***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2591. For information, email
support@simplysup.com[Unregistered version]
Scan started at: 21.06.58 20 nov 2009
Using Database v7425
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Pier Luigi\Dati applicazioni\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Dati applicazioni\Simply Super Software\Trojan Remover\Data\
Logfile directory: d:\\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Programmi\Trojan Remover\
Running with Administrator privileges
[Alerts will be shown on Malware files AND files not found]
************************************************************
PC appears to be in SAFE MODE.
************************************************************
************************************************************
21.06.58: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
21.06.59: Scanning -----WINDOWS REGISTRY-----
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1036288 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
This key's "System" value appears to be blank
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SynTPLpr
Value Data: C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
98304 bytes
Created: 30/12/2007 16.45
Modified: 27/05/2004 1.15
Company: Synaptics, Inc.
Value Name: SynTPEnh
Value Data: C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
1015808 bytes
Created: 30/12/2007 16.45
Modified: 15/09/2007 2.27
Company: Synaptics, Inc.
Value Name: SynTPStart
Value Data: C:\Programmi\Synaptics\SynTP\SynTPStart.exe
C:\Programmi\Synaptics\SynTP\SynTPStart.exe
102400 bytes
Created: 15/09/2007 2.29
Modified: 15/09/2007 2.29
Company: Synaptics, Inc.
Value Name: VirusKeeper
Value Data: C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\VirusKeeper.exe
C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\VirusKeeper.exe
3748728 bytes
Created: 01/07/2009 12.29
Modified: 01/07/2009 12.29
Company: AxBx
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
21.07.01: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
ValueName: {56F9679E-7826-4C84-81F3-532071A8BCC5}
File: C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll
304128 bytes
Created: 26/05/2008 21.19
Modified: 24/05/2009 21.41
Company: Microsoft Corporation
************************************************************
21.07.02: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
No Hidden File-loading Registry Entries found
************************************************************
21.07.04: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
21.07.04: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
C:\Programmi\Outlook Express\setup50.exe
73728 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Key: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
C:\Programmi\Outlook Express\setup50.exe
73728 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
************************************************************
21.07.04: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
Key: srservice
Path: %SystemRoot%\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
171520 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.13
Company: Microsoft Corporation
************************************************************
21.07.05: Scanning ----- SERVICES REGISTRY KEYS -----
Key: Adobe LM Service
ImagePath: "C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe"
C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
72704 bytes
Created: 31/12/2007 13.12
Modified: 31/12/2007 13.12
Company: Adobe Systems
Key: CAMCAUD
ImagePath: system32\drivers\camcaud.sys
C:\WINDOWS\system32\drivers\camcaud.sys
293120 bytes
Created: 30/12/2007 16.44
Modified: 23/11/2004 14.57
Company: Conexant Systems Inc.
Key: CAMCHALA
ImagePath: system32\drivers\camchal.sys
C:\WINDOWS\system32\drivers\camchal.sys
280192 bytes
Created: 30/12/2007 16.44
Modified: 23/11/2004 14.57
Company: Conexant Systems Inc.
Key: catchme
ImagePath: \??\C:\DOCUME~1\PIERLU~1\IMPOST~1\Temp\catchme.sys - this file is globally excluded
Key: eabfiltr
ImagePath: \??\C:\WINDOWS\System32\drivers\EABFiltr.sys
C:\WINDOWS\System32\drivers\EABFiltr.sys
-R- 7080 bytes
Created: 30/12/2007 16.56
Modified: 18/08/2003 21.57
Company: Hewlett-Packard Company
Key: eabusb
ImagePath: \??\C:\WINDOWS\system32\drivers\eabusb.sys
C:\WINDOWS\system32\drivers\eabusb.sys
-R- 5220 bytes
Created: 30/12/2007 16.56
Modified: 06/06/2003 20.46
Company: Hewlett-Packard Company
Key: hpqwmi
ImagePath: C:\Programmi\HPQ\SHARED\HPQWMI.exe
C:\Programmi\HPQ\SHARED\HPQWMI.exe
94208 bytes
Created: 30/12/2007 16.56
Modified: 02/05/2004 22.38
Company: Hewlett Packard Company
Key: HSFHWICH
ImagePath: System32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys
207232 bytes
Created: 30/12/2007 16.44
Modified: 15/12/2004 15.18
Company: Conexant Systems, Inc.
Key: HWiNFO32
ImagePath: \??\C:\Programmi\HWiNFO32\HWiNFO32.SYS
C:\Programmi\HWiNFO32\HWiNFO32.SYS
8192 bytes
Created: 31/12/2007 12.33
Modified: 14/09/2007 13.15
Company: REALiX(tm)
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Key: is-IJ3KPdrv
ImagePath: system32\DRIVERS\36779824.sys
C:\WINDOWS\system32\DRIVERS\36779824.sys
148496 bytes
Created: 18/11/2009 23.33
Modified: 08/07/2008 13.54
Company: Kaspersky Lab
Key: Lavasoft Ad-Aware Service
ImagePath: "C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe"
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
1179232 bytes
Created: 24/09/2009 12.17
Modified: 18/11/2009 0.43
Company: Lavasoft
Key: massfilter
ImagePath: system32\DRIVERS\massfilter.sys
C:\WINDOWS\system32\DRIVERS\massfilter.sys
-R- 7680 bytes
Created: 07/08/2009 16.10
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: MBAMSwissArmy
ImagePath: \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
38224 bytes
Created: 10/11/2009 20.19
Modified: 10/09/2009 14.54
Company: Malwarebytes Corporation
Key: MDM
ImagePath: "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 19/06/2003 23.25
Modified: 19/06/2003 23.25
Company: Microsoft Corporation
Key: MpFilter
ImagePath: system32\DRIVERS\MpFilter.sys
C:\WINDOWS\system32\DRIVERS\MpFilter.sys
142832 bytes
Created: 18/06/2009 17.48
Modified: 18/06/2009 17.48
Company: Microsoft Corporation
Key: ose
ImagePath: "C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE"
C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
89136 bytes
Created: 28/07/2003 20.28
Modified: 28/07/2003 20.28
Company: Microsoft Corporation
Key: RTL8023
ImagePath: System32\DRIVERS\Rtlnic51.sys
C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys
69504 bytes
Created: 30/12/2007 16.45
Modified: 27/04/2004 23.03
Company: Realtek Semiconductor Corporation
Key: SASDIFSV
ImagePath: \??\C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS
C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS
9968 bytes
Created: 11/11/2009 10.44
Modified: 11/11/2009 10.44
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
Key: SASENUM
ImagePath: \??\C:\Programmi\SUPERAntiSpyware\SASENUM.SYS
C:\Programmi\SUPERAntiSpyware\SASENUM.SYS
-R- 7408 bytes
Created: 11/11/2009 10.44
Modified: 11/11/2009 10.44
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
Key: SASKUTIL
ImagePath: \??\C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys
C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys
74480 bytes
Created: 11/11/2009 10.44
Modified: 11/11/2009 10.44
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
Key: sr
ImagePath: \SystemRoot\System32\DRIVERS\sr.sys
C:\WINDOWS\System32\DRIVERS\sr.sys
73472 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 2.56
Company: Microsoft Corporation
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{7C263597-21F4-4350-A466-AEAFA975CB9B}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Key: SynTP
ImagePath: System32\DRIVERS\SynTP.sys
C:\WINDOWS\System32\DRIVERS\SynTP.sys
213696 bytes
Created: 30/12/2007 16.45
Modified: 15/09/2007 2.09
Company: Synaptics, Inc.
Key: vkservice
ImagePath: C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe
C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe
1119584 bytes
Created: 26/09/2008 10.10
Modified: 26/09/2008 10.10
Company: AxBx
Key: w29n51
ImagePath: system32\DRIVERS\w29n51.sys
C:\WINDOWS\system32\DRIVERS\w29n51.sys
2210048 bytes
Created: 30/06/2006 2.49
Modified: 26/07/2007 0.44
Company: Intel® Corporation
Key: WMPNetworkSvc
ImagePath: "C:\Programmi\Windows Media Player\WMPNetwk.exe"
C:\Programmi\Windows Media Player\WMPNetwk.exe
918528 bytes
Created: 02/11/2006 22.56
Modified: 02/11/2006 22.56
Company: Microsoft Corporation
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created: 18/10/2006 20.00
Modified: 18/10/2006 20.00
Company: Microsoft Corporation
Key: ZTEusbmdm6k
ImagePath: system32\DRIVERS\ZTEusbmdm6k.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
-R- 104960 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: ZTEusbnet
ImagePath: system32\DRIVERS\ZTEusbnet.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
-R- 110080 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Corporation
Key: ZTEusbnmea
ImagePath: system32\DRIVERS\ZTEusbnmea.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
-R- 105344 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: ZTEusbser6k
ImagePath: system32\DRIVERS\ZTEusbser6k.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
-R- 104960 bytes
Created: 07/08/2009 16.10
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: ZTEusbvoice
ImagePath: system32\DRIVERS\ZTEusbvoice.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
-R- 104960 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}
ImagePath: system32\drivers\wA301a.sys
C:\WINDOWS\system32\drivers\wA301a.sys
33847 bytes
Created: 30/12/2007 16.46
Modified: 07/11/2003 11.45
Company: Intel Corporation
************************************************************
21.07.17: Scanning -----VXD ENTRIES-----
************************************************************
21.07.17: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : !SASWinLogon
DLLName: C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
548352 bytes
Created: 03/09/2009 14.21
Modified: 03/09/2009 14.21
Company: SUPERAntiSpyware.com
************************************************************
21.07.17: Scanning ----- CONTEXTMENUHANDLERS -----
Key: LavasoftShellExt
CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
Path: C:\Programmi\Lavasoft\Ad-Aware\ShellExt.dll
C:\Programmi\Lavasoft\Ad-Aware\ShellExt.dll
163728 bytes
Created: 23/09/2009 14.19
Modified: 18/11/2009 0.47
Company:
Key: ShellExtension
CLSID: [empty]
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL
C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 27/02/2007 11.39
Modified: 27/02/2007 11.39
Company: SUPERAntiSpyware.com
************************************************************
21.07.18: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
378200 bytes
Created: 27/02/2009 12.16
Modified: 27/02/2009 12.16
Company: Adobe Systems, Inc.
************************************************************
21.07.18: Scanning ----- BROWSER HELPER OBJECTS -----
************************************************************
21.07.18: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.13
Company: Microsoft Corporation
************************************************************
21.07.18: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
21.07.18: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
21.07.18: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS value found to check
************************************************************
21.07.19: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
21.07.19: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
-HS- 84 bytes
Created: 30/12/2007 16.24
Modified: 30/12/2007 16.34
Company: [no info]
************************************************************
No User Startup Groups were located to check
************************************************************
21.07.19: Scanning ----- SCHEDULED TASKS -----
Scheduled Tasks not scanned: running in SAFE mode so Task Scheduler service not running
************************************************************
21.07.19: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
21.07.19: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.DIVX
File: DivX.dll
C:\WINDOWS\system32\DivX.dll
685056 bytes
Created: 01/05/2009 22.02
Modified: 01/05/2009 22.02
Company: DivX, Inc.
Value: vidc.yv12
File: DivX.dll
C:\WINDOWS\system32\DivX.dll - file already scanned
************************************************************
21.07.20: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
Winlogon registry rootkit checks completed
Heuristic checks for hidden files/drivers completed
Layered Service Provider entries checks completed
Windows Explorer Policies checks completed
Desktop Wallpaper: C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 31/12/2007 14.10
Modified: 30/09/2008 21.09
Company: [no info]
Web Desktop Wallpaper: %USERPROFILE%\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 31/12/2007 14.10
Modified: 30/09/2008 21.09
Company: [no info]
Checks for rogue DNS NameServers completed
Additional checks completed
************************************************************
21.07.21: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\winlogon.exe
510464 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\services.exe
111104 bytes
Created: 08/04/2003 20.00
Modified: 09/02/2009 12.22
Company: Microsoft Corporation
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\svchost.exe - file already scanned
C:\WINDOWS\system32\svchost.exe - file already scanned
C:\WINDOWS\Explorer.EXE - file already scanned
C:\Documents and Settings\Pier Luigi\Desktop\D.exe
2348928 bytes
Created: 20/11/2009 20.12
Modified: 20/11/2009 20.12
Company:
C:\Documents and Settings\Pier Luigi\Dati applicazioni\Simply Super Software\Trojan Remover\lwn30.exe
FileSize: 3101560
[This is a Trojan Remover component]
************************************************************
21.07.27: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.google.it/HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 21.07.27 20 nov 2009
Total Scan time: 00.00.29
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2591. For information, email
support@simplysup.com[Unregistered version]
Scan started at: 21.05.51 20 nov 2009
Using Database v7425
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Pier Luigi\Dati applicazioni\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Dati applicazioni\Simply Super Software\Trojan Remover\Data\
Logfile directory: d:\\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Programmi\Trojan Remover\
Running with Administrator privileges
[Alerts will be shown on Malware files AND files not found]
************************************************************
PC appears to be in SAFE MODE.
