Thread: Please Help Me...
View Single Post
Old 05-04-2007, 03:06 PM   #1 (permalink)
ruggiwlaraza
Registered User
 
Join Date: May 2007
Posts: 5
OS: XP


Please Help Me...
Hi...i show you my problem...


Deckard's System Scanner v20070426.43
Run by ADMIN on 2007-05-04 at 22:48:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-05-04 20:48:12 UTC - RP1 - Punto di arresto del sistema


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as ADMIN.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22.51.19, on 04/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Ares\Ares.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ADMIN\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\ADMIN.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.254:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 205.238.40.52 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.1 cache0.winmx.com test3201.winmx.com test3205.winmx.com
O1 - Hosts: 205.238.40.2 cache1.winmx.com test3202.winmx.com test3206.winmx.com
O1 - Hosts: 82.43.224.20 cache2.winmx.com test3203.winmx.com test3207.winmx.com
O1 - Hosts: 82.204.21.111 cache3.winmx.com test3204.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\cica.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll
O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Programmi\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programmi\Ares\chatServer.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 NTACCESS - d:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - d:\ntglm7x.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\programmi\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S3 AresChatServer (Ares Chatroom server) - c:\programmi\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Scheduled Tasks -------------------------------------------------------------

2007-05-04 21:43:16 322 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-04-27 20:00:00 554 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Esegui scansione completa del sistema - ADMIN.job


-- Files created between 2007-04-04 and 2007-05-04 -----------------------------

2007-05-04 22:40:38 0 d-------- C:\Programmi\SpywareBlaster
2007-05-04 22:14:48 0 d-------- C:\cb8364be270f42e8cb8e6838
2007-05-04 22:09:57 21504 --a------ C:\WINDOWS\system32\cica.dll <Not Verified; ; URL Changer Module>
2007-05-01 21:09:47 284160 --a------ C:\WINDOWS\unin0410.exe
2007-04-30 22:35:25 0 d-------- C:\Programmi\Alcohol Soft
2007-04-30 22:26:23 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-30 22:15:44 0 d-------- C:\Programmi\TrustIn Contextual
2007-04-29 18:49:41 0 d-------- C:\Programmi\MSXML 4.0
2007-04-29 18:16:12 0 d-------- C:\Programmi\Windows Defender
2007-04-29 16:48:55 0 d-------- C:\Programmi\Samsung
2007-04-29 16:48:55 0 d-------- C:\Hermes
2007-04-29 16:48:55 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Samsung
2007-04-26 23:34:48 0 d-------- C:\Programmi\Lavasoft
2007-04-26 23:34:37 0 d-------- C:\Programmi\File comuni\Wise Installation Wizard
2007-04-26 15:49:46 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2007-04-26 15:49:39 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-04-26 15:49:39 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-04-26 15:49:38 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-04-26 15:49:37 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2007-04-26 15:49:31 0 d-------- C:\Programmi\File comuni\Ahead
2007-04-26 15:49:30 0 d-------- C:\Programmi\Ahead
2007-04-25 09:40:12 20992 --a------ C:\WINDOWS\se_spoof.dll <Not Verified; ; se_spoof Module>
2007-04-23 21:58:14 16896 --a------ C:\WINDOWS\inetloader.dll <Not Verified; ; InetLoader Module>
2007-04-23 14:42:16 0 d-------- C:\Programmi\vso
2007-04-22 10:08:14 0 d-------- C:\Programmi\File comuni\Nero
2007-04-22 09:53:27 0 d-------- C:\Programmi\File comuni\LightScribe
2007-04-19 1544 0 d-------- C:\Programmi\BlackSunSoft.net
2007-04-19 14:59:55 0 d-------- C:\Programmi\AudioEdit Deluxe
2007-04-19 14:59:50 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data
2007-04-19 14:59:50 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\{F313FA5D-F27C-4F99-B2B7-07BC8B8E8A98}
2007-04-19 14:56:45 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Seven Zip
2007-04-17 19:57:06 0 d-------- C:\Programmi\Shush!
2007-04-17 14:29:47 0 d-------- C:\Programmi\ADB
2007-04-17 14:29:39 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-04-17 14:25:54 0 d-------- C:\Programmi\XMPEG
2007-04-16 20:07:07 0 d-------- C:\Programmi\VideoLAN
2007-04-15 19:51:54 0 d-------- C:\WINDOWS\system32\appmgmt
2007-04-15 19:49:37 0 d-------- C:\Programmi\iriver
2007-04-14 15:14:45 0 d-------- C:\Programmi\SlySoft
2007-04-12 17:08:03 405504 --a------ C:\WINDOWS\system32\MsHdSp.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2007-04-08 22:49:22 0 d-------- C:\Programmi\Picasa2
2007-04-06 14:35:45 0 d--hs---- C:\WINDOWS\ftpcache
2007-04-06 14:32:37 0 d-------- C:\Programmi\InterActual


