Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

winlogon.exe infected with W32/Patched.Ac


  • This topic is locked This topic is locked
28 replies to this topic

#1 cast16

cast16

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 27 August 2010 - 01:28 PM

Hi, I'm writing from Italy and this is my first post.
My problem:
When I search with Google, I'm redirected to a Web page called Analysis Security pretending to search for viruses in my PC ...
I scanned the pc with Panda. The first time Panda has found many errors and has deleted them, now every time I scan Panda finds an infection in the Winlogon.log file, says that disinfected it, but the next time find the same again.

I Paste the files generated by DDS tool.
1. DDS.txt:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Aurel at 12:34:31.40 on 10/08/27
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1023.284 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Panda Global Protection 2011 *On-access scanning enabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2011 *enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\Programmi\Panda Security\Panda Global Protection 2011\TPSrv.exe
svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\acs.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\Common Files\Motive\McciCMService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\windows\system32\nvsvc32.exe
C:\Programmi\Panda Security\Panda Global Protection 2011\PsCtrls.exe
C:\Programmi\Panda Security\Panda Global Protection 2011\PavFnSvr.exe
C:\Programmi\File comuni\Panda Security\PavShld\pavprsrv.exe
C:\windows\system32\IoctlSvc.exe
c:\programmi\panda security\panda global protection 2011\firewall\PSHOST.EXE
C:\Programmi\Panda Security\Panda Global Protection 2011\PsImSvc.exe
C:\Programmi\Panda Security\Panda Global Protection 2011\PskSvc.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Panda Security\Panda Global Protection 2011\pavsrvx86.exe
C:\Programmi\Panda Security\Panda Global Protection 2011\AVENGINE.EXE
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Logitech\QuickCam\Quickcam.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\Panda Security\Panda Global Protection 2011\APVXDWIN.EXE
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Messenger\msmsgs.exe
C:\windows\system32\ctfmon.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRAMMI\PANDA SECURITY\PANDA GLOBAL PROTECTION 2011\WebProxy.exe
C:\Programmi\Panda Security\Panda Global Protection 2011\SRVLOAD.EXE
C:\Programmi\Panda Security\Panda Global Protection 2011\PavBckPT.exe
C:\windows\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\windows\system32\taskmgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Aurel\Desktop\XP\panda\dds.scr
C:\windows\system32\wuauclt.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.it/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmi\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmi\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmi\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "c:\programmi\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\programmi\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\programmi\file comuni\java\java update\jusched.exe"
mRun: [Smapp] c:\programmi\analog devices\soundmax\SMTray.exe
mRun: [RegistryMechanic]
mRun: [QuickTime Task] "c:\programmi\quicktime\QTTask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LogitechQuickCamRibbon] "c:\programmi\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\programmi\file comuni\logishrd\lcommgr\Communications_Helper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\programmi\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programmi\file comuni\adobe\arm\1.0\AdobeARM.exe"
mRun: [APVXDWIN] "c:\programmi\panda security\panda global protection 2011\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\programmi\panda security\panda global protection 2011\Inicio.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\aurel\menuav~1\progra~1\esecuz~1\secuni~1.lnk - c:\programmi\secunia\psi\psi.exe
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\programmi\file comuni\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/windows/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282229657828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {8063B298-F15E-467B-8CBA-E81656C53530} = 192.168.1.1,192.168.1.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fileco~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: avldr - avldr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\aurel\datiap~1\mozilla\firefox\profiles\kzzwutae.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - component: c:\programmi\pdfforge toolbar\ff\components\pdfforgeToolbarFF.dll
FF - component: c:\programmi\pdfforge toolbar\ssff\components\SearchSettingsFF.dll
FF - plugin: c:\programmi\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\google\update\1.2.183.27\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\programmi\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programmi\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programmi\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-8-18 26696]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2010-8-26 76296]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2010-8-26 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2010-8-26 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2010-8-26 193800]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2010-8-26 159112]
R1 prcmondrv;prcmondrv;c:\windows\system32\drivers\prcmondrv1041.sys [2010-8-18 18432]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2010-8-26 37896]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2010-8-26 46856]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [2010-8-26 59080]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2010-8-7 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2010-8-7 3904]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\telecom italia\wanminiport1st\srvany.exe [2009-12-14 8192]
R2 Panda Software Controller;Panda Software Controller;c:\programmi\panda security\panda global protection 2011\PsCtrlS.exe [2010-8-26 173312]
R2 PAVFNSVR;Panda Function Service;c:\programmi\panda security\panda global protection 2011\PavFnSvr.exe [2010-8-26 169216]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2010-8-26 163336]
R2 PavPrSrv;Panda Process Protection Service;c:\programmi\file comuni\panda security\pavshld\PavPrSrv.exe [2010-8-26 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\programmi\panda security\panda global protection 2011\pavsrvx86.exe [2010-8-26 314176]
R2 PskSvcRetail;Panda PSK service;c:\programmi\panda security\panda global protection 2011\psksvc.exe [2010-8-26 28928]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2010-8-26 13880]
R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\drivers\neti1642.sys [2010-8-26 199688]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\google\update\GoogleUpdate.exe [2010-4-10 136176]
S3 io02;Hardware Access Driver;c:\windows\system32\io02.sys [2010-8-11 2656]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-1-8 27064]

============== File Associations ===============

JSEFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %*
VBEFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %*
VBSFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %*

=============== Created Last 30 ================

2010-08-26 18:46:55 8627 ----a-w- c:\documents and settings\aurel\PAV_FOG.OPC
2010-08-26 18:45:35 8627 ----a-w- c:\windows\system32\PAV_FOG.OPC
2010-08-26 18:33:52 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2010-08-26 18:26:47 254 ----a-w- c:\windows\system32\PavCPL.dat
2010-08-26 18:26:35 207656 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-08-26 18:26:35 207656 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-08-26 18:26:35 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-08-26 18:26:35 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-08-26 18:26:04 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys
2010-08-26 18:26:04 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys
2010-08-26 18:26:04 193800 ----a-w- c:\windows\system32\drivers\idsflt.sys
2010-08-26 18:25:44 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys
2010-08-26 18:25:43 76296 ----a-w- c:\windows\system32\drivers\APPFLT.SYS
2010-08-26 18:25:43 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS
2010-08-26 18:25:32 0 d-----w- c:\docume~1\alluse~1\datiap~1\Backup
2010-08-26 18:24:48 54832 ----a-w- c:\windows\system32\pavcpl.cpl
2010-08-26 18:24:05 193792 ----a-w- c:\windows\system32\TpUtil.dll
2010-08-26 18:24:04 87296 ----a-w- c:\windows\system32\PavLspHook.dll
2010-08-26 18:24:04 55552 ----a-w- c:\windows\system32\pavipc.dll
2010-08-26 18:24:04 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL
2010-08-26 18:24:01 518400 ----a-w- c:\windows\system32\PavSHook.dll
2010-08-26 18:23:50 199688 ----a-w- c:\windows\system32\drivers\neti1642.sys
2010-08-26 18:23:38 55552 ----a-w- c:\windows\system32\avldr.dll
2010-08-26 18:23:37 59080 ----a-w- c:\windows\system32\drivers\amm8651.sys
2010-08-26 18:23:37 0 d-----w- c:\windows\system32\PAV
2010-08-26 18:23:32 0 d-----w- c:\docume~1\aurel\datiap~1\Panda Security
2010-08-26 18:23:31 0 d-----w- c:\docume~1\alluse~1\datiap~1\Panda Security
2010-08-26 18:22:32 37896 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2010-08-26 18:22:31 163336 ----a-w- c:\windows\system32\drivers\PavProc.sys
2010-08-26 18:22:29 0 d-----w- c:\programmi\file comuni\Panda Security
2010-08-26 18:10:50 0 d-----w- C:\AVGTemp
2010-08-26 09:47:13 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-25 16:54:06 0 d-----w- c:\docume~1\aurel\datiap~1\Secunia CSI
2010-08-25 16:46:21 0 d-----w- c:\programmi\Secunia
2010-08-21 09:43:56 0 d-----w- c:\windows\system32\NtmsData
2010-08-20 16:27:47 0 d-----w- c:\programmi\Magical Jelly Bean
2010-08-18 18:46:59 78336 ----a-w- c:\windows\system32\Agent.OMZ.Fix.exe
2010-08-18 18:46:58 80384 ----a-w- c:\windows\system32\o4Patch.exe
2010-08-18 18:46:54 87552 ----a-w- c:\windows\system32\VACFix.exe
2010-08-18 18:46:50 289144 ----a-w- c:\windows\system32\VCCLSID.exe
2010-08-18 18:46:49 79360 ----a-w- c:\windows\system32\swxcacls.exe
2010-08-18 18:46:47 51200 ----a-w- c:\windows\system32\dumphive.exe
2010-08-18 18:46:47 288417 ----a-w- c:\windows\system32\SrchSTS.exe
2010-08-18 18:46:43 135168 ----a-w- c:\windows\system32\swreg.exe
2010-08-18 18:46:42 53248 ----a-w- c:\windows\system32\Process.exe
2010-08-18 17:51:02 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-08-18 17:50:41 0 d-----w- c:\programmi\Panda Security
2010-08-18 17:39:04 0 d-----w- c:\programmi\Trend Micro
2010-08-18 17:19:42 18432 ----a-w- c:\windows\system32\drivers\prcmondrv1041.sys
2010-08-17 12:40:59 98816 ----a-w- c:\windows\sed.exe
2010-08-17 12:40:59 77312 ----a-w- c:\windows\MBR.exe
2010-08-17 12:40:59 256512 ----a-w- c:\windows\PEV.exe
2010-08-17 12:40:59 161792 ----a-w- c:\windows\SWREG.exe
2010-08-16 22:36:38 0 dc-h--w- c:\windows\ie8
2010-08-16 22:27:25 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-15 11:50:37 0 d-----w- c:\programmi\RescueTime
2010-08-15 07:47:45 0 d-----w- c:\programmi\Wakoopa
2010-08-14 09:32:17 2672 ----a-w- c:\docume~1\aurel\datiap~1\D001335F.DAT
2010-08-11 20:30:06 2656 ----a-w- c:\windows\system32\io02.sys
2010-08-10 03:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 03:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-09 23:00:01 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-09 22:59:56 0 d-----w- c:\docume~1\alluse~1\datiap~1\Avira
2010-08-09 22:41:43 0 d-----w- c:\programmi\EPSON
2010-08-09 17:46:53 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-09 17:46:30 0 d-----w- c:\programmi\LSoft Technologies
2010-08-09 17:27:50 0 d-----w- c:\docume~1\aurel\datiap~1\Canneverbe Limited
2010-08-08 19:57:39 0 d-----w- c:\docume~1\aurel\datiap~1\Malwarebytes
2010-08-08 19:57:05 0 d-----w- c:\docume~1\alluse~1\datiap~1\Malwarebytes
2010-08-08 19:57:03 0 d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-08-07 21:30:52 0 d-----w- c:\windows\system32\wbem\Repository
2010-08-07 21:15:46 8912896 ----a-w- c:\documents and settings\aurel\ntuser.dat.rmbak
2010-08-07 20:08:24 0 d-----w- c:\docume~1\aurel\datiap~1\Symantec
2010-08-07 19:04:30 0 d-----w- c:\programmi\CheckIt
2010-08-07 15:07:46 0 d-----w- c:\programmi\Symantec
2010-08-07 15:02:48 0 d-----w- c:\windows\system32\CatRoot2
2010-08-07 08:39:26 0 d-----w- c:\programmi\Time Stopper
2010-08-07 07:49:48 62592 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-08-07 07:22:14 0 d-----w- c:\docume~1\alluse~1\datiap~1\RPT
2010-08-07 07:21:31 0 d-----w- c:\docume~1\alluse~1\datiap~1\ICO
2010-08-07 07:13:07 0 d-----w- c:\docume~1\aurel\datiap~1\tfw
2010-08-01 08:41:43 51328 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-08-01 08:41:43 51328 ----a-w- c:\windows\system32\drivers\msdv.sys
2010-08-01 08:41:37 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2010-08-01 08:41:37 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2010-08-01 08:41:32 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2010-08-01 08:41:32 48128 ----a-w- c:\windows\system32\drivers\61883.sys
2010-07-31 08:20:23 0 d-----w- c:\programmi\file comuni\Apple

