d-----w- c:\program files\AIMP2
2010-04-07 12:51 . 2010-04-07 12:51 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-07 07:44 . 2010-04-08 06:28 800536 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-04-07 07:44 . 2010-04-08 06:28 613656 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-04-07 07:44 . 2010-04-08 06:28 1658136 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-07 07:44 . 2010-04-08 06:28 1007896 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-04-06 14:01 . 2009-04-26 17:13 -------- d-----w- c:\program files\mkv2vob
2010-04-06 13:43 . 2008-09-16 18:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-06 11:36 . 2008-07-12 17:04 -------- d-----w- c:\programdata\Microsoft Help
2010-04-05 19:37 . 2009-11-30 13:12 -------- d-----w- c:\program files\Steam
2010-04-04 19:23 . 2009-02-25 18:56 -------- d-----w- c:\programdata\CanonIJPLM
2010-04-03 16:39 . 2010-01-24 15:50 -------- d-----w- c:\program files\EASEUS
2010-04-02 18:46 . 2008-07-25 14:53 -------- d-----w- c:\programdata\Skype
2010-04-02 18:37 . 2008-09-10 18:24 -------- d-----w- c:\program files\uTorrent
2010-03-29 22:15 . 2009-11-05 01:24 -------- d-----w- c:\programdata\Media Center Programs
2010-03-29 22:14 . 2009-12-25 10:43 -------- d-----w- c:\program files\Common Files\BioWare
2010-03-29 11:30 . 2009-11-30 13:40 -------- d-----w- c:\program files\Garena
2010-03-29 01:47 . 2010-03-28 19:32 112 ----a-w- c:\programdata\b0XH4W.dat
2010-03-28 14:48 . 2008-07-20 16:06 -------- d-----w- c:\users\Kenshin\AppData\Roaming\DNA
2010-03-26 13:17 . 2008-12-16 23:18 -------- d-----w- c:\users\Kenshin\AppData\Roaming\dvdcss
2010-03-22 21:24 . 2009-02-08 09:20 -------- d-----w- c:\program files\Softoria Capture
2010-03-22 19:39 . 2008-07-12 15:53 -------- d-----w- c:\program files\Opera
2010-03-22 18:48 . 2008-07-12 17:53 -------- d-----w- c:\program files\Bonjour
2010-03-17 19:17 . 2008-07-12 17:29 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-16 18:33 . 2008-07-20 16:06 -------- d-----w- c:\program files\DNA
2010-03-16 18:03 . 2008-08-30 18:38 -------- d-----w- c:\program files\BurnAware Free
2010-03-13 15:51 . 2008-07-12 17:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-09 20:55 . 2010-03-09 20:55 -------- d--h--w- c:\programdata\CanonIJEGV
2010-03-04 20:28 . 2010-03-04 20:28 -------- d-----w- c:\users\Kenshin\AppData\Roaming\TeamViewer
2010-03-04 18:08 . 2009-11-30 13:12 -------- d-----w- c:\program files\Common Files\Steam
2010-03-03 12:39 . 2010-03-03 12:39 28744 ----a-w- c:\windows\system32\drivers\camsource.sys
2010-03-02 20:57 . 2010-03-02 20:57 31304 ----a-w- c:\windows\system32\drivers\senaudio.sys
2010-03-02 16:14 . 2010-03-02 16:14 3948600 ----a-w- c:\windows\system32\ntkr128g.exe
2010-03-01 19:14 . 2010-03-01 19:14 -------- d-----w- c:\program files\softnyx
2010-03-01 13:25 . 2010-03-01 13:25 -------- d-----w- c:\program files\Mozilla Sunbird
2010-02-24 22:53 . 2009-02-20 21:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-21 21:02 . 2010-02-21 21:02 -------- d-----w- c:\users\Kenshin\AppData\Roaming\HandBrake
2010-02-21 21:02 . 2008-10-30 14:00 -------- d-----w- c:\program files\Handbrake
2010-02-19 12:16 . 2010-02-19 12:16 -------- d-----w- c:\users\Kenshin\AppData\Roaming\Dragon Age Toolset
2010-02-19 11:51 . 2010-02-04 13:10 -------- d-----w- c:\program files\Microsoft SQL Server
2010-02-17 17:33 . 2010-02-17 17:33 -------- d-----w- c:\programdata\ATI
2010-02-17 17:30 . 2010-02-17 17:30 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-02-17 17:30 . 2009-11-09 18:26 -------- d-----w- c:\program files\ATI
2010-02-17 17:29 . 2009-11-09 18:26 -------- d-----w- c:\program files\ATI Technologies
2010-02-17 17:27 . 2010-02-17 17:27 10134 ----a-r- c:\users\Kenshin\AppData\Roaming\Microsoft\Installer\{590B3F7B-C516-B2A0-0F9A-085FBD1D4432}\ARPPRODUCTICON.exe
2010-02-17 13:29 . 2010-02-17 13:29 3206928 ----a-w- c:\programdata\Electronic Arts Inc\CNC4BetaPatch\LauncherUpdate_R15b.exe
2010-02-14 12:24 . 2010-02-13 18:35 -------- d-----w- c:\users\Kenshin\AppData\Roaming\Bioshock2
2010-02-13 18:28 . 2010-02-13 18:28 -------- d-sh--w- c:\programdata\SecuROM
2010-02-11 07:10 . 2010-04-07 16:22 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-08 12:47 . 2008-11-02 10:02 -------- d-----w- c:\users\Kenshin\AppData\Roaming\Red Alert 3
2010-02-03 19:28 . 2009-07-28 05:58 119296 ----a-w- c:\users\Kenshin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-03 13:52 . 2010-02-03 13:52 0 ----a-w- c:\windows\system32\Access.dat
2010-02-02 07:45 . 2010-02-24 22:43 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-24 22:12 . 2010-01-24 22:12 89854 ----a-w- c:\users\Kenshin\AppData\Roaming\Dropbox\bin\Uninstall.exe
2010-01-24 11:28 . 2010-01-24 11:28 485136 ----a-w- c:\programdata\Electronic Arts Inc\CNC4BetaPatch\LauncherUpdate.exe
2010-01-18 23:29 . 2010-02-24 22:43 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-24 22:43 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-24 22:43 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-24 22:43 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-24 22:43 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-24 22:43 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-24 22:43 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-24 22:43 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
Code:
<pre>
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
</pre>

