Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32/olmarik


  • This topic is locked This topic is locked
12 replies to this topic

#1 shivase

shivase

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 28 September 2009 - 09:28 AM

Hi!

first of all, thank you for your help!

I realized I was infected by olmarik and Garmanma helped me to clean my laptop and lately suggested me to download and run DD and post the result here.

you can see what i've done before on this topic http://www.bleepingcomputer.com/forums/t/259665/win32olmarik/

I'll give you few mre informations that might be useful or maybe completely useless..I don't know...

The fake alert I used to see on the toolbar doesn't appear anymore, but everytime i run windows i see another error message.
I'll post it lately because i don't remember it exactly


On my laptop I have nod antivirus and ad-aware.

that's all i think...

so

DDS log

DDS (Ver_09-09-24.01) - NTFSx86
Run by Utente at 16.11.02,98 on 28/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1979.1285 [GMT 2:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\PLFSetI.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\PLFSetL.exe
C:\Programmi\Acer Bio Protection\PdtWzd.exe
C:\Programmi\Launch Manager\LManager.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\TEMP\mpetpyecti.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\TK8 StickyNotes\TK8StickyNotes.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Launch Manager\dsiwmis.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Programmi\Acer Bio Protection\BASVC.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Programmi\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Utente\Documenti\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=0&o=xpp&d=0809&m=travelmate_8371
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [ProductReg] c:\programmi\acer\wr_popup\ProductReg.exe
uRun: [Google Update] "c:\documents and settings\utente\impostazioni locali\dati applicazioni\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\programmi\daemon tools lite\daemon.exe" -autorun
uRun: [TK8 StickyNotes] "c:\programmi\tk8 stickynotes\TK8StickyNotes.exe"
uRun: [autochk] rundll32.exe c:\docume~1\networ~1\protect.dll,_IWMPEvents@0
mRun: [IAAnotif] c:\programmi\intel\intel matrix storage manager\iaanotif.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\programmi\realtek\audio\drivers\AzMixerSel.exe
mRun: [BackupManagerTray] "c:\programmi\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [SynTPEnh] c:\programmi\synaptics\syntp\SynTPEnh.exe
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [VitaKeyPdtWzd] "c:\programmi\acer bio protection\PdtWzd.exe"
mRun: [LManager] c:\programmi\launch manager\LManager.exe
mRun: [NotificationCenterLauncher] c:\programmi\acer\acer erecovery management\NotificationLauncher.exe
mRun: [egui] "c:\programmi\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\programmi\java\jre6\bin\jusched.exe"
mRun: [Acrobat Assistant 8.0] "c:\programmi\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: []
mRun: [HP Software Update] c:\programmi\hp\hp software update\HPWuSchd2.exe
mRun: [Microsoft .NET Framework 3.5] c:\windows\temp\mpetpyecti.exe
mRun: [GrooveMonitor] "c:\programmi\microsoft office\office12\GrooveMonitor.exe"
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@0
mRun: [Ad-Watch] c:\programmi\lavasoft\ad-aware\AAWTray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\programmi\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [autochk] rundll32.exe c:\docume~1\locals~1\protect.dll,_IWMPEvents@0
StartupFolder: c:\docume~1\utente\menuav~1\progra~1\esecuz~1\Alice.lnk -
StartupFolder: c:\documents and settings\utente\menu avvio\programmi\esecuzione automatica\ChkDisk.dll
StartupFolder: c:\docume~1\utente\menuav~1\progra~1\esecuz~1\chkdisk.lnk - c:\windows\system32\rundll32.exe
IE: Append to existing PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Invia a Bluetooth - c:\programmi\widcomm\bluetooth software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\programmi\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\programmi\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programmi\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\programmi\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\programmi\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251459916703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fileco~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\programmi\superantispyware\SASWINLO.dll
Notify: AWinNotifyVitaKey MC3000 - c:\programmi\acer bio protection\WinNotify.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: cru629.dat
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programmi\superantispyware\SASSEH.DLL
LSA: Notification Packages = c:\programmi\acer bio protection\PwdFilter

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-21 64160]
R1 DPMemGridVista;Physical Memory I/O for GridVista;c:\programmi\gridvista\DPMemGridVista.sys [2009-6-10 10504]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 93336]
R1 SASDIFSV;SASDIFSV;c:\programmi\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 DsiWMIService;Dritek WMI Service;c:\programmi\launch manager\dsiwmis.exe [2009-6-10 117256]
R2 ekrn;ESET Service;c:\programmi\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\drivers\FPSensor.sys [2009-8-25 27184]
R2 IGBASVC;EgisTec Service;c:\programmi\acer bio protection\BASVC.exe [2009-5-13 3445248]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\programmi\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-4-11 61184]
R2 RS_Service;Raw Socket Service;c:\programmi\acer\acer vcm\RS_Service.exe [2009-6-9 237568]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-8-29 603904]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-8-25 110080]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-6-9 1684736]
S3 qcusbserAcr2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9215);c:\windows\system32\drivers\qcusbserAcr2k.sys [2009-6-10 104448]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-6-9 165888]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 SASENUM;SASENUM;c:\programmi\superantispyware\SASENUM.SYS [2009-9-15 7408]
S4 mthsrfbxoh;mthsrfbxoh;c:\windows\system32\drivers\xjlhaqmg.sys [2009-9-17 75648]

=============== Created Last 30 ================

2009-09-27 18:38 --d----- c:\programmi\Cobian Backup 9
2009-09-24 12:16 --d----- c:\docume~1\alluse~1\datiap~1\SUPERAntiSpyware.com
2009-09-24 12:15 --d----- c:\programmi\SUPERAntiSpyware
2009-09-24 12:15 --d----- c:\docume~1\utente\datiap~1\SUPERAntiSpyware.com
2009-09-24 12:07 --d----- c:\programmi\file comuni\Wise Installation Wizard
2009-09-24 11:47 4,224 ac------ c:\windows\system32\dllcache\beep.sys
2009-09-24 11:47 4,224 a------- c:\windows\system32\drivers\beep.sys
2009-09-24 11:47 22,016 a--sh--- c:\windows\system32\autochk.dll
2009-09-24 11:26 --d----- c:\docume~1\utente\datiap~1\Malwarebytes
2009-09-24 11:25 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-24 11:25 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-24 11:25 --d----- c:\programmi\Malwarebytes' Anti-Malware
2009-09-24 11:25 --d----- c:\docume~1\alluse~1\datiap~1\Malwarebytes
2009-09-23 00:10 --d----- c:\windows\system32\LogFiles
2009-09-21 11:21 15,688 a------- c:\windows\system32\lsdelete.exe
2009-09-21 10:27 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-09-21 10:19 -cd-h--- c:\docume~1\alluse~1\datiap~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-09-21 10:19 --d----- c:\programmi\Lavasoft
2009-09-21 10:10 --d----- C:\SpySoapBin
2009-09-19 12:09 --d----- c:\programmi\Spybot - Search & Destroy
2009-09-19 12:09 --d----- c:\docume~1\alluse~1\datiap~1\Spybot - Search & Destroy
2009-09-17 18:09 75,648 a------- c:\windows\system32\drivers\xjlhaqmg.sys
2009-09-17 17:53 22,016 -------- c:\documents and settings\utente\protect.dll
2009-09-17 17:33 --d----- c:\programmi\SecureW2
2009-09-13 15:22 --d----- c:\programmi\Microsoft Visual Studio 8
2009-09-13 15:21 --d----- c:\windows\SHELLNEW
2009-09-12 21:14 --d----- C:\spoolerlogs
2009-09-12 20:12 43 a------- c:\windows\system32\gasfkykklgvumq.dat
2009-09-12 20:07 18,944 a------- c:\windows\system32\gasfkyxuwpiexx.dll
2009-09-12 20:07 77,596 a------- c:\windows\system32\gasfkylsbbemcb.dat
2009-09-12 20:07 42,496 a------- c:\windows\system32\gasfkymttijyme.dll
2009-09-12 20:06 69,120 a------- c:\windows\system32\drivers\gasfkylkrvakvv.sys
2009-09-09 10:01 --d----- c:\programmi\MediaMonkey
2009-09-08 20:35 --d----- c:\docume~1\alluse~1\datiap~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-09-08 20:33 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-09-08 20:33 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-09-08 20:32 --d----- c:\programmi\file comuni\Apple