==================== Find3M ====================

2010-08-26 18:47:35 1035776 ----a-w- c:\windows\explorer.exe
2010-08-26 18:35:02 562890 ----a-w- c:\windows\system32\perfh010.dat
2010-08-26 18:35:02 109030 ----a-w- c:\windows\system32\perfc010.dat
2010-08-09 10:45:52 139648 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-07-24 08:16:01 290816 ------w- c:\windows\Setup1.exe
2010-07-07 14:05:32 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-05-29 20:06:40 73216 ------w- c:\windows\ST6UNST.EXE

============= FINISH: 12:37:04.07 ===============


2. Attach.txt:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 07/08/22 10:50:14 AM
System Uptime: 10/08/26 8:29:14 PM (16 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4V800-X
Processor: Intel® Pentium® 4 CPU 2.60GHz | CPU 1 | 2599/200mhz
Processor: Intel® Pentium® 4 CPU 2.60GHz | CPU 1 | 2599/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 76 GiB total, 23.837 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 10/08/26 12:45:44 PM - Punto di arresto del sistema
RP2: 10/08/26 7:24:40 PM - Removed AVG Free 9.0
RP3: 10/08/26 7:35:35 PM - Removed AVG Free 9.0
RP4: 10/08/26 7:37:00 PM - Revo Uninstaller Pro's restore point - AVG Free 9.0
RP5: 10/08/26 7:38:27 PM - Removed AVG Free 9.0

==== Installed Programs ======================

7-Zip 4.65
Active@ ISO Burner
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Reader 8.2.4
Aggiornamento della protezione per Windows Internet Explorer 8 (KB982381)
Aggiornamento della protezione per Windows XP (KB923789)
Aggiornamento per Windows Internet Explorer 8 (KB982632)
Aggiornamento rapido per Windows XP (KB942288-v3)
Alice Messenger
Apple Application Support
Apple Software Update
Assistente per l'accesso a Windows Live
Autodesk DWF Viewer
Avidemux 2.5
AviSynth 2.5
BitTorrent
CCleaner
CDBurnerXP
CheckIt Diagnostics
CodecInstaller 2.10.2
Disk Cleaner (remove only)
EasyClock, Versione 1.0
Explorer Newmedia La Tua Biblioteca Multimediale
Explorer Newmedia La Tua Biblioteca Multimediale (Navigator)
GOM Player
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
I testi
Idealist 3.0 for Windows
Ingresso
Installazione Guidata Alice
Java Auto Updater
Java™ 6 Update 20
jv16 PowerTools 1.3
K-Lite Codec Pack 2.41 Full
Kea Coloring Book 3.6.0
Learning Essentials for Microsoft Office
Lingua italiana applicazioni 1
Lingua italiana applicazioni 2
Lingua italiana programmi comuni
Logitech QuickCam
Logitech Updater
Magical Jelly Bean KeyFinder
Matemagica, Versione 2.0
matematica_III_elem_1
MediaInfo 0.7.26
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Italian Language Pack
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Math
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Student 2007 for Learning Essentials
Microsoft Student with Encarta Premium 2008
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6.6)
Mozilla Thunderbird (3.1.2)
MSRedist
MSVCRT
MSXML 6.0 Parser (KB933579)
neroxml
Nokia Connectivity Cable Driver
Nokia PC Connectivity Solution
Nokia PC Suite
Norton SystemWorks
NVIDIA Drivers
Pacchetto di driver di Logitech QuickCam
Panda ActiveScan 2.0
Panda Global Protection 2011
Panda Secure Vault 5
Parser MSXML 4.0 SP2 e SDK
PDFCreator
Platform
PowerDVD
Prova D, Versione 1.0
Prova F, Versione 1.0
Prova G, Versione 1.0
Prova I, Versione 1.0
Prova M, Versione 1.0
Prova N, Versione 1.0
Prova O
Prova P, Versione 1.0
Prova Q
Prova R
Prova S
Prova T
Prova U
Prova V, Versione 1.0
Prova Z, Versione 2.0
QuickTime
Registry Mechanic 6.0
Revo Uninstaller Pro 2.4.1
RTC Client API v1.3 msm
Secunia CSI
Secunia PSI
Segoe UI
Skype 4.2
SmartSound Quicktracks Plugin
Software per stampante EPSON
Solid Edge V17
SoundMAX
Strumento di caricamento di Windows Live
Tappeto volante
TELL ME MORE
Time Stopper
TP-LINK Wireless Client Utility Installation Program
Ulead Photo Express 3.0 SE
Ulead VideoStudio 8.0
VBA (2627.01)
VBA (2627.3)
Vector Magic
VIA Platform Device Manager
WanMiniport1st
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Tools 4.1
WinRAR archiver

==== Event Viewer Messages From Past Week ========

10/08/26 8:49:05 PM, information: Windows File Protection [64005] - Impossibile ripristinare la versione originale e valida del file di sistema protetto explorer.exe. Il processo di ripristino di Protezione file Windows stato annullato dall'utente, il nome utente Aurel. La versione del file non corretto 6.0.2900.3156.
10/08/26 8:35:18 AM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/26 8:32:05 PM, error: Service Control Manager [7022] - Servizio Panda On-Access Anti-Malware Service bloccato in partenza.
10/08/26 8:31:28 AM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/26 8:30:03 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/26 8:22:16 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/26 8:17:10 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/26 8:01:51 PM, error: Service Control Manager [7000] - Il servizio AVG Free WatchDog non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/26 8:01:51 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/26 7:30:22 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/26 5:48:03 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/26 12:54:29 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/26 12:43:30 PM, error: Service Control Manager [7009] - Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Scheda WMI Performance.
10/08/26 12:43:30 PM, error: Service Control Manager [7000] - Il servizio Scheda WMI Performance non stato avviato per il seguente errore: Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.
10/08/26 12:42:52 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/26 12:33:12 PM, error: DCOM [10005] - DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/08/26 12:28:40 PM, error: Service Control Manager [7026] - All'avvio non stato possibile caricare i seguenti driver: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT pavboot prcmondrv RasAcd Rdbss Tcpip
10/08/26 12:28:40 PM, error: Service Control Manager [7001] - Il servizio Servizi IPSEC dipende dal servizio Driver IPSEC che non stato avviato per il seguente errore: Una periferica collegata al sistema non in funzione.
10/08/26 12:28:40 PM, error: Service Control Manager [7001] - Il servizio Helper NetBIOS di TCP/IP dipende dal servizio AFD che non stato avviato per il seguente errore: Una periferica collegata al sistema non in funzione.
10/08/26 12:28:40 PM, error: Service Control Manager [7001] - Il servizio Client DHCP dipende dal servizio NetBios su Tcpip che non stato avviato per il seguente errore: Una periferica collegata al sistema non in funzione.
10/08/26 12:28:03 PM, error: DCOM [10005] - DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare il servizio StiSvc con gli argomenti "" per eseguire il server {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/08/26 12:28:01 PM, error: DCOM [10005] - DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/08/26 12:27:58 PM, error: DCOM [10005] - DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare il servizio netman con gli argomenti "" per eseguire il server {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/08/26 11:32:07 AM, error: AR5523 [5001] - TP-LINK TL-WN620G 11G Wireless Adapter non ha potuto allocare le risorse necessarie all'operazione.
10/08/26 11:31:58 AM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/26 11:20:46 AM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/25 2:34:34 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/25 11:40:18 AM, error: W32Time [17] - Time providerNtpClient: si verificato un errore durante la ricerca DNS del peer configurato manualmente 'time.windows.com,0x1'. NtpClient ritenter la ricerca DNS fra 15 minuti. Errore Tentativo di operazione del socket verso un host non raggiungibile. (0x80072751)
10/08/25 11:40:06 AM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/25 11:39:54 AM, error: Ftdisk [49] - Impossibile configurare il file di paging per i dettagli arresto anomalo del sistema. Assicurarsi che la partizione di avvio contenga un file di paging e che lo spazio disponibile sia sufficiente a contenere tutta la memoria fisica.
10/08/25 11:39:54 AM, error: Ftdisk [45] - Impossibile caricare il driver dei dettagli arresto anomalo del sistema.
10/08/25 1:46:44 PM, error: W32Time [17] - Time providerNtpClient: si verificato un errore durante la ricerca DNS del peer configurato manualmente 'time.windows.com,0x1'. NtpClient ritenter la ricerca DNS fra 15 minuti. Errore Tentativo di operazione del socket verso un host non raggiungibile. (0x80072751)
10/08/25 1:46:30 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/24 8:19:31 AM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/22 11:01:15 AM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/21 9:52:20 AM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/21 9:16:18 AM, error: Service Control Manager [7026] - All'avvio non stato possibile caricare i seguenti driver: ViaIde
10/08/21 9:16:18 AM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/21 8:24:57 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/21 11:25:27 AM, error: Service Control Manager [7011] - Timout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio RemoteRegistry.
10/08/20 10:12:46 AM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.

==== End Of File ===========================



I tried to start 3 times GMER but I get a blue screen after 3 minutes from the start of the scan, the pc stops, I get a blue screen where among other says:
Stop: 0x0000008E (0xC0000005, 0x86B5641F, 0xBA44AA90, 0x00000000)



Thanks to anyone for the help.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:33 AM

Posted 03 September 2010 - 03:30 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 cast16

cast16
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 04 September 2010 - 08:18 AM

Hello Gringo
thank you for answering my question.