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-07 12:46 . 2010-04-07 12:46 80896 c:\windows\winsxs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e\mfcm90ud.dll
+ 2010-04-07 12:46 . 2010-04-07 12:46 80896 c:\windows\winsxs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e\mfcm90d.dll
+ 2010-04-06 21:35 . 2010-02-23 07:30 64512 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.20651_none_17849b97cc20729c\msfeedsbs.dll
+ 2010-04-06 21:35 . 2010-02-23 07:55 64512 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.16535_none_17149fccb2ef004c\msfeedsbs.dll
+ 2009-07-29 08:45 . 2010-04-09 09:23 53736 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-04-09 09:23 48184 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-29 08:32 . 2010-04-09 09:23 12016 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-644325024-625319449-4238132867-1000_UserData.bin
- 2010-02-24 22:43 . 2009-12-19 09:02 64512 c:\windows\System32\msfeedsbs.dll
+ 2010-04-06 21:35 . 2010-02-23 07:55 64512 c:\windows\System32\msfeedsbs.dll
+ 2009-10-11 21:19 . 2010-04-06 19:07 67584 c:\windows\System32\LogFiles\Srt\bootstat.dat
- 2009-10-11 21:19 . 2009-09-21 06:57 67584 c:\windows\System32\LogFiles\Srt\bootstat.dat
- 2009-07-13 23:11 . 2009-07-14 01:26 21584 c:\windows\System32\drivers\atapi.sys
+ 2009-07-13 23:11 . 2009-07-14 01:26 21584 c:\windows\System32\drivers\atapi.sys
+ 2009-07-27 23:44 . 2010-04-09 09:21 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-28 09:19 . 2010-04-06 07:25 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2010-03-28 09:19 . 2010-04-08 13:23 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2010-04-07 07:27 . 2010-04-07 07:27 86076 c:\windows\System32\config\systemprofile\AppData\Roaming\Adobe\Acrobat\8.0\UserCache.bin
- 2009-07-14 04:41 . 2010-04-06 11:54 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-04-09 09:21 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-11 14:03 . 2010-04-09 09:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-11 14:03 . 2009-09-11 14:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2010-04-08 16:47 64896 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-09-11 14:03 . 2010-04-09 09:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-11 14:03 . 2009-09-11 14:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-11 14:03 . 2010-04-09 09:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-11 14:03 . 2009-09-11 14:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-28 00:45 . 2010-04-09 09:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-28 00:45 . 2010-04-06 17:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-02 21:09 . 2010-04-07 16:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-02 21:09 . 2010-04-03 22:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-02 21:09 . 2010-04-07 16:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-04-02 21:09 . 2010-04-03 22:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-04-02 21:09 . 2010-04-03 22:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-04-02 21:09 . 2010-04-07 16:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-07-28 00:45 . 2010-04-09 09:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-28 00:45 . 2010-04-06 17:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-28 00:45 . 2010-04-09 09:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-28 00:45 . 2010-04-06 17:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-05 14:08 . 2010-04-07 16:17 2730 c:\windows\System32\wdi\ERCQueuedResolutions.dat
- 2010-04-06 11:54 . 2010-04-06 11:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-04-09 09:21 . 2010-04-09 09:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-04-06 11:54 . 2010-04-06 11:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-09 09:21 . 2010-04-09 09:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-06 21:35 . 2010-02-23 07:30 163328 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.7600.20651_none_ab6590ed3bef0b3c\ieproxy.dll
+ 2010-04-06 21:35 . 2010-02-23 07:55 163328 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.7600.16535_none_aaf5952222bd98ec\ieproxy.dll
+ 2010-04-06 21:35 . 2010-02-23 07:30 381440 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.7600.20651_none_8f87190748dba184\iedkcs32.dll
+ 2010-04-06 21:35 . 2010-02-23 07:55 381440 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.7600.16535_none_8f171d3c2faa2f34\iedkcs32.dll
+ 2010-04-06 21:35 . 2010-02-23 07:30 980480 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20651_none_1d1fa00b933180bd\wininet.dll
+ 2010-04-06 21:35 . 2010-02-23 07:56 977920 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16535_none_1cafa4407a000e6d\wininet.dll
+ 2010-04-06 21:35 . 2010-02-23 07:30 606208 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.7600.20651_none_fbfc53326dd11999\mstime.dll