************************************************************
************************************************************
21.05.51: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
21.05.52: Scanning -----WINDOWS REGISTRY-----
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1036288 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
This key's "System" value appears to be blank
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SynTPLpr
Value Data: C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
98304 bytes
Created: 30/12/2007 16.45
Modified: 27/05/2004 1.15
Company: Synaptics, Inc.
Value Name: SynTPEnh
Value Data: C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
1015808 bytes
Created: 30/12/2007 16.45
Modified: 15/09/2007 2.27
Company: Synaptics, Inc.
Value Name: SynTPStart
Value Data: C:\Programmi\Synaptics\SynTP\SynTPStart.exe
C:\Programmi\Synaptics\SynTP\SynTPStart.exe
102400 bytes
Created: 15/09/2007 2.29
Modified: 15/09/2007 2.29
Company: Synaptics, Inc.
Value Name: VirusKeeper
Value Data: C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\VirusKeeper.exe
C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\VirusKeeper.exe
3748728 bytes
Created: 01/07/2009 12.29
Modified: 01/07/2009 12.29
Company: AxBx
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
21.05.54: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
ValueName: {56F9679E-7826-4C84-81F3-532071A8BCC5}
File: C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll
304128 bytes
Created: 26/05/2008 21.19
Modified: 24/05/2009 21.41
Company: Microsoft Corporation
************************************************************
21.05.55: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
No Hidden File-loading Registry Entries found
************************************************************
21.05.56: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
21.05.56: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
C:\Programmi\Outlook Express\setup50.exe
73728 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Key: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
C:\Programmi\Outlook Express\setup50.exe
73728 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
************************************************************
21.05.57: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
Key: srservice
Path: %SystemRoot%\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
171520 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.13
Company: Microsoft Corporation
************************************************************
21.05.57: Scanning ----- SERVICES REGISTRY KEYS -----
Key: Adobe LM Service
ImagePath: "C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe"
C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
72704 bytes
Created: 31/12/2007 13.12
Modified: 31/12/2007 13.12
Company: Adobe Systems
Key: CAMCAUD
ImagePath: system32\drivers\camcaud.sys
C:\WINDOWS\system32\drivers\camcaud.sys
293120 bytes
Created: 30/12/2007 16.44
Modified: 23/11/2004 14.57
Company: Conexant Systems Inc.
Key: CAMCHALA
ImagePath: system32\drivers\camchal.sys
C:\WINDOWS\system32\drivers\camchal.sys
280192 bytes
Created: 30/12/2007 16.44
Modified: 23/11/2004 14.57
Company: Conexant Systems Inc.
Key: catchme
ImagePath: \??\C:\DOCUME~1\PIERLU~1\IMPOST~1\Temp\catchme.sys - this file is globally excluded
Key: eabfiltr
ImagePath: \??\C:\WINDOWS\System32\drivers\EABFiltr.sys
C:\WINDOWS\System32\drivers\EABFiltr.sys
-R- 7080 bytes
Created: 30/12/2007 16.56
Modified: 18/08/2003 21.57
Company: Hewlett-Packard Company
Key: eabusb
ImagePath: \??\C:\WINDOWS\system32\drivers\eabusb.sys
C:\WINDOWS\system32\drivers\eabusb.sys
-R- 5220 bytes
Created: 30/12/2007 16.56
Modified: 06/06/2003 20.46
Company: Hewlett-Packard Company
Key: hpqwmi
ImagePath: C:\Programmi\HPQ\SHARED\HPQWMI.exe
C:\Programmi\HPQ\SHARED\HPQWMI.exe
94208 bytes
Created: 30/12/2007 16.56
Modified: 02/05/2004 22.38
Company: Hewlett Packard Company
Key: HSFHWICH
ImagePath: System32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys
207232 bytes
Created: 30/12/2007 16.44
Modified: 15/12/2004 15.18
Company: Conexant Systems, Inc.
Key: HWiNFO32
ImagePath: \??\C:\Programmi\HWiNFO32\HWiNFO32.SYS
C:\Programmi\HWiNFO32\HWiNFO32.SYS
8192 bytes
Created: 31/12/2007 12.33
Modified: 14/09/2007 13.15
Company: REALiX(tm)
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Key: is-IJ3KPdrv
ImagePath: system32\DRIVERS\36779824.sys
C:\WINDOWS\system32\DRIVERS\36779824.sys
148496 bytes
Created: 18/11/2009 23.33
Modified: 08/07/2008 13.54
Company: Kaspersky Lab
Key: Lavasoft Ad-Aware Service
ImagePath: "C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe"
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
1179232 bytes
Created: 24/09/2009 12.17
Modified: 18/11/2009 0.43
Company: Lavasoft
Key: massfilter
ImagePath: system32\DRIVERS\massfilter.sys
C:\WINDOWS\system32\DRIVERS\massfilter.sys
-R- 7680 bytes
Created: 07/08/2009 16.10
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: MBAMSwissArmy
ImagePath: \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
38224 bytes
Created: 10/11/2009 20.19
Modified: 10/09/2009 14.54
Company: Malwarebytes Corporation
Key: MDM
ImagePath: "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 19/06/2003 23.25
Modified: 19/06/2003 23.25
Company: Microsoft Corporation
Key: MpFilter
ImagePath: system32\DRIVERS\MpFilter.sys
C:\WINDOWS\system32\DRIVERS\MpFilter.sys
142832 bytes
Created: 18/06/2009 17.48
Modified: 18/06/2009 17.48
Company: Microsoft Corporation
Key: ose
ImagePath: "C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE"
C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
89136 bytes
Created: 28/07/2003 20.28
Modified: 28/07/2003 20.28
Company: Microsoft Corporation
Key: RTL8023
ImagePath: System32\DRIVERS\Rtlnic51.sys
C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys
69504 bytes
Created: 30/12/2007 16.45
Modified: 27/04/2004 23.03
Company: Realtek Semiconductor Corporation
Key: SASDIFSV
ImagePath: \??\C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS
C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS
9968 bytes
Created: 11/11/2009 10.44
Modified: 11/11/2009 10.44
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
Key: SASENUM
ImagePath: \??\C:\Programmi\SUPERAntiSpyware\SASENUM.SYS
C:\Programmi\SUPERAntiSpyware\SASENUM.SYS
-R- 7408 bytes
Created: 11/11/2009 10.44
Modified: 11/11/2009 10.44
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
Key: SASKUTIL
ImagePath: \??\C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys
C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys
74480 bytes
Created: 11/11/2009 10.44
Modified: 11/11/2009 10.44
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
Key: sr
ImagePath: \SystemRoot\System32\DRIVERS\sr.sys
C:\WINDOWS\System32\DRIVERS\sr.sys
73472 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 2.56
Company: Microsoft Corporation
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{7C263597-21F4-4350-A466-AEAFA975CB9B}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Key: SynTP
ImagePath: System32\DRIVERS\SynTP.sys
C:\WINDOWS\System32\DRIVERS\SynTP.sys
213696 bytes
Created: 30/12/2007 16.45
Modified: 15/09/2007 2.09
Company: Synaptics, Inc.
Key: vkservice
ImagePath: C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe
C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe
1119584 bytes
Created: 26/09/2008 10.10
Modified: 26/09/2008 10.10
Company: AxBx
Key: w29n51
ImagePath: system32\DRIVERS\w29n51.sys
C:\WINDOWS\system32\DRIVERS\w29n51.sys
2210048 bytes
Created: 30/06/2006 2.49
Modified: 26/07/2007 0.44
Company: Intel® Corporation
Key: WMPNetworkSvc
ImagePath: "C:\Programmi\Windows Media Player\WMPNetwk.exe"
C:\Programmi\Windows Media Player\WMPNetwk.exe
918528 bytes
Created: 02/11/2006 22.56
Modified: 02/11/2006 22.56
Company: Microsoft Corporation
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created: 18/10/2006 20.00
Modified: 18/10/2006 20.00
Company: Microsoft Corporation
Key: ZTEusbmdm6k
ImagePath: system32\DRIVERS\ZTEusbmdm6k.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
-R- 104960 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: ZTEusbnet
ImagePath: system32\DRIVERS\ZTEusbnet.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
-R- 110080 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Corporation
Key: ZTEusbnmea
ImagePath: system32\DRIVERS\ZTEusbnmea.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
-R- 105344 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: ZTEusbser6k
ImagePath: system32\DRIVERS\ZTEusbser6k.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
-R- 104960 bytes
Created: 07/08/2009 16.10
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: ZTEusbvoice
ImagePath: system32\DRIVERS\ZTEusbvoice.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
-R- 104960 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}
ImagePath: system32\drivers\wA301a.sys
C:\WINDOWS\system32\drivers\wA301a.sys
33847 bytes
Created: 30/12/2007 16.46
Modified: 07/11/2003 11.45
Company: Intel Corporation
************************************************************
21.06.12: Scanning -----VXD ENTRIES-----
************************************************************
21.06.12: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : !SASWinLogon
DLLName: C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
548352 bytes
Created: 03/09/2009 14.21
Modified: 03/09/2009 14.21
Company: SUPERAntiSpyware.com
************************************************************
21.06.12: Scanning ----- CONTEXTMENUHANDLERS -----
Key: LavasoftShellExt
CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
Path: C:\Programmi\Lavasoft\Ad-Aware\ShellExt.dll
C:\Programmi\Lavasoft\Ad-Aware\ShellExt.dll
163728 bytes
Created: 23/09/2009 14.19
Modified: 18/11/2009 0.47
Company:
Key: ShellExtension
CLSID: [empty]
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL
C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 27/02/2007 11.39
Modified: 27/02/2007 11.39
Company: SUPERAntiSpyware.com
************************************************************
21.06.13: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
378200 bytes
Created: 27/02/2009 12.16
Modified: 27/02/2009 12.16
Company: Adobe Systems, Inc.
************************************************************
21.06.13: Scanning ----- BROWSER HELPER OBJECTS -----
************************************************************
21.06.13: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.13
Company: Microsoft Corporation
************************************************************
21.06.13: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
21.06.13: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
21.06.13: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS value found to check
************************************************************
21.06.14: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
21.06.14: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
-HS- 84 bytes
Created: 30/12/2007 16.24
Modified: 30/12/2007 16.34
Company: [no info]
************************************************************
No User Startup Groups were located to check
************************************************************
21.06.14: Scanning ----- SCHEDULED TASKS -----
Scheduled Tasks not scanned: running in SAFE mode so Task Scheduler service not running
************************************************************
21.06.14: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
21.06.14: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.DIVX
File: DivX.dll
C:\WINDOWS\system32\DivX.dll
685056 bytes
Created: 01/05/2009 22.02
Modified: 01/05/2009 22.02
Company: DivX, Inc.
Value: vidc.yv12
File: DivX.dll
C:\WINDOWS\system32\DivX.dll - file already scanned
************************************************************
21.06.15: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
Winlogon registry rootkit checks completed
Heuristic checks for hidden files/drivers completed
Layered Service Provider entries checks completed
Windows Explorer Policies checks completed
Desktop Wallpaper: C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 31/12/2007 14.10
Modified: 30/09/2008 21.09
Company: [no info]
Web Desktop Wallpaper: %USERPROFILE%\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 31/12/2007 14.10
Modified: 30/09/2008 21.09
Company: [no info]
Checks for rogue DNS NameServers completed
Additional checks completed
************************************************************
21.06.17: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\winlogon.exe
510464 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\services.exe
111104 bytes
Created: 08/04/2003 20.00
Modified: 09/02/2009 12.22
Company: Microsoft Corporation
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\svchost.exe - file already scanned
C:\WINDOWS\system32\svchost.exe - file already scanned
C:\WINDOWS\Explorer.EXE - file already scanned
C:\Documents and Settings\Pier Luigi\Desktop\D.exe
2348928 bytes
Created: 20/11/2009 20.12
Modified: 20/11/2009 20.12
Company:
C:\Documents and Settings\Pier Luigi\Dati applicazioni\Simply Super Software\Trojan Remover\lwn30.exe
FileSize: 3101560
[This is a Trojan Remover component]
************************************************************
21.06.24: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.google.it/HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 21.06.25 20 nov 2009
Total Scan time: 00.00.33
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2591. For information, email
support@simplysup.com[Unregistered version]
Scan started at: 21.04.52 20 nov 2009
Using Database v7425
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Pier Luigi\Dati applicazioni\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Dati applicazioni\Simply Super Software\Trojan Remover\Data\
Logfile directory: d:\\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Programmi\Trojan Remover\
Running with Administrator privileges
[Alerts will be shown on Malware files AND files not found]
************************************************************
PC appears to be in SAFE MODE.
************************************************************
************************************************************
21.04.52: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
21.04.54: Scanning -----WINDOWS REGISTRY-----
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1036288 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
This key's "System" value appears to be blank
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SynTPLpr
Value Data: C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
98304 bytes
Created: 30/12/2007 16.45
Modified: 27/05/2004 1.15
Company: Synaptics, Inc.