Here are the logs:

DDS:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Aurel at 14:23:34.62 on 10/09/04
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1023.439 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Panda Global Protection 2011 *On-access scanning disabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2011 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\Programmi\Panda Security\Panda Global Protection 2011\TPSrv.exe
svchost.exe
C:\PROGRAMMI\PANDA SECURITY\PANDA GLOBAL PROTECTION 2011\WebProxy.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\acs.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\Common Files\Motive\McciCMService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\windows\system32\nvsvc32.exe
C:\Programmi\Panda Security\Panda Global Protection 2011\PsCtrls.exe
C:\Programmi\Panda Security\Panda Global Protection 2011\PavFnSvr.exe
C:\Programmi\File comuni\Panda Security\PavShld\pavprsrv.exe
C:\windows\system32\IoctlSvc.exe
c:\programmi\panda security\panda global protection 2011\firewall\PSHOST.EXE
C:\Programmi\Panda Security\Panda Global Protection 2011\PsImSvc.exe
C:\windows\Explorer.EXE
C:\Programmi\Panda Security\Panda Global Protection 2011\PskSvc.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Panda Security\Panda Global Protection 2011\pavsrvx86.exe
C:\Programmi\Panda Security\Panda Global Protection 2011\AVENGINE.EXE
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\windows\system32\wuauclt.exe
C:\Programmi\Logitech\QuickCam\Quickcam.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Panda Security\Panda Global Protection 2011\APVXDWIN.EXE
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Messenger\msmsgs.exe
C:\windows\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Secunia\PSI\psi.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\Panda Security\Panda Global Protection 2011\SRVLOAD.EXE
C:\Programmi\Panda Security\Panda Global Protection 2011\PavBckPT.exe
C:\windows\system32\wuauclt.exe
C:\Documents and Settings\Aurel\Desktop\XP\bleeping20100905\dds.scr
c:\programmi\logitech\quickcam\lu\lulnchr.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.it/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmi\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmi\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmi\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "c:\programmi\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\programmi\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\programmi\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "c:\programmi\file comuni\java\java update\jusched.exe"
mRun: [Smapp] c:\programmi\analog devices\soundmax\SMTray.exe
mRun: [QuickTime Task] "c:\programmi\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LogitechQuickCamRibbon] "c:\programmi\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\programmi\file comuni\logishrd\lcommgr\Communications_Helper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\programmi\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programmi\file comuni\adobe\arm\1.0\AdobeARM.exe"
mRun: [APVXDWIN] "c:\programmi\panda security\panda global protection 2011\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\programmi\panda security\panda global protection 2011\Inicio.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\aurel\menuav~1\progra~1\esecuz~1\secuni~1.lnk - c:\programmi\secunia\psi\psi.exe
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\programmi\file comuni\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file:///C:/windows/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282229657828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fileco~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: avldr - avldr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\aurel\datiap~1\mozilla\firefox\profiles\kzzwutae.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - plugin: c:\programmi\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\google\update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\programmi\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\programmi\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programmi\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programmi\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-8-18 26696]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2010-8-26 76296]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2010-8-26 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2010-8-26 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2010-8-26 193800]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2010-8-26 159112]
R1 prcmondrv;prcmondrv;c:\windows\system32\drivers\prcmondrv1041.sys [2010-8-18 18432]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2010-8-26 37896]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2010-8-26 46856]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [2010-8-26 59080]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2010-8-7 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2010-8-7 3904]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\telecom italia\wanminiport1st\srvany.exe [2009-12-14 8192]
R2 Panda Software Controller;Panda Software Controller;c:\programmi\panda security\panda global protection 2011\PsCtrlS.exe [2010-8-26 173312]
R2 PAVFNSVR;Panda Function Service;c:\programmi\panda security\panda global protection 2011\PavFnSvr.exe [2010-8-26 169216]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2010-8-26 163336]
R2 PavPrSrv;Panda Process Protection Service;c:\programmi\file comuni\panda security\pavshld\PavPrSrv.exe [2010-8-26 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\programmi\panda security\panda global protection 2011\pavsrvx86.exe [2010-8-26 314176]
R2 PskSvcRetail;Panda PSK service;c:\programmi\panda security\panda global protection 2011\psksvc.exe [2010-8-26 28928]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2010-8-26 13880]
R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\drivers\neti1642.sys [2010-8-26 199688]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\google\update\GoogleUpdate.exe [2010-4-10 136176]
S3 io02;Hardware Access Driver;c:\windows\system32\io02.sys [2010-8-11 2656]
S3 Normandy;Normandy SR2; [x]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-1-8 27064]

============== File Associations ===============

JSEFile=c:\progra~1\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %*

=============== Created Last 30 ================

2010-09-04 11:43:03 0 ----a-w- c:\documents and settings\aurel\defogger_reenable
2010-09-01 12:17:00 0 d-----w- C:\Panda Software
2010-08-29 18:53:16 0 dc-h--w- c:\windows\ie8
2010-08-29 16:36:03 0 d-----w- c:\docume~1\alluse~1\datiap~1\Panda Software
2010-08-28 15:35:50 0 d-----w- c:\programmi\Spybot - Search & Destroy
2010-08-28 15:35:50 0 d-----w- c:\docume~1\alluse~1\datiap~1\Spybot - Search & Destroy
2010-08-28 12:45:38 0 d-----w- C:\Panda Security
2010-08-26 18:46:55 8627 ----a-w- c:\documents and settings\aurel\PAV_FOG.OPC
2010-08-26 18:45:35 8627 ----a-w- c:\windows\system32\PAV_FOG.OPC
2010-08-26 18:33:52 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2010-08-26 18:26:47 254 ----a-w- c:\windows\system32\PavCPL.dat
2010-08-26 18:26:35 241420 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-08-26 18:26:35 241420 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-08-26 18:26:35 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-08-26 18:26:35 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-08-26 18:26:04 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys
2010-08-26 18:26:04 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys
2010-08-26 18:26:04 193800 ----a-w- c:\windows\system32\drivers\idsflt.sys
2010-08-26 18:25:44 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys
2010-08-26 18:25:43 76296 ----a-w- c:\windows\system32\drivers\APPFLT.SYS
2010-08-26 18:25:43 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS
2010-08-26 18:25:32 0 d-----w- c:\docume~1\alluse~1\datiap~1\Backup
2010-08-26 18:24:48 54832 ----a-w- c:\windows\system32\pavcpl.cpl
2010-08-26 18:24:05 193792 ----a-w- c:\windows\system32\TpUtil.dll
2010-08-26 18:24:04 87296 ----a-w- c:\windows\system32\PavLspHook.dll
2010-08-26 18:24:04 55552 ----a-w- c:\windows\system32\pavipc.dll
2010-08-26 18:24:04 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL
2010-08-26 18:24:01 518400 ----a-w- c:\windows\system32\PavSHook.dll
2010-08-26 18:23:50 199688 ----a-w- c:\windows\system32\drivers\neti1642.sys
2010-08-26 18:23:38 55552 ----a-w- c:\windows\system32\avldr.dll
2010-08-26 18:23:37 59080 ----a-w- c:\windows\system32\drivers\amm8651.sys
2010-08-26 18:23:37 0 d-----w- c:\windows\system32\PAV
2010-08-26 18:23:32 0 d-----w- c:\docume~1\aurel\datiap~1\Panda Security
2010-08-26 18:23:31 0 d-----w- c:\docume~1\alluse~1\datiap~1\Panda Security
2010-08-26 18:22:32 37896 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2010-08-26 18:22:31 163336 ----a-w- c:\windows\system32\drivers\PavProc.sys
2010-08-26 18:22:29 0 d-----w- c:\programmi\file comuni\Panda Security
2010-08-26 18:10:50 0 d-----w- C:\AVGTemp
2010-08-26 09:47:13 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-25 16:54:06 0 d-----w- c:\docume~1\aurel\datiap~1\Secunia CSI
2010-08-25 16:46:21 0 d-----w- c:\programmi\Secunia
2010-08-21 09:43:56 0 d-----w- c:\windows\system32\NtmsData
2010-08-20 16:27:47 0 d-----w- c:\programmi\Magical Jelly Bean
2010-08-18 18:46:50 289144 ----a-w- c:\windows\system32\VCCLSID.exe
2010-08-18 18:46:49 79360 ----a-w- c:\windows\system32\swxcacls.exe
2010-08-18 18:46:47 51200 ----a-w- c:\windows\system32\dumphive.exe
2010-08-18 18:46:47 288417 ----a-w- c:\windows\system32\SrchSTS.exe
2010-08-18 18:46:43 135168 ----a-w- c:\windows\system32\swreg.exe
2010-08-18 18:46:42 53248 ----a-w- c:\windows\system32\Process.exe
2010-08-18 17:51:02 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-08-18 17:50:41 0 d-----w- c:\programmi\Panda Security
2010-08-18 17:39:04 0 d-----w- c:\programmi\Trend Micro
2010-08-18 17:19:42 18432 ----a-w- c:\windows\system32\drivers\prcmondrv1041.sys
2010-08-17 12:40:59 98816 ----a-w- c:\windows\sed.exe
2010-08-17 12:40:59 77312 ----a-w- c:\windows\MBR.exe
2010-08-17 12:40:59 256512 ----a-w- c:\windows\PEV.exe
2010-08-17 12:40:59 161792 ----a-w- c:\windows\SWREG.exe
2010-08-16 22:27:25 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-15 11:50:37 0 d-----w- c:\programmi\RescueTime
2010-08-15 07:47:45 0 d-----w- c:\programmi\Wakoopa
2010-08-14 09:32:17 2672 ----a-w- c:\docume~1\aurel\datiap~1\D001335F.DAT
2010-08-11 20:30:06 2656 ----a-w- c:\windows\system32\io02.sys
2010-08-10 03:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 03:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-09 23:00:01 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-09 22:59:56 0 d-----w- c:\docume~1\alluse~1\datiap~1\Avira
2010-08-09 22:41:43 0 d-----w- c:\programmi\EPSON
2010-08-09 17:46:53 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-09 17:46:30 0 d-----w- c:\programmi\LSoft Technologies
2010-08-09 17:27:50 0 d-----w- c:\docume~1\aurel\datiap~1\Canneverbe Limited
2010-08-08 19:57:39 0 d-----w- c:\docume~1\aurel\datiap~1\Malwarebytes
2010-08-08 19:57:05 0 d-----w- c:\docume~1\alluse~1\datiap~1\Malwarebytes
2010-08-08 19:57:03 0 d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-08-07 21:30:52 0 d-----w- c:\windows\system32\wbem\Repository
2010-08-07 21:15:46 8912896 ----a-w- c:\documents and settings\aurel\ntuser.dat.rmbak
2010-08-07 20:08:24 0 d-----w- c:\docume~1\aurel\datiap~1\Symantec
2010-08-07 19:04:30 0 d-----w- c:\programmi\CheckIt
2010-08-07 15:07:46 0 d-----w- c:\programmi\Symantec
2010-08-07 15:02:48 0 d-----w- c:\windows\system32\CatRoot2
2010-08-07 08:39:26 0 d-----w- c:\programmi\Time Stopper
2010-08-07 07:49:48 62592 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-08-07 07:22:14 0 d-----w- c:\docume~1\alluse~1\datiap~1\RPT
2010-08-07 07:21:31 0 d-----w- c:\docume~1\alluse~1\datiap~1\ICO
2010-08-07 07:13:07 0 d-----w- c:\docume~1\aurel\datiap~1\tfw