+ 2010-04-06 21:35 . 2010-02-23 07:55 606208 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.7600.16535_none_fb8c5767549fa749\mstime.dll
+ 2010-04-07 16:22 . 2010-02-11 06:53 293376 c:\windows\winsxs\x86_microsoft-windows-browserballot_31bf3856ad364e35_6.1.7600.20641_none_62973696e76475c9\browserchoice.exe
+ 2010-04-07 16:22 . 2010-02-11 07:10 293376 c:\windows\winsxs\x86_microsoft-windows-browserballot_31bf3856ad364e35_6.1.7600.16526_none_62283b15ce321cd0\browserchoice.exe
+ 2009-07-14 02:05 . 2010-04-09 09:25 776114 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-04-09 09:25 163458 c:\windows\System32\perfc009.dat
+ 2010-04-06 21:35 . 2010-02-23 07:55 606208 c:\windows\System32\mstime.dll
- 2009-07-13 23:43 . 2009-07-14 01:15 606208 c:\windows\System32\mstime.dll
- 2010-02-24 22:43 . 2010-01-11 07:12 381440 c:\windows\System32\iedkcs32.dll
+ 2010-04-06 21:35 . 2010-02-23 07:55 381440 c:\windows\System32\iedkcs32.dll
- 2010-03-01 19:12 . 2010-04-06 11:54 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-01 19:12 . 2010-04-09 09:21 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-27 23:44 . 2010-04-09 09:21 475136 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-27 23:44 . 2010-04-06 11:54 475136 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-31 19:35 . 2008-08-31 19:35 240128 c:\windows\Installer\1186a09.msi
+ 2010-04-09 09:21 . 2005-10-20 10:02 163328 c:\windows\ERDNT\AutoBackup\09-04-2010\ERDNT.EXE
+ 2010-04-08 07:05 . 2005-10-20 10:02 163328 c:\windows\ERDNT\AutoBackup\08-04-2010\ERDNT.EXE
+ 2010-04-07 07:40 . 2005-10-20 10:02 163328 c:\windows\ERDNT\AutoBackup\07-04-2010\ERDNT.EXE
+ 2010-04-07 07:34 . 2005-10-20 10:02 163328 c:\windows\ERDNT\07-04-2010\ERDNT.EXE
+ 2010-04-07 12:46 . 2010-04-07 12:46 5982720 c:\windows\winsxs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e\mfc90ud.dll
+ 2010-04-07 12:46 . 2010-04-07 12:46 5937144 c:\windows\winsxs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e\mfc90d.dll
+ 2010-04-06 21:35 . 2010-02-23 07:30 5966336 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20651_none_2e79bf2a1387e9f3\mshtml.dll
+ 2010-04-06 21:35 . 2010-02-23 07:55 5964800 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16535_none_2e09c35efa5677a3\mshtml.dll
+ 2010-04-06 21:35 . 2010-02-23 07:30 1225728 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.7600.20651_none_d019c469c8285a2a\urlmon.dll
+ 2010-04-06 21:35 . 2010-02-23 07:55 1225216 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.7600.16535_none_cfa9c89eaef6e7da\urlmon.dll
+ 2010-04-06 21:35 . 2010-02-23 07:55 1225216 c:\windows\System32\urlmon.dll
- 2009-07-14 02:03 . 2010-04-06 12:08 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:03 . 2010-04-09 09:34 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2010-04-06 21:35 . 2010-02-23 07:55 5964800 c:\windows\System32\mshtml.dll
- 2009-07-14 04:34 . 2010-04-06 11:41 4517877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:34 . 2010-04-07 17:50 4517877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-04-09 09:21 . 2010-04-09 09:21 6111232 c:\windows\ERDNT\AutoBackup\09-04-2010\Users\00000002\UsrClass.dat
+ 2010-04-09 09:21 . 2010-04-09 09:21 9732096 c:\windows\ERDNT\AutoBackup\09-04-2010\Users\00000001\ntuser.dat
+ 2010-04-08 07:05 . 2010-04-08 07:05 6111232 c:\windows\ERDNT\AutoBackup\08-04-2010\Users\00000002\UsrClass.dat
+ 2010-04-08 07:05 . 2010-04-08 07:05 9732096 c:\windows\ERDNT\AutoBackup\08-04-2010\Users\00000001\ntuser.dat
+ 2010-04-07 07:40 . 2010-04-07 07:40 6111232 c:\windows\ERDNT\AutoBackup\07-04-2010\Users\00000002\UsrClass.dat
+ 2010-04-07 07:40 . 2010-04-07 07:40 9732096 c:\windows\ERDNT\AutoBackup\07-04-2010\Users\00000001\ntuser.dat
+ 2010-04-07 07:34 . 2010-04-07 07:34 6111232 c:\windows\ERDNT\07-04-2010\Users\00000002\UsrClass.dat
+ 2010-04-07 07:34 . 2010-04-07 07:34 9732096 c:\windows\ERDNT\07-04-2010\Users\00000001\ntuser.dat
+ 2010-04-06 21:35 . 2010-02-23 07:30 10979840 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.20651_none_7fd9192d9f7d7820\ieframe.dll
+ 2010-04-06 21:35 . 2010-02-23 07:55 10978816 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.16535_none_7f691d62864c05d0\ieframe.dll
+ 2009-07-14 07:18 . 2010-04-07 16:22 73026159 c:\windows\winsxs\ManifestCache\e4e8be02b8fae2a7_blobs.bin
+ 2010-04-06 21:35 . 2010-02-23 07:55 10978816 c:\windows\System32\ieframe.dll
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Kenshin\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Kenshin\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Kenshin\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-11-07 07:38 97304 ----a-w- c:\program files\Nero\Nero 9\InCD\NBHshx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-03-11 3883856]