Value Name: SynTPEnh
Value Data: C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
1015808 bytes
Created: 30/12/2007 16.45
Modified: 15/09/2007 2.27
Company: Synaptics, Inc.
Value Name: SynTPStart
Value Data: C:\Programmi\Synaptics\SynTP\SynTPStart.exe
C:\Programmi\Synaptics\SynTP\SynTPStart.exe
102400 bytes
Created: 15/09/2007 2.29
Modified: 15/09/2007 2.29
Company: Synaptics, Inc.
Value Name: VirusKeeper
Value Data: C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\VirusKeeper.exe
C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\VirusKeeper.exe
3748728 bytes
Created: 01/07/2009 12.29
Modified: 01/07/2009 12.29
Company: AxBx
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
21.05.00: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
ValueName: {56F9679E-7826-4C84-81F3-532071A8BCC5}
File: C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll
304128 bytes
Created: 26/05/2008 21.19
Modified: 24/05/2009 21.41
Company: Microsoft Corporation
************************************************************
21.05.01: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
No Hidden File-loading Registry Entries found
************************************************************
21.05.02: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
21.05.02: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
C:\Programmi\Outlook Express\setup50.exe
73728 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Key: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
C:\Programmi\Outlook Express\setup50.exe
73728 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
************************************************************
21.05.04: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
Key: srservice
Path: %SystemRoot%\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
171520 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.13
Company: Microsoft Corporation
************************************************************
21.05.07: Scanning ----- SERVICES REGISTRY KEYS -----
Key: Adobe LM Service
ImagePath: "C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe"
C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
72704 bytes
Created: 31/12/2007 13.12
Modified: 31/12/2007 13.12
Company: Adobe Systems
Key: CAMCAUD
ImagePath: system32\drivers\camcaud.sys
C:\WINDOWS\system32\drivers\camcaud.sys
293120 bytes
Created: 30/12/2007 16.44
Modified: 23/11/2004 14.57
Company: Conexant Systems Inc.
Key: CAMCHALA
ImagePath: system32\drivers\camchal.sys
C:\WINDOWS\system32\drivers\camchal.sys
280192 bytes
Created: 30/12/2007 16.44
Modified: 23/11/2004 14.57
Company: Conexant Systems Inc.
Key: catchme
ImagePath: \??\C:\DOCUME~1\PIERLU~1\IMPOST~1\Temp\catchme.sys - this file is globally excluded
Key: eabfiltr
ImagePath: \??\C:\WINDOWS\System32\drivers\EABFiltr.sys
C:\WINDOWS\System32\drivers\EABFiltr.sys
-R- 7080 bytes
Created: 30/12/2007 16.56
Modified: 18/08/2003 21.57
Company: Hewlett-Packard Company
Key: eabusb
ImagePath: \??\C:\WINDOWS\system32\drivers\eabusb.sys
C:\WINDOWS\system32\drivers\eabusb.sys
-R- 5220 bytes
Created: 30/12/2007 16.56
Modified: 06/06/2003 20.46
Company: Hewlett-Packard Company
Key: hpqwmi
ImagePath: C:\Programmi\HPQ\SHARED\HPQWMI.exe
C:\Programmi\HPQ\SHARED\HPQWMI.exe
94208 bytes
Created: 30/12/2007 16.56
Modified: 02/05/2004 22.38
Company: Hewlett Packard Company
Key: HSFHWICH
ImagePath: System32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys
207232 bytes
Created: 30/12/2007 16.44
Modified: 15/12/2004 15.18
Company: Conexant Systems, Inc.
Key: HWiNFO32
ImagePath: \??\C:\Programmi\HWiNFO32\HWiNFO32.SYS
C:\Programmi\HWiNFO32\HWiNFO32.SYS
8192 bytes
Created: 31/12/2007 12.33
Modified: 14/09/2007 13.15
Company: REALiX(tm)
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Key: is-IJ3KPdrv
ImagePath: system32\DRIVERS\36779824.sys
C:\WINDOWS\system32\DRIVERS\36779824.sys
148496 bytes
Created: 18/11/2009 23.33
Modified: 08/07/2008 13.54
Company: Kaspersky Lab
Key: Lavasoft Ad-Aware Service
ImagePath: "C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe"
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
1179232 bytes
Created: 24/09/2009 12.17
Modified: 18/11/2009 0.43
Company: Lavasoft
Key: massfilter
ImagePath: system32\DRIVERS\massfilter.sys
C:\WINDOWS\system32\DRIVERS\massfilter.sys
-R- 7680 bytes
Created: 07/08/2009 16.10
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: MBAMSwissArmy
ImagePath: \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
38224 bytes
Created: 10/11/2009 20.19
Modified: 10/09/2009 14.54
Company: Malwarebytes Corporation
Key: MDM
ImagePath: "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 19/06/2003 23.25
Modified: 19/06/2003 23.25
Company: Microsoft Corporation
Key: MpFilter
ImagePath: system32\DRIVERS\MpFilter.sys
C:\WINDOWS\system32\DRIVERS\MpFilter.sys
142832 bytes
Created: 18/06/2009 17.48
Modified: 18/06/2009 17.48
Company: Microsoft Corporation
Key: ose
ImagePath: "C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE"
C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
89136 bytes
Created: 28/07/2003 20.28
Modified: 28/07/2003 20.28
Company: Microsoft Corporation
Key: RTL8023
ImagePath: System32\DRIVERS\Rtlnic51.sys
C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys
69504 bytes
Created: 30/12/2007 16.45
Modified: 27/04/2004 23.03
Company: Realtek Semiconductor Corporation
Key: SASDIFSV
ImagePath: \??\C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS
C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS
9968 bytes
Created: 11/11/2009 10.44
Modified: 11/11/2009 10.44
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
Key: SASENUM
ImagePath: \??\C:\Programmi\SUPERAntiSpyware\SASENUM.SYS
C:\Programmi\SUPERAntiSpyware\SASENUM.SYS
-R- 7408 bytes
Created: 11/11/2009 10.44
Modified: 11/11/2009 10.44
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
Key: SASKUTIL
ImagePath: \??\C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys
C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys
74480 bytes
Created: 11/11/2009 10.44
Modified: 11/11/2009 10.44
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
Key: sr
ImagePath: \SystemRoot\System32\DRIVERS\sr.sys
C:\WINDOWS\System32\DRIVERS\sr.sys
73472 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 2.56
Company: Microsoft Corporation
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{7C263597-21F4-4350-A466-AEAFA975CB9B}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Key: SynTP
ImagePath: System32\DRIVERS\SynTP.sys
C:\WINDOWS\System32\DRIVERS\SynTP.sys
213696 bytes
Created: 30/12/2007 16.45
Modified: 15/09/2007 2.09
Company: Synaptics, Inc.
Key: vkservice
ImagePath: C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe
C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe
1119584 bytes
Created: 26/09/2008 10.10
Modified: 26/09/2008 10.10
Company: AxBx
Key: w29n51
ImagePath: system32\DRIVERS\w29n51.sys
C:\WINDOWS\system32\DRIVERS\w29n51.sys
2210048 bytes
Created: 30/06/2006 2.49
Modified: 26/07/2007 0.44
Company: Intel® Corporation
Key: WMPNetworkSvc
ImagePath: "C:\Programmi\Windows Media Player\WMPNetwk.exe"
C:\Programmi\Windows Media Player\WMPNetwk.exe
918528 bytes
Created: 02/11/2006 22.56
Modified: 02/11/2006 22.56
Company: Microsoft Corporation
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created: 18/10/2006 20.00
Modified: 18/10/2006 20.00
Company: Microsoft Corporation
Key: ZTEusbmdm6k
ImagePath: system32\DRIVERS\ZTEusbmdm6k.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
-R- 104960 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: ZTEusbnet
ImagePath: system32\DRIVERS\ZTEusbnet.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
-R- 110080 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Corporation
Key: ZTEusbnmea
ImagePath: system32\DRIVERS\ZTEusbnmea.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
-R- 105344 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: ZTEusbser6k
ImagePath: system32\DRIVERS\ZTEusbser6k.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
-R- 104960 bytes
Created: 07/08/2009 16.10
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: ZTEusbvoice
ImagePath: system32\DRIVERS\ZTEusbvoice.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
-R- 104960 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}
ImagePath: system32\drivers\wA301a.sys
C:\WINDOWS\system32\drivers\wA301a.sys
33847 bytes
Created: 30/12/2007 16.46
Modified: 07/11/2003 11.45
Company: Intel Corporation
************************************************************
21.05.25: Scanning -----VXD ENTRIES-----
************************************************************
21.05.25: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : !SASWinLogon
DLLName: C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
548352 bytes
Created: 03/09/2009 14.21
Modified: 03/09/2009 14.21
Company: SUPERAntiSpyware.com
************************************************************
21.05.26: Scanning ----- CONTEXTMENUHANDLERS -----
Key: LavasoftShellExt
CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
Path: C:\Programmi\Lavasoft\Ad-Aware\ShellExt.dll
C:\Programmi\Lavasoft\Ad-Aware\ShellExt.dll
163728 bytes
Created: 23/09/2009 14.19
Modified: 18/11/2009 0.47
Company:
Key: ShellExtension
CLSID: [empty]
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL
C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 27/02/2007 11.39
Modified: 27/02/2007 11.39
Company: SUPERAntiSpyware.com
************************************************************
21.05.27: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
378200 bytes
Created: 27/02/2009 12.16
Modified: 27/02/2009 12.16
Company: Adobe Systems, Inc.
************************************************************
21.05.27: Scanning ----- BROWSER HELPER OBJECTS -----
************************************************************
21.05.27: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.13
Company: Microsoft Corporation
************************************************************
21.05.28: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
21.05.28: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
21.05.28: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS value found to check
************************************************************
21.05.28: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
21.05.29: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
-HS- 84 bytes
Created: 30/12/2007 16.24
Modified: 30/12/2007 16.34
Company: [no info]
************************************************************
No User Startup Groups were located to check
************************************************************
21.05.29: Scanning ----- SCHEDULED TASKS -----
Scheduled Tasks not scanned: running in SAFE mode so Task Scheduler service not running
************************************************************
21.05.29: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
21.05.29: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.DIVX
File: DivX.dll
C:\WINDOWS\system32\DivX.dll
685056 bytes
Created: 01/05/2009 22.02
Modified: 01/05/2009 22.02
Company: DivX, Inc.
Value: vidc.yv12
File: DivX.dll
C:\WINDOWS\system32\DivX.dll - file already scanned
************************************************************
21.05.31: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
Winlogon registry rootkit checks completed
Heuristic checks for hidden files/drivers completed
Layered Service Provider entries checks completed
Windows Explorer Policies checks completed
Desktop Wallpaper: C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 31/12/2007 14.10
Modified: 30/09/2008 21.09
Company: [no info]
Web Desktop Wallpaper: %USERPROFILE%\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 31/12/2007 14.10
Modified: 30/09/2008 21.09
Company: [no info]
Checks for rogue DNS NameServers completed
Additional checks completed
************************************************************
21.05.33: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\winlogon.exe
510464 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\services.exe
111104 bytes
Created: 08/04/2003 20.00
Modified: 09/02/2009 12.22
Company: Microsoft Corporation
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\svchost.exe - file already scanned
C:\WINDOWS\system32\svchost.exe - file already scanned
C:\WINDOWS\Explorer.EXE - file already scanned
C:\Documents and Settings\Pier Luigi\Desktop\D.exe
2348928 bytes
Created: 20/11/2009 20.12
Modified: 20/11/2009 20.12
Company:
C:\Documents and Settings\Pier Luigi\Dati applicazioni\Simply Super Software\Trojan Remover\lwn30.exe
FileSize: 3101560
[This is a Trojan Remover component]
************************************************************
21.05.41: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.google.it/HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 21.05.42 20 nov 2009
Total Scan time: 00.00.49
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2591. For information, email
support@simplysup.com[Unregistered version]
Scan started at: 19.58.00 20 nov 2009
Using Database v7425
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Pier Luigi\Dati applicazioni\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Dati applicazioni\Simply Super Software\Trojan Remover\Data\
Logfile directory: d:\\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Programmi\Trojan Remover\
Running with Administrator privileges
[Alerts will be shown on Malware files AND files not found]
************************************************************
************************************************************
19.58.00: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
19.58.00: Scanning -----WINDOWS REGISTRY-----
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1036288 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
This key's "System" value appears to be blank
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SynTPLpr
Value Data: C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
98304 bytes
Created: 30/12/2007 16.45
Modified: 27/05/2004 1.15
Company: Synaptics, Inc.
Value Name: SynTPEnh
Value Data: C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
1015808 bytes
Created: 30/12/2007 16.45
Modified: 15/09/2007 2.27
Company: Synaptics, Inc.