==================== Find3M ====================

2009-09-17 18:06 483,524 a------- c:\windows\system32\perfh010.dat
2009-09-17 18:06 81,404 a------- c:\windows\system32\perfc010.dat
2009-08-29 15:37 149,034 a------- c:\windows\HPHins15.dat
2009-08-29 12:21 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-08-29 12:21 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2009-08-28 10:24 722,416 a------- c:\windows\system32\drivers\sptd.sys
2009-08-28 09:20 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-25 21:42 469,552 a------- c:\windows\system32\NBMatS1SDK.dll
2009-08-25 21:42 27,184 a------- c:\windows\system32\drivers\FPSensor.sys
2009-08-25 21:40 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-08-25 21:40 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-05 10:59 205,312 a------- c:\windows\system32\mswebdvd.dll
2009-07-29 06:34 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 06:34 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 21:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 18:55 915,456 a------- c:\windows\system32\wininet.dll
2009-06-09 14:22 32,768 a--sh--- c:\windows\system32\config\systemprofile\impostazioni locali\dati applicazioni\microsoft\feeds cache\index.dat

============= FINISH: 16.11.25,10 ===============

and the attach file

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-24.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 25/08/2009 21.31.52
System Uptime: 28/09/2009 15.42.55 (1 hours ago)

Motherboard: Acer | | TravelMate 8371
Processor: Processore Intel Pentium III Xeon | CPU | 1396/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 286 GiB total, 224,074 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 229,026 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® WiFi Link 5100 AGN
Device ID: PCI\VEN_8086&DEV_4232&SUBSYS_13018086&REV_00\4&38F101EE&0&00E0
Manufacturer: Intel Corporation
Name: Intel® WiFi Link 5100 AGN
PNP Device ID: PCI\VEN_8086&DEV_4232&SUBSYS_13018086&REV_00\4&38F101EE&0&00E0
Service: NETw5x32

==== System Restore Points ===================

RP1: 12/09/2009 20.07.05 - Punto di arresto del sistema
RP2: 12/09/2009 20.07.05 - Installato Acer Crystal Eye Webcam
RP3: 12/09/2009 20.07.06 - Installed Windows XP Wdf01007.
RP4: 12/09/2009 20.07.06 - Installato WebCam
RP5: 12/09/2009 20.07.06 - Installato Fingerprint Solution
RP6: 12/09/2009 20.07.07 - Installato Acer eRecovery Management
RP7: 12/09/2009 20.07.07 - Installato WinDVD
RP8: 12/09/2009 20.07.07 - Configurato Fingerprint Solution
RP9: 12/09/2009 20.07.07 - Installato Acer Product Registration
RP10: 12/09/2009 20.07.07 - Removed 2007 Microsoft Office system
RP11: 12/09/2009 20.07.07 - Componenti di connettività di Microsoft Office Small Business rimosso
RP12: 12/09/2009 20.07.07 - Microsoft Office 2003 - Componenti Web rimosso
RP13: 12/09/2009 20.07.07 - Microsoft Office 2007 Primary Interop Assemblies rimosso
RP14: 12/09/2009 20.07.07 - Removed Microsoft Office Suite Activation Assistant.
RP15: 12/09/2009 20.07.08 - Avira AntiVir Personal - 26/08/2009 20.47
RP16: 12/09/2009 20.07.08 - Microsoft Office 2000 Professional installato
RP17: 12/09/2009 20.07.08 - Removed Google Toolbar for Internet Explorer
RP18: 12/09/2009 20.07.08 - Configurato NTI Media Maker 8
RP19: 12/09/2009 20.07.08 - Rimosso WinDVD
RP20: 12/09/2009 20.07.09 - Rimosso eSobi v2
RP21: 12/09/2009 20.07.09 - Assistente per l'accesso a Windows Live rimosso
RP22: 12/09/2009 20.07.09 - Avira AntiVir Personal - 28/08/2009 9.33
RP23: 12/09/2009 20.07.09 - Installed ESET NOD32 Antivirus
RP24: 12/09/2009 20.07.09 - SPTD setup V1.50
RP25: 12/09/2009 20.07.09 - SPTD setup V1.60
RP26: 12/09/2009 20.07.09 - Installed Microsoft Office Enterprise 2007
RP27: 12/09/2009 20.07.09 - Microsoft Office 2000 Professional rimosso
RP28: 12/09/2009 20.07.10 - Installed Microsoft Office Enterprise 2007
RP29: 12/09/2009 20.07.10 - Driver della stampante Send To Microsoft OneNote Dri installato
RP30: 12/09/2009 20.07.10 - Windows Internet Explorer 8 installato.
RP31: 12/09/2009 20.07.10 - Installed Vplayer
RP32: 12/09/2009 20.07.10 - Installed Adobe Acrobat 8 Professional - English, Français, Deutsch
RP33: 12/09/2009 20.07.11 - Removed Adobe Reader 9 - Italiano.
RP34: 12/09/2009 20.07.11 - Removed Adobe Acrobat 8 Professional - English, Français, Deutsch
RP35: 12/09/2009 20.07.11 - Installed Adobe Acrobat 8 Professional - English, Français, Deutsch
RP36: 12/09/2009 20.07.11 - Software Distribution Service 3.0
RP37: 12/09/2009 20.07.11 - Software Distribution Service 3.0
RP38: 12/09/2009 20.07.11 - Software Distribution Service 3.0
RP39: 12/09/2009 20.07.11 - Java™ 6 Update 15 installato
RP40: 12/09/2009 20.07.12 - Installed MoRUN.net Sticker Lite
RP41: 12/09/2009 20.07.12 - Removed MoRUN.net Sticker Lite
RP42: 12/09/2009 20.07.12 - Software Distribution Service 3.0
RP43: 12/09/2009 20.07.12 - Removed Adobe Acrobat 8 Professional - English, Français, Deutsch
RP44: 12/09/2009 20.07.12 - Removed Adobe Acrobat 8 Professional - English, Français, Deutsch
RP45: 12/09/2009 20.07.13 - Installed TuneUp Utilities 2009
RP46: 12/09/2009 20.07.13 - Installed Adobe Acrobat 8 Professional - English, Français, Deutsch
RP47: 12/09/2009 20.07.13 - Installed HPSU306Stub
RP48: 12/09/2009 20.07.13 - Software Distribution Service 3.0
RP49: 12/09/2009 20.07.13 - Punto di arresto del sistema
RP50: 12/09/2009 20.07.13 - QuickTime installato
RP51: 12/09/2009 20.07.13 - iTunes installato
RP52: 12/09/2009 20.07.13 - iTunes rimosso
RP53: 12/09/2009 20.07.14 - iTunes installato
RP54: 12/09/2009 20.07.14 - Software Distribution Service 3.0
RP55: 21/09/2009 10.21.55 - iTunes rimosso
RP56: 21/09/2009 10.23.25 - QuickTime rimosso
RP57: 22/09/2009 21.43.55 - Apple Software Update rimosso
RP58: 22/09/2009 21.44.32 - Bonjour rimosso
RP59: 24/09/2009 12.15.57 - Installed SUPERAntiSpyware Free Edition