c:\users\Kenshin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2010-4-6 624416]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-3 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20694]
c:\users\Kenshin\AppData\Local\Temp\wnhqinrh.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_Reader]
c:\program files\internet explorer\wmpscfgs.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2008-11-07 07:38 1112088 ----a-w- c:\program files\Nero\Nero 9\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype Recorder]
c:\program files\Skype Recorder\Skype Recorder.exe [N/A]

R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-09 18944]
R3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [2009-05-06 104272]
R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2008-07-12 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-03-04 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2008-10-08 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2008-10-08 72728]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;h:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-08-26 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-09-16 8456]
R3 GarenaPEngine;GarenaPEngine;c:\users\Kenshin\AppData\Local\Temp\PIH32E8.tmp [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-10-29 3407292]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
R4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [2008-11-07 108568]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-18 721904]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [2009-10-24 19232]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-04-08 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-08 242696]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 172032]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-08 308064]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2008-11-26 323584]
S2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 98488]
S2 SensticPocketService;Senstic Pocket Service;c:\program files\Senstic\PocketControl\SensticPocketServiceWin.exe [2010-03-03 61560]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-12-11 5188096]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-12-11 125440]
S3 avshws;Senstic PocketCam;c:\windows\system32\DRIVERS\camsource.sys [2010-03-03 28744]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2008-10-08 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2008-10-08 72728]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 PocketAudio;Senstic PocketAudio (WDM);c:\windows\system32\drivers\senaudio.sys [2010-03-02 31304]

.
Contenuto della cartella 'Scheduled Tasks'

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-644325024-625319449-4238132867-1000Core.job
- c:\users\Kenshin\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 11:08]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-644325024-625319449-4238132867-1000UA.job
- c:\users\Kenshin\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 11:08]
.
.
------- Scansione supplementare -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - [You must be registered and logged in to see this link.] files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
FF - ProfilePath - c:\users\Kenshin\AppData\Roaming\Mozilla\Firefox\Profiles\xmbppf85.Utente predefinito\
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\Kenshin\AppData\Roaming\Mozilla\Firefox\Profiles\xmbppf85.Utente predefinito\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\users\Kenshin\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Kenshin\AppData\Roaming\Mozilla\Firefox\Profiles\xmbppf85.Utente predefinito\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v4.0.20506\WPF\NPWPF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v4.0.20506\WPF\DotNetAssistantExtension\
.
.
------- Associazioni dei file -------
.
.scr=AutoCADLTscriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-OEMInformation - c:\windows\System32\oobe\oem_uninst.exe



[HKEY_LOCAL_MACHINE\system\ControlSet002\services\GarenaPEngine]
"ImagePath"="\??\c:\users\Kenshin\AppData\Local\Temp\PIH32E8.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,41,3b,9d,8a,a0,b6,49,b2,6f,2c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,41,3b,9d,8a,a0,b6,49,b2,6f,2c,\

[HKEY_USERS\S-1-5-21-644325024-625319449-4238132867-1000\Software\SecuROM\License information*]
"datasecu"=hex:af,82,94,39,4d,1a,d6,d2,53,4e,a2,c9,9e,74,0e,15,92,85,50,3d,b4,
4a,4b,65,c0,9f,72,fd,f2,8b,c4,a6,48,e1,b4,a7,57,47,be,0b,0c,8d,92,a8,d1,cf,\
"rkeysecu"=hex:e6,5e,93,0c,85,dc,43,bc,7a,33,df,46,fb,8d,75,d6

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(4120)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\users\Kenshin\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\program files\Nero\Nero 9\InCD\NBHshx.dll
.
Ora fine scansione: 2010-04-09 11:36:42
ComboFix-quarantined-files.txt 2010-04-09 09:36
ComboFix2.txt 2010-04-06 18:09

Pre-Run: 5.502.902.272 byte disponibili
Post-Run: 5.217.570.816 byte disponibili

- - End Of File - - 6E4B75D20635B2F7F7EA0415B65184D3

Paprika
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-04-08
OS : Windows 7

View user profile

Back to top Go down

Re: secure-and-protect.xorg.pl and other sites open time by time...