Value Name: SynTPStart
Value Data: C:\Programmi\Synaptics\SynTP\SynTPStart.exe
C:\Programmi\Synaptics\SynTP\SynTPStart.exe
102400 bytes
Created: 15/09/2007 2.29
Modified: 15/09/2007 2.29
Company: Synaptics, Inc.
Value Name: VirusKeeper
Value Data: C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\VirusKeeper.exe
C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\VirusKeeper.exe
3748728 bytes
Created: 01/07/2009 12.29
Modified: 01/07/2009 12.29
Company: AxBx
Value Name: TrojanScanner
Value Data: C:\Programmi\Trojan Remover\Trjscan.exe /boot
C:\Programmi\Trojan Remover\Trjscan.exe
1070984 bytes
Created: 20/11/2009 19.46
Modified: 17/10/2009 20.35
Company: Simply Super Software
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
19.58.02: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
ValueName: {56F9679E-7826-4C84-81F3-532071A8BCC5}
File: C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll
304128 bytes
Created: 26/05/2008 21.19
Modified: 24/05/2009 21.41
Company: Microsoft Corporation
************************************************************
19.58.02: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
No Hidden File-loading Registry Entries found
************************************************************
19.58.03: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
19.58.03: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
C:\Programmi\Outlook Express\setup50.exe
73728 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Key: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
C:\Programmi\Outlook Express\setup50.exe
73728 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
************************************************************
19.58.03: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
Key: srservice
Path: %SystemRoot%\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
171520 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.13
Company: Microsoft Corporation
************************************************************
19.58.03: Scanning ----- SERVICES REGISTRY KEYS -----
Key: Adobe LM Service
ImagePath: "C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe"
C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
72704 bytes
Created: 31/12/2007 13.12
Modified: 31/12/2007 13.12
Company: Adobe Systems
Key: CAMCAUD
ImagePath: system32\drivers\camcaud.sys
C:\WINDOWS\system32\drivers\camcaud.sys
293120 bytes
Created: 30/12/2007 16.44
Modified: 23/11/2004 14.57
Company: Conexant Systems Inc.
Key: CAMCHALA
ImagePath: system32\drivers\camchal.sys
C:\WINDOWS\system32\drivers\camchal.sys
280192 bytes
Created: 30/12/2007 16.44
Modified: 23/11/2004 14.57
Company: Conexant Systems Inc.
Key: catchme
ImagePath: \??\C:\DOCUME~1\PIERLU~1\IMPOST~1\Temp\catchme.sys - this file is globally excluded
Key: eabfiltr
ImagePath: \??\C:\WINDOWS\System32\drivers\EABFiltr.sys
C:\WINDOWS\System32\drivers\EABFiltr.sys
-R- 7080 bytes
Created: 30/12/2007 16.56
Modified: 18/08/2003 21.57
Company: Hewlett-Packard Company
Key: eabusb
ImagePath: \??\C:\WINDOWS\system32\drivers\eabusb.sys
C:\WINDOWS\system32\drivers\eabusb.sys
-R- 5220 bytes
Created: 30/12/2007 16.56
Modified: 06/06/2003 20.46
Company: Hewlett-Packard Company
Key: hpqwmi
ImagePath: C:\Programmi\HPQ\SHARED\HPQWMI.exe
C:\Programmi\HPQ\SHARED\HPQWMI.exe
94208 bytes
Created: 30/12/2007 16.56
Modified: 02/05/2004 22.38
Company: Hewlett Packard Company
Key: HSFHWICH
ImagePath: System32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys
207232 bytes
Created: 30/12/2007 16.44
Modified: 15/12/2004 15.18
Company: Conexant Systems, Inc.
Key: HWiNFO32
ImagePath: \??\C:\Programmi\HWiNFO32\HWiNFO32.SYS
C:\Programmi\HWiNFO32\HWiNFO32.SYS
8192 bytes
Created: 31/12/2007 12.33
Modified: 14/09/2007 13.15
Company: REALiX(tm)
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Key: is-IJ3KPdrv
ImagePath: system32\DRIVERS\36779824.sys
C:\WINDOWS\system32\DRIVERS\36779824.sys
148496 bytes
Created: 18/11/2009 23.33
Modified: 08/07/2008 13.54
Company: Kaspersky Lab
Key: Lavasoft Ad-Aware Service
ImagePath: "C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe"
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
1179232 bytes
Created: 24/09/2009 12.17
Modified: 18/11/2009 0.43
Company: Lavasoft
Key: massfilter
ImagePath: system32\DRIVERS\massfilter.sys
C:\WINDOWS\system32\DRIVERS\massfilter.sys
-R- 7680 bytes
Created: 07/08/2009 16.10
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: MBAMSwissArmy
ImagePath: \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
38224 bytes
Created: 10/11/2009 20.19
Modified: 10/09/2009 14.54
Company: Malwarebytes Corporation
Key: MDM
ImagePath: "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 19/06/2003 23.25
Modified: 19/06/2003 23.25
Company: Microsoft Corporation
Key: MpFilter
ImagePath: system32\DRIVERS\MpFilter.sys
C:\WINDOWS\system32\DRIVERS\MpFilter.sys
142832 bytes
Created: 18/06/2009 17.48
Modified: 18/06/2009 17.48
Company: Microsoft Corporation
Key: ose
ImagePath: "C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE"
C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
89136 bytes
Created: 28/07/2003 20.28
Modified: 28/07/2003 20.28
Company: Microsoft Corporation
Key: RTL8023
ImagePath: System32\DRIVERS\Rtlnic51.sys
C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys
69504 bytes
Created: 30/12/2007 16.45
Modified: 27/04/2004 23.03
Company: Realtek Semiconductor Corporation
Key: SASDIFSV
ImagePath: \??\C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS
C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS
9968 bytes
Created: 11/11/2009 10.44
Modified: 11/11/2009 10.44
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
Key: SASENUM
ImagePath: \??\C:\Programmi\SUPERAntiSpyware\SASENUM.SYS
C:\Programmi\SUPERAntiSpyware\SASENUM.SYS
-R- 7408 bytes
Created: 11/11/2009 10.44
Modified: 11/11/2009 10.44
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
Key: SASKUTIL
ImagePath: \??\C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys
C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys
74480 bytes
Created: 11/11/2009 10.44
Modified: 11/11/2009 10.44
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
Key: sr
ImagePath: \SystemRoot\System32\DRIVERS\sr.sys
C:\WINDOWS\System32\DRIVERS\sr.sys
73472 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 2.56
Company: Microsoft Corporation
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{7C263597-21F4-4350-A466-AEAFA975CB9B}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Key: SynTP
ImagePath: System32\DRIVERS\SynTP.sys
C:\WINDOWS\System32\DRIVERS\SynTP.sys
213696 bytes
Created: 30/12/2007 16.45
Modified: 15/09/2007 2.09
Company: Synaptics, Inc.
Key: vkservice
ImagePath: C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe
C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe
1119584 bytes
Created: 26/09/2008 10.10
Modified: 26/09/2008 10.10
Company: AxBx
Key: w29n51
ImagePath: system32\DRIVERS\w29n51.sys
C:\WINDOWS\system32\DRIVERS\w29n51.sys
2210048 bytes
Created: 30/06/2006 2.49
Modified: 26/07/2007 0.44
Company: Intel® Corporation
Key: WMPNetworkSvc
ImagePath: "C:\Programmi\Windows Media Player\WMPNetwk.exe"
C:\Programmi\Windows Media Player\WMPNetwk.exe
918528 bytes
Created: 02/11/2006 22.56
Modified: 02/11/2006 22.56
Company: Microsoft Corporation
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created: 18/10/2006 20.00
Modified: 18/10/2006 20.00
Company: Microsoft Corporation
Key: ZTEusbmdm6k
ImagePath: system32\DRIVERS\ZTEusbmdm6k.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
-R- 104960 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: ZTEusbnet
ImagePath: system32\DRIVERS\ZTEusbnet.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
-R- 110080 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Corporation
Key: ZTEusbnmea
ImagePath: system32\DRIVERS\ZTEusbnmea.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
-R- 105344 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: ZTEusbser6k
ImagePath: system32\DRIVERS\ZTEusbser6k.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
-R- 104960 bytes
Created: 07/08/2009 16.10
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: ZTEusbvoice
ImagePath: system32\DRIVERS\ZTEusbvoice.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
-R- 104960 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}
ImagePath: system32\drivers\wA301a.sys
C:\WINDOWS\system32\drivers\wA301a.sys
33847 bytes
Created: 30/12/2007 16.46
Modified: 07/11/2003 11.45
Company: Intel Corporation
************************************************************
19.58.12: Scanning -----VXD ENTRIES-----
************************************************************
19.58.12: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : !SASWinLogon
DLLName: C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
548352 bytes
Created: 03/09/2009 14.21
Modified: 03/09/2009 14.21
Company: SUPERAntiSpyware.com
************************************************************
19.58.12: Scanning ----- CONTEXTMENUHANDLERS -----
Key: LavasoftShellExt
CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
Path: C:\Programmi\Lavasoft\Ad-Aware\ShellExt.dll
C:\Programmi\Lavasoft\Ad-Aware\ShellExt.dll
163728 bytes
Created: 23/09/2009 14.19
Modified: 18/11/2009 0.47
Company:
Key: ShellExtension
CLSID: [empty]
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL
C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 27/02/2007 11.39
Modified: 27/02/2007 11.39
Company: SUPERAntiSpyware.com
************************************************************
19.58.12: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
378200 bytes
Created: 27/02/2009 12.16
Modified: 27/02/2009 12.16
Company: Adobe Systems, Inc.
************************************************************
19.58.12: Scanning ----- BROWSER HELPER OBJECTS -----
************************************************************
19.58.12: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.13
Company: Microsoft Corporation
************************************************************
19.58.13: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
19.58.13: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
19.58.13: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS value found to check
************************************************************
19.58.13: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
19.58.13: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
-HS- 84 bytes
Created: 30/12/2007 16.24
Modified: 30/12/2007 16.34
Company: [no info]
************************************************************
No User Startup Groups were located to check
************************************************************
19.58.13: Scanning ----- SCHEDULED TASKS -----
Taskname: Ad-Aware Update (Weekly)
File: C:\Programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
822904 bytes
Created: 01/10/2009 14.06
Modified: 18/11/2009 0.44
Company: Lavasoft
Parameters: update all silent
Schedule: alle 00:48 ogni mer, sab di ogni settimana, dal 18/11/2009
Next Run Time: 21/11/2009 0.48.00
Status: Has not run
Status: SYSTEM
Comments: In tal modo viene eseguito un aggiornamento pianificato con Ad-Aware
Taskname: GoogleUpdateTaskUserS-1-5-21-790525478-764733703-854245398-1004Core
File: C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 12/11/2008 21.28
Modified: 12/11/2008 21.28
Company: Google Inc.
Parameters: /c
Schedule: alle 22:08 ogni giorno, dal 01/11/2009
Next Run Time: 20/11/2009 22.08.00
Status: Ready
Status: Pier Luigi
Comments: Tiene aggiornato il software di Google. Se questa attività viene disabilitata o interrotta, il software di Google non verrà mantenuto aggiornato. Ciò non permetterà di risolvere eventuali problemi dovuti a vulnerabilità della protezione e alcune funzionalità potrebbero non essere eseguite corretamente. Questa attività viene disinstallata automaticamente quando non viene utilizzata da alcun software di Google.
Taskname: GoogleUpdateTaskUserS-1-5-21-790525478-764733703-854245398-1004UA
File: C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 12/11/2008 21.28
Modified: 12/11/2008 21.28
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: Ogni 1 ora/e dalle 22:08 per 24 ora/e ogni giorno, dal 01/11/2009
Next Run Time: 20/11/2009 20.08.00
Status: Ready
Status: Pier Luigi
Comments: Tiene aggiornato il software di Google. Se questa attività viene disabilitata o interrotta, il software di Google non verrà mantenuto aggiornato. Ciò non permetterà di risolvere eventuali problemi dovuti a vulnerabilità della protezione e alcune funzionalità potrebbero non essere eseguite corretamente. Questa attività viene disinstallata automaticamente quando non viene utilizzata da alcun software di Google.
************************************************************
19.58.14: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
19.58.14: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.DIVX
File: DivX.dll
C:\WINDOWS\system32\DivX.dll
685056 bytes
Created: 01/05/2009 22.02
Modified: 01/05/2009 22.02
Company: DivX, Inc.
