ComboFix made a mess here! - Free Antivirus Forum

ComboFix made a mess here!

BullGuard Antivirus Forum > Virus Removal > Removal Help > ComboFix made a mess here!

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

dryrain
New Member

Date Joined May 2008
Total Posts : 6

Posted 5-7-2008 9:55 (GMT +2)

Hello, please help me.

I read a procedure on this forum to remove the Backdoor.LegMir.BZ.

I made the first step: using ComboFix.

(Unfortunately the obsolete Norton INternet Security intercepted it and made a mess... while I was reading "do not use any application until ComboFix finish...." it broke my screen with its message [I suppose false positive alarm] and the PC didn't respond - very slow to any click - and I run lots of applications and task manager and finally I brutally terminated lots of times the norton, to get the "let it run..." window work).

Finally ComboFix finished its works and made its log file!

But reading it I see that it removed lots of important keys from my registry!!! For example the PC Tools Spyware Doctor, a key of the OCRAWARE, a key of the antivirus AVG, a key of iTuneshelper, a key of Java (updated), a key of Photo Editor that I use to scannerize my documents... etc...

Should I re-write all these keys? how can I do?

Thank you very much.

bye!

Here's the ComboFix log file:

ComboFix 08-05-01.3 - dmd 2008-05-07 9.09.52.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.260 [GMT 2:00]
Eseguito da: C:\Documents and Settings\dmd\desktop\combofix.exe
Command switches used :: /killall
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre elimi!!!!oni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Avvio\Programmi\InternetGameBox
C:\Documents and Settings\All Users\Menu Avvio\Programmi\InternetGameBox\Condizioni generali.url
C:\Documents and Settings\All Users\Menu Avvio\Programmi\InternetGameBox\Disinstalla.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\InternetGameBox\InternetGameBox.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\InternetGameBox\Riservatezza.url
C:\Documents and Settings\All Users\Menu Avvio\Programmi\InternetGameBox\Website.url
C:\WINDOWS\system32\nvs2.inf

.
((((((((((((((((((((((((( Files Creati Da 2008-04-07 al 2008-05-07 )))))))))))))))))))))))))))))))))))
.

2008-05-07 09:04 . 2008-05-07 09:14 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-05-07 06:00 . 2008-05-07 06:00 <DIR> d-------- C:\PScanner Backup
2008-05-07 05:01 . 2006-11-01 13:06 162,616 --a------ C:\RegDelNull.exe
2008-05-07 01:38 . 2008-05-07 01:39 <DIR> d-------- C:\Programmi\EsetOnlineScanner
2008-05-07 00:34 . 2008-05-07 00:34 <DIR> d-------- C:\VundoFix Backups
2008-05-07 00:27 . 2008-05-07 00:27 <DIR> d-------- C:\Programmi\Trend Micro
2008-05-06 14:06 . 2008-05-06 14:06 <DIR> d-------- C:\Programmi\xp-AntiSpy
2008-05-06 14:03 . 2008-05-06 14:03 <DIR> d-------- C:\Programmi\Lavasoft
2008-05-06 14:03 . 2008-05-06 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-05-06 14:02 . 2008-05-06 14:02 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-05-06 13:56 . 2008-05-06 13:56 <DIR> d-------- C:\Programmi\Comodo
2008-05-06 13:56 . 2008-05-06 13:56 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\BOC426
2008-05-06 13:56 . 2008-03-28 09:17 212,728 --a------ C:\WINDOWS\CMDLIC.DLL
2008-05-06 13:56 . 2008-03-28 09:16 205,560 --a------ C:\WINDOWS\UNBOC.EXE
2008-05-06 13:56 . 2004-08-19 15:39 24,576 --a------ C:\WINDOWS\system32\wsock32.dlb
2008-05-06 13:56 . 2008-05-07 09:14 8,414 --a------ C:\WINDOWS\BOC426.INI
2008-05-06 13:45 . 2008-05-06 13:45 <DIR> d-------- C:\Programmi\Sophos
2008-05-06 13:43 . 2008-05-06 13:43 <DIR> d-------- C:\Programmi\Spyware Doctor
2008-05-06 13:43 . 2008-05-06 13:43 <DIR> d-------- C:\Documents and Settings\dmd\Dati applicazioni\PC Tools
2008-05-06 13:43 . 2008-05-06 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-06 13:43 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-06 13:43 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-06 13:43 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-06 13:43 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-06 13:30 . 2008-05-06 13:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-06 13:30 . 2008-05-06 13:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-06 09:47 . 2008-05-06 09:48 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-06 05:59 . 2008-05-06 05:59 <DIR> d-------- C:\Documents and Settings\dmd\Dati applicazioni\TeamViewer
2008-05-06 05:58 . 2008-05-06 05:58 <DIR> d-------- C:\Programmi\TeamViewer3
2008-05-06 05:57 . 2008-05-06 05:57 <DIR> d-------- C:\Documents and Settings\dmd\temp
2008-05-01 22:59 . 2008-05-01 22:59 <DIR> d-------- C:\Programmi\Auslogics
2008-05-01 22:59 . 2008-05-01 22:59 <DIR> d-------- C:\Documents and Settings\dmd\Dati applicazioni\Auslogics