Post by Dr Jay on Fri Apr 09, 2010 2:25 pm

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the box below into it:
    Code:
    killall::
    RenV::
    c:\program files\Spybot - Search & Destroy\TeaTimer .exe

    extra::
    rootkit::
    reboot::

  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: secure-and-protect.xorg.pl and other sites open time by time...

Post by Paprika on Fri Apr 09, 2010 2:54 pm

Done!

This time (and before too) when I was running CombFix, MBR.cfxxe crashed, it's normal?

Anyway, this is the log:

ComboFix 10-04-08.02 - Kenshin 09/04/2010 16.38.31.3.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.3327.1927 [GMT 2]
Eseguito da: c:\users\Kenshin\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Kenshin\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Creati Da 2010-03-09 al 2010-04-09 )))))))))))))))))))))))))))))))))))
.

2010-04-09 14:45 . 2010-04-09 14:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-09 14:45 . 2010-04-09 14:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-08 06:29 . 2010-04-08 06:29 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-07 16:22 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-07 12:51 . 2010-04-07 12:51 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-07 12:46 . 2010-04-09 09:19 -------- d-----w- c:\programdata\Lavasoft
2010-04-07 07:45 . 2010-04-08 07:05 -------- d-----w- C:\$AVG
2010-04-07 07:45 . 2010-04-08 06:29 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-07 07:45 . 2010-04-08 06:29 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-07 07:45 . 2010-04-08 06:29 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-07 07:45 . 2010-04-09 06:35 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-07 07:44 . 2010-04-07 07:44 -------- d-----w- c:\programdata\avg9
2010-04-07 07:32 . 2010-04-07 07:33 -------- d-----w- c:\program files\ERUNT
2010-04-06 21:37 . 2010-04-06 21:37 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-04-06 21:37 . 2010-04-06 21:38 -------- d-----w- c:\program files\Hamachi
2010-04-06 21:35 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-04-06 18:24 . 2010-04-06 19:07 200432 ----a-w- c:\windows\system32\drivers\dwshd.sys
2010-04-06 18:19 . 2010-04-06 18:19 -------- d-----w- c:\users\Kenshin\DoctorWeb
2010-04-06 18:09 . 2010-04-09 14:46 -------- d-----w- c:\users\Kenshin\AppData\Local\temp
2010-04-06 18:02 . 2010-04-06 18:02 21584 ----a-w- c:\windows\system32\drivers\dynswbvj.sys
2010-04-06 15:25 . 2010-04-06 15:25 21584 ----a-w- c:\windows\system32\drivers\hoeszswp.sys
2010-04-06 13:08 . 2010-04-06 13:08 -------- d-----w- c:\program files\ESET
2010-04-06 11:45 . 2010-04-06 11:45 21584 ----a-w- c:\windows\system32\drivers\hflqrrmu.sys
2010-04-06 11:44 . 2010-04-06 11:44 21584 ----a-w- c:\windows\system32\drivers\nwxsgqme.sys
2010-04-06 11:14 . 2010-04-06 11:14 21584 ----a-w- c:\windows\system32\drivers\rtqkxnkw.sys
2010-04-06 11:07 . 2009-12-08 11:40 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-06 11:07 . 2009-12-08 11:40 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-06 11:07 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-04-06 11:05 . 2010-02-24 08:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-06 10:53 . 2010-04-06 10:53 -------- d-----w- c:\program files\Trend Micro
2010-04-05 21:23 . 2010-04-05 21:23 -------- d-----w- c:\users\Kenshin\AppData\Roaming\Malwarebytes
2010-04-05 21:23 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-05 21:23 . 2010-04-05 21:23 -------- d-----w- c:\programdata\Malwarebytes
2010-04-05 21:23 . 2010-04-05 21:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-05 21:23 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-02 18:46 . 2010-04-09 14:19 -------- d-----w- c:\users\Kenshin\AppData\Roaming\Skype
2010-04-02 18:46 . 2010-04-02 18:46 -------- d-----w- c:\program files\Common Files\Skype
2010-04-02 18:46 . 2010-04-02 18:46 -------- d-----r- c:\program files\Skype
2010-03-30 09:57 . 2010-03-30 10:00 -------- d-----w- c:\program files\Windows Live Safety Center
2010-03-29 22:26 . 2010-03-30 05:29 -------- d-----w- c:\programdata\Kaspersky Lab
2010-03-29 09:57 . 2010-04-09 14:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-29 09:57 . 2010-04-09 09:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-27 19:15 . 2010-03-27 19:15 -------- d-----w- c:\program files\Smart PC Solutions
2010-03-23 06:28 . 2010-03-23 06:28 -------- d-----w- c:\program files\Opera10.51
2010-03-22 18:51 . 2010-03-22 18:51 -------- d-----w- c:\users\Kenshin\AppData\Local\Senstic
2010-03-22 18:46 . 2010-03-22 18:46 -------- d-----w- c:\program files\Senstic
2010-03-18 12:47 . 2010-03-18 12:47 -------- d-----w- c:\users\Kenshin\AppData\Local\Google Translator
2010-03-15 21:52 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-03-15 21:52 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-03-15 21:52 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-03-15 21:52 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-03-15 21:52 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-03-15 21:52 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-15 21:52 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-15 21:52 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-15 21:52 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-15 21:52 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-11 22:49 . 2010-03-11 23:43 -------- d-----w- c:\users\Kenshin\AppData\Roaming\VMware
2010-03-11 19:38 . 2009-10-21 23:13 51248 ----a-w- c:\windows\system32\vmnetbridge.dll
2010-03-11 19:38 . 2010-03-12 07:11 -------- d-----w- c:\programdata\VMware
2010-03-11 17:50 . 2010-03-11 17:50 -------- d-----w- c:\program files\ElcomSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 14:46 . 2009-10-16 17:07 -------- d-----w- c:\users\Kenshin\AppData\Roaming\Hamachi
2010-04-09 14:46 . 2008-07-12 15:47 -------- d-----w- c:\programdata\NVIDIA
2010-04-09 14:00 . 2008-07-12 16:55 -------- d-----w- c:\users\Kenshin\AppData\Roaming\skypePM
2010-04-09 10:50 . 2008-07-12 16:55 -------- d-----w- c:\users\Kenshin\AppData\Roaming\uTorrent