==== Installed Programs ======================

Acer Backup Manager
Acer Bio Protection
Acer Crystal Eye Webcam
Acer eRecovery Management
Acer Product Registration
Acer ScreenSaver
Acer VCM
Ad-Aware
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Aggiornamento della protezione per Windows Internet Explorer 8 (KB971961)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB972260)
Aggiornamento della protezione per Windows Media Player (KB952069)
Aggiornamento della protezione per Windows Media Player (KB968816)
Aggiornamento della protezione per Windows Media Player (KB973540)
Aggiornamento della protezione per Windows XP (KB923561)
Aggiornamento della protezione per Windows XP (KB923689)
Aggiornamento della protezione per Windows XP (KB938464)
Aggiornamento della protezione per Windows XP (KB941569)
Aggiornamento della protezione per Windows XP (KB946648)
Aggiornamento della protezione per Windows XP (KB950762)
Aggiornamento della protezione per Windows XP (KB950974)
Aggiornamento della protezione per Windows XP (KB951066)
Aggiornamento della protezione per Windows XP (KB951376-v2)
Aggiornamento della protezione per Windows XP (KB951376)
Aggiornamento della protezione per Windows XP (KB951698)
Aggiornamento della protezione per Windows XP (KB951748)
Aggiornamento della protezione per Windows XP (KB952004)
Aggiornamento della protezione per Windows XP (KB952954)
Aggiornamento della protezione per Windows XP (KB954211)
Aggiornamento della protezione per Windows XP (KB954459)
Aggiornamento della protezione per Windows XP (KB954600)
Aggiornamento della protezione per Windows XP (KB955069)
Aggiornamento della protezione per Windows XP (KB956391)
Aggiornamento della protezione per Windows XP (KB956572)
Aggiornamento della protezione per Windows XP (KB956744)
Aggiornamento della protezione per Windows XP (KB956802)
Aggiornamento della protezione per Windows XP (KB956803)
Aggiornamento della protezione per Windows XP (KB956841)
Aggiornamento della protezione per Windows XP (KB956844)
Aggiornamento della protezione per Windows XP (KB957095)
Aggiornamento della protezione per Windows XP (KB957097)
Aggiornamento della protezione per Windows XP (KB958644)
Aggiornamento della protezione per Windows XP (KB958687)
Aggiornamento della protezione per Windows XP (KB959426)
Aggiornamento della protezione per Windows XP (KB960225)
Aggiornamento della protezione per Windows XP (KB960803)
Aggiornamento della protezione per Windows XP (KB960859)
Aggiornamento della protezione per Windows XP (KB961371-v2)
Aggiornamento della protezione per Windows XP (KB961501)
Aggiornamento della protezione per Windows XP (KB968537)
Aggiornamento della protezione per Windows XP (KB970238)
Aggiornamento della protezione per Windows XP (KB971557)
Aggiornamento della protezione per Windows XP (KB971633)
Aggiornamento della protezione per Windows XP (KB971657)
Aggiornamento della protezione per Windows XP (KB973346)
Aggiornamento della protezione per Windows XP (KB973354)
Aggiornamento della protezione per Windows XP (KB973507)
Aggiornamento della protezione per Windows XP (KB973869)
Aggiornamento per Windows XP (KB898461)
Aggiornamento per Windows XP (KB951072-v2)
Aggiornamento per Windows XP (KB951978)
Aggiornamento per Windows XP (KB955839)
Aggiornamento per Windows XP (KB967715)
Aggiornamento per Windows XP (KB968389)
Aggiornamento per Windows XP (KB973815)
Aggiornamento rapido per Windows XP (KB932716-v2)
Aggiornamento rapido per Windows XP (KB949764)
Aggiornamento rapido per Windows XP (KB952287)
Aggiornamento rapido per Windows XP (KB961118)
Aggiornamento rapido per Windows XP (KB970653-v3)
Apple Mobile Device Support
µTorrent
Backup Manager Advance
BufferChm
Choice Guard
Cobian Backup 9
CustomerResearchQFolder
D2400
D2400_Help
DeviceDiscovery
DeviceManagementQFolder
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
ESET NOD32 Antivirus
eSupportQFolder
File di supporto dell'installazione di Microsoft SQL Server (Italiano)
Fingerprint Solution
Google Chrome
GridVista
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HP Customer Participation Program 9.0
HP Deskjet Printer Driver Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java™ 6 Update 15
Junk Mail filter update
K-Lite Codec Pack 4.9.5 (Full)
Launch Manager
LimeWire PRO 5.1.2
Malwarebytes' Anti-Malware
MarketResearch
MediaMonkey 3.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (Italian) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Italian) 2007
Microsoft Office Groove MUI (Italian) 2007
Microsoft Office InfoPath MUI (Italian) 2007
Microsoft Office OneNote MUI (Italian) 2007
Microsoft Office Outlook MUI (Italian) 2007
Microsoft Office PowerPoint MUI (Italian) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (Italian) 2007
Microsoft Office Publisher MUI (Italian) 2007
Microsoft Office Shared MUI (Italian) 2007
Microsoft Office Word MUI (Italian) 2007
Microsoft Software Update for Web Folders (Italian) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSVCRT
MSXML 4.0 SP2 (KB954430)
PanoStandAlone
Parser MSXML 6.0
PSSWCORE
Raccolta foto di Windows Live
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Segoe UI
Skype web features
Skype™ 4.1
Software per stampante EPSON
SolutionCenter
Status
Strumento di caricamento di Windows Live
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
TK8 StickyNotes 3.0 Beta
Toolbox
TrayApp
TuneUp Utilities 2009
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB2.0 Card Reader Software
VideoToolkit01
Vplayer
WebCam
WebFldrs XP
WebReg
WIDCOMM Bluetooth Software
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Writer
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver

==== Event Viewer Messages From Past Week ========

24/09/2009 11.47.59, Informazione: Windows File Protection [64002] - Si è tentato di sostituire il file di sistema protetto beep.sys. La versione originale del file è stata ripristinata per conservare la stabilità del sistema. La versione del file di sistema è 5.1.2600.0.
24/09/2009 11.44.33, Informazione: Windows File Protection [64002] - Si è tentato di sostituire il file di sistema protetto beep.sys. La versione originale del file è stata ripristinata per conservare la stabilità del sistema. La versione del file di sistema è 5.1.2600.0.

==== End Of File ===========================



and the rootrepeal report

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/28 16:16
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0x9B40E000 Size: 897024 File Visible: No Signed: -
Status: -

Name: PCI_PNP7648
Image Path: \Driver\PCI_PNP7648
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9AC04000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spbl.sys
Image Path: spbl.sys
Address: 0xB9EA6000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\temp\perflib_perfdata_9fc.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\programmi\cobian backup 9\db\log.txt
Status: Allocation size mismatch (API: 12288, Raw: 16384)

Path: c:\documents and settings\utente\impostazioni locali\temp\etilqs_g0pmbvrtkfurfvskqge8
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: c:\documents and settings\utente\impostazioni locali\temp\etilqs_ilenmxninbhzstpzec5h
Status: Allocation size mismatch (API: 20480, Raw: 0)

Path: c:\documents and settings\utente\impostazioni locali\temp\etilqs_ma3c0awy9669ijtpop1d
Status: Allocation size mismatch (API: 8192, Raw: 0)

Path: c:\documents and settings\utente\dati applicazioni\skype\shivase\dc.db-journal
Status: Allocation size mismatch (API: 20480, Raw: 32768)

Path: c:\documents and settings\utente\dati applicazioni\skype\shivase\etilqs_kbvwgtjpty6attrilvrg
Status: Allocation size mismatch (API: 20480, Raw: 32768)

Path: c:\documents and settings\utente\dati applicazioni\skype\shivase\main.db
Status: Allocation size mismatch (API: 823296, Raw: 851968)

Path: c:\documents and settings\utente\dati applicazioni\skype\shivase\main.db-journal
Status: Allocation size mismatch (API: 212992, Raw: 262144)

Path: C:\Documents and Settings\Utente\Impostazioni locali\Apps\2.0\25RJNOCW.7L4\MO95OT5C.21A\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Utente\Impostazioni locali\Apps\2.0\25RJNOCW.7L4\MO95OT5C.21A\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "" at address 0x85e6e8a0

#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xba0f887e

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spbl.sys" at address 0xb9ec5da4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spbl.sys" at address 0xb9ec6132

#: 119 Function Name: NtOpenKey
Status: Hooked by "spbl.sys" at address 0xb9ea70c0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "" at address 0x85e6dcb0

#: 128 Function Name: NtOpenThread
Status: Hooked by "" at address 0x85e6e0d0

#: 160 Function Name: NtQueryKey
Status: Hooked by "spbl.sys" at address 0xb9ec620a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spbl.sys" at address 0xb9ec608a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xba0f8bfe

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "" at address 0x85e6e6d0

#: 254 Function Name: NtSuspendThread
Status: Hooked by "" at address 0x85e6e4f0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "" at address 0x85e6dee0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "" at address 0x85e6e310

Stealth Objects
-------------------
Object: Hidden Code [ETHREAD: 0x89228d00]
Process: System Address: 0x85e6c930 Size: 1000

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x89ddf1f8 Size: 121

Object: Hidden Code [Driver: a4yqxusc؅ఄ灐†ptilink.sys, IRP_MJ_CREATE]
Process: System Address: 0x88f5a1f8 Size: 121

Object: Hidden Code [Driver: a4yqxusc؅ఄ灐†ptilink.sys, IRP_MJ_CLOSE]
Process: System Address: 0x88f5a1f8 Size: 121

Object: Hidden Code [Driver: a4yqxusc؅ఄ灐†ptilink.sys, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88f5a1f8 Size: 121

Object: Hidden Code [Driver: a4yqxusc؅ఄ灐†ptilink.sys, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x88f5a1f8 Size: 121

Object: Hidden Code [Driver: a4yqxusc؅ఄ灐†ptilink.sys, IRP_MJ_POWER]
Process: System Address: 0x88f5a1f8 Size: 121

Object: Hidden Code [Driver: a4yqxusc؅ఄ灐†ptilink.sys, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x88f5a1f8 Size: 121

Object: Hidden Code [Driver: a4yqxusc؅ఄ灐†ptilink.sys, IRP_MJ_PNP]
Process: System Address: 0x88f5a1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x88e161f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x88e161f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x88e161f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x88e161f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x88e161f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88e161f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x88e161f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x88e161f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x88e161f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x88e161f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x88e161f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x89d721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x89d721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x89d721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x89d721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89d721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89d721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89d721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89d721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x89d721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89d721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x89d721f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x891d61f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x891d61f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x891d61f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x891d61f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x891d61f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x891d61f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x891d61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x89de11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x89de11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x89de11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89de11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89de11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89de11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89de11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x89de11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x89de11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89de11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x89de11f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x88f02500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x88f02500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88f02500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x88f02500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x88f02500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x88f02500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x891d51f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x891d51f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x891d51f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x891d51f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x891d51f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x891d51f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x891d51f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x88ed0500 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఈ浗灩, IRP_MJ_CREATE]
Process: System Address: 0x88f07368 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఈ浗灩, IRP_MJ_CLOSE]
Process: System Address: 0x88f07368 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఈ浗灩, IRP_MJ_READ]
Process: System Address: 0x88f07368 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఈ浗灩, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x88f07368 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఈ浗灩, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x88f07368 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఈ浗灩, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x88f07368 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఈ浗灩, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x88f07368 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఈ浗灩, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x88f07368 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఈ浗灩, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88f07368 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఈ浗灩, IRP_MJ_SHUTDOWN]
Process: System Address: 0x88f07368 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఈ浗灩, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x88f07368 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఈ浗灩, IRP_MJ_CLEANUP]
Process: System Address: 0x88f07368 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఈ浗灩, IRP_MJ_PNP]
Process: System Address: 0x88f07368 Size: 121

Hidden Services
-------------------
Service Name: gasfkyxwbwulhy
Image Path: C:\WINDOWS\system32\drivers\gasfkylkrvakvv.sys

==EOF==


thank you again!
have a nice day!

sere

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:51 PM

Posted 29 September 2009 - 07:16 AM

Hi,

I see you are running AdWatch.
I suggest you disable it because it can interfere with the fixes.

To disable AdWatch - * Right click on the Ad-Watch icon in the system tray and select to Disable Adwatch Live.


Then, please update MalwareBytes, because the databaseversion may be outdated.
  • Start MalwareBytes and click the Update tab. There click "Check for updates"
  • Once the updates are downloaded, perform a quick scan again.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh DDS, then we'll proceed from there with new steps.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Edited by miekiemoes, 29 September 2009 - 07:16 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 shivase

shivase
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 29 September 2009 - 11:20 AM

thank you for your help!
here is the log

Malwarebytes' Anti-Malware 1.41
Database version: 2871
Windows 5.1.2600 Service Pack 3

29/09/2009 18.08.20
mbam-log-2009-09-29 (18-08-20).txt

Scan type: Quick Scan
Objects scanned: 105566
Time elapsed: 13 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gasfkyxwbwulhy (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\gasfkymttijyme.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gasfkyxuwpiexx.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gasfkylkrvakvv.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Utente\Impostazioni locali\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\NetworkService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utente\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gasfkykklgvumq.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gasfkylsbbemcb.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.

and then i rebooted the laptot in order to elimite some of them

what's next?
:-)

ps now there's just one alert when i start the laptop..

Edited by shivase, 29 September 2009 - 11:31 AM.


#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:51 PM

Posted 29 September 2009 - 11:34 AM

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 shivase

shivase
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 29 September 2009 - 04:09 PM

hi...
I rebooted the laptop once again and now I don't have any alert..it's just a bit slow but maybe i just have to many programs charging...are you sure that i really need to run combofix? because i know that it's a kind powerful program and i'm afraid that i'll mess up...
thank you!
sere

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:51 PM

Posted 29 September 2009 - 04:41 PM

Hi,

Let's see what a new DDS log shows, so please rescan again with DDS and post the log. Then we'll see if we use Combofix or not.
Combofix is very powerful and a safe tool btw, more safe than some other scanners because it has some built in safety checks which other scanners don't have.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 shivase

shivase
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 29 September 2009 - 05:07 PM

thank you for your fast reply!

here it is:

DDS (Ver_09-09-24.01) - NTFSx86
Run by Utente at 0.04.50,42 on 30/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1979.1159 [GMT 2:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmi\Acer Bio Protection\BASVC.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\PLFSetI.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\PLFSetL.exe
C:\Programmi\Acer Bio Protection\PdtWzd.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\TEMP\mpetpyecti.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programmi\Acer Bio Protection\PwdBank.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Documenti\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=0&o=xpp&d=0809&m=travelmate_8371
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\utente\impostazioni locali\dati applicazioni\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\programmi\daemon tools lite\daemon.exe" -autorun
uRun: [autochk] rundll32.exe c:\docume~1\utente\protect.dll,_IWMPEvents@0
mRun: [IAAnotif] c:\programmi\intel\intel matrix storage manager\iaanotif.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\programmi\realtek\audio\drivers\AzMixerSel.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [SynTPEnh] c:\programmi\synaptics\syntp\SynTPEnh.exe
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [VitaKeyPdtWzd] "c:\programmi\acer bio protection\PdtWzd.exe"
mRun: [egui] "c:\programmi\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\programmi\java\jre6\bin\jusched.exe"
mRun: [Acrobat Assistant 8.0] "c:\programmi\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Microsoft .NET Framework 3.5] c:\windows\temp\mpetpyecti.exe
mRun: [GrooveMonitor] "c:\programmi\microsoft office\office12\GrooveMonitor.exe"
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@0
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\programmi\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [autochk] rundll32.exe c:\docume~1\locals~1\protect.dll,_IWMPEvents@0
StartupFolder: c:\documents and settings\utente\menu avvio\programmi\esecuzione automatica\ChkDisk.dll
StartupFolder: c:\docume~1\utente\menuav~1\progra~1\esecuz~1\chkdisk.lnk - c:\windows\system32\rundll32.exe
IE: Append to existing PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Invia a Bluetooth - c:\programmi\widcomm\bluetooth software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\programmi\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\programmi\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programmi\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\programmi\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\programmi\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251459916703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fileco~1\skype\SKYPE4~1.DLL
Notify: AWinNotifyVitaKey MC3000 - c:\programmi\acer bio protection\WinNotify.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: cru629.dat
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Notification Packages = c:\programmi\acer bio protection\PwdFilter

============= SERVICES / DRIVERS ===============

R1 DPMemGridVista;Physical Memory I/O for GridVista;c:\programmi\gridvista\DPMemGridVista.sys [2009-6-10 10504]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 93336]
R2 ekrn;ESET Service;c:\programmi\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\drivers\FPSensor.sys [2009-8-25 27184]
R2 IGBASVC;EgisTec Service;c:\programmi\acer bio protection\BASVC.exe [2009-5-13 3445248]
R2 RS_Service;Raw Socket Service;c:\programmi\acer\acer vcm\RS_Service.exe [2009-6-9 237568]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-8-25 110080]
RUnknown SASKUTIL;SASKUTIL; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-6-9 1684736]
S3 qcusbserAcr2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9215);c:\windows\system32\drivers\qcusbserAcr2k.sys [2009-6-10 104448]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-6-9 165888]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S4 mthsrfbxoh;mthsrfbxoh;c:\windows\system32\drivers\xjlhaqmg.sys [2009-9-17 75648]

=============== Created Last 30 ================

2009-09-29 18:27 22,016 a--sh--- c:\windows\system32\autochk.dll
2009-09-29 18:00 170,202 a------- c:\windows\hpqins00.dat
2009-09-29 17:46 <DIR> --d----- c:\docume~1\utente\datiap~1\HpUpdate
2009-09-29 17:46 <DIR> --d----- c:\windows\Hewlett-Packard
2009-09-27 18:38 <DIR> --d----- c:\programmi\Cobian Backup 9
2009-09-24 12:16 <DIR> --d----- c:\docume~1\alluse~1\datiap~1\SUPERAntiSpyware.com
2009-09-24 12:15 <DIR> --d----- c:\programmi\SUPERAntiSpyware
2009-09-24 12:15 <DIR> --d----- c:\docume~1\utente\datiap~1\SUPERAntiSpyware.com
2009-09-24 11:47 4,224 ac------ c:\windows\system32\dllcache\beep.sys
2009-09-24 11:47 4,224 a------- c:\windows\system32\drivers\beep.sys
2009-09-24 11:26 <DIR> --d----- c:\docume~1\utente\datiap~1\Malwarebytes
2009-09-24 11:25 <DIR> --d----- c:\docume~1\alluse~1\datiap~1\Malwarebytes
2009-09-23 00:10 <DIR> --d----- c:\windows\system32\LogFiles
2009-09-21 10:19 <DIR> --d----- c:\programmi\Lavasoft
2009-09-21 10:10 <DIR> --d----- C:\SpySoapBin
2009-09-19 12:09 <DIR> --d----- c:\programmi\Spybot - Search & Destroy
2009-09-19 12:09 <DIR> --d----- c:\docume~1\alluse~1\datiap~1\Spybot - Search & Destroy
2009-09-17 18:09 75,648 a------- c:\windows\system32\drivers\xjlhaqmg.sys
2009-09-17 17:53 22,016 -------- c:\documents and settings\utente\protect.dll
2009-09-17 17:33 <DIR> --d----- c:\programmi\SecureW2
2009-09-13 15:22 <DIR> --d----- c:\programmi\Microsoft Visual Studio 8
2009-09-13 15:21 <DIR> --d----- c:\windows\SHELLNEW
2009-09-12 21:14 <DIR> --d----- C:\spoolerlogs
2009-09-09 10:01 <DIR> --d----- c:\programmi\MediaMonkey
2009-09-08 20:35 <DIR> --d----- c:\docume~1\alluse~1\datiap~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-09-08 20:33 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-09-08 20:33 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-09-08 20:32 <DIR> --d----- c:\programmi\file comuni\Apple

==================== Find3M ====================

2009-09-17 18:06 483,524 a------- c:\windows\system32\perfh010.dat
2009-09-17 18:06 81,404 a------- c:\windows\system32\perfc010.dat
2009-08-29 15:37 149,034 a------- c:\windows\HPHins15.dat
2009-08-28 10:24 722,416 a------- c:\windows\system32\drivers\sptd.sys
2009-08-28 09:20 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-25 21:42 469,552 a------- c:\windows\system32\NBMatS1SDK.dll
2009-08-25 21:42 27,184 a------- c:\windows\system32\drivers\FPSensor.sys
2009-08-25 21:40 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-08-25 21:40 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-05 10:59 205,312 a------- c:\windows\system32\mswebdvd.dll
2009-07-29 06:34 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 06:34 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 21:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 18:55 915,456 a------- c:\windows\system32\wininet.dll
2009-06-09 14:22 32,768 a--sh--- c:\windows\system32\config\systemprofile\impostazioni locali\dati applicazioni\microsoft\feeds cache\index.dat

============= FINISH: 0.05.06,51 ===============


e l'attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-24.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 25/08/2009 21.31.52
System Uptime: 29/09/2009 23.48.02 (1 hours ago)

Motherboard: Acer | | TravelMate 8371
Processor: Processore Intel Pentium III Xeon | CPU | 1396/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 286 GiB total, 223,918 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 12/09/2009 20.07.05 - Punto di arresto del sistema
RP2: 12/09/2009 20.07.05 - Installato Acer Crystal Eye Webcam
RP3: 12/09/2009 20.07.06 - Installed Windows XP Wdf01007.
RP4: 12/09/2009 20.07.06 - Installato WebCam
RP5: 12/09/2009 20.07.06 - Installato Fingerprint Solution
RP6: 12/09/2009 20.07.07 - Installato Acer eRecovery Management
RP7: 12/09/2009 20.07.07 - Installato WinDVD
RP8: 12/09/2009 20.07.07 - Configurato Fingerprint Solution
RP9: 12/09/2009 20.07.07 - Installato Acer Product Registration
RP10: 12/09/2009 20.07.07 - Removed 2007 Microsoft Office system
RP11: 12/09/2009 20.07.07 - Componenti di connettività di Microsoft Office Small Business rimosso
RP12: 12/09/2009 20.07.07 - Microsoft Office 2003 - Componenti Web rimosso
RP13: 12/09/2009 20.07.07 - Microsoft Office 2007 Primary Interop Assemblies rimosso
RP14: 12/09/2009 20.07.07 - Removed Microsoft Office Suite Activation Assistant.
RP15: 12/09/2009 20.07.08 - Avira AntiVir Personal - 26/08/2009 20.47
RP16: 12/09/2009 20.07.08 - Microsoft Office 2000 Professional installato
RP17: 12/09/2009 20.07.08 - Removed Google Toolbar for Internet Explorer
RP18: 12/09/2009 20.07.08 - Configurato NTI Media Maker 8
RP19: 12/09/2009 20.07.08 - Rimosso WinDVD
RP20: 12/09/2009 20.07.09 - Rimosso eSobi v2
RP21: 12/09/2009 20.07.09 - Assistente per l'accesso a Windows Live rimosso
RP22: 12/09/2009 20.07.09 - Avira AntiVir Personal - 28/08/2009 9.33
RP23: 12/09/2009 20.07.09 - Installed ESET NOD32 Antivirus
RP24: 12/09/2009 20.07.09 - SPTD setup V1.50
RP25: 12/09/2009 20.07.09 - SPTD setup V1.60
RP26: 12/09/2009 20.07.09 - Installed Microsoft Office Enterprise 2007
RP27: 12/09/2009 20.07.09 - Microsoft Office 2000 Professional rimosso
RP28: 12/09/2009 20.07.10 - Installed Microsoft Office Enterprise 2007
RP29: 12/09/2009 20.07.10 - Driver della stampante Send To Microsoft OneNote Dri installato
RP30: 12/09/2009 20.07.10 - Windows Internet Explorer 8 installato.
RP31: 12/09/2009 20.07.10 - Installed Vplayer
RP32: 12/09/2009 20.07.10 - Installed Adobe Acrobat 8 Professional - English, Français, Deutsch
RP33: 12/09/2009 20.07.11 - Removed Adobe Reader 9 - Italiano.
RP34: 12/09/2009 20.07.11 - Removed Adobe Acrobat 8 Professional - English, Français, Deutsch
RP35: 12/09/2009 20.07.11 - Installed Adobe Acrobat 8 Professional - English, Français, Deutsch
RP36: 12/09/2009 20.07.11 - Software Distribution Service 3.0
RP37: 12/09/2009 20.07.11 - Software Distribution Service 3.0
RP38: 12/09/2009 20.07.11 - Software Distribution Service 3.0
RP39: 12/09/2009 20.07.11 - Java™ 6 Update 15 installato
RP40: 12/09/2009 20.07.12 - Installed MoRUN.net Sticker Lite
RP41: 12/09/2009 20.07.12 - Removed MoRUN.net Sticker Lite
RP42: 12/09/2009 20.07.12 - Software Distribution Service 3.0
RP43: 12/09/2009 20.07.12 - Removed Adobe Acrobat 8 Professional - English, Français, Deutsch
RP44: 12/09/2009 20.07.12 - Removed Adobe Acrobat 8 Professional - English, Français, Deutsch
RP45: 12/09/2009 20.07.13 - Installed TuneUp Utilities 2009
RP46: 12/09/2009 20.07.13 - Installed Adobe Acrobat 8 Professional - English, Français, Deutsch
RP47: 12/09/2009 20.07.13 - Installed HPSU306Stub
RP48: 12/09/2009 20.07.13 - Software Distribution Service 3.0
RP49: 12/09/2009 20.07.13 - Punto di arresto del sistema
RP50: 12/09/2009 20.07.13 - QuickTime installato
RP51: 12/09/2009 20.07.13 - iTunes installato
RP52: 12/09/2009 20.07.13 - iTunes rimosso
RP53: 12/09/2009 20.07.14 - iTunes installato
RP54: 12/09/2009 20.07.14 - Software Distribution Service 3.0
RP55: 21/09/2009 10.21.55 - iTunes rimosso
RP56: 21/09/2009 10.23.25 - QuickTime rimosso
RP57: 22/09/2009 21.43.55 - Apple Software Update rimosso
RP58: 22/09/2009 21.44.32 - Bonjour rimosso
RP59: 24/09/2009 12.15.57 - Installed SUPERAntiSpyware Free Edition
RP60: 29/09/2009 17.46.43 - Removed HPSU306Stub
RP61: 29/09/2009 17.46.53 - HP Update rimosso
RP62: 29/09/2009 17.47.02 - Installato HP Update.
RP63: 29/09/2009 17.59.22 - Installed HP Product Assistant
RP64: 29/09/2009 23.32.45 - Configurato Backup Manager Advance
RP65: 29/09/2009 23.33.13 - Configurato Backup Manager Advance
RP66: 29/09/2009 23.34.19 - Rimosso Acer eRecovery Management
RP67: 29/09/2009 23.34.54 - Rimosso Acer Product Registration
RP68: 29/09/2009 23.43.21 - Rimosso HP Update.
RP69: 29/09/2009 23.46.13 - HPSSupply rimosso
RP70: 29/09/2009 23.56.28 - Removed SUPERAntiSpyware Free Edition
RP71: 29/09/2009 23.57.13 - Removed TuneUp Utilities 2009

==== Installed Programs ======================

Acer Bio Protection
Acer Crystal Eye Webcam
Acer VCM
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Aggiornamento della protezione per Windows Internet Explorer 8 (KB971961)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB972260)
Aggiornamento della protezione per Windows Media Player (KB952069)
Aggiornamento della protezione per Windows Media Player (KB968816)
Aggiornamento della protezione per Windows Media Player (KB973540)
Aggiornamento della protezione per Windows XP (KB923561)
Aggiornamento della protezione per Windows XP (KB923689)
Aggiornamento della protezione per Windows XP (KB938464)
Aggiornamento della protezione per Windows XP (KB941569)
Aggiornamento della protezione per Windows XP (KB946648)
Aggiornamento della protezione per Windows XP (KB950762)
Aggiornamento della protezione per Windows XP (KB950974)
Aggiornamento della protezione per Windows XP (KB951066)
Aggiornamento della protezione per Windows XP (KB951376-v2)
Aggiornamento della protezione per Windows XP (KB951376)
Aggiornamento della protezione per Windows XP (KB951698)
Aggiornamento della protezione per Windows XP (KB951748)
Aggiornamento della protezione per Windows XP (KB952004)
Aggiornamento della protezione per Windows XP (KB952954)
Aggiornamento della protezione per Windows XP (KB954211)
Aggiornamento della protezione per Windows XP (KB954459)
Aggiornamento della protezione per Windows XP (KB954600)
Aggiornamento della protezione per Windows XP (KB955069)
Aggiornamento della protezione per Windows XP (KB956391)
Aggiornamento della protezione per Windows XP (KB956572)
Aggiornamento della protezione per Windows XP (KB956744)
Aggiornamento della protezione per Windows XP (KB956802)
Aggiornamento della protezione per Windows XP (KB956803)
Aggiornamento della protezione per Windows XP (KB956841)
Aggiornamento della protezione per Windows XP (KB956844)
Aggiornamento della protezione per Windows XP (KB957095)
Aggiornamento della protezione per Windows XP (KB957097)
Aggiornamento della protezione per Windows XP (KB958644)
Aggiornamento della protezione per Windows XP (KB958687)
Aggiornamento della protezione per Windows XP (KB959426)
Aggiornamento della protezione per Windows XP (KB960225)
Aggiornamento della protezione per Windows XP (KB960803)
Aggiornamento della protezione per Windows XP (KB960859)
Aggiornamento della protezione per Windows XP (KB961371-v2)
Aggiornamento della protezione per Windows XP (KB961501)
Aggiornamento della protezione per Windows XP (KB968537)
Aggiornamento della protezione per Windows XP (KB970238)
Aggiornamento della protezione per Windows XP (KB971557)
Aggiornamento della protezione per Windows XP (KB971633)
Aggiornamento della protezione per Windows XP (KB971657)
Aggiornamento della protezione per Windows XP (KB973346)
Aggiornamento della protezione per Windows XP (KB973354)
Aggiornamento della protezione per Windows XP (KB973507)
Aggiornamento della protezione per Windows XP (KB973869)
Aggiornamento per Windows XP (KB898461)
Aggiornamento per Windows XP (KB951072-v2)
Aggiornamento per Windows XP (KB951978)
Aggiornamento per Windows XP (KB955839)
Aggiornamento per Windows XP (KB967715)
Aggiornamento per Windows XP (KB968389)
Aggiornamento per Windows XP (KB973815)
Aggiornamento rapido per Windows XP (KB932716-v2)
Aggiornamento rapido per Windows XP (KB949764)
Aggiornamento rapido per Windows XP (KB952287)
Aggiornamento rapido per Windows XP (KB961118)
Aggiornamento rapido per Windows XP (KB970653-v3)
Apple Mobile Device Support
µTorrent
BufferChm
Choice Guard
D2400
D2400_Help
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
ESET NOD32 Antivirus
File di supporto dell'installazione di Microsoft SQL Server (Italiano)
Fingerprint Solution
Google Chrome
GridVista
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HP Deskjet Printer Driver Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java™ 6 Update 15
Junk Mail filter update
K-Lite Codec Pack 4.9.5 (Full)
LimeWire 5.2.13
MediaMonkey 3.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (Italian) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Italian) 2007
Microsoft Office Groove MUI (Italian) 2007
Microsoft Office InfoPath MUI (Italian) 2007
Microsoft Office OneNote MUI (Italian) 2007
Microsoft Office Outlook MUI (Italian) 2007
Microsoft Office PowerPoint MUI (Italian) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (Italian) 2007
Microsoft Office Publisher MUI (Italian) 2007
Microsoft Office Shared MUI (Italian) 2007
Microsoft Office Word MUI (Italian) 2007
Microsoft Software Update for Web Folders (Italian) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSVCRT
MSXML 4.0 SP2 (KB954430)
Parser MSXML 6.0
PSSWCORE
Raccolta foto di Windows Live
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Segoe UI
Skype web features
Skype™ 4.1
Software per stampante EPSON
Strumento di caricamento di Windows Live
Synaptics Pointing Device Driver
TK8 StickyNotes 3.0 Beta
Toolbox
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB2.0 Card Reader Software
VideoToolkit01
Vplayer
WebCam
WebFldrs XP
WebReg
WIDCOMM Bluetooth Software
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Writer
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver

==== Event Viewer Messages From Past Week ========

24/09/2009 11.47.59, Informazione: Windows File Protection [64002] - Si è tentato di sostituire il file di sistema protetto beep.sys. La versione originale del file è stata ripristinata per conservare la stabilità del sistema. La versione del file di sistema è 5.1.2600.0.
24/09/2009 11.44.33, Informazione: Windows File Protection [64002] - Si è tentato di sostituire il file di sistema protetto beep.sys. La versione originale del file è stata ripristinata per conservare la stabilità del sistema. La versione del file di sistema è 5.1.2600.0.

==== End Of File ===========================

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:51 PM

Posted 29 September 2009 - 05:13 PM

Hi,

I suggest you to run Combofix though, because the infection is still active and running here + I fear some system files are also patched. Combofix should fix this as well (if you allow it to install the recovery console)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 shivase

shivase
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 29 September 2009 - 05:36 PM

ok, here is combofix log!

ComboFix 09-09-28.01 - Utente 30/09/2009 0.24.51.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1979.1472 [GMT 2:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\ChkDisk.dll
c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\ChkDisk.lnk
c:\documents and settings\Utente\protect.dll
c:\recycler\S-1-5-21-0404635030-9825444305-493119648-1350
c:\recycler\S-1-5-21-0447389185-9128063541-569010190-4998
c:\recycler\S-1-5-21-1584704057-4183213167-172867622-6101
c:\recycler\S-1-5-21-3839728307-0107653317-145702262-6899
c:\recycler\S-1-5-21-8141116732-9379942618-715203911-4845
c:\recycler\S-1-5-21-8581238510-3867403557-873189457-6880
c:\windows\Suyin.reg
c:\windows\system32\autochk.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\xjlhaqmg.sys

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MTHSRFBXOH
-------\Service_mthsrfbxoh


((((((((((((((((((((((((( Files Creati Da 2009-08-28 al 2009-09-29 )))))))))))))))))))))))))))))))))))
.

2009-09-29 16:00 . 2009-09-29 16:24 170202 ----a-w- c:\windows\hpqins00.dat
2009-09-29 15:46 . 2009-09-29 16:24 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\HpUpdate
2009-09-29 15:46 . 2009-09-29 15:46 -------- d-----w- c:\windows\Hewlett-Packard
2009-09-28 14:32 . 2009-09-28 14:32 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-27 16:38 . 2009-09-29 21:18 -------- d-----w- c:\programmi\Cobian Backup 9
2009-09-24 10:16 . 2009-09-24 10:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-09-24 10:15 . 2009-09-29 21:56 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\SUPERAntiSpyware.com
2009-09-24 10:15 . 2009-09-29 21:56 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-09-24 09:47 . 2008-04-14 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-09-24 09:47 . 2008-04-14 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-09-24 09:26 . 2009-09-24 09:26 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Malwarebytes
2009-09-24 09:25 . 2009-09-24 09:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-09-22 22:10 . 2009-09-22 22:10 -------- d-----w- c:\windows\system32\LogFiles
2009-09-21 08:19 . 2009-09-29 21:22 -------- d-----w- c:\programmi\Lavasoft
2009-09-21 08:19 . 2009-09-21 08:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-09-21 08:10 . 2009-09-21 08:10 -------- d-----w- C:\SpySoapBin
2009-09-19 10:17 . 2009-09-19 10:17 -------- d-----w- c:\windows\Sun
2009-09-19 10:09 . 2009-09-21 08:28 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-09-19 10:09 . 2009-09-21 08:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-09-18 07:39 . 2009-09-18 07:40 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Temp
2009-09-17 15:33 . 2009-09-22 19:46 -------- d-----w- c:\programmi\SecureW2
2009-09-16 16:37 . 2007-10-23 07:27 110592 ----a-w- c:\documents and settings\Utente\Dati applicazioni\U3\temp\cleanup.exe
2009-09-16 16:35 . 2008-05-02 08:41 3493888 ---ha-w- c:\documents and settings\Utente\Dati applicazioni\U3\temp\Launchpad Removal.exe
2009-09-13 13:29 . 2009-09-13 13:29 -------- d-----w- c:\programmi\Microsoft Works
2009-09-13 13:27 . 2009-09-13 13:27 -------- d-----w- c:\programmi\Microsoft.NET
2009-09-13 13:22 . 2009-09-13 13:22 -------- d-----w- c:\programmi\Microsoft Visual Studio 8
2009-09-13 13:21 . 2009-09-13 13:28 -------- d-----w- c:\windows\SHELLNEW
2009-09-13 13:20 . 2009-09-13 13:20 -------- d-----r- C:\MSOCache
2009-09-13 06:30 . 2009-09-13 06:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-12 19:14 . 2009-09-12 19:14 -------- d-----w- C:\spoolerlogs
2009-09-09 08:01 . 2009-09-29 18:16 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\MediaMonkey
2009-09-09 08:01 . 2009-09-09 08:01 -------- d-----w- c:\programmi\MediaMonkey
2009-09-08 18:36 . 2009-09-08 18:36 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Apple Computer
2009-09-08 18:35 . 2009-09-08 18:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-09-08 18:33 . 2009-07-09 10:16 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-09-08 18:33 . 2009-07-09 10:16 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-09-08 18:32 . 2009-09-21 08:22 -------- d-----w- c:\programmi\File comuni\Apple
2009-09-08 14:37 . 2009-09-21 08:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-09-08 14:36 . 2009-09-08 14:36 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Apple
2009-09-08 14:36 . 2009-09-08 14:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2009-09-08 14:36 . 2009-09-08 18:36 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Apple Computer
2009-09-02 21:41 . 2009-09-16 16:35 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 22:23 . 2009-06-09 22:03 81404 ----a-w- c:\windows\system32\perfc010.dat
2009-09-29 22:23 . 2009-06-09 22:03 483524 ----a-w- c:\windows\system32\perfh010.dat
2009-09-29 21:42 . 2009-08-29 13:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2009-09-29 21:34 . 2009-06-09 13:32 -------- d-----w- c:\programmi\Acer
2009-09-29 21:34 . 2009-06-09 12:50 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-09-29 21:33 . 2009-06-09 13:27 -------- d-----w- c:\programmi\NewTech Infosystems
2009-09-29 21:20 . 2009-08-28 09:17 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\uTorrent
2009-09-29 20:59 . 2009-08-28 10:03 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Skype
2009-09-29 17:58 . 2009-08-28 10:11 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\LimeWire
2009-09-29 17:44 . 2009-08-28 10:08 -------- d-----w- c:\programmi\LimeWire
2009-09-29 17:37 . 2009-08-28 10:04 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\skypePM
2009-09-21 08:28 . 2009-06-09 13:01 -------- d-----w- c:\programmi\Google
2009-09-13 15:04 . 2009-06-09 13:08 91192 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-09-13 13:31 . 2009-06-09 13:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-09-13 13:28 . 2009-08-28 08:50 -------- d-----w- c:\programmi\MSBuild
2009-08-29 13:47 . 2009-08-29 13:47 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\HP
2009-08-29 13:45 . 2009-08-29 13:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WEBREG
2009-08-29 13:37 . 2009-08-29 13:14 149034 ----a-w- c:\windows\HPHins15.dat
2009-08-29 13:31 . 2009-08-29 13:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Hewlett-Packard
2009-08-29 13:27 . 2009-08-29 13:24 -------- d-----w- c:\programmi\HP
2009-08-29 13:25 . 2009-08-29 13:25 -------- d-----w- c:\programmi\File comuni\HP
2009-08-29 12:47 . 2009-08-29 12:46 -------- d-----w- c:\programmi\EPSON
2009-08-29 10:31 . 2009-08-29 10:31 -------- d-----w- c:\programmi\File comuni\Macrovision Shared
2009-08-29 10:29 . 2009-06-09 13:29 -------- d-----w- c:\programmi\File comuni\Adobe
2009-08-29 10:21 . 2009-08-29 10:21 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\TuneUp Software
2009-08-29 10:21 . 2009-08-29 10:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2009-08-29 10:20 . 2009-08-29 10:20 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-28 18:22 . 2009-08-28 18:22 -------- d-----w- c:\programmi\TK8 StickyNotes
2009-08-28 18:22 . 2009-08-28 18:22 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\TK8 Software
2009-08-28 17:22 . 2009-08-28 17:22 -------- d-----w- c:\programmi\MoRUN.net
2009-08-28 13:44 . 2009-08-28 10:09 -------- d-----w- c:\programmi\Java
2009-08-28 13:44 . 2009-08-28 13:44 152576 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-28 13:31 . 2009-08-28 13:31 -------- d-----w- c:\programmi\Reference Assemblies
2009-08-28 10:44 . 2009-08-28 10:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2009-08-28 10:09 . 2009-08-28 10:09 152576 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\jre1.6.0_11\lzma.dll
2009-08-28 10:04 . 2009-08-28 10:04 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-28 10:03 . 2009-08-28 10:02 -------- d-----r- c:\programmi\Skype
2009-08-28 10:02 . 2009-08-28 10:02 -------- d-----w- c:\programmi\File comuni\Skype
2009-08-28 10:02 . 2009-08-28 10:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-08-28 09:42 . 2009-08-28 09:42 28672 ----a-r- c:\documents and settings\Utente\Dati applicazioni\Microsoft\Installer\{A05BE20E-6510-44BC-95ED-6E6D730407D3}\_CA18F2C35CF8_400D_9D49_6D74AFB2D0CC.exe
2009-08-28 09:42 . 2009-08-28 09:42 -------- d-----w- c:\programmi\Vplayer
2009-08-28 09:41 . 2009-08-28 09:39 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-08-28 09:18 . 2009-08-28 09:18 -------- d-----w- c:\programmi\uTorrent
2009-08-28 09:11 . 2009-08-28 07:35 -------- d-----w- c:\programmi\ESET
2009-08-28 08:40 . 2009-08-28 08:33 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\DAEMON Tools Lite
2009-08-28 08:33 . 2009-08-28 08:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-08-28 08:33 . 2009-08-28 08:33 -------- d-----w- c:\programmi\DAEMON Tools Toolbar
2009-08-28 08:33 . 2009-08-28 08:33 -------- d-----w- c:\programmi\DAEMON Tools Lite
2009-08-28 08:26 . 2009-08-28 08:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Pro
2009-08-28 08:24 . 2009-08-28 07:49 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-28 07:51 . 2009-08-28 07:51 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\DAEMON Tools Pro
2009-08-28 07:35 . 2009-08-28 07:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ESET
2009-08-27 22:42 . 2009-06-09 13:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2009-08-26 18:52 . 2009-08-26 18:52 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Microsoft Web Folders
2009-08-26 18:52 . 2009-06-09 12:16 -------- d-----w- c:\programmi\microsoft frontpage
2009-08-25 19:43 . 2009-08-25 19:43 -------- d-----w- c:\programmi\Acer Bio Protection
2009-08-25 19:42 . 2009-08-25 19:42 469552 ----a-w- c:\windows\system32\NBMatS1SDK.dll
2009-08-25 19:42 . 2009-08-25 19:42 27184 ----a-w- c:\windows\system32\drivers\FPSensor.sys
2009-08-25 19:41 . 2009-08-25 19:41 -------- d-----w- c:\programmi\File comuni\SNP2UVC
2009-08-25 19:40 . 2009-08-25 19:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-08-25 19:40 . 2009-08-25 19:40 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-25 19:40 . 2009-08-25 19:40 -------- d-----w- c:\programmi\Synaptics
2009-08-25 19:33 . 2009-08-25 19:33 -------- d-----w- c:\programmi\WIDCOMM
2009-08-05 08:59 . 2009-06-09 22:03 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:34 . 2009-06-09 22:03 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:34 . 2009-06-09 22:03 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-25 03:23 . 2009-08-28 10:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2009-06-09 22:02 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 08:08 . 2009-06-09 22:03 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:55 . 2009-06-09 22:03 915456 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-08-28 133104]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"AzMixerSel"="c:\programmi\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-29 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-29 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-29 142872]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-16 196608]
"VitaKeyPdtWzd"="c:\programmi\Acer Bio Protection\PdtWzd.exe" [2009-05-13 3558912]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-05-14 17881088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-05-13 10:22 3040768 ----a-w- c:\programmi\Acer Bio Protection\WinNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=

R1 DPMemGridVista;Physical Memory I/O for GridVista;c:\programmi\GridVista\DPMemGridVista.sys [10/06/2009 0.03.25 10504]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 14.23.18 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06/02/2009 14.24.24 93336]
R2 ekrn;ESET Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 14.23.36 727720]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\drivers\FPSensor.sys [25/08/2009 21.42.58 27184]
R2 IGBASVC;EgisTec Service;c:\programmi\Acer Bio Protection\BASVC.exe [13/05/2009 12.22.16 3445248]
R2 RS_Service;Raw Socket Service;c:\programmi\Acer\Acer VCM\RS_Service.exe [09/06/2009 15.32.20 237568]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [25/08/2009 21.35.41 110080]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [09/06/2009 14.54.43 1684736]
S3 qcusbserAcr2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9215);c:\windows\system32\drivers\qcusbserAcr2k.sys [10/06/2009 0.03.11 104448]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [09/06/2009 14.59.12 165888]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: Append to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\programmi\Malwarebytes' Anti-Malware\mbam.exe
HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 00:30
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\programmi\Acer Bio Protection\WinNotify.dll
c:\programmi\Acer Bio Protection\CustomRes_Acer.dll
c:\windows\system32\NBMatS1SDK.DLL
c:\windows\system32\BioOne.dll

- - - - - - - > 'explorer.exe'(2680)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\xpsp3res.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\Acer Bio Protection\PwdBank.exe
c:\programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-09-29 0.33.20 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-09-29 22:33

Pre-Run: 243.391.029.248 byte disponibili
Post-Run: 243.420.786.688 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

275 --- E O F --- 2009-09-09 08:03

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:51 PM

Posted 29 September 2009 - 05:48 PM

Hi,

This looks OK again.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 shivase

shivase
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 29 September 2009 - 05:56 PM

:( :( :)
ehi, it seems fine..and I hope it will always be from now on !

thank you again soooo much!

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:51 PM

Posted 29 September 2009 - 06:01 PM

Glad I could help. :(

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:51 PM

Posted 06 October 2009 - 08:01 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users