-- Find3M Report ---------------------------------------------------------------

2007-05-01 11:26:46 0 d-------- C:\Programmi\File comuni\Symantec Shared
2007-04-29 16:49:37 0 d--h----- C:\Programmi\InstallShield Installation Information
2007-04-29 16:48:04 348238 --a------ C:\WINDOWS\system32\perfh010.dat
2007-04-29 16:48:04 48790 --a------ C:\WINDOWS\system32\perfc010.dat
2007-04-26 23:34:54 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Lavasoft
2007-04-26 23:34:37 0 d-------- C:\Programmi\File comuni
2007-04-25 22:21:57 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Vso
2007-04-25 20:13:02 0 d-------- C:\Programmi\eMule
2007-04-23 21:52:40 34 --a------ C:\Documents and Settings\ADMIN\Dati applicazioni\pcouffin.log
2007-04-23 21:52:35 47360 --a------ C:\Documents and Settings\ADMIN\Dati applicazioni\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-04-23 21:52:35 1144 --a------ C:\Documents and Settings\ADMIN\Dati applicazioni\pcouffin.inf
2007-04-23 21:52:35 1074 --a------ C:\Documents and Settings\ADMIN\Dati applicazioni\pcouffin.cat
2007-04-23 21:47:25 0 d-------- C:\Programmi\CyberLink
2007-04-17 14:28:12 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\dvdcss
2007-04-16 20:46:48 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\vlc
2007-04-15 19:52:07 0 d-------- C:\Programmi\Power Tab Software
2007-04-08 22:49:29 0 d-------- C:\Programmi\Google
2007-04-04 14:09:21 0 d-------- C:\Programmi\Disney Interactive
2007-04-01 15:33:04 0 d-------- C:\Programmi\Stampa Copertine
2007-04-01 15:07:00 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Help
2007-03-22 14:20:00 0 d-------- C:\Programmi\Ferrero
2007-03-18 23:58:33 0 d-------- C:\Programmi\Winamp
2007-03-18 23:52:48 1152 --a------ C:\WINDOWS\mozver.dat
2007-03-13 22:30:21 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Screenshot Sender
2007-03-13 22:29:49 0 d-------- C:\Programmi\MSN Messenger
2007-03-13 22:29:49 0 d-------- C:\Programmi\Messenger Plus! Live
2007-03-11 17:10:09 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Macromedia
2007-03-10 17:34:03 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\CD-LabelPrint
2007-03-06 20:40:36 0 d-------- C:\Programmi\File comuni\Vivendi Universal Games
2007-03-06 20:40:36 0 d-------- C:\Programmi\Barbie(TM)
2007-03-04 13:45:28 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Apple Computer
2007-03-04 13:45:08 0 d-------- C:\Programmi\QuickTime
2007-03-04 13:44:09 0 d-------- C:\Programmi\iTunes
2007-03-04 13:43:00 0 d-------- C:\Programmi\iPod
2007-03-04 13:39:57 0 d-------- C:\Programmi\File comuni\InstallShield
2007-02-13 23:37:49 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-04 12:47:55 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2007-02-04 12:47:55 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0edc6c20-a31c-11db-8ab9-0800200c9a66} C:\WINDOWS\system32\cica.dll
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} C:\Programmi\Norton AntiVirus\NavShExt.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\programmi\google\googletoolbar1.dll
{f015f320-ab08-11db-abbd-0800200c9a66} C:\WINDOWS\inetloader.dll
{F67EEB12-AB09-11DB-A6F1-260856D89593} C:\WINDOWS\se_spoof.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"ccApp"="\"C:\\Programmi\\File comuni\\Symantec Shared\\ccApp.exe\""
"Easy-PrintToolBox"="C:\\Programmi\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"iTunesHelper"="\"C:\\Programmi\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Programmi\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Programmi\\Picasa2\\PicasaMediaDetector.exe"
"RemoteControl"="C:\\Programmi\\CyberLink\\PowerDVD\\PDVDServ.exe"
"LanguageShortcut"="C:\\Programmi\\CyberLink\\PowerDVD\\Language\\Language.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Windows Defender"="\"C:\\Programmi\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"ares"="\"C:\\Programmi\\Ares\\Ares.exe\" -h"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"_NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="ShellExecuteHook antimalware di Microsoft"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c77cc03-aa05-11db-b2b5-806d6172696f}]
Shell\AutoRun\command D:\setup.exe


-- Hosts -----------------------------------------------------------------------

205.238.40.52 www.winmx.com err.winmx.com
205.238.40.1 cache0.winmx.com test3201.winmx.com test3205.winmx.com
205.238.40.2 cache1.winmx.com test3202.winmx.com test3206.winmx.com
82.43.224.20 cache2.winmx.com test3203.winmx.com test3207.winmx.com
82.204.21.111 cache3.winmx.com test3204.winmx.com test3208.winmx.com
205.238.40.1 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
205.238.40.1 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com

15 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-05-04 at 22:52:07 ---------

Thank you for the attention...
Attached Files
File Type: txt extra.txt (17.6 KB, 1 views)
ruggiwlaraza is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here