2010-04-09 09:25 . 2009-07-27 20:14 875162 ----a-w- c:\windows\system32\perfh010.dat
2010-04-09 09:25 . 2009-07-27 20:14 188866 ----a-w- c:\windows\system32\perfc010.dat
2010-04-08 06:29 . 2010-04-08 06:29 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-04-08 06:29 . 2010-04-08 06:29 333192 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-04-08 06:29 . 2010-04-08 06:29 28424 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-04-07 13:22 . 2010-03-04 20:28 -------- d-----w- c:\program files\TeamViewer
2010-04-07 13:18 . 2009-02-23 10:23 -------- d-----w- c:\users\Kenshin\AppData\Roaming\IGN_DLM
2010-04-07 13:17 . 2009-10-13 22:47 -------- d-----w- c:\program files\AIMP2
2010-04-07 07:44 . 2010-04-08 06:28 800536 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-04-07 07:44 . 2010-04-08 06:28 613656 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-04-07 07:44 . 2010-04-08 06:28 1658136 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-07 07:44 . 2010-04-08 06:28 1007896 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-04-06 14:01 . 2009-04-26 17:13 -------- d-----w- c:\program files\mkv2vob
2010-04-06 13:43 . 2008-09-16 18:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-06 11:36 . 2008-07-12 17:04 -------- d-----w- c:\programdata\Microsoft Help
2010-04-05 19:37 . 2009-11-30 13:12 -------- d-----w- c:\program files\Steam
2010-04-04 19:23 . 2009-02-25 18:56 -------- d-----w- c:\programdata\CanonIJPLM
2010-04-03 16:39 . 2010-01-24 15:50 -------- d-----w- c:\program files\EASEUS
2010-04-02 18:46 . 2008-07-25 14:53 -------- d-----w- c:\programdata\Skype
2010-04-02 18:37 . 2008-09-10 18:24 -------- d-----w- c:\program files\uTorrent
2010-03-29 22:15 . 2009-11-05 01:24 -------- d-----w- c:\programdata\Media Center Programs
2010-03-29 22:14 . 2009-12-25 10:43 -------- d-----w- c:\program files\Common Files\BioWare
2010-03-29 11:30 . 2009-11-30 13:40 -------- d-----w- c:\program files\Garena
2010-03-29 01:47 . 2010-03-28 19:32 112 ----a-w- c:\programdata\b0XH4W.dat
2010-03-28 14:48 . 2008-07-20 16:06 -------- d-----w- c:\users\Kenshin\AppData\Roaming\DNA
2010-03-26 13:17 . 2008-12-16 23:18 -------- d-----w- c:\users\Kenshin\AppData\Roaming\dvdcss
2010-03-22 21:24 . 2009-02-08 09:20 -------- d-----w- c:\program files\Softoria Capture
2010-03-22 19:39 . 2008-07-12 15:53 -------- d-----w- c:\program files\Opera
2010-03-22 18:48 . 2008-07-12 17:53 -------- d-----w- c:\program files\Bonjour
2010-03-17 19:17 . 2008-07-12 17:29 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-16 18:33 . 2008-07-20 16:06 -------- d-----w- c:\program files\DNA
2010-03-16 18:03 . 2008-08-30 18:38 -------- d-----w- c:\program files\BurnAware Free
2010-03-13 15:51 . 2008-07-12 17:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-09 20:55 . 2010-03-09 20:55 -------- d--h--w- c:\programdata\CanonIJEGV
2010-03-04 20:28 . 2010-03-04 20:28 -------- d-----w- c:\users\Kenshin\AppData\Roaming\TeamViewer
2010-03-04 18:08 . 2009-11-30 13:12 -------- d-----w- c:\program files\Common Files\Steam
2010-03-03 12:39 . 2010-03-03 12:39 28744 ----a-w- c:\windows\system32\drivers\camsource.sys
2010-03-02 20:57 . 2010-03-02 20:57 31304 ----a-w- c:\windows\system32\drivers\senaudio.sys
2010-03-02 16:14 . 2010-03-02 16:14 3948600 ----a-w- c:\windows\system32\ntkr128g.exe
2010-03-01 19:14 . 2010-03-01 19:14 -------- d-----w- c:\program files\softnyx
2010-03-01 13:25 . 2010-03-01 13:25 -------- d-----w- c:\program files\Mozilla Sunbird
2010-02-24 22:53 . 2009-02-20 21:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-21 21:02 . 2010-02-21 21:02 -------- d-----w- c:\users\Kenshin\AppData\Roaming\HandBrake
2010-02-21 21:02 . 2008-10-30 14:00 -------- d-----w- c:\program files\Handbrake
2010-02-19 12:16 . 2010-02-19 12:16 -------- d-----w- c:\users\Kenshin\AppData\Roaming\Dragon Age Toolset
2010-02-19 11:51 . 2010-02-04 13:10 -------- d-----w- c:\program files\Microsoft SQL Server
2010-02-17 17:33 . 2010-02-17 17:33 -------- d-----w- c:\programdata\ATI
2010-02-17 17:30 . 2010-02-17 17:30 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-02-17 17:30 . 2009-11-09 18:26 -------- d-----w- c:\program files\ATI
2010-02-17 17:29 . 2009-11-09 18:26 -------- d-----w- c:\program files\ATI Technologies
2010-02-17 17:27 . 2010-02-17 17:27 10134 ----a-r- c:\users\Kenshin\AppData\Roaming\Microsoft\Installer\{590B3F7B-C516-B2A0-0F9A-085FBD1D4432}\ARPPRODUCTICON.exe
2010-02-17 13:29 . 2010-02-17 13:29 3206928 ----a-w- c:\programdata\Electronic Arts Inc\CNC4BetaPatch\LauncherUpdate_R15b.exe
2010-02-14 12:24 . 2010-02-13 18:35 -------- d-----w- c:\users\Kenshin\AppData\Roaming\Bioshock2
2010-02-13 18:28 . 2010-02-13 18:28 -------- d-sh--w- c:\programdata\SecuROM
2010-02-03 19:28 . 2009-07-28 05:58 119296 ----a-w- c:\users\Kenshin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-03 13:52 . 2010-02-03 13:52 0 ----a-w- c:\windows\system32\Access.dat
2010-02-02 07:45 . 2010-02-24 22:43 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-24 22:12 . 2010-01-24 22:12 89854 ----a-w- c:\users\Kenshin\AppData\Roaming\Dropbox\bin\Uninstall.exe
2010-01-24 11:28 . 2010-01-24 11:28 485136 ----a-w- c:\programdata\Electronic Arts Inc\CNC4BetaPatch\LauncherUpdate.exe
2010-01-18 23:29 . 2010-02-24 22:43 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-24 22:43 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-24 22:43 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-24 22:43 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-24 22:43 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-24 22:43 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-24 22:43 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-24 22:43 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Kenshin\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Kenshin\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Kenshin\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-11-07 07:38 97304 ----a-w- c:\program files\Nero\Nero 9\InCD\NBHshx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-03-11 3883856]