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 21:17 --------- d-----w C:\Programmi\File comuni\xing shared
2008-03-31 21:16 --------- d-----w C:\Programmi\File comuni\Real
2008-03-23 09:27 --------- d-----w C:\Programmi\Safari
2008-03-23 09:26 --------- d-----w C:\Programmi\Apple Software Update
2008-03-23 09:26 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:06 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-06 15:35 361,514 ----a-w C:\WINDOWS\java\Packages\KAIKUB77.ZIP
2008-03-06 00:32 603,546 ----a-w C:\WINDOWS\java\Packages\G9VXN1FF.ZIP
2008-03-06 00:25 322,251 ----a-w C:\WINDOWS\java\Packages\3LVLBTRN.ZIP
2008-03-05 22:50 516,828 ----a-w C:\WINDOWS\java\Packages\CK6NB17F.ZIP
2008-03-05 19:54 440,816 ----a-w C:\WINDOWS\java\Packages\VDZTVD7Z.ZIP
2008-03-05 18:59 634,628 ----a-w C:\WINDOWS\java\Packages\2RBRJPJL.ZIP
2008-03-01 16:28 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:50 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:33 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:33 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-11 07:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 07:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 11:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2008-01-02 00:19 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PE2CKFNT SE"="C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51 25088]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2006-04-04 12:02 71304]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-08 03:14 100056]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2005-05-14 00:20 278528]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-18 08:59 579584]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"ANIWZCS2Service"="C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-01 16:59 49152]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-03-31 23:16 185896]
"BOC-426"="C:\PROGRA~1\Comodo\CBOClean\BOC426.exe" [2008-04-10 11:08 351480]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ISTray"="C:\Programmi\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52 218232]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-23 06:52 219136]

C:\Documents and Settings\dmd\Menu Avvio\Programmi\Esecuzione automatica\
OCRAWARE.lnk - C:\OPLIMIT\OCRAWARE.EXE [2007-02-02 02:11:38 51360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI2"= diomidi.dll
"wave1"= Digi32.dll
"vidc.dvsd"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2007-01-12 07:35 43008 C:\Programmi\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmi\\BitTorrent\\bittorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R2 ScFBPNT2;CanoScan FBP2 Port Driver;C:\WINDOWS\System32\drivers\ScFBPNT2.SYS [2000-02-08 10:30]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2006-09-21 07:35]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2002-04-23 15:02]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 11:12]
S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-15 00:13:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scansione del computer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exei/task:
"2008-05-07 01:02:52 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programmi\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 09:14:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAMMI\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
C:\PROGRAMMI\GRISOFT\AVG7\AVGAMSVR.EXE
C:\PROGRAMMI\GRISOFT\AVG7\AVGUPSVC.EXE
C:\PROGRAMMI\COMODO\CBOCLEAN\BOCORE.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCPROXY.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCSETMGR.EXE
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM32\PASTISVC.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\SECURITY CENTER\SYMWSC.EXE
C:\PROGRAMMI\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAMMI\COMODO\CBOCLEAN\BOC426.EXE
C:\WINDOWS\SYSTEM32\NTVDM.EXE
C:\OPLIMIT\OCRAWR32.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
.
**************************************************************************
.
Ora fine scansione: 2008-05-07 9:30:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-07 07:24:32

21 Directory 44,266,749,952 byte disponibili
36 Directory 44,320,948,224 byte disponibili

176 --- E O F --- 2008-04-26 16:24:19

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12798

Posted 5-7-2008 10:19 (GMT +2)

Hello

This is what combofix have deleted:
C:\Documents and Settings\All Users\Menu Avvio\Programmi\InternetGameBox

That´s all

I assume you still can use the programs you mention ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

dryrain
New Member

Date Joined May 2008
Total Posts : 6

Posted 5-7-2008 10:24 (GMT +2)

Oh yes, lots of them seem work.

Thank you very much and compliments for the forum!

dryrain
New Member

Date Joined May 2008
Total Posts : 6

Posted 5-7-2008 10:35 (GMT +2)

Hello again, I'm running the next steps of that procedure.

This is the main.txt log of dss.exe:

Deckard's System Scanner v20071014.68
Run by dmd on 2008-05-07 10:25:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
67: 2008-05-07 08:26:03 UTC - RP354 - Deckard's System Scanner Restore Point
66: 2008-05-07 07:54:12 UTC - RP353 - dopo prime pulizie e casino di combofix
65: 2008-05-07 07:09:25 UTC - RP352 - ComboFix created restore point
64: 2008-05-06 22:31:32 UTC - RP351 - Java(TM) 6 Update 2 rimosso
63: 2008-05-06 12:03:49 UTC - RP350 - Ad-Aware 2007 installato

-- First Restore Point --
1: 2008-02-07 05:14:40 UTC - RP288 - Punto di arresto del sistema

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as dmd.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27, on 2008-05-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\Comodo\CBOClean\BOCORE.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\OPLIMIT\ocrawr32.exe
C:\Programmi\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\dmd\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\dmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: JT's Blocks - http://download2.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! Fleet - http://download2.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: Yahoo! Scopa - http://download2.games.yahoo.com/games/clients/y/sct5_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download2.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199465029000
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BOCore - COMODO - C:\Programmi\Comodo\CBOClean\BOCORE.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Programmi\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9543 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R2 ScFBPNT2 (CanoScan FBP2 Port Driver) - c:\windows\system32\drivers\scfbpnt2.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S1 mchInjDrv (madCodeHook DLL injection driver) - c:\windows\system32\drivers\mchinjdrv.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 ANIWZCSdService (ANIWZCSd Service) - c:\programmi\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>
S2 DigiRefresh (Digidesign MME Refresh Service) - c:\programmi\digidesign\drivers\mmerefresh.exe -s (file missing)
S4 NMIndexingService - "c:\programmi\file comuni\ahead\lib\nmindexingservice.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-05-07 03:02:52 344 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-03-15 02:13:00 576 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scansione del computer.job

-- Files created between 2008-04-07 and 2008-05-07 -----------------------------

2008-05-07 09:04:07 68096 --a------ C:\WINDOWS\zip.exe
2008-05-07 09:04:07 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-07 09:04:07 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-07 09:04:07 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-07 09:04:07 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-07 09:04:07 98816 --a------ C:\WINDOWS\sed.exe
2008-05-07 09:04:07 80412 --a------ C:\WINDOWS\grep.exe
2008-05-07 09:04:07 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-07 09:04:06 2560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-05-07 06:00:11 0 d-------- C:\PScanner Backup
2008-05-07 01:38:58 0 d-------- C:\Programmi\EsetOnlineScanner
2008-05-07 00:34:42 0 d-------- C:\VundoFix Backups
2008-05-07 00:27:19 0 d-------- C:\Programmi\Trend Micro
2008-05-06 14:06:24 0 d-------- C:\Programmi\xp-AntiSpy
2008-05-06 14:03:52 0 d-------- C:\Programmi\Lavasoft
2008-05-06 14:02:50 0 d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-05-06 13:56:02 0 d-------- C:\Programmi\Comodo
2008-05-06 13:45:30 0 d-------- C:\Programmi\Sophos
2008-05-06 13:43:37 0 d-------- C:\Programmi\Spyware Doctor
2008-05-06 09:47:58 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-06 05:58:13 0 d-------- C:\Programmi\TeamViewer3
2008-05-06 05:57:00 0 d-------- C:\Documents and Settings\dmd\temp
2008-05-01 22:59:24 0 d-------- C:\Programmi\Auslogics

-- Find3M Report ---------------------------------------------------------------

2008-05-06 13:44:50 443528 --a------ C:\WINDOWS\system32\perfh010.dat
2008-05-06 13:44:50 71908 --a------ C:\WINDOWS\system32\perfc010.dat
2008-05-06 13:43:38 0 d-------- C:\Documents and Settings\dmd\Dati applicazioni\PC Tools
2008-05-06 05:59:46 0 d-------- C:\Documents and Settings\dmd\Dati applicazioni\TeamViewer
2008-05-01 22:59:30 0 d-------- C:\Documents and Settings\dmd\Dati applicazioni\Auslogics
2008-04-03 18:01:14 41836 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-03-31 23:17:08 0 d-------- C:\Programmi\File comuni\xing shared
2008-03-31 23:16:44 0 d-------- C:\Programmi\File comuni\Real
2008-03-31 23:16:40 0 d-------- C:\Documents and Settings\dmd\Dati applicazioni\Real
2008-03-23 11:27:00 0 d-------- C:\Programmi\Safari
2008-03-23 11:26:44 0 d-------- C:\Programmi\Apple Software Update
2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PE2CKFNT SE"="C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2006-04-04 12:02]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-08 03:14]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2005-05-14 00:20]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-18 08:59]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-04-27 09:41]
"ANIWZCS2Service"="C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-01 16:59]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-03-31 23:16]
"BOC-426"="C:\PROGRA~1\Comodo\CBOClean\BOC426.exe" [2008-04-10 11:08]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"ISTray"="C:\Programmi\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe

C:\Documents and Settings\dmd\Menu Avvio\Programmi\Esecuzione automatica\
OCRAWARE.lnk - C:\OPLIMIT\OCRAWARE.EXE [2007-02-02 02:11:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized

-- End of Deckard's System Scanner: finished at 2008-05-07 10:29:29 ------------

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12798

Posted 5-7-2008 10:35 (GMT +2)

Than you

If you still have Backdoor.LegMir.BZ. - Please tell where- filename and location ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

dryrain
New Member

Date Joined May 2008
Total Posts : 6

Posted 5-7-2008 10:49 (GMT +2)

I installed SUPERantispyware and I run Hijackthis.
But I couldn't find ony of these records in the log:

O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL (file missing)
O2 - BHO: (no name) - {81905471-F9B1-403C-A27A-F6D056510020} - C:\WINDOWS\System32\iifdd.dll (file missing)
O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG1
O20 - Winlogon Notify: pflzuink - pflzuink.dll (file missing)

Now I'll run in the SAFE MODE to search and, in case of presence, delete the following files: ipudwmnx.ini and ghpgyrcu.ini.

Then I'll run the drewb-cureit.exe to let it make an express scan....

This is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38, on 2008-05-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\Comodo\CBOClean\BOCORE.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\OPLIMIT\ocrawr32.exe
C:\Programmi\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: JT's Blocks - http://download2.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! Fleet - http://download2.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: Yahoo! Scopa - http://download2.games.yahoo.com/games/clients/y/sct5_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download2.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199465029000
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BOCore - COMODO - C:\Programmi\Comodo\CBOClean\BOCORE.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Programmi\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9765 bytes

Forum Information

Currently it is Friday, September 05, 2008 7:22 PM (GMT +2)
There are a total of 61.804 posts in 15.428 threads.
In the last 3 days there were 19 new threads and 61 reply posts. View Active Threads