Value: vidc.yv12
File: DivX.dll
C:\WINDOWS\system32\DivX.dll - file already scanned
************************************************************
19.58.14: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
Winlogon registry rootkit checks completed
Heuristic checks for hidden files/drivers completed
Layered Service Provider entries checks completed
Windows Explorer Policies checks completed
Desktop Wallpaper: C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 31/12/2007 14.10
Modified: 30/09/2008 21.09
Company: [no info]
Web Desktop Wallpaper: %USERPROFILE%\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 31/12/2007 14.10
Modified: 30/09/2008 21.09
Company: [no info]
Checks for rogue DNS NameServers completed
Additional checks completed
************************************************************
19.58.15: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\winlogon.exe
510464 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\services.exe
111104 bytes
Created: 08/04/2003 20.00
Modified: 09/02/2009 12.22
Company: Microsoft Corporation
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\svchost.exe - file already scanned
C:\WINDOWS\System32\svchost.exe - file already scanned
C:\WINDOWS\system32\svchost.exe - file already scanned
C:\WINDOWS\System32\svchost.exe - file already scanned
C:\WINDOWS\system32\svchost.exe - file already scanned
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\netdde.exe
113152 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\System32\svchost.exe - file already scanned
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE - file already scanned
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
132096 bytes
Created: 29/07/2008 18.16
Modified: 29/07/2008 18.16
Company: Microsoft Corporation
C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe - file already scanned
C:\WINDOWS\system32\wuauclt.exe
53472 bytes
Created: 30/12/2007 16.30
Modified: 06/08/2009 19.24
Company: Microsoft Corporation
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.13
Company: Microsoft Corporation
C:\WINDOWS\System32\svchost.exe - file already scanned
C:\WINDOWS\Explorer.EXE - file already scanned
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe - file already scanned
C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\VirusKeeper.exe - file already scanned
C:\Programmi\Trojan Remover\Trjscan.exe - file already scanned
C:\Documents and Settings\Pier Luigi\Dati applicazioni\Simply Super Software\Trojan Remover\aqk3.exe
FileSize: 3101560
[This is a Trojan Remover component]
************************************************************
19.58.21: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.google.it/HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 19.58.22 20 nov 2009
Total Scan time: 00.00.21
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2591. For information, email
support@simplysup.com[Unregistered version]
Scan started at: 19.56.56 20 nov 2009
Using Database v7425
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Pier Luigi\Dati applicazioni\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Dati applicazioni\Simply Super Software\Trojan Remover\Data\
Logfile directory: d:\\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Programmi\Trojan Remover\
Running with Administrator privileges
[Alerts will be shown on Malware files AND files not found]
************************************************************
************************************************************
19.56.56: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
19.56.58: Scanning -----WINDOWS REGISTRY-----
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1036288 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
This key's "System" value appears to be blank
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SynTPLpr
Value Data: C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
98304 bytes
Created: 30/12/2007 16.45
Modified: 27/05/2004 1.15
Company: Synaptics, Inc.
Value Name: SynTPEnh
Value Data: C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
1015808 bytes
Created: 30/12/2007 16.45
Modified: 15/09/2007 2.27
Company: Synaptics, Inc.
Value Name: SynTPStart
Value Data: C:\Programmi\Synaptics\SynTP\SynTPStart.exe
C:\Programmi\Synaptics\SynTP\SynTPStart.exe
102400 bytes
Created: 15/09/2007 2.29
Modified: 15/09/2007 2.29
Company: Synaptics, Inc.
Value Name: VirusKeeper
Value Data: C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\VirusKeeper.exe
C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\VirusKeeper.exe
3748728 bytes
Created: 01/07/2009 12.29
Modified: 01/07/2009 12.29
Company: AxBx
Value Name: TrojanScanner
Value Data: C:\Programmi\Trojan Remover\Trjscan.exe /boot
C:\Programmi\Trojan Remover\Trjscan.exe
1070984 bytes
Created: 20/11/2009 19.46
Modified: 17/10/2009 20.35
Company: Simply Super Software
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
19.57.00: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
ValueName: {56F9679E-7826-4C84-81F3-532071A8BCC5}
File: C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll
304128 bytes
Created: 26/05/2008 21.19
Modified: 24/05/2009 21.41
Company: Microsoft Corporation
************************************************************
19.57.00: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
No Hidden File-loading Registry Entries found
************************************************************
19.57.01: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
19.57.01: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
C:\Programmi\Outlook Express\setup50.exe
73728 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Key: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
C:\Programmi\Outlook Express\setup50.exe
73728 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
************************************************************
19.57.02: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
Key: srservice
Path: %SystemRoot%\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
171520 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.13
Company: Microsoft Corporation
************************************************************
19.57.04: Scanning ----- SERVICES REGISTRY KEYS -----
Key: Adobe LM Service
ImagePath: "C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe"
C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
72704 bytes
Created: 31/12/2007 13.12
Modified: 31/12/2007 13.12
Company: Adobe Systems
Key: CAMCAUD
ImagePath: system32\drivers\camcaud.sys
C:\WINDOWS\system32\drivers\camcaud.sys
293120 bytes
Created: 30/12/2007 16.44
Modified: 23/11/2004 14.57
Company: Conexant Systems Inc.
Key: CAMCHALA
ImagePath: system32\drivers\camchal.sys
C:\WINDOWS\system32\drivers\camchal.sys
280192 bytes
Created: 30/12/2007 16.44
Modified: 23/11/2004 14.57
Company: Conexant Systems Inc.
Key: catchme
ImagePath: \??\C:\DOCUME~1\PIERLU~1\IMPOST~1\Temp\catchme.sys - this file is globally excluded
Key: eabfiltr
ImagePath: \??\C:\WINDOWS\System32\drivers\EABFiltr.sys
C:\WINDOWS\System32\drivers\EABFiltr.sys
-R- 7080 bytes
Created: 30/12/2007 16.56
Modified: 18/08/2003 21.57
Company: Hewlett-Packard Company
Key: eabusb
ImagePath: \??\C:\WINDOWS\system32\drivers\eabusb.sys
C:\WINDOWS\system32\drivers\eabusb.sys
-R- 5220 bytes
Created: 30/12/2007 16.56
Modified: 06/06/2003 20.46
Company: Hewlett-Packard Company
Key: hpqwmi
ImagePath: C:\Programmi\HPQ\SHARED\HPQWMI.exe
C:\Programmi\HPQ\SHARED\HPQWMI.exe
94208 bytes
Created: 30/12/2007 16.56
Modified: 02/05/2004 22.38
Company: Hewlett Packard Company
Key: HSFHWICH
ImagePath: System32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys
207232 bytes
Created: 30/12/2007 16.44
Modified: 15/12/2004 15.18
Company: Conexant Systems, Inc.
Key: HWiNFO32
ImagePath: \??\C:\Programmi\HWiNFO32\HWiNFO32.SYS
C:\Programmi\HWiNFO32\HWiNFO32.SYS
8192 bytes
Created: 31/12/2007 12.33
Modified: 14/09/2007 13.15
Company: REALiX(tm)
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Key: is-IJ3KPdrv
ImagePath: system32\DRIVERS\36779824.sys
C:\WINDOWS\system32\DRIVERS\36779824.sys
148496 bytes
Created: 18/11/2009 23.33
Modified: 08/07/2008 13.54
Company: Kaspersky Lab
Key: Lavasoft Ad-Aware Service
ImagePath: "C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe"
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
1179232 bytes
Created: 24/09/2009 12.17
Modified: 18/11/2009 0.43
Company: Lavasoft
Key: massfilter
ImagePath: system32\DRIVERS\massfilter.sys
C:\WINDOWS\system32\DRIVERS\massfilter.sys
-R- 7680 bytes
Created: 07/08/2009 16.10
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: MBAMSwissArmy
ImagePath: \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
38224 bytes
Created: 10/11/2009 20.19
Modified: 10/09/2009 14.54
Company: Malwarebytes Corporation
Key: MDM
ImagePath: "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 19/06/2003 23.25
Modified: 19/06/2003 23.25
Company: Microsoft Corporation
Key: MpFilter
ImagePath: system32\DRIVERS\MpFilter.sys
C:\WINDOWS\system32\DRIVERS\MpFilter.sys
142832 bytes
Created: 18/06/2009 17.48
Modified: 18/06/2009 17.48
Company: Microsoft Corporation
Key: ose
ImagePath: "C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE"
C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
89136 bytes
Created: 28/07/2003 20.28
Modified: 28/07/2003 20.28
Company: Microsoft Corporation
Key: RTL8023
ImagePath: System32\DRIVERS\Rtlnic51.sys
C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys
69504 bytes
Created: 30/12/2007 16.45
Modified: 27/04/2004 23.03
Company: Realtek Semiconductor Corporation
Key: SASDIFSV
ImagePath: \??\C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS
C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS
9968 bytes
Created: 11/11/2009 10.44
Modified: 11/11/2009 10.44
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
Key: SASENUM
ImagePath: \??\C:\Programmi\SUPERAntiSpyware\SASENUM.SYS
C:\Programmi\SUPERAntiSpyware\SASENUM.SYS
-R- 7408 bytes
Created: 11/11/2009 10.44
Modified: 11/11/2009 10.44
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
Key: SASKUTIL
ImagePath: \??\C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys
C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys
74480 bytes
Created: 11/11/2009 10.44
Modified: 11/11/2009 10.44
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
Key: sr
ImagePath: \SystemRoot\System32\DRIVERS\sr.sys
C:\WINDOWS\System32\DRIVERS\sr.sys
73472 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 2.56
Company: Microsoft Corporation
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{7C263597-21F4-4350-A466-AEAFA975CB9B}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Key: SynTP
ImagePath: System32\DRIVERS\SynTP.sys
C:\WINDOWS\System32\DRIVERS\SynTP.sys
213696 bytes
Created: 30/12/2007 16.45
Modified: 15/09/2007 2.09
Company: Synaptics, Inc.
Key: vkservice
ImagePath: C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe
C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe
1119584 bytes
Created: 26/09/2008 10.10
Modified: 26/09/2008 10.10
Company: AxBx
Key: w29n51
ImagePath: system32\DRIVERS\w29n51.sys
C:\WINDOWS\system32\DRIVERS\w29n51.sys
2210048 bytes
Created: 30/06/2006 2.49
Modified: 26/07/2007 0.44
Company: Intel® Corporation
Key: WMPNetworkSvc
ImagePath: "C:\Programmi\Windows Media Player\WMPNetwk.exe"
C:\Programmi\Windows Media Player\WMPNetwk.exe
918528 bytes
Created: 02/11/2006 22.56
Modified: 02/11/2006 22.56
Company: Microsoft Corporation
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created: 18/10/2006 20.00
Modified: 18/10/2006 20.00
Company: Microsoft Corporation
Key: ZTEusbmdm6k
ImagePath: system32\DRIVERS\ZTEusbmdm6k.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
-R- 104960 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: ZTEusbnet
ImagePath: system32\DRIVERS\ZTEusbnet.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
-R- 110080 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Corporation
Key: ZTEusbnmea
ImagePath: system32\DRIVERS\ZTEusbnmea.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
-R- 105344 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: ZTEusbser6k
ImagePath: system32\DRIVERS\ZTEusbser6k.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
-R- 104960 bytes
Created: 07/08/2009 16.10
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: ZTEusbvoice
ImagePath: system32\DRIVERS\ZTEusbvoice.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
-R- 104960 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}
ImagePath: system32\drivers\wA301a.sys
C:\WINDOWS\system32\drivers\wA301a.sys
33847 bytes
Created: 30/12/2007 16.46
Modified: 07/11/2003 11.45
Company: Intel Corporation
************************************************************
19.57.17: Scanning -----VXD ENTRIES-----
************************************************************
19.57.17: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : !SASWinLogon
DLLName: C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
548352 bytes
Created: 03/09/2009 14.21
Modified: 03/09/2009 14.21
Company: SUPERAntiSpyware.com
************************************************************
19.57.18: Scanning ----- CONTEXTMENUHANDLERS -----
Key: LavasoftShellExt
CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
Path: C:\Programmi\Lavasoft\Ad-Aware\ShellExt.dll
C:\Programmi\Lavasoft\Ad-Aware\ShellExt.dll
163728 bytes
Created: 23/09/2009 14.19
Modified: 18/11/2009 0.47
Company:
Key: ShellExtension
CLSID: [empty]
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL
C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 27/02/2007 11.39
Modified: 27/02/2007 11.39
Company: SUPERAntiSpyware.com
************************************************************
19.57.18: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
378200 bytes
Created: 27/02/2009 12.16
Modified: 27/02/2009 12.16
Company: Adobe Systems, Inc.
************************************************************
19.57.18: Scanning ----- BROWSER HELPER OBJECTS -----
************************************************************
19.57.18: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.13
Company: Microsoft Corporation
************************************************************
19.57.19: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
19.57.19: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
19.57.19: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS value found to check
************************************************************
19.57.19: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
19.57.19: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
-HS- 84 bytes
Created: 30/12/2007 16.24
Modified: 30/12/2007 16.34
Company: [no info]
************************************************************
No User Startup Groups were located to check
************************************************************
19.57.19: Scanning ----- SCHEDULED TASKS -----
Taskname: Ad-Aware Update (Weekly)
File: C:\Programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
822904 bytes
Created: 01/10/2009 14.06
Modified: 18/11/2009 0.44
Company: Lavasoft
Parameters: update all silent
Schedule: alle 00:48 ogni mer, sab di ogni settimana, dal 18/11/2009
Next Run Time: 21/11/2009 0.48.00
Status: Has not run
Status: SYSTEM
Comments: In tal modo viene eseguito un aggiornamento pianificato con Ad-Aware
Taskname: GoogleUpdateTaskUserS-1-5-21-790525478-764733703-854245398-1004Core
File: C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 12/11/2008 21.28
Modified: 12/11/2008 21.28
Company: Google Inc.
Parameters: /c
Schedule: alle 22:08 ogni giorno, dal 01/11/2009
Next Run Time: 20/11/2009 22.08.00
Status: Ready
Status: Pier Luigi
Comments: Tiene aggiornato il software di Google. Se questa attività viene disabilitata o interrotta, il software di Google non verrà mantenuto aggiornato. Ciò non permetterà di risolvere eventuali problemi dovuti a vulnerabilità della protezione e alcune funzionalità potrebbero non essere eseguite corretamente. Questa attività viene disinstallata automaticamente quando non viene utilizzata da alcun software di Google.
Taskname: GoogleUpdateTaskUserS-1-5-21-790525478-764733703-854245398-1004UA
File: C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 12/11/2008 21.28
Modified: 12/11/2008 21.28
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: Ogni 1 ora/e dalle 22:08 per 24 ora/e ogni giorno, dal 01/11/2009
Next Run Time: 20/11/2009 20.08.00
Status: Ready
Status: Pier Luigi
Comments: Tiene aggiornato il software di Google. Se questa attività viene disabilitata o interrotta, il software di Google non verrà mantenuto aggiornato. Ciò non permetterà di risolvere eventuali problemi dovuti a vulnerabilità della protezione e alcune funzionalità potrebbero non essere eseguite corretamente. Questa attività viene disinstallata automaticamente quando non viene utilizzata da alcun software di Google.
************************************************************
19.57.20: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
19.57.20: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.DIVX
File: DivX.dll
C:\WINDOWS\system32\DivX.dll
685056 bytes
Created: 01/05/2009 22.02
Modified: 01/05/2009 22.02
Company: DivX, Inc.
Value: vidc.yv12
File: DivX.dll
C:\WINDOWS\system32\DivX.dll - file already scanned
************************************************************
19.57.21: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
Winlogon registry rootkit checks completed
Heuristic checks for hidden files/drivers completed
Layered Service Provider entries checks completed
Windows Explorer Policies checks completed
Desktop Wallpaper: C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 31/12/2007 14.10
Modified: 30/09/2008 21.09
Company: [no info]
Web Desktop Wallpaper: %USERPROFILE%\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 31/12/2007 14.10
Modified: 30/09/2008 21.09
Company: [no info]
Checks for rogue DNS NameServers completed
Additional checks completed
************************************************************
19.57.23: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\winlogon.exe
510464 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\services.exe
111104 bytes
Created: 08/04/2003 20.00
Modified: 09/02/2009 12.22
Company: Microsoft Corporation
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\svchost.exe - file already scanned
C:\WINDOWS\System32\svchost.exe - file already scanned
C:\WINDOWS\system32\svchost.exe - file already scanned
C:\WINDOWS\System32\svchost.exe - file already scanned
C:\WINDOWS\system32\svchost.exe - file already scanned
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\netdde.exe
113152 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\System32\svchost.exe - file already scanned
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE - file already scanned
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
132096 bytes
Created: 29/07/2008 18.16
Modified: 29/07/2008 18.16
Company: Microsoft Corporation
C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe - file already scanned
C:\WINDOWS\system32\wuauclt.exe
53472 bytes
Created: 30/12/2007 16.30
Modified: 06/08/2009 19.24
Company: Microsoft Corporation
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.13
Company: Microsoft Corporation
C:\WINDOWS\System32\svchost.exe - file already scanned
C:\WINDOWS\Explorer.EXE - file already scanned
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe - file already scanned
C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\VirusKeeper.exe - file already scanned
C:\Programmi\Trojan Remover\Trjscan.exe - file already scanned
C:\Documents and Settings\Pier Luigi\Dati applicazioni\Simply Super Software\Trojan Remover\aqk3.exe
FileSize: 3101560
[This is a Trojan Remover component]
************************************************************
19.57.27: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.google.it/HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 19.57.28 20 nov 2009
Total Scan time: 00.00.31
************************************************************
***** THE SYSTEM HAS BEEN RESTARTED *****
20/11/2009 19.55.05: Trojan Remover has been restarted
=======================================================
Removing the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\GoogleUpdate.exe - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoogleUpdate.exe - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\GoogleUpdaterService.exe - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoogleUpdaterService.exe - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\utm1nzm4.sys - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\utm1nzm4.sys - already removed (or did not exist)
HKCR\*\shellex\ContextMenuHandlers\MSSE - already removed (or did not exist)
HKCR\CLSID\{0365FE2C-F183-4091-AC82-BFC39FB75C49} - already removed (or did not exist)
=======================================================
=======================================================
Deleting the following registry value(s):
HKLM\SYSTEM\CurrentControlSet\Services\gupdate1c98b0686fb44c0\[ImagePath] - already deleted
HKLM\SYSTEM\CurrentControlSet\Services\gusvc\[ImagePath] - already deleted
HKLM\SYSTEM\CurrentControlSet\Services\utm1nzm4\[ImagePath] - already deleted
=======================================================
20/11/2009 19.55.05: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2591. For information, email
support@simplysup.com[Unregistered version]
Scan started at: 19.50.01 20 nov 2009
Using Database v7425
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Pier Luigi\Dati applicazioni\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Dati applicazioni\Simply Super Software\Trojan Remover\Data\
Logfile directory: d:\\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Programmi\Trojan Remover\
Running with Administrator privileges
[Alerts will be shown on Malware files AND files not found]
************************************************************
************************************************************
19.50.01: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
19.50.02: Scanning -----WINDOWS REGISTRY-----
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1036288 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
This key's "System" value appears to be blank
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SynTPLpr
Value Data: C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
98304 bytes
Created: 30/12/2007 16.45
Modified: 27/05/2004 1.15
Company: Synaptics, Inc.
Value Name: SynTPEnh
Value Data: C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
1015808 bytes
Created: 30/12/2007 16.45
Modified: 15/09/2007 2.27
Company: Synaptics, Inc.
Value Name: SynTPStart
Value Data: C:\Programmi\Synaptics\SynTP\SynTPStart.exe
C:\Programmi\Synaptics\SynTP\SynTPStart.exe
102400 bytes
Created: 15/09/2007 2.29
Modified: 15/09/2007 2.29
Company: Synaptics, Inc.
Value Name: VirusKeeper
Value Data: C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\VirusKeeper.exe
C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\VirusKeeper.exe
3748728 bytes
Created: 01/07/2009 12.29
Modified: 01/07/2009 12.29
Company: AxBx
Value Name: MSConfig
Value Data: C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE
172032 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Value Name: TrojanScanner
Value Data: C:\Programmi\Trojan Remover\Trjscan.exe /boot
C:\Programmi\Trojan Remover\Trjscan.exe
1070984 bytes
Created: 20/11/2009 19.46
Modified: 17/10/2009 20.35
Company: Simply Super Software
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
19.50.03: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
ValueName: {56F9679E-7826-4C84-81F3-532071A8BCC5}
File: C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll
304128 bytes
Created: 26/05/2008 21.19
Modified: 24/05/2009 21.41
Company: Microsoft Corporation
************************************************************
19.50.03: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
No Hidden File-loading Registry Entries found
************************************************************
19.50.04: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
19.50.04: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
C:\Programmi\Outlook Express\setup50.exe
73728 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Key: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
C:\Programmi\Outlook Express\setup50.exe
73728 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
************************************************************
19.50.04: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
Key: srservice
Path: %SystemRoot%\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
171520 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.13
Company: Microsoft Corporation
************************************************************
19.50.04: Scanning ----- SERVICES REGISTRY KEYS -----
Key: Adobe LM Service
ImagePath: "C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe"
C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
72704 bytes
Created: 31/12/2007 13.12
Modified: 31/12/2007 13.12
Company: Adobe Systems
Key: CAMCAUD
ImagePath: system32\drivers\camcaud.sys
C:\WINDOWS\system32\drivers\camcaud.sys
293120 bytes
Created: 30/12/2007 16.44
Modified: 23/11/2004 14.57
Company: Conexant Systems Inc.
Key: CAMCHALA
ImagePath: system32\drivers\camchal.sys
C:\WINDOWS\system32\drivers\camchal.sys
280192 bytes
Created: 30/12/2007 16.44
Modified: 23/11/2004 14.57
Company: Conexant Systems Inc.
Key: catchme
ImagePath: \??\C:\DOCUME~1\PIERLU~1\IMPOST~1\Temp\catchme.sys - this file is globally excluded
Key: eabfiltr
ImagePath: \??\C:\WINDOWS\System32\drivers\EABFiltr.sys
C:\WINDOWS\System32\drivers\EABFiltr.sys
-R- 7080 bytes
Created: 30/12/2007 16.56
Modified: 18/08/2003 21.57
Company: Hewlett-Packard Company
Key: eabusb
ImagePath: \??\C:\WINDOWS\system32\drivers\eabusb.sys
C:\WINDOWS\system32\drivers\eabusb.sys
-R- 5220 bytes
Created: 30/12/2007 16.56
Modified: 06/06/2003 20.46
Company: Hewlett-Packard Company
Key: gupdate1c98b0686fb44c0
ImagePath: "C:\Programmi\Google\Update\GoogleUpdate.exe" /svc
C:\Programmi\Google\Update\GoogleUpdate.exe - this registry value has been removed [file not found to scan]
Key: gusvc
ImagePath: "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe - this registry value has been removed [file not found to scan]
Key: hpqwmi
ImagePath: C:\Programmi\HPQ\SHARED\HPQWMI.exe
C:\Programmi\HPQ\SHARED\HPQWMI.exe
94208 bytes
Created: 30/12/2007 16.56
Modified: 02/05/2004 22.38
Company: Hewlett Packard Company
Key: HSFHWICH
ImagePath: System32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys
207232 bytes
Created: 30/12/2007 16.44
Modified: 15/12/2004 15.18
Company: Conexant Systems, Inc.
Key: HWiNFO32
ImagePath: \??\C:\Programmi\HWiNFO32\HWiNFO32.SYS
C:\Programmi\HWiNFO32\HWiNFO32.SYS
8192 bytes
Created: 31/12/2007 12.33
Modified: 14/09/2007 13.15
Company: REALiX(tm)
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Key: is-IJ3KPdrv
ImagePath: system32\DRIVERS\36779824.sys
C:\WINDOWS\system32\DRIVERS\36779824.sys
148496 bytes
Created: 18/11/2009 23.33
Modified: 08/07/2008 13.54
Company: Kaspersky Lab
Key: Lavasoft Ad-Aware Service
ImagePath: "C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe"
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
1179232 bytes
Created: 24/09/2009 12.17
Modified: 18/11/2009 0.43
Company: Lavasoft
Key: massfilter
ImagePath: system32\DRIVERS\massfilter.sys
C:\WINDOWS\system32\DRIVERS\massfilter.sys
-R- 7680 bytes
Created: 07/08/2009 16.10
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: MBAMSwissArmy
ImagePath: \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
38224 bytes
Created: 10/11/2009 20.19
Modified: 10/09/2009 14.54
Company: Malwarebytes Corporation
Key: MDM
ImagePath: "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 19/06/2003 23.25
Modified: 19/06/2003 23.25
Company: Microsoft Corporation
Key: MpFilter
ImagePath: system32\DRIVERS\MpFilter.sys
C:\WINDOWS\system32\DRIVERS\MpFilter.sys
142832 bytes
Created: 18/06/2009 17.48
Modified: 18/06/2009 17.48
Company: Microsoft Corporation
Key: ose
ImagePath: "C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE"
C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
89136 bytes
Created: 28/07/2003 20.28
Modified: 28/07/2003 20.28
Company: Microsoft Corporation
Key: RTL8023
ImagePath: System32\DRIVERS\Rtlnic51.sys
C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys
69504 bytes
Created: 30/12/2007 16.45
Modified: 27/04/2004 23.03
Company: Realtek Semiconductor Corporation
Key: SASDIFSV
ImagePath: \??\C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS
C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS
9968 bytes
Created: 11/11/2009 10.44
Modified: 11/11/2009 10.44
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
Key: SASENUM
ImagePath: \??\C:\Programmi\SUPERAntiSpyware\SASENUM.SYS
C:\Programmi\SUPERAntiSpyware\SASENUM.SYS
-R- 7408 bytes
Created: 11/11/2009 10.44
Modified: 11/11/2009 10.44
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
Key: SASKUTIL
ImagePath: \??\C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys
C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys
74480 bytes
Created: 11/11/2009 10.44
Modified: 11/11/2009 10.44
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
Key: sr
ImagePath: \SystemRoot\System32\DRIVERS\sr.sys
C:\WINDOWS\System32\DRIVERS\sr.sys
73472 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 2.56
Company: Microsoft Corporation
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{7C263597-21F4-4350-A466-AEAFA975CB9B}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Key: SynTP
ImagePath: System32\DRIVERS\SynTP.sys
C:\WINDOWS\System32\DRIVERS\SynTP.sys
213696 bytes
Created: 30/12/2007 16.45
Modified: 15/09/2007 2.09
Company: Synaptics, Inc.
Key: utm1nzm4
ImagePath: \??\C:\WINDOWS\system32\Drivers\utm1nzm4.sys
C:\WINDOWS\system32\Drivers\utm1nzm4.sys - this registry value has been removed [file not found to scan]
Key: vkservice
ImagePath: C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe
C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe
1119584 bytes
Created: 26/09/2008 10.10
Modified: 26/09/2008 10.10
Company: AxBx
Key: w29n51
ImagePath: system32\DRIVERS\w29n51.sys
C:\WINDOWS\system32\DRIVERS\w29n51.sys
2210048 bytes
Created: 30/06/2006 2.49
Modified: 26/07/2007 0.44
Company: Intel® Corporation
Key: WMPNetworkSvc
ImagePath: "C:\Programmi\Windows Media Player\WMPNetwk.exe"
C:\Programmi\Windows Media Player\WMPNetwk.exe
918528 bytes
Created: 02/11/2006 22.56
Modified: 02/11/2006 22.56
Company: Microsoft Corporation
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created: 18/10/2006 20.00
Modified: 18/10/2006 20.00
Company: Microsoft Corporation
Key: ZTEusbmdm6k
ImagePath: system32\DRIVERS\ZTEusbmdm6k.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
-R- 104960 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: ZTEusbnet
ImagePath: system32\DRIVERS\ZTEusbnet.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
-R- 110080 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Corporation
Key: ZTEusbnmea
ImagePath: system32\DRIVERS\ZTEusbnmea.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
-R- 105344 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: ZTEusbser6k
ImagePath: system32\DRIVERS\ZTEusbser6k.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
-R- 104960 bytes
Created: 07/08/2009 16.10
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: ZTEusbvoice
ImagePath: system32\DRIVERS\ZTEusbvoice.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
-R- 104960 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}
ImagePath: system32\drivers\wA301a.sys
C:\WINDOWS\system32\drivers\wA301a.sys
33847 bytes
Created: 30/12/2007 16.46
Modified: 07/11/2003 11.45
Company: Intel Corporation
************************************************************
19.51.51: Scanning -----VXD ENTRIES-----
************************************************************
19.51.51: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : !SASWinLogon
DLLName: C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
548352 bytes
Created: 03/09/2009 14.21
Modified: 03/09/2009 14.21
Company: SUPERAntiSpyware.com
************************************************************
19.51.51: Scanning ----- CONTEXTMENUHANDLERS -----
Key: LavasoftShellExt
CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
Path: C:\Programmi\Lavasoft\Ad-Aware\ShellExt.dll
C:\Programmi\Lavasoft\Ad-Aware\ShellExt.dll
163728 bytes
Created: 23/09/2009 14.19
Modified: 18/11/2009 0.47
Company:
Key: MSSE
CLSID: {0365FE2C-F183-4091-AC82-BFC39FB75C49}
Path: c:\PROGRA~1\MID86E~1\shellext.dll
{0365FE2C-F183-4091-AC82-BFC39FB75C49} - this value has been removed [file not found to scan]
The calling CLSID key has been removed
Key: ShellExtension
CLSID: [empty]
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL
C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 27/02/2007 11.39
Modified: 27/02/2007 11.39
Company: SUPERAntiSpyware.com
************************************************************
19.52.02: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
378200 bytes
Created: 27/02/2009 12.16
Modified: 27/02/2009 12.16
Company: Adobe Systems, Inc.
************************************************************
19.52.02: Scanning ----- BROWSER HELPER OBJECTS -----
************************************************************
19.52.02: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.13
Company: Microsoft Corporation
************************************************************
19.52.03: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
19.52.03: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
19.52.03: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS value found to check
************************************************************
19.52.03: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
19.52.03: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
-HS- 84 bytes
Created: 30/12/2007 16.24
Modified: 30/12/2007 16.34
Company: [no info]
************************************************************
No User Startup Groups were located to check
************************************************************
19.52.03: Scanning ----- SCHEDULED TASKS -----
Taskname: Ad-Aware Update (Weekly)
File: C:\Programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
822904 bytes
Created: 01/10/2009 14.06
Modified: 18/11/2009 0.44
Company: Lavasoft
Parameters: update all silent
Schedule: alle 00:48 ogni mer, sab di ogni settimana, dal 18/11/2009
Next Run Time: 21/11/2009 0.48.00
Status: Has not run
Status: SYSTEM
Comments: In tal modo viene eseguito un aggiornamento pianificato con Ad-Aware
Taskname: GoogleUpdateTaskUserS-1-5-21-790525478-764733703-854245398-1004Core
File: C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 12/11/2008 21.28
Modified: 12/11/2008 21.28
Company: Google Inc.
Parameters: /c
Schedule: alle 22:08 ogni giorno, dal 01/11/2009
Next Run Time: 20/11/2009 22.08.00
Status: Ready
Status: Pier Luigi
Comments: Tiene aggiornato il software di Google. Se questa attività viene disabilitata o interrotta, il software di Google non verrà mantenuto aggiornato. Ciò non permetterà di risolvere eventuali problemi dovuti a vulnerabilità della protezione e alcune funzionalità potrebbero non essere eseguite corretamente. Questa attività viene disinstallata automaticamente quando non viene utilizzata da alcun software di Google.
Taskname: GoogleUpdateTaskUserS-1-5-21-790525478-764733703-854245398-1004UA
File: C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 12/11/2008 21.28
Modified: 12/11/2008 21.28
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: Ogni 1 ora/e dalle 22:08 per 24 ora/e ogni giorno, dal 01/11/2009
Next Run Time: 20/11/2009 20.08.00
Status: Ready
Status: Pier Luigi
Comments: Tiene aggiornato il software di Google. Se questa attività viene disabilitata o interrotta, il software di Google non verrà mantenuto aggiornato. Ciò non permetterà di risolvere eventuali problemi dovuti a vulnerabilità della protezione e alcune funzionalità potrebbero non essere eseguite corretamente. Questa attività viene disinstallata automaticamente quando non viene utilizzata da alcun software di Google.
************************************************************
19.52.04: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
19.52.04: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.DIVX
File: DivX.dll
C:\WINDOWS\system32\DivX.dll
685056 bytes
Created: 01/05/2009 22.02
Modified: 01/05/2009 22.02
Company: DivX, Inc.
Value: vidc.yv12
File: DivX.dll
C:\WINDOWS\system32\DivX.dll - file already scanned
************************************************************
19.52.04: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
Winlogon registry rootkit checks completed
Heuristic checks for hidden files/drivers completed
Layered Service Provider entries checks completed
Windows Explorer Policies checks completed
Desktop Wallpaper: C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 31/12/2007 14.10
Modified: 30/09/2008 21.09
Company: [no info]
Web Desktop Wallpaper: %USERPROFILE%\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 31/12/2007 14.10
Modified: 30/09/2008 21.09
Company: [no info]
Checks for rogue DNS NameServers completed
Additional checks completed
************************************************************
19.52.05: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\winlogon.exe
510464 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\services.exe
111104 bytes
Created: 08/04/2003 20.00
Modified: 09/02/2009 12.22
Company: Microsoft Corporation
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\svchost.exe - file already scanned
C:\WINDOWS\System32\svchost.exe - file already scanned
C:\WINDOWS\system32\svchost.exe - file already scanned
C:\WINDOWS\System32\svchost.exe - file already scanned
C:\WINDOWS\system32\svchost.exe - file already scanned
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\netdde.exe
113152 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\System32\svchost.exe - file already scanned
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE - file already scanned
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
132096 bytes
Created: 29/07/2008 18.16
Modified: 29/07/2008 18.16
Company: Microsoft Corporation
C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe - file already scanned
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.13
Company: Microsoft Corporation
C:\WINDOWS\System32\wbem\unsecapp.exe
16896 bytes
Created: 30/12/2007 16.30
Modified: 08/04/2003 20.00
Company: Microsoft Corporation
C:\WINDOWS\system32\wbem\wmiprvse.exe
227840 bytes
Created: 30/12/2007 16.30
Modified: 06/02/2009 11.10
Company: Microsoft Corporation
C:\WINDOWS\System32\svchost.exe - file already scanned
C:\WINDOWS\Explorer.EXE - file already scanned
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe - file already scanned
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\Programmi\Mozilla Firefox 3.6 Beta 1\firefox.exe
910808 bytes
Created: 01/11/2009 21.27
Modified: 18/11/2009 22.01
Company: Mozilla Corporation
C:\Documents and Settings\Pier Luigi\Dati applicazioni\Simply Super Software\Trojan Remover\dxc2.exe
FileSize: 3101560
[This is a Trojan Remover component]
************************************************************
19.52.11: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.google.it/HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 19.52.12 20 nov 2009
Total Scan time: 00.02.10
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
20/11/2009 19.52.43: restart commenced
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2591. For information, email
support@simplysup.com[Unregistered version]
Scan started at: 19.48.43 20 nov 2009
Using Database v7425
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Pier Luigi\Dati applicazioni\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Dati applicazioni\Simply Super Software\Trojan Remover\Data\
Logfile directory: d:\\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Programmi\Trojan Remover\
Running with Administrator privileges
************************************************************
************************************************************
19.48.43: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
19.48.45: Scanning -----WINDOWS REGISTRY-----
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1036288 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
This key's "System" value appears to be blank
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SynTPLpr
Value Data: C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
98304 bytes
Created: 30/12/2007 16.45
Modified: 27/05/2004 1.15
Company: Synaptics, Inc.
Value Name: SynTPEnh
Value Data: C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
1015808 bytes
Created: 30/12/2007 16.45
Modified: 15/09/2007 2.27
Company: Synaptics, Inc.
Value Name: SynTPStart
Value Data: C:\Programmi\Synaptics\SynTP\SynTPStart.exe
C:\Programmi\Synaptics\SynTP\SynTPStart.exe
102400 bytes
Created: 15/09/2007 2.29
Modified: 15/09/2007 2.29
Company: Synaptics, Inc.
Value Name: VirusKeeper
Value Data: C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\VirusKeeper.exe
C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\VirusKeeper.exe
3748728 bytes
Created: 01/07/2009 12.29
Modified: 01/07/2009 12.29
Company: AxBx
Value Name: MSConfig
Value Data: C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE
172032 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Value Name: TrojanScanner
Value Data: C:\Programmi\Trojan Remover\Trjscan.exe /boot
C:\Programmi\Trojan Remover\Trjscan.exe
1070984 bytes
Created: 20/11/2009 19.46
Modified: 17/10/2009 20.35
Company: Simply Super Software
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
19.48.47: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
ValueName: {56F9679E-7826-4C84-81F3-532071A8BCC5}
File: C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll
304128 bytes
Created: 26/05/2008 21.19
Modified: 24/05/2009 21.41
Company: Microsoft Corporation
************************************************************
19.48.48: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
No Hidden File-loading Registry Entries found
************************************************************
19.48.49: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
19.48.49: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
C:\Programmi\Outlook Express\setup50.exe
73728 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Key: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
C:\Programmi\Outlook Express\setup50.exe
73728 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
************************************************************
19.48.50: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
Key: srservice
Path: %SystemRoot%\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
171520 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 3.13
Company: Microsoft Corporation
************************************************************
19.48.53: Scanning ----- SERVICES REGISTRY KEYS -----
Key: Adobe LM Service
ImagePath: "C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe"
C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
72704 bytes
Created: 31/12/2007 13.12
Modified: 31/12/2007 13.12
Company: Adobe Systems
Key: CAMCAUD
ImagePath: system32\drivers\camcaud.sys
C:\WINDOWS\system32\drivers\camcaud.sys
293120 bytes
Created: 30/12/2007 16.44
Modified: 23/11/2004 14.57
Company: Conexant Systems Inc.
Key: CAMCHALA
ImagePath: system32\drivers\camchal.sys
C:\WINDOWS\system32\drivers\camchal.sys
280192 bytes
Created: 30/12/2007 16.44
Modified: 23/11/2004 14.57
Company: Conexant Systems Inc.