c:\users\Kenshin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2010-4-6 624416]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-3 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2008-11-07 07:38 1112088 ----a-w- c:\program files\Nero\Nero 9\InCD\InCD.exe

R3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [2009-05-06 104272]
R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2008-07-12 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-03-04 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2008-10-08 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2008-10-08 72728]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;h:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-08-26 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-09-16 8456]
R3 GarenaPEngine;GarenaPEngine;c:\users\Kenshin\AppData\Local\Temp\PIH32E8.tmp [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-10-29 3407292]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
R4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [2008-11-07 108568]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-18 721904]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [2009-10-24 19232]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-04-08 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-08 242696]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 172032]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-08 308064]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2008-11-26 323584]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-09 18944]
S2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 98488]
S2 SensticPocketService;Senstic Pocket Service;c:\program files\Senstic\PocketControl\SensticPocketServiceWin.exe [2010-03-03 61560]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-12-11 5188096]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-12-11 125440]
S3 avshws;Senstic PocketCam;c:\windows\system32\DRIVERS\camsource.sys [2010-03-03 28744]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2008-10-08 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2008-10-08 72728]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 PocketAudio;Senstic PocketAudio (WDM);c:\windows\system32\drivers\senaudio.sys [2010-03-02 31304]

.
Contenuto della cartella 'Scheduled Tasks'

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-644325024-625319449-4238132867-1000Core.job
- c:\users\Kenshin\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 11:08]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-644325024-625319449-4238132867-1000UA.job
- c:\users\Kenshin\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 11:08]
.
.
------- Scansione supplementare -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - [You must be registered and logged in to see this link.] files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
FF - ProfilePath - c:\users\Kenshin\AppData\Roaming\Mozilla\Firefox\Profiles\xmbppf85.Utente predefinito\
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\Kenshin\AppData\Roaming\Mozilla\Firefox\Profiles\xmbppf85.Utente predefinito\extensions\piclens@cooliris.com\components\cooliris.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v4.0.20506\WPF\DotNetAssistantExtension\
.
.
------- Associazioni dei file -------
.
.scr=AutoCADLTScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-20694 - c:\users\Kenshin\AppData\Local\Temp\wnhqinrh.exe
MSConfigStartUp-Adobe_Reader - c:\program files\internet explorer\wmpscfgs.exe
MSConfigStartUp-Skype Recorder - c:\program files\Skype Recorder\Skype Recorder.exe