==================== Find3M ====================

2010-08-29 17:25:01 562890 ----a-w- c:\windows\system32\perfh010.dat
2010-08-29 17:25:00 109030 ----a-w- c:\windows\system32\perfc010.dat
2010-08-27 10:59:08 504832 ----a-w- c:\windows\system32\winlogon.exe
2010-08-26 18:47:35 1035776 ----a-w- c:\windows\explorer.exe
2010-08-09 10:45:52 139648 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-07-24 08:16:01 290816 ------w- c:\windows\Setup1.exe
2010-07-07 14:05:32 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys

============= FINISH: 14:27:09.50 ===============


Attach:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 07/08/22 10:50:14 AM
System Uptime: 10/09/04 2:17:47 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4V800-X
Processor: Intel® Pentium® 4 CPU 2.60GHz | CPU 1 | 2599/200mhz
Processor: Intel® Pentium® 4 CPU 2.60GHz | CPU 1 | 2599/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 76 GiB total, 30.401 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 10/08/26 12:45:44 PM - Punto di arresto del sistema
RP2: 10/08/26 7:24:40 PM - Removed AVG Free 9.0
RP3: 10/08/26 7:35:35 PM - Removed AVG Free 9.0
RP4: 10/08/26 7:37:00 PM - Revo Uninstaller Pro's restore point - AVG Free 9.0
RP5: 10/08/26 7:38:27 PM - Removed AVG Free 9.0
RP6: 10/08/29 12:21:16 PM - Installazione KB912919 per Windows XP completata.
RP7: 10/08/29 12:28:25 PM - Installazione KB923694 per Windows XP completata.
RP8: 10/08/29 4:08:48 PM - Cleaned registry with Windows Live OneCare safety scanner
RP9: 10/08/29 7:09:31 PM - Operazione di ripristino
RP10: 10/08/29 8:54:22 PM - Windows Internet Explorer 8 installato.
RP11: 10/09/01 2:11:30 PM - Punto di arresto del sistema
RP12: 10/09/03 11:55:25 AM - Punto di arresto del sistema

==== Installed Programs ======================

7-Zip 4.65
Active@ ISO Burner
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Reader 8.2.4
Aggiornamento della protezione per Windows XP (KB912919)
Aggiornamento della protezione per Windows XP (KB923694)
Aggiornamento della protezione per Windows XP (KB923789)
Aggiornamento rapido per Windows XP (KB942288-v3)
Alice Messenger
Apple Application Support
Apple Software Update
Assistente per l'accesso a Windows Live
Autodesk DWF Viewer
Avidemux 2.5
AviSynth 2.5
BitTorrent
CCleaner
CDBurnerXP
CheckIt Diagnostics
CodecInstaller 2.10.2
Disk Cleaner (remove only)
EasyClock, Versione 1.0
Explorer Newmedia La Tua Biblioteca Multimediale
Explorer Newmedia La Tua Biblioteca Multimediale (Navigator)
GOM Player
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
I testi
Idealist 3.0 for Windows
Ingresso
Installazione Guidata Alice
Java Auto Updater
Java™ 6 Update 20
jv16 PowerTools 1.3
K-Lite Codec Pack 2.41 Full
Kea Coloring Book 3.6.0
Learning Essentials for Microsoft Office
Lingua italiana applicazioni 1
Lingua italiana applicazioni 2
Lingua italiana programmi comuni
Logitech QuickCam
Logitech Updater
Magical Jelly Bean KeyFinder
Matemagica, Versione 2.0
matematica_III_elem_1
MediaInfo 0.7.26
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Italian Language Pack
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Math
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Student 2007 for Learning Essentials
Microsoft Student with Encarta Premium 2008
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6.6)
Mozilla Thunderbird (3.1.2)
MSRedist
MSVCRT
MSXML 6.0 Parser (KB933579)
neroxml
Nokia Connectivity Cable Driver
Nokia PC Connectivity Solution
Nokia PC Suite
Norton SystemWorks
NVIDIA Drivers
Pacchetto di driver di Logitech QuickCam
Panda ActiveScan 2.0
Panda Global Protection 2011
Panda Secure Vault 5
Parser MSXML 4.0 SP2 e SDK
PDFCreator
Platform
PowerDVD
Prova D, Versione 1.0
Prova F, Versione 1.0
Prova G, Versione 1.0
Prova I, Versione 1.0
Prova M, Versione 1.0
Prova N, Versione 1.0
Prova O
Prova P, Versione 1.0
Prova Q
Prova R
Prova S
Prova T
Prova U
Prova V, Versione 1.0
Prova Z, Versione 2.0
QuickTime
Registry Mechanic 6.0
Revo Uninstaller Pro 2.4.1
RTC Client API v1.3 msm
Secunia CSI
Secunia PSI
Segoe UI
Skype 4.2
SmartSound Quicktracks Plugin
Software per stampante EPSON
Solid Edge V17
SoundMAX
Spybot - Search & Destroy
Strumento di caricamento di Windows Live
Tappeto volante
TELL ME MORE
Time Stopper
TP-LINK Wireless Client Utility Installation Program
Ulead Photo Express 3.0 SE
Ulead VideoStudio 8.0
VBA (2627.01)
VBA (2627.3)
Vector Magic
VIA Platform Device Manager
WanMiniport1st
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Tools 4.1
WinRAR archiver

==== Event Viewer Messages From Past Week ========

10/09/04 2:19:37 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/09/04 2:12:47 PM, error: Service Control Manager [7032] - Tentativo di eseguire un'azione di correzione (Riavvia il servizio) dopo la terminazione imprevista del servizio Strumentazione gestione Windows. Tentativo non riuscito per l'errore: Un'istanza del servizio gi in esecuzione.
10/09/04 12:42:41 PM, error: sr [1] - Errore imprevisto '0xC0000243' durante l'elaborazione del file 'NetAdapt.cfg' sul volume 'HarddiskVolume1'. Il monitoraggio del volume stato interrotto.
10/09/04 12:42:33 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/09/04 1:16:03 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/09/04 1:08:04 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/09/04 1:06:20 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/09/03 4:44:33 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/09/03 11:18:25 AM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/09/02 4:34:45 PM, error: Service Control Manager [7009] - Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Scheda WMI Performance.
10/09/02 4:34:45 PM, error: Service Control Manager [7000] - Il servizio Scheda WMI Performance non stato avviato per il seguente errore: Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.
10/09/02 4:27:54 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/09/02 10:04:59 AM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/09/02 10:04:55 AM, error: Ftdisk [49] - Impossibile configurare il file di paging per i dettagli arresto anomalo del sistema. Assicurarsi che la partizione di avvio contenga un file di paging e che lo spazio disponibile sia sufficiente a contenere tutta la memoria fisica.
10/09/02 10:04:55 AM, error: Ftdisk [45] - Impossibile caricare il driver dei dettagli arresto anomalo del sistema.
10/09/02 10:04:55 AM, error: AR5523 [5001] - TP-LINK TL-WN620G 11G Wireless Adapter non ha potuto allocare le risorse necessarie all'operazione.
10/09/02 10:02:36 AM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/09/01 3:23:43 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/09/01 12:22:04 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/31 8:30:58 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/31 8:18:48 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/31 8:18:44 PM, error: sr [1] - Errore imprevisto '0xC0000243' durante l'elaborazione del file 'NetAdapt.cfg' sul volume 'HarddiskVolume1'. Il monitoraggio del volume stato interrotto.
10/08/31 3:40:11 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.
10/08/31 3:14:29 PM, error: Dhcp [1008] - Impossibile inizializzare un'interfaccia di rete collegata al sistema. Codice di errore: Una periferica collegata al sistema non in funzione. .
10/08/31 3:12:25 PM, error: Service Control Manager [7000] - Il servizio adfs non stato avviato per il seguente errore: Impossibile trovare il file specificato.

==== End Of File ===========================


Report:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0xF6ED1000 C:\windows\system32\DRIVERS\nv4_mini.sys 6807552 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 162.18 )
0xBF012000 C:\windows\System32\nv4_disp.dll 5693440 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 162.18 )
0xF52F2000 C:\windows\system32\DRIVERS\LV302V32.SYS 2564096 bytes (Logitech Inc., Logitech QuickCam Driver)
0x804D7000 C:\windows\system32\ntoskrnl.exe 2256896 bytes (Microsoft Corporation, Sistema e kernel NT)
0x804D7000 PnpManager 2256896 bytes
0x804D7000 RAW 2256896 bytes
0x804D7000 WMIxWDM 2256896 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\windows\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Driver Win32 multiutente)
0xF6D65000 C:\windows\system32\DRIVERS\HSFDPSP2.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF6CBD000 C:\windows\system32\DRIVERS\HSFCXTS2.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF6BE7000 C:\windows\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF75DF000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF5623000 C:\windows\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6A19000 C:\windows\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xB9487000 C:\windows\system32\DRIVERS\ar5523.sys 360448 bytes (Atheros Communications, Inc., Driver for Atheros AR5005 Wireless USB Network Adapter)
0xF5866000 C:\windows\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xBFFA0000 C:\windows\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB9879000 C:\windows\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF6E87000 C:\windows\system32\DRIVERS\HSFBS2S2.sys 221184 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xF6A9A000 C:\windows\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF6ACB000 C:\windows\system32\DRIVERS\neti1642.sys 196608 bytes (Panda Security, S.L., netimflt)
0xF7754000 ACPI.sys 188416 bytes (Microsoft Corporation, Driver ACPI per NT)
0xF55F5000 C:\windows\system32\Drivers\IDSFLT.SYS 188416 bytes (Panda Security, S.L., Intrusion Detection System)
0xBA3C3000 C:\windows\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF75B2000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF5692000 C:\windows\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB9039000 C:\windows\system32\drivers\kmixer.sys 172032 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF57A7000 C:\windows\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xBA07C000 C:\windows\system32\DRIVERS\PavProc.sys 159744 bytes (Panda Security, S.L., Panda Protection driver)
0xF76FE000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, Driver di I/O di Gestione dischi di NT)
0xF5840000 C:\windows\system32\Drivers\NETFLTDI.SYS 155648 bytes (Panda Security, S.L., Panda TDI Filter)
0xF6BC3000 C:\windows\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9063000 C:\windows\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6E64000 C:\windows\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF6C9A000 C:\windows\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF575D000 C:\windows\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF57CF000 C:\windows\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806FE000 ACPI_HAL 134400 bytes
0x806FE000 C:\windows\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7695000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7724000 ftdisk.sys 126976 bytes (Microsoft Corporation, Driver FT del disco)
0xF7597000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB93A6000 C:\windows\system32\drivers\av5flt.sys 102400 bytes
0xF76CD000 viamraid.sys 102400 bytes (VIA Technologies inc,.ltd, VIA AHCI RAID DRIVER FOR WIN 2000/XP)
0xF76E6000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF76B5000 C:\windows\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF766C000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6BAC000 C:\windows\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB9F27000 C:\windows\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6C75000 C:\windows\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Driver della porta parallela)
0xF6EBD000 C:\windows\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF58BE000 C:\windows\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\windows\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7683000 sr.sys 73728 bytes (Microsoft Corporation, Driver filtro file system Ripristino configurazione di sistema)
0xF55E4000 C:\windows\system32\Drivers\APPFLT.SYS 69632 bytes (Panda Security, S.L., Panda APPFLT)
0xF7743000 pci.sys 69632 bytes (Microsoft Corporation, Enumeratore PCI Plug and Play per NT)
0xF6AFB000 C:\windows\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF6C89000 C:\windows\system32\DRIVERS\serial.sys 69632 bytes (Microsoft Corporation, Driver della periferica seriale)
0xF7913000 C:\windows\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7883000 C:\windows\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7853000 C:\windows\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF79D3000 C:\windows\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF78C3000 C:\windows\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF77B3000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7893000 C:\windows\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Driver del filtro audio Redbook)
0xBA11B000 C:\windows\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7993000 C:\windows\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF78A3000 C:\windows\system32\DRIVERS\i8042prt.sys 57344 bytes (Microsoft Corporation, Driver della porta i8042)
0xF77F3000 VolSnap.sys 57344 bytes (Microsoft Corporation, Driver copia replicata del volume)
0xF77C3000 C:\windows\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF574D000 C:\windows\system32\DRIVERS\amm8651.sys 53248 bytes (Panda Security, S.L., Panda Anti-Malware File System Minifilter)
0xF7813000 C:\windows\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA590000 C:\windows\system32\PavTPK.sys 53248 bytes
0xF7923000 C:\windows\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7A13000 C:\windows\system32\Drivers\DSAFLT.SYS 49152 bytes (Panda Security, S.L., -)
0xF7943000 C:\windows\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7873000 C:\windows\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF77D3000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7933000 C:\windows\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7823000 uagp35.sys 45056 bytes (Microsoft Corporation, MS AGPv3.5 Filter)
0xF7863000 C:\windows\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Driver di periferica processore)
0xF7973000 C:\windows\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF77E3000 pavboot.sys 40960 bytes (Panda Security, S.L., Panda Boot Driver)
0xF7963000 C:\windows\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF79F3000 C:\windows\system32\Drivers\WNMFLT.SYS 40960 bytes (Panda Security, S.L., -)
0xF7803000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7A03000 C:\windows\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF77A3000 isapnp.sys 36864 bytes (Microsoft Corporation, Driver bus PNP ISA)
0xF6B5C000 C:\windows\system32\drivers\LVUSBSta.sys 36864 bytes (Logitech Inc., USB Statistic Driver)
0xF7953000 C:\windows\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF79E3000 C:\windows\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB90A6000 C:\windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF79C3000 C:\windows\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7A83000 C:\windows\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Driver del modem)
0xF7B7B000 C:\windows\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7BA3000 C:\windows\System32\DRIVERS\ShlDrv51.sys 32768 bytes (Panda Security, S.L., PandaShield driver)
0xF7A33000 videX32.sys 32768 bytes (VIA Technologies, Inc., VIA Generic PCI IDE Bus Driver)
0xB993A000 C:\windows\system32\DRIVERS\COMFiltr.sys 28672 bytes (-, COMFiltr)
0xF7AB3000 C:\windows\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7AEB000 C:\windows\system32\DRIVERS\fetnd5.sys 28672 bytes (VIA Technologies, Inc. , NDIS 5.0 miniport driver)
0xF7ACB000 C:\windows\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Driver classe tastiera)
0xF7A23000 C:\windows\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7AA3000 C:\windows\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7AC3000 C:\windows\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Driver Mouse Class)
0xF7B5B000 C:\windows\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7B43000 C:\windows\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7B53000 C:\windows\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xF7B6B000 C:\windows\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7A2B000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7BAB000 C:\windows\system32\drivers\prcmondrv1041.sys 20480 bytes (Igor Nys, Process Monitor driver)
0xF7B1B000 C:\windows\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7B2B000 C:\windows\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7B0B000 C:\windows\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7A9B000 C:\windows\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7B03000 C:\windows\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA5DC000 C:\windows\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF58F9000 C:\windows\system32\Drivers\fnetmon.SYS 16384 bytes (Panda Security, S.L., Panda FNetMon)
0xF7C8B000 C:\windows\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF7BC3000 C:\windows\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7C4F000 C:\windows\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7BB3000 C:\windows\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF5828000 C:\windows\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA26B000 C:\windows\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7C63000 C:\windows\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB947B000 C:\windows\system32\PavSRK.sys 12288 bytes
0xF754F000 C:\windows\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7CB3000 C:\windows\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF7CDB000 C:\windows\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7CA9000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7CD7000 C:\windows\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7CA3000 C:\windows\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7CDF000 C:\windows\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7D5D000 C:\windows\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7CE3000 C:\windows\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7CCD000 C:\windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7CD3000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7CA7000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7CA5000 C:\windows\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7E15000 C:\windows\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7DFE000 C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys 4096 bytes
0xF7EEE000 C:\windows\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7E56000 C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys 4096 bytes
0xF7E67000 C:\windows\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
!!!!!!!!!!!Hidden driver: 0x86C9FAEA ?_empty_? 1302 bytes
0x86C9FEC5 unknown_irp_handler 315 bytes
!!!!!!!!!!!Hidden driver: 0x87342530 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF76E6000 WARNING: suspicious driver modification [atapi.sys::0x86C9FAEA]
WARNING: Virus alike driver modification [viamraid.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [fltmgr.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [usbscan.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [nwrdr.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [acpi.sys]
WARNING: Virus alike driver modification [rmcast.sys]
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [tcpip6.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [hidparse.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [usbprint.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [secdrv.sys]
WARNING: Virus alike driver modification [ip6fw.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [usbccgp.sys]
WARNING: Virus alike driver modification [wceusbsh.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [isapnp.sys]
WARNING: Virus alike driver modification [hidclass.sys]
WARNING: Virus alike driver modification [disk.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [mountmgr.sys]
WARNING: Virus alike driver modification [UAGP35.SYS]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [stream.sys]
WARNING: Virus alike driver modification [classpnp.sys]
WARNING: Virus alike driver modification [MSPQM.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [1394bus.sys]
WARNING: Virus alike driver modification [volsnap.sys]
WARNING: Virus alike driver modification [MSPCLOCK.sys]
WARNING: Virus alike driver modification [viaide.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
WARNING: Virus alike driver modification [ohci1394.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [enum1394.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [pci.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [mqac.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [MSKSSRV.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [scsiport.sys]
WARNING: Virus alike driver modification [videX32.sys]

Problems: the pc now is very very slow.
Thank you in advance.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:33 AM

Posted 04 September 2010 - 12:37 PM

Greetings

One or more of the identified infections is Known as a Backdoor Trojan. - TDSS rootkit <--please read

What this virus does do.
QUOTE
Functionality
The functionality that the Trojan exhibits implies that it has been designed with profit-making as its primary objective. Making money from the Web typically involves generating Web traffic, installing pay-per-install software and also by generating sales leads for other Web sites and services of a dubious nature. It tries to achieve its objective by employing an array of techniques to try and make the user participate in these income-generating activities.


What the virus can do.
QUOTE
Backdoor.Tidserv is a Trojan horse that uses an advanced rootkit to hide itself. It also displays advertisements, redirects user search results, and opens a back door on the compromised computer.


This "could" allow hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can clean this machine but I cannot guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 cast16

cast16
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 05 September 2010 - 08:54 AM

Hello Gringo,

1. I couldn't stop the avg live scaner. ( The AVG program has been deleted??)
2. Combofix reported that the file c:/boot.ini isn't the right one ...

Well I paste the combofix log:

ComboFix 10-09-04.06 - Aurel 10/09/05 14:46:54.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1023.627 [GMT 2:00]
Eseguito da: c:\documents and settings\Aurel\Desktop\XP\aiutopc\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Panda Global Protection 2011 *On-access scanning disabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2011 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Aurel\Dati applicazioni\Osafvy
c:\documents and settings\Aurel\Dati applicazioni\Osafvy\demaz.asx
c:\documents and settings\Aurel\Dati applicazioni\Vahya
c:\documents and settings\Aurel\Dati applicazioni\Vahya\opge.ehu
c:\documents and settings\Aurel\Dati applicazioni\Yhibp
c:\documents and settings\Aurel\Dati applicazioni\Yhibp\asqef.mya
c:\documents and settings\Aurel\Documenti\20100829.reg
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VCCLSID.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll

La copia infetta di c:\windows\system32\drivers\ipsec.sys stata trovata e disinfettata
ipristinata copia da - Kitty had a snack tongue.gif
La copia infetta di c:\windows\explorer.exe stata trovata e disinfettata
ipristinata copia da - c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

c:\windows\system32\winlogon.exe . . . infetto!!

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Files Creati Da 2010-08-05 al 2010-09-05 )))))))))))))))))))))))))))))))))))
.

2010-09-04 14:06 . 2010-09-04 14:09 -------- d-----w- c:\programmi\Driver Magician Lite
2010-09-01 12:17 . 2010-09-01 12:17 -------- d-----w- C:\Panda Software
2010-08-29 18:53 . 2010-08-29 18:55 -------- dc-h--w- c:\windows\ie8
2010-08-29 16:36 . 2010-08-29 16:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Panda Software
2010-08-29 10:52 . 2010-08-29 11:09 -------- d-----w- c:\programmi\Windows Live Safety Center
2010-08-28 15:35 . 2010-08-28 16:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-08-28 15:35 . 2010-08-28 15:41 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-08-28 12:45 . 2010-08-28 12:45 -------- d-----w- C:\Panda Security
2010-08-26 18:33 . 2010-09-05 11:41 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2010-08-26 18:31 . 2010-08-26 18:31 -------- d-----w- c:\documents and settings\Aurel\Impostazioni locali\Dati applicazioni\Panda Security
2010-08-26 18:26 . 2010-08-26 18:26 254 ----a-w- c:\windows\system32\PavCPL.dat
2010-08-26 18:26 . 2010-09-05 13:02 245764 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-08-26 18:26 . 2009-09-25 12:54 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys
2010-08-26 18:26 . 2009-09-25 12:54 193800 ----a-w- c:\windows\system32\drivers\idsflt.sys
2010-08-26 18:26 . 2009-09-25 12:54 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys
2010-08-26 18:25 . 2009-09-25 12:54 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys
2010-08-26 18:25 . 2010-02-18 17:31 76296 ----a-w- c:\windows\system32\drivers\APPFLT.SYS
2010-08-26 18:25 . 2009-09-25 12:54 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS
2010-08-26 18:25 . 2010-08-26 18:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Backup
2010-08-26 18:24 . 2009-10-06 10:33 193792 ----a-w- c:\windows\system32\TpUtil.dll
2010-08-26 18:24 . 2009-03-30 16:22 87296 ----a-w- c:\windows\system32\PavLspHook.dll
2010-08-26 18:24 . 2009-03-30 16:22 55552 ----a-w- c:\windows\system32\pavipc.dll
2010-08-26 18:24 . 2007-02-08 08:53 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL
2010-08-26 18:24 . 2009-03-30 16:22 518400 ----a-w- c:\windows\system32\PavSHook.dll
2010-08-26 18:23 . 2010-02-18 17:31 199688 ----a-w- c:\windows\system32\drivers\neti1642.sys
2010-08-26 18:23 . 2010-03-24 10:55 55552 ----a-w- c:\windows\system32\avldr.dll
2010-08-26 18:23 . 2010-08-26 18:23 -------- d-----w- c:\windows\system32\PAV
2010-08-26 18:23 . 2010-05-21 11:50 59080 ----a-w- c:\windows\system32\drivers\amm8651.sys
2010-08-26 18:23 . 2010-08-26 18:23 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\Panda Security
2010-08-26 18:23 . 2010-08-26 18:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Panda Security
2010-08-26 18:22 . 2009-10-27 10:07 37896 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2010-08-26 18:22 . 2009-09-14 14:18 163336 ----a-w- c:\windows\system32\drivers\PavProc.sys
2010-08-26 18:22 . 2010-08-26 18:22 -------- d-----w- c:\programmi\File comuni\Panda Security
2010-08-26 18:10 . 2010-08-26 18:15 -------- d-----w- C:\AVGTemp
2010-08-26 09:47 . 2010-08-26 09:46 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-25 16:54 . 2010-08-25 16:54 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\Secunia CSI
2010-08-21 09:43 . 2010-08-21 09:52 -------- d-----w- c:\windows\system32\NtmsData
2010-08-20 16:27 . 2010-08-20 16:27 -------- d-----w- c:\programmi\Magical Jelly Bean
2010-08-18 17:51 . 2010-06-22 16:13 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-08-18 17:50 . 2010-08-26 18:26 -------- d-----w- c:\programmi\Panda Security
2010-08-18 17:39 . 2010-08-18 17:39 -------- d-----w- c:\programmi\Trend Micro
2010-08-18 17:19 . 2010-08-18 17:19 18432 ----a-w- c:\windows\system32\drivers\prcmondrv1041.sys
2010-08-17 16:31 . 2010-08-17 16:31 -------- d-----w- c:\documents and settings\Administrator.AUREL-63937F0B5\Dati applicazioni\Malwarebytes
2010-08-17 15:25 . 2010-08-17 15:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-16 22:27 . 2010-05-06 10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-15 11:51 . 2010-08-15 11:51 -------- d-----w- c:\documents and settings\Aurel\Impostazioni locali\Dati applicazioni\RescueTime.com
2010-08-15 11:50 . 2010-08-15 12:03 -------- d-----w- c:\programmi\RescueTime
2010-08-15 07:47 . 2010-08-16 19:53 -------- d-----w- c:\programmi\Wakoopa
2010-08-11 20:30 . 2010-08-11 20:30 2656 ----a-w- c:\windows\system32\io02.sys
2010-08-09 23:52 . 2010-08-09 23:52 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2010-08-09 23:00 . 2009-02-13 09:31 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-09 22:59 . 2010-08-17 11:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-08-09 22:41 . 2010-08-09 22:41 -------- d-----w- c:\programmi\EPSON
2010-08-09 17:46 . 2010-08-09 17:46 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-09 17:46 . 2010-08-09 17:46 -------- d-----w- c:\programmi\LSoft Technologies
2010-08-09 17:27 . 2010-08-09 17:27 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\Canneverbe Limited
2010-08-08 19:57 . 2010-08-08 19:57 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\Malwarebytes
2010-08-08 19:57 . 2010-08-08 19:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-08-08 19:57 . 2010-08-26 18:19 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-08-07 21:35 . 2010-08-07 21:35 -------- d-sh--w- c:\documents and settings\Administrator.AUREL-63937F0B5\PrivacIE
2010-08-07 21:30 . 2010-08-07 21:30 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-07 21:29 . 2010-08-07 21:29 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2010-08-07 21:28 . 2010-08-07 21:30 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali
2010-08-07 21:28 . 2010-08-07 21:30 -------- d-----w- c:\documents and settings\Administrator\Modelli
2010-08-07 21:28 . 2010-08-07 21:30 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft
2010-08-07 21:28 . 2010-08-07 21:30 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni
2010-08-07 21:28 . 2010-08-07 21:30 -------- d-s---w- c:\documents and settings\Administrator
2010-08-07 19:04 . 2010-08-07 19:04 -------- d-----w- c:\programmi\CheckIt
2010-08-07 15:02 . 2010-09-05 13:06 -------- d-----w- c:\windows\system32\CatRoot2
2010-08-07 14:52 . 2010-08-07 14:52 -------- d-----w- c:\documents and settings\Aurel\Impostazioni locali\Dati applicazioni\Symantec
2010-08-07 08:39 . 2010-08-07 08:41 -------- d-----w- c:\programmi\Time Stopper
2010-08-07 07:49 . 2009-12-22 18:39 62592 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-08-07 07:22 . 2010-08-07 07:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\RPT
2010-08-07 07:21 . 2010-08-07 11:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ICO
2010-08-07 07:13 . 2010-08-07 07:13 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\tfw

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 13:12 . 2010-08-26 18:26 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-09-05 13:12 . 2010-08-26 18:26 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-09-05 13:02 . 2010-08-26 18:26 245764 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-09-05 11:27 . 2010-05-11 17:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2010-09-05 10:20 . 2010-01-08 10:10 -------- d-----w- c:\programmi\VS Revo Group
2010-09-03 11:34 . 2009-10-29 05:23 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\Skype
2010-09-02 14:34 . 2009-10-29 05:26 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\skypePM
2010-08-29 17:25 . 2001-08-31 10:00 562890 ----a-w- c:\windows\system32\perfh010.dat
2010-08-29 17:25 . 2001-08-31 10:00 109030 ----a-w- c:\windows\system32\perfc010.dat
2010-08-29 09:06 . 2010-01-17 11:47 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-27 10:59 . 2004-08-19 13:39 504832 ----a-w- c:\windows\system32\winlogon.exe
2010-08-26 18:23 . 2007-08-22 08:56 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-08-26 10:54 . 2007-10-12 07:43 -------- d-----w- c:\programmi\Google
2010-08-26 09:56 . 2010-08-26 09:45 79488 ----a-w- c:\documents and settings\Aurel\Dati applicazioni\Sun\Java\jre1.6.0_20\gtapi.dll
2010-08-26 09:56 . 2010-08-26 09:45 152576 ----a-w- c:\documents and settings\Aurel\Dati applicazioni\Sun\Java\jre1.6.0_20\lzma.dll
2010-08-26 09:55 . 2007-08-23 15:25 -------- d-----w- c:\programmi\QuickTime
2010-08-26 09:54 . 2009-01-04 15:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-08-26 09:47 . 2009-04-06 16:46 -------- d-----w- c:\programmi\File comuni\Java
2010-08-25 16:41 . 2007-08-22 09:12 -------- d-----w- c:\programmi\File comuni\Adobe
2010-08-25 12:18 . 2010-04-24 10:04 -------- d-----w- c:\programmi\Mozilla Thunderbird
2010-08-21 07:15 . 2010-06-30 18:29 -------- d-----w- c:\programmi\FireShot for IE
2010-08-20 09:22 . 2008-09-05 03:03 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\Ebqiqu
2010-08-16 22:13 . 2009-11-21 06:10 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\BitTorrent
2010-08-14 09:32 . 2010-08-14 09:32 2672 ----a-w- c:\documents and settings\Aurel\Dati applicazioni\D001335F.DAT
2010-08-09 22:18 . 2010-05-30 13:55 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-08-09 17:31 . 2009-12-22 18:14 -------- d-----w- c:\programmi\CDBurnerXP
2010-08-09 10:45 . 2010-01-16 17:25 139648 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-08-09 10:13 . 2008-09-01 19:25 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\U3
2010-08-08 10:07 . 2010-01-16 15:56 -------- d-----w- c:\programmi\Autodesk
2010-08-08 10:04 . 2010-01-16 15:56 -------- d-----w- c:\programmi\File comuni\Autodesk Shared
2010-08-08 08:24 . 2010-05-11 17:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norton
2010-08-07 22:24 . 2010-07-03 18:28 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\OfferBox
2010-08-07 21:47 . 2007-08-24 14:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Autodesk
2010-08-06 06:19 . 2010-08-06 06:19 503808 ----a-w- c:\documents and settings\Aurel\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3a4c6c7d-n\msvcp71.dll
2010-08-06 06:19 . 2010-08-06 06:19 499712 ----a-w- c:\documents and settings\Aurel\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3a4c6c7d-n\jmc.dll
2010-08-06 06:19 . 2010-08-06 06:19 348160 ----a-w- c:\documents and settings\Aurel\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3a4c6c7d-n\msvcr71.dll
2010-08-06 06:19 . 2010-08-06 06:19 61440 ----a-w- c:\documents and settings\Aurel\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5899c4bb-n\decora-sse.dll
2010-08-06 06:19 . 2010-08-06 06:19 12800 ----a-w- c:\documents and settings\Aurel\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5899c4bb-n\decora-d3d.dll
2010-08-01 08:22 . 2009-12-20 17:43 -------- d-----w- c:\programmi\Avidemux 2.5
2010-07-31 08:20 . 2010-07-31 08:20 -------- d-----w- c:\programmi\File comuni\Apple
2010-07-31 08:19 . 2010-07-31 08:19 -------- d-----w- c:\programmi\Apple Software Update
2010-07-31 08:19 . 2010-07-31 08:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2010-07-29 18:39 . 2010-07-24 18:39 -------- d-----w- c:\programmi\Matmagi2
2010-07-26 20:19 . 2009-11-07 10:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-07-26 20:19 . 2010-07-26 20:19 -------- d-----w- c:\programmi\NOS
2010-07-24 08:16 . 2009-04-04 09:13 290816 ------w- c:\windows\Setup1.exe
2010-07-22 12:54 . 2010-07-22 12:54 -------- d-----w- c:\programmi\File comuni\Skype
2010-07-12 09:00 . 2010-07-12 07:22 0 ----a-w- c:\windows\mfont.dat
2010-07-12 06:20 . 2010-07-12 06:20 -------- d-----w- c:\programmi\Ferrero
2010-06-17 21:12 . 2010-01-16 15:54 1181656 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
.

------- Sigcheck -------

[-] 2010-08-27 . DBC355D072D18956BA5CCD27D225E8E4 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-08-10 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"APVXDWIN"="c:\programmi\Panda Security\Panda Global Protection 2011\APVXDWIN.EXE" [2010-07-07 984384]
"SCANINICIO"="c:\programmi\Panda Security\Panda Global Protection 2011\Inicio.exe" [2010-06-11 68928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 10:55 55552 ----a-w- c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Aurel^Menu Avvio^Programmi^Esecuzione automatica^Secunia PSI.lnk]
path=c:\documents and settings\Aurel\Menu Avvio\Programmi\Esecuzione automatica\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rwepocuwusehihev
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZE18MW23GY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]
2010-07-07 14:44 984384 ----a-w- c:\programmi\Panda Security\Panda Global Protection 2011\ApVxdWin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO]
2010-06-11 08:08 68928 ----a-w- c:\programmi\Panda Security\Panda Global Protection 2011\Inicio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2003-05-05 06:57 143360 ----a-w- c:\programmi\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\programmi\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Media Components\\Tools\\NsRex.exe"=
"c:\\windows\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/08/18 7:51 PM 26696]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [10/08/26 8:25 PM 76296]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [10/08/26 8:26 PM 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [10/08/26 8:25 PM 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [10/08/26 8:26 PM 193800]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [10/08/26 8:25 PM 159112]
R1 prcmondrv;prcmondrv;c:\windows\system32\drivers\prcmondrv1041.sys [10/08/18 7:19 PM 18432]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [10/08/26 8:22 PM 37896]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [10/08/26 8:26 PM 46856]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [10/08/26 8:23 PM 59080]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [10/08/07 9:04 PM 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [10/08/07 9:04 PM 3904]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [10/08/26 8:22 PM 163336]
R2 PskSvcRetail;Panda PSK service;c:\programmi\Panda Security\Panda Global Protection 2011\psksvc.exe [10/08/26 8:25 PM 28928]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [10/08/26 8:33 PM 13880]
R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\drivers\neti1642.sys [10/08/26 8:23 PM 199688]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [10/04/10 9:21 AM 136176]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [09/12/14 7:59 PM 8192]
S3 io02;Hardware Access Driver;c:\windows\system32\io02.sys [10/08/11 10:30 PM 2656]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [10/01/08 12:10 PM 27064]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/08/09 7:46 PM 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-10 07:21]

2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-10 07:21]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file:///C:/windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Aurel\Dati applicazioni\Mozilla\Firefox\Profiles\kzzwutae.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- Associazioni dei file -------
.
JSEFile=c:\progra~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %*
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-avgrsstarter - avgrsstx.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 15:07
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1202660629-448539723-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1496)
c:\windows\system32\avldr.dll

- - - - - - - > 'explorer.exe'(952)
c:\programmi\Panda Security\Panda Global Protection 2011\pavoepl.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Panda Security\Panda Global Protection 2011\TPSrv.exe
c:\programmi\PANDA SECURITY\PANDA GLOBAL PROTECTION 2011\WebProxy.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\Common Files\Motive\McciCMService.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\programmi\Panda Security\Panda Global Protection 2011\PsCtrls.exe
c:\programmi\Panda Security\Panda Global Protection 2011\PavFnSvr.exe
c:\programmi\File comuni\Panda Security\PavShld\pavprsrv.exe
c:\windows\system32\IoctlSvc.exe
c:\programmi\panda security\panda global protection 2011\firewall\PSHOST.EXE
c:\programmi\Panda Security\Panda Global Protection 2011\PsImSvc.exe
c:\programmi\CyberLink\Shared files\RichVideo.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\Panda Security\Panda Global Protection 2011\pavsrvx86.exe
c:\programmi\Panda Security\Panda Global Protection 2011\AVENGINE.EXE
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
c:\programmi\Panda Security\Panda Global Protection 2011\SRVLOAD.EXE
c:\programmi\Panda Security\Panda Global Protection 2011\PavBckPT.exe
.
**************************************************************************
.
Ora fine scansione: 2010-09-05 15:23:12 - Il pc stato riavviato
ComboFix-quarantined-files.txt 2010-09-05 13:23

Pre-Run: 32,124,796,928 byte disponibili
Post-Run: 32,140,271,616 byte disponibili

- - End Of File - - C29F0F0C25F8DE6CB68CEC88338DE164

I see that the file winlog is still infected. How can I restore it.

I'm thinking to format my harddisk. I don't know if it's only solution.
I wonder if format my HD can I be sure that I have deleted the virus.
Thank you.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:33 AM

Posted 05 September 2010 - 03:15 PM

Hello


Here is what i would like you to do next

Download BootCheck.exe to your desktop.
  • Double click BootCheck.exe to run the check
  • When complete, a Notepad window will open with some text in it
  • Save the Notepad file to your desktop as BootCheck.txt
  • Copy the contents of BootCheck.txt and post it in your next reply


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 cast16

cast16
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 07 September 2010 - 02:24 AM

Hello

Bootcheck.txt:
CMDCONS Folder exists!

Contents of C:\boot.ini:

[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Console di ripristino di emergenza di Microsoft Windows XP" /cmdcons

I look with hope for your answer
Have a nice day!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:33 AM

Posted 07 September 2010 - 08:51 AM

Go to C:\boot.ini

If that file exists, right click and uncheck 'Read Only' and click Apply>OK

Now right click the file again and select 'Open With' and choose Notepad.

If the boot.ini doesn't exist, then open Notepad.

Copy/paste the following text in the quote box below, into Notepad

QUOTE
[boot loader]
timeout=30
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=1 /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=2 /fastdetect
scsi(0)disk(0)rdisk(0)partition(1)\WINDOWS=3 /fastdetect
scsi(0)disk(0)rdisk(0)partition(2)\WINDOWS=4 /fastdetect
scsi(0)disk(0)rdisk(1)partition(2)\WINDOWS=5 /fastdetect
scsi(0)disk(0)rdisk(1)partition(2)\WINDOWS=6 /fastdetect
C:\WINDOWS=7 /fastdetect


Close the file, and approve the changes made when asked by Windows.

If there was no boot.ini, save the file you just created. Name it boot.ini and save it directly to C:\ drive.

Do Not reboot yet!

Run the Bootcheck.exe and post it's contents for review. It's important that you do not reboot the system until I've reviewed that log.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 cast16

cast16
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 07 September 2010 - 02:22 PM

Hello,

Bootcheck.txt:
CMDCONS Folder exists!

Contents of C:\boot.ini:

[boot loader]
timeout=30
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=1 /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=2 /fastdetect
scsi(0)disk(0)rdisk(0)partition(1)\WINDOWS=3 /fastdetect
scsi(0)disk(0)rdisk(0)partition(2)\WINDOWS=4 /fastdetect
scsi(0)disk(0)rdisk(1)partition(2)\WINDOWS=5 /fastdetect
scsi(0)disk(0)rdisk(1)partition(2)\WINDOWS=6 /fastdetect
C:\WINDOWS=7 /fastdetect

Ok I'm waiting without a restart of the pc.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:33 AM

Posted 07 September 2010 - 03:18 PM

Ok, looks good. Read through this next set of instructions and print them out if you're not sure you'll remember.

Reboot your system

* Upon reboot, you'll have 30 seconds to choose from the boot menu.
* Use your arrow key scoot on up to 1 /fastdect in the list and press Enter
* Wait for it to boot Windows.
* If you receive an error, click OK to restart the system

* Upon restart you will see the boot menu again. Arrow up to 2 /fastdetect and press Enter.
* Wait for Windows to boot. If you receive an error message, same as before, click OK to restart.

Continue using the arrow key, going in succession from 3 /fastdetect, etc., one at a time, until Windows boots up.

Come back and tell me which # worked for you.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 cast16

cast16
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 08 September 2010 - 05:48 AM

Hello,
Ok I did as you told me
The system is rebooted already in first attempt with 1 /fastdect.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:33 AM

Posted 08 September 2010 - 05:58 AM

Good. Now that we know which partition Windows is located in, we need to set it one more time.

Right click the C:\boot.ini and rename it to boot.bak

Open Notepad and copy/paste the text in the quote box below, into that empty Notepad:

QUOTE
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP" /noexecute=optin /fastdetect


Save this as boot.ini directly on the C:\ drive.

Run the Bootcheck.exe and post the report contents here for review. Do not reboot until I review that text.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 cast16

cast16
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 08 September 2010 - 06:06 AM

Bootcheck.txt:

CMDCONS Folder exists!

Contents of C:\boot.ini:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP" /noexecute=optin /fastdetect

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:33 AM

Posted 08 September 2010 - 07:41 AM

Hello

you may reboot the computer and then update combofix and rerun it for me

update combofix

I would like you to download an updated virsion of combofix.
    Delete the version of combofix you have now on your desktop and download a new one from here

    **Note: It is important that it is saved directly to your desktop**

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.

    Note:Do not mouseclick combofix's window while it's running. That may cause it to stall



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 cast16

cast16
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 08 September 2010 - 03:16 PM

HI,

Combofix.txt:

ComboFix 10-09-08.01 - Aurel 10/09/08 21:48:45.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1023.542 [GMT 2:00]
Eseguito da: c:\documents and settings\Aurel\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\spool\prtprocs\w32x86\CNMPP7V.DLL
c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\winlogon.exe . . . infetto!!

.
((((((((((((((((((((((((( Files Creati Da 2010-08-08 al 2010-09-08 )))))))))))))))))))))))))))))))))))
.

2010-09-07 06:24 . 2010-09-07 06:24 -------- d-sh--w- c:\documents and settings\amministratore\PrivacIE
2010-09-07 06:23 . 2010-09-07 06:24 -------- d-----w- c:\documents and settings\amministratore\Impostazioni locali\Dati applicazioni\Google
2010-09-07 05:58 . 2010-09-07 05:58 -------- d-----w- c:\programmi\Microsoft CAPICOM 2.1.0.2
2010-09-07 05:43 . 2010-09-07 05:43 -------- d-----w- c:\windows\ServicePackFiles
2010-09-06 08:42 . 2010-09-06 08:42 -------- d-----w- C:\24a2e444f995ae290b57e7467b
2010-09-06 08:41 . 2010-09-06 08:41 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-09-05 16:22 . 2010-09-05 16:22 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\Avira
2010-09-05 16:18 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-05 16:18 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-09-05 16:18 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-09-05 16:17 . 2010-09-05 16:17 -------- d-----w- c:\programmi\Avira
2010-09-05 14:58 . 2010-09-05 14:58 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\CPUTempWatch
2010-09-05 14:54 . 2010-09-05 15:44 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-09-05 14:45 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-09-05 13:52 . 2008-06-14 17:59 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-05 13:52 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\drivers\bthport.sys
2010-09-05 13:40 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-09-04 14:06 . 2010-09-04 14:09 -------- d-----w- c:\programmi\Driver Magician Lite
2010-09-01 12:17 . 2010-09-01 12:17 -------- d-----w- C:\Panda Software
2010-08-29 18:53 . 2010-08-29 18:55 -------- dc-h--w- c:\windows\ie8
2010-08-29 16:36 . 2010-08-29 16:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Panda Software
2010-08-29 10:52 . 2010-08-29 11:09 -------- d-----w- c:\programmi\Windows Live Safety Center
2010-08-28 15:35 . 2010-09-07 08:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-08-28 15:35 . 2010-08-28 15:41 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-08-28 12:45 . 2010-08-28 12:45 -------- d-----w- C:\Panda Security
2010-08-26 18:25 . 2010-08-26 18:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Backup
2010-08-26 18:23 . 2010-09-05 15:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Panda Security
2010-08-26 18:10 . 2010-08-26 18:15 -------- d-----w- C:\AVGTemp
2010-08-26 09:47 . 2010-08-26 09:46 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-25 16:54 . 2010-08-25 16:54 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\Secunia CSI
2010-08-21 09:43 . 2010-08-21 09:52 -------- d-----w- c:\windows\system32\NtmsData
2010-08-20 16:27 . 2010-08-20 16:27 -------- d-----w- c:\programmi\Magical Jelly Bean
2010-08-18 17:50 . 2010-09-05 16:13 -------- d-----w- c:\programmi\Panda Security
2010-08-18 17:39 . 2010-08-18 17:39 -------- d-----w- c:\programmi\Trend Micro
2010-08-18 17:19 . 2010-08-18 17:19 18432 ----a-w- c:\windows\system32\drivers\prcmondrv1041.sys
2010-08-17 16:31 . 2010-08-17 16:31 -------- d-----w- c:\documents and settings\Administrator.AUREL-63937F0B5\Dati applicazioni\Malwarebytes
2010-08-17 15:25 . 2010-08-17 15:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-16 22:27 . 2010-05-06 10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-15 11:51 . 2010-08-15 11:51 -------- d-----w- c:\documents and settings\Aurel\Impostazioni locali\Dati applicazioni\RescueTime.com
2010-08-15 11:50 . 2010-08-15 12:03 -------- d-----w- c:\programmi\RescueTime
2010-08-15 07:47 . 2010-08-16 19:53 -------- d-----w- c:\programmi\Wakoopa
2010-08-11 20:30 . 2010-08-11 20:30 2656 ----a-w- c:\windows\system32\io02.sys
2010-08-09 23:52 . 2010-08-09 23:52 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2010-08-09 23:00 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-09 22:59 . 2010-09-05 16:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-08-09 22:41 . 2010-08-09 22:41 -------- d-----w- c:\programmi\EPSON

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 11:11 . 2010-04-24 10:04 -------- d-----w- c:\programmi\Mozilla Thunderbird
2010-09-07 06:24 . 2001-08-31 10:00 563340 ----a-w- c:\windows\system32\perfh010.dat
2010-09-07 06:24 . 2001-08-31 10:00 109350 ----a-w- c:\windows\system32\perfc010.dat
2010-09-07 05:28 . 2010-01-09 08:21 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-09-05 16:13 . 2007-08-22 08:56 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-09-05 11:27 . 2010-05-11 17:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2010-09-05 10:20 . 2010-01-08 10:10 -------- d-----w- c:\programmi\VS Revo Group
2010-09-03 11:34 . 2009-10-29 05:23 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\Skype
2010-09-02 14:34 . 2009-10-29 05:26 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\skypePM
2010-08-29 09:06 . 2010-01-17 11:47 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-27 10:59 . 2004-08-19 13:39 504832 ----a-w- c:\windows\system32\winlogon.exe
2010-08-26 18:19 . 2010-08-08 19:57 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-08-26 10:54 . 2007-10-12 07:43 -------- d-----w- c:\programmi\Google
2010-08-26 09:56 . 2010-08-26 09:45 79488 ----a-w- c:\documents and settings\Aurel\Dati applicazioni\Sun\Java\jre1.6.0_20\gtapi.dll
2010-08-26 09:56 . 2010-08-26 09:45 152576 ----a-w- c:\documents and settings\Aurel\Dati applicazioni\Sun\Java\jre1.6.0_20\lzma.dll
2010-08-26 09:55 . 2007-08-23 15:25 -------- d-----w- c:\programmi\QuickTime
2010-08-26 09:54 . 2009-01-04 15:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-08-26 09:47 . 2009-04-06 16:46 -------- d-----w- c:\programmi\File comuni\Java
2010-08-25 16:41 . 2007-08-22 09:12 -------- d-----w- c:\programmi\File comuni\Adobe
2010-08-21 07:15 . 2010-06-30 18:29 -------- d-----w- c:\programmi\FireShot for IE
2010-08-20 09:22 . 2008-09-05 03:03 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\Ebqiqu
2010-08-16 22:13 . 2009-11-21 06:10 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\BitTorrent
2010-08-14 09:32 . 2010-08-14 09:32 2672 ----a-w- c:\documents and settings\Aurel\Dati applicazioni\D001335F.DAT
2010-08-09 22:18 . 2010-05-30 13:55 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-08-09 17:46 . 2010-08-09 17:46 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-09 17:46 . 2010-08-09 17:46 -------- d-----w- c:\programmi\LSoft Technologies
2010-08-09 17:31 . 2009-12-22 18:14 -------- d-----w- c:\programmi\CDBurnerXP
2010-08-09 17:27 . 2010-08-09 17:27 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\Canneverbe Limited
2010-08-09 10:45 . 2010-01-16 17:25 139648 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-08-09 10:13 . 2008-09-01 19:25 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\U3
2010-08-08 19:57 . 2010-08-08 19:57 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\Malwarebytes
2010-08-08 19:57 . 2010-08-08 19:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-08-08 10:07 . 2010-01-16 15:56 -------- d-----w- c:\programmi\Autodesk
2010-08-08 10:04 . 2010-01-16 15:56 -------- d-----w- c:\programmi\File comuni\Autodesk Shared
2010-08-08 08:24 . 2010-05-11 17:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norton
2010-08-07 22:24 . 2010-07-03 18:28 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\OfferBox
2010-08-07 21:47 . 2007-08-24 14:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Autodesk
2010-08-07 19:04 . 2010-08-07 19:04 -------- d-----w- c:\programmi\CheckIt
2010-08-07 11:09 . 2010-08-07 07:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ICO
2010-08-07 08:41 . 2010-08-07 08:39 -------- d-----w- c:\programmi\Time Stopper
2010-08-07 07:23 . 2010-08-07 07:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\RPT
2010-08-07 07:13 . 2010-08-07 07:13 -------- d-----w- c:\documents and settings\Aurel\Dati applicazioni\tfw
2010-08-06 06:19 . 2010-08-06 06:19 503808 ----a-w- c:\documents and settings\Aurel\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3a4c6c7d-n\msvcp71.dll
2010-08-06 06:19 . 2010-08-06 06:19 499712 ----a-w- c:\documents and settings\Aurel\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3a4c6c7d-n\jmc.dll
2010-08-06 06:19 . 2010-08-06 06:19 348160 ----a-w- c:\documents and settings\Aurel\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3a4c6c7d-n\msvcr71.dll
2010-08-06 06:19 . 2010-08-06 06:19 61440 ----a-w- c:\documents and settings\Aurel\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5899c4bb-n\decora-sse.dll
2010-08-06 06:19 . 2010-08-06 06:19 12800 ----a-w- c:\documents and settings\Aurel\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5899c4bb-n\decora-d3d.dll
2010-08-01 08:22 . 2009-12-20 17:43 -------- d-----w- c:\programmi\Avidemux 2.5
2010-07-31 08:20 . 2010-07-31 08:20 -------- d-----w- c:\programmi\File comuni\Apple
2010-07-31 08:19 . 2010-07-31 08:19 -------- d-----w- c:\programmi\Apple Software Update
2010-07-31 08:19 . 2010-07-31 08:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2010-07-29 18:39 . 2010-07-24 18:39 -------- d-----w- c:\programmi\Matmagi2
2010-07-26 20:19 . 2009-11-07 10:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-07-26 20:19 . 2010-07-26 20:19 -------- d-----w- c:\programmi\NOS
2010-07-24 08:16 . 2009-04-04 09:13 290816 ------w- c:\windows\Setup1.exe
2010-07-22 12:54 . 2010-07-22 12:54 -------- d-----w- c:\programmi\File comuni\Skype
2010-07-12 09:00 . 2010-07-12 07:22 0 ----a-w- c:\windows\mfont.dat
2010-07-12 06:20 . 2010-07-12 06:20 -------- d-----w- c:\programmi\Ferrero
2010-06-14 14:30 . 2007-08-22 08:44 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.

------- Sigcheck -------

[-] 2010-08-27 . DBC355D072D18956BA5CCD27D225E8E4 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-08-10 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^Aurel^Menu Avvio^Programmi^Esecuzione automatica^Secunia PSI.lnk]
path=c:\documents and settings\Aurel\Menu Avvio\Programmi\Esecuzione automatica\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2003-05-05 06:57 143360 ----a-w- c:\programmi\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\programmi\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Media Components\\Tools\\NsRex.exe"=
"c:\\windows\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 prcmondrv;prcmondrv;c:\windows\system32\drivers\prcmondrv1041.sys [10/08/18 7:19 PM 18432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [10/09/05 6:18 PM 135336]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [10/08/07 9:04 PM 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [10/08/07 9:04 PM 3904]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [09/12/14 7:59 PM 8192]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys --> c:\windows\system32\DRIVERS\ShlDrv51.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [10/04/10 9:21 AM 136176]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?]
S3 io02;Hardware Access Driver;c:\windows\system32\io02.sys [10/08/11 10:30 PM 2656]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [10/01/08 12:10 PM 27064]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/08/09 7:46 PM 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-10 07:21]

2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-10 07:21]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {4CC84702-98FF-45D0-B7AE-5676D984DF13} = 85.37.17.47 85.38.28.82
DPF: Microsoft XML Parser for Java - file:///C:/windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Aurel\Dati applicazioni\Mozilla\Firefox\Profiles\kzzwutae.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-APVXDWIN - c:\programmi\Panda Security\Panda Global Protection 2011\APVXDWIN.EXE
MSConfigStartUp-SCANINICIO - c:\programmi\Panda Security\Panda Global Protection 2011\Inicio.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-08 21:59
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1202660629-448539723-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(7424)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\acs.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\programmi\Common Files\Motive\McciCMService.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\windows\system32\IoctlSvc.exe
c:\programmi\CyberLink\Shared files\RichVideo.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\WgaTray.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Ora fine scansione: 2010-09-08 22:11:11 - Il pc stato riavviato
ComboFix-quarantined-files.txt 2010-09-08 20:11
ComboFix2.txt 2010-09-05 13:23

Pre-Run: 28,850,262,016 byte disponibili
Post-Run: 29,128,237,056 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP" /noexecute=optin /fastdetect

- - End Of File - - 2D356C5950BBE7EB4EB400D642108CFA





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users