Key: catchme
ImagePath: \??\C:\DOCUME~1\PIERLU~1\IMPOST~1\Temp\catchme.sys - this file is globally excluded
Key: eabfiltr
ImagePath: \??\C:\WINDOWS\System32\drivers\EABFiltr.sys
C:\WINDOWS\System32\drivers\EABFiltr.sys
-R- 7080 bytes
Created: 30/12/2007 16.56
Modified: 18/08/2003 21.57
Company: Hewlett-Packard Company
Key: eabusb
ImagePath: \??\C:\WINDOWS\system32\drivers\eabusb.sys
C:\WINDOWS\system32\drivers\eabusb.sys
-R- 5220 bytes
Created: 30/12/2007 16.56
Modified: 06/06/2003 20.46
Company: Hewlett-Packard Company
Key: gupdate1c98b0686fb44c0
ImagePath: "C:\Programmi\Google\Update\GoogleUpdate.exe" /svc
C:\Programmi\Google\Update\GoogleUpdate.exe - [file not found to scan]
Key: gusvc
ImagePath: "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe - [file not found to scan]
Key: hpqwmi
ImagePath: C:\Programmi\HPQ\SHARED\HPQWMI.exe
C:\Programmi\HPQ\SHARED\HPQWMI.exe
94208 bytes
Created: 30/12/2007 16.56
Modified: 02/05/2004 22.38
Company: Hewlett Packard Company
Key: HSFHWICH
ImagePath: System32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys
207232 bytes
Created: 30/12/2007 16.44
Modified: 15/12/2004 15.18
Company: Conexant Systems, Inc.
Key: HWiNFO32
ImagePath: \??\C:\Programmi\HWiNFO32\HWiNFO32.SYS
C:\Programmi\HWiNFO32\HWiNFO32.SYS
8192 bytes
Created: 31/12/2007 12.33
Modified: 14/09/2007 13.15
Company: REALiX(tm)
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Key: is-IJ3KPdrv
ImagePath: system32\DRIVERS\36779824.sys
C:\WINDOWS\system32\DRIVERS\36779824.sys
148496 bytes
Created: 18/11/2009 23.33
Modified: 08/07/2008 13.54
Company: Kaspersky Lab
Key: Lavasoft Ad-Aware Service
ImagePath: "C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe"
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
1179232 bytes
Created: 24/09/2009 12.17
Modified: 18/11/2009 0.43
Company: Lavasoft
Key: massfilter
ImagePath: system32\DRIVERS\massfilter.sys
C:\WINDOWS\system32\DRIVERS\massfilter.sys
-R- 7680 bytes
Created: 07/08/2009 16.10
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: MBAMSwissArmy
ImagePath: \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
38224 bytes
Created: 10/11/2009 20.19
Modified: 10/09/2009 14.54
Company: Malwarebytes Corporation
Key: MDM
ImagePath: "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 19/06/2003 23.25
Modified: 19/06/2003 23.25
Company: Microsoft Corporation
Key: MpFilter
ImagePath: system32\DRIVERS\MpFilter.sys
C:\WINDOWS\system32\DRIVERS\MpFilter.sys
142832 bytes
Created: 18/06/2009 17.48
Modified: 18/06/2009 17.48
Company: Microsoft Corporation
Key: ose
ImagePath: "C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE"
C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
89136 bytes
Created: 28/07/2003 20.28
Modified: 28/07/2003 20.28
Company: Microsoft Corporation
Key: RTL8023
ImagePath: System32\DRIVERS\Rtlnic51.sys
C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys
69504 bytes
Created: 30/12/2007 16.45
Modified: 27/04/2004 23.03
Company: Realtek Semiconductor Corporation
Key: SASDIFSV
ImagePath: \??\C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS
C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS
9968 bytes
Created: 11/11/2009 10.44
Modified: 11/11/2009 10.44
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
Key: SASENUM
ImagePath: \??\C:\Programmi\SUPERAntiSpyware\SASENUM.SYS
C:\Programmi\SUPERAntiSpyware\SASENUM.SYS
-R- 7408 bytes
Created: 11/11/2009 10.44
Modified: 11/11/2009 10.44
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
Key: SASKUTIL
ImagePath: \??\C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys
C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys
74480 bytes
Created: 11/11/2009 10.44
Modified: 11/11/2009 10.44
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
Key: sr
ImagePath: \SystemRoot\System32\DRIVERS\sr.sys
C:\WINDOWS\System32\DRIVERS\sr.sys
73472 bytes
Created: 30/12/2007 16.32
Modified: 14/04/2008 2.56
Company: Microsoft Corporation
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{7C263597-21F4-4350-A466-AEAFA975CB9B}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
Key: SynTP
ImagePath: System32\DRIVERS\SynTP.sys
C:\WINDOWS\System32\DRIVERS\SynTP.sys
213696 bytes
Created: 30/12/2007 16.45
Modified: 15/09/2007 2.09
Company: Synaptics, Inc.
Key: utm1nzm4
ImagePath: \??\C:\WINDOWS\system32\Drivers\utm1nzm4.sys
C:\WINDOWS\system32\Drivers\utm1nzm4.sys - [file not found to scan]
Key: vkservice
ImagePath: C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe
C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe
1119584 bytes
Created: 26/09/2008 10.10
Modified: 26/09/2008 10.10
Company: AxBx
Key: w29n51
ImagePath: system32\DRIVERS\w29n51.sys
C:\WINDOWS\system32\DRIVERS\w29n51.sys
2210048 bytes
Created: 30/06/2006 2.49
Modified: 26/07/2007 0.44
Company: Intel® Corporation
Key: WMPNetworkSvc
ImagePath: "C:\Programmi\Windows Media Player\WMPNetwk.exe"
C:\Programmi\Windows Media Player\WMPNetwk.exe
918528 bytes
Created: 02/11/2006 22.56
Modified: 02/11/2006 22.56
Company: Microsoft Corporation
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created: 18/10/2006 20.00
Modified: 18/10/2006 20.00
Company: Microsoft Corporation
Key: ZTEusbmdm6k
ImagePath: system32\DRIVERS\ZTEusbmdm6k.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
-R- 104960 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: ZTEusbnet
ImagePath: system32\DRIVERS\ZTEusbnet.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
-R- 110080 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Corporation
Key: ZTEusbnmea
ImagePath: system32\DRIVERS\ZTEusbnmea.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
-R- 105344 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: ZTEusbser6k
ImagePath: system32\DRIVERS\ZTEusbser6k.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
-R- 104960 bytes
Created: 07/08/2009 16.10
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: ZTEusbvoice
ImagePath: system32\DRIVERS\ZTEusbvoice.sys
C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
-R- 104960 bytes
Created: 07/08/2009 16.11
Modified: 08/12/2008 16.21
Company: ZTE Incorporated
Key: {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}
ImagePath: system32\drivers\wA301a.sys
C:\WINDOWS\system32\drivers\wA301a.sys
33847 bytes
Created: 30/12/2007 16.46
Modified: 07/11/2003 11.45
Company: Intel Corporation
************************************************************
19.49.08: Scanning -----VXD ENTRIES-----
************************************************************
19.49.08: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : !SASWinLogon
DLLName: C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
548352 bytes
Created: 03/09/2009 14.21
Modified: 03/09/2009 14.21
Company: SUPERAntiSpyware.com
************************************************************
19.49.09: Scanning ----- CONTEXTMENUHANDLERS -----
Key: LavasoftShellExt
CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
Path: C:\Programmi\Lavasoft\Ad-Aware\ShellExt.dll
C:\Programmi\Lavasoft\Ad-Aware\ShellExt.dll
163728 bytes
Created: 23/09/2009 14.19
Modified: 18/11/2009 0.47
Company:
Key: MSSE
CLSID: {0365FE2C-F183-4091-AC82-BFC39FB75C49}
Path: c:\PROGRA~1\MID86E~1\shellext.dll
c:\PROGRA~1\MID86E~1\shellext.dll - [file not found to scan]
Key: ShellExtension
CLSID: [empty]
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL
C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 27/02/2007 11.39
Modified: 27/02/2007 11.39
Company: SUPERAntiSpyware.com
************************************************************
19.49.09: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
378200 bytes
Created: 27/02/2009 12.16
Modified: 27/02/2009 12.16
Company: Adobe Systems, Inc.
************************************************************
19.49.09: Scanning ----- BROWSER HELPER OBJECTS -----
************************************************************
19.49.09: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.13
Company: Microsoft Corporation
************************************************************
19.49.10: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
19.49.10: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
19.49.10: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS value found to check
************************************************************
19.49.12: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
19.49.12: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
-HS- 84 bytes
Created: 30/12/2007 16.24
Modified: 30/12/2007 16.34
Company: [no info]
************************************************************
No User Startup Groups were located to check
************************************************************
19.49.12: Scanning ----- SCHEDULED TASKS -----
Taskname: Ad-Aware Update (Weekly)
File: C:\Programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
822904 bytes
Created: 01/10/2009 14.06
Modified: 18/11/2009 0.44
Company: Lavasoft
Parameters: update all silent
Schedule: alle 00:48 ogni mer, sab di ogni settimana, dal 18/11/2009
Next Run Time: 21/11/2009 0.48.00
Status: Has not run
Status: SYSTEM
Comments: In tal modo viene eseguito un aggiornamento pianificato con Ad-Aware
Taskname: GoogleUpdateTaskUserS-1-5-21-790525478-764733703-854245398-1004Core
File: C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 12/11/2008 21.28
Modified: 12/11/2008 21.28
Company: Google Inc.
Parameters: /c
Schedule: alle 22:08 ogni giorno, dal 01/11/2009
Next Run Time: 20/11/2009 22.08.00
Status: Ready
Status: Pier Luigi
Comments: Tiene aggiornato il software di Google. Se questa attività viene disabilitata o interrotta, il software di Google non verrà mantenuto aggiornato. Ciò non permetterà di risolvere eventuali problemi dovuti a vulnerabilità della protezione e alcune funzionalità potrebbero non essere eseguite corretamente. Questa attività viene disinstallata automaticamente quando non viene utilizzata da alcun software di Google.
Taskname: GoogleUpdateTaskUserS-1-5-21-790525478-764733703-854245398-1004UA
File: C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 12/11/2008 21.28
Modified: 12/11/2008 21.28
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: Ogni 1 ora/e dalle 22:08 per 24 ora/e ogni giorno, dal 01/11/2009
Next Run Time: 20/11/2009 20.08.00
Status: Ready
Status: Pier Luigi
Comments: Tiene aggiornato il software di Google. Se questa attività viene disabilitata o interrotta, il software di Google non verrà mantenuto aggiornato. Ciò non permetterà di risolvere eventuali problemi dovuti a vulnerabilità della protezione e alcune funzionalità potrebbero non essere eseguite corretamente. Questa attività viene disinstallata automaticamente quando non viene utilizzata da alcun software di Google.
************************************************************
19.49.13: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
19.49.13: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.DIVX
File: DivX.dll
C:\WINDOWS\system32\DivX.dll
685056 bytes
Created: 01/05/2009 22.02
Modified: 01/05/2009 22.02
Company: DivX, Inc.
Value: vidc.yv12
File: DivX.dll
C:\WINDOWS\system32\DivX.dll - file already scanned
************************************************************
19.49.14: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
Winlogon registry rootkit checks completed
Heuristic checks for hidden files/drivers completed
Layered Service Provider entries checks completed
Windows Explorer Policies checks completed
Desktop Wallpaper: C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 31/12/2007 14.10
Modified: 30/09/2008 21.09
Company: [no info]
Web Desktop Wallpaper: %USERPROFILE%\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Pier Luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 31/12/2007 14.10
Modified: 30/09/2008 21.09
Company: [no info]
Checks for rogue DNS NameServers completed
Additional checks completed
************************************************************
19.49.16: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\winlogon.exe
510464 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\services.exe
111104 bytes
Created: 08/04/2003 20.00
Modified: 09/02/2009 12.22
Company: Microsoft Corporation
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\svchost.exe - file already scanned
C:\WINDOWS\System32\svchost.exe - file already scanned
C:\WINDOWS\system32\svchost.exe - file already scanned
C:\WINDOWS\System32\svchost.exe - file already scanned
C:\WINDOWS\system32\svchost.exe - file already scanned
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\system32\netdde.exe
113152 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\WINDOWS\System32\svchost.exe - file already scanned
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE - file already scanned
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
132096 bytes
Created: 29/07/2008 18.16
Modified: 29/07/2008 18.16
Company: Microsoft Corporation
C:\Programmi\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe - file already scanned
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.13
Company: Microsoft Corporation
C:\WINDOWS\System32\wbem\unsecapp.exe
16896 bytes
Created: 30/12/2007 16.30
Modified: 08/04/2003 20.00
Company: Microsoft Corporation
C:\WINDOWS\system32\wbem\wmiprvse.exe
227840 bytes
Created: 30/12/2007 16.30
Modified: 06/02/2009 11.10
Company: Microsoft Corporation
C:\WINDOWS\System32\svchost.exe - file already scanned
C:\WINDOWS\Explorer.EXE - file already scanned
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe - file already scanned
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 08/04/2003 20.00
Modified: 14/04/2008 3.14
Company: Microsoft Corporation
C:\Programmi\Mozilla Firefox 3.6 Beta 1\firefox.exe
910808 bytes
Created: 01/11/2009 21.27
Modified: 18/11/2009 22.01
Company: Mozilla Corporation
C:\Documents and Settings\Pier Luigi\Dati applicazioni\Simply Super Software\Trojan Remover\dxc2.exe
FileSize: 3101560
[This is a Trojan Remover component]
************************************************************
19.49.22: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.google.it/HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 19.49.23 20 nov 2009
Total Scan time: 00.00.39
************************************************************