[HKEY_LOCAL_MACHINE\system\ControlSet002\services\GarenaPEngine]
"ImagePath"="\??\c:\users\Kenshin\AppData\Local\Temp\PIH32E8.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,41,3b,9d,8a,a0,b6,49,b2,6f,2c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,41,3b,9d,8a,a0,b6,49,b2,6f,2c,\

[HKEY_USERS\S-1-5-21-644325024-625319449-4238132867-1000\Software\SecuROM\License information*]
"datasecu"=hex:af,82,94,39,4d,1a,d6,d2,53,4e,a2,c9,9e,74,0e,15,92,85,50,3d,b4,
4a,4b,65,c0,9f,72,fd,f2,8b,c4,a6,48,e1,b4,a7,57,47,be,0b,0c,8d,92,a8,d1,cf,\
"rkeysecu"=hex:e6,5e,93,0c,85,dc,43,bc,7a,33,df,46,fb,8d,75,d6

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(3400)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\users\Kenshin\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\program files\Nero\Nero 9\InCD\NBHshx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\DAODx.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-09 16:52:27 - Il pc stato riavviato
ComboFix-quarantined-files.txt 2010-04-09 14:52
ComboFix2.txt 2010-04-09 09:36
ComboFix3.txt 2010-04-06 18:09

Pre-Run: 5.313.126.400 byte disponibili
Post-Run: 5.211.398.144 byte disponibili

- - End Of File - - 50828B861B9164FE1C88DA63B56577AB

Paprika
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-04-08
OS : Windows 7

View user profile

Back to top Go down

Re: secure-and-protect.xorg.pl and other sites open time by time...

Post by Dr Jay on Fri Apr 09, 2010 3:21 pm

It is not normal.

Please download Stealth MBR Rootkit Detector by GMER from [You must be registered and logged in to see this link.], and save to your Desktop.
  • Right-click on mbr.exe and click Run as Administrator to start the program.
  • When done scanning, it will save a log on the Desktop called mbr.log.
  • Please post the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: secure-and-protect.xorg.pl and other sites open time by time...

Post by Paprika on Fri Apr 09, 2010 3:31 pm

mbr.exe has crashed few secs after startup....this is the log (empty):

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Paprika
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-04-08
OS : Windows 7

View user profile

Back to top Go down

Re: secure-and-protect.xorg.pl and other sites open time by time...

Post by Paprika on Fri Apr 09, 2010 6:38 pm

Dunno if this can be of some help, but now my browser tryed itself to open this site: but, in the blocked page (thank to the antivirus), Opera say that the one who can't reach is:


Last edited by DragonMaster Jay on Fri Apr 09, 2010 8:44 pm; edited 1 time in total (Reason for editing : Hide the links)

Paprika
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-04-08
OS : Windows 7

View user profile

Back to top Go down

Re: secure-and-protect.xorg.pl and other sites open time by time...

Post by Dr Jay on Sat Apr 10, 2010 3:15 am

Please download the Kaspersky AVP Tool from [You must be registered and logged in to see this link.].
  • Save it to your desktop.
  • Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked:

    • System Memory
    • Startup Objects
    • Disk Boot Sectors.
    • My Computer.
    • Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: secure-and-protect.xorg.pl and other sites open time by time...

Post by Paprika on Sat Apr 10, 2010 10:52 am

Ok now i'll try it, Opera has just openend another of this infected sites:

Code:
http://www3.makecure11p.xorg.pl/

Paprika
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-04-08
OS : Windows 7

View user profile

Back to top Go down

Re: secure-and-protect.xorg.pl and other sites open time by time...

Post by Paprika on Sun Apr 11, 2010 12:22 am

Hi again, I think i had a wrong interpretation...because I've put the flag in my computer & every drive, so I've done a 2x scan I think -.-;; Whatever, better more than less...somethings in the settings was a little different, I had to choose "settings" in security levels, then Additional, becayse heuristic was there... so, because i was not sure if
all was like you wanted (heuristic and rootkit was just selected by default)... I've putted the flag in "deep scan" under Rootkit scan and I've moved the slice in the Heuristic analysis from "light scan" to "deep scan" too... And, after 8,5 hours... nothing...under report, the only things reported are the start and the end of the scanning...so I had nothing to save...neither I had a save button, only the close one)

That's it :/

Paprika
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-04-08
OS : Windows 7

View user profile

Back to top Go down

Re: secure-and-protect.xorg.pl and other sites open time by time...

Post by Dr Jay on Sun Apr 11, 2010 9:30 am

Go to start > Run copy/paste the following line in the run box and click OK.

cmd /c (dir /oe /a /s "C:\atapi.*" & dir /a /s /oe "C:\iastor.*") >log.txt&log.txt

Wait until a text file (log.txt) will be open. Please post its content to your reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum