Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System infected: Tidserve Activity 2


  • This topic is locked This topic is locked
28 replies to this topic

#1 pized85

pized85

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 03 January 2012 - 10:40 AM

Hi everybody,

i installed the Norton 2012 a few days ago and every 5 minutes it pops up with this message:

System infected: Tidserv Activity 2, that requires to be deleted manually. Following the instuctions of the Norton page did not help, since the used software does not find any problem. I installed other Malware finder softwares, but the problem is still there. Can somebody help?(i've seen i am not the first guy with the problem)

I followed the steps you wrote on the preparation guide, so i paste the DDS.txt and attach the other two files.

Thanks a lot!!!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Admin at 14:26:21 on 2012-01-03
.
============== Running Processes ===============
.
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Lenovo\HOTKEY\TpWAudAp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\PMHandler.exe
C:\Programmi\LENOVO\HOTKEY\FNF5SVC.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nakido\nakido.exe
C:\Programmi\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
C:\WINDOWS\system32\PMSveH.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Admin\Desktop\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\programmi\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\programmi\divx\divx plus web player\npdivx32.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\programmi\norton internet security\engine\19.2.0.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\programmi\norton internet security\engine\19.2.0.10\ips\IPSBHO.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\programmi\avast software\avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programmi\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\programmi\avast software\avast\aswWebRepIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\programmi\norton internet security\engine\19.2.0.10\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TPWAUDAP] c:\programmi\lenovo\hotkey\TpWAudAp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\programmi\synaptics\syntp\SynTPEnh.exe
mRun: [PMHandler] c:\windows\system32\PMHandler.exe
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
IE: Invia a periferica &Bluetooth... - c:\programmi\lenovo\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programmi\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6DA3E7E2-B772-4577-8F79-5E29ECED77DD} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programmi\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: tphotkey - c:\programmi\lenovo\hotkey\tphklock.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\dati applicazioni\mozilla\firefox\profiles\qfasmip7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://de.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\admin\impostazioni locali\dati applicazioni\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\programmi\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\programmi\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\programmi\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\programmi\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
S? BHDrvx86;BHDrvx86
S? ccSet_NIS;Norton Internet Security Settings Manager
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? FNF5SVC;Fn+F5 Service
S? IDSxpx86;IDSxpx86
S? lenovo.smi;Lenovo System Interface Driver
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? Nakido;Nakido
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? NIS;Norton Internet Security
S? PMHler;PMHler
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-01-03 02:43:24 -------- d-----w- c:\documents and settings\admin\impostazioni locali\dati applicazioni\WMTools Downloaded Files
2012-01-03 02:43:15 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2012-01-02 18:44:35 -------- d-----w- c:\documents and settings\admin\dati applicazioni\Malwarebytes
2012-01-02 18:43:58 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Malwarebytes
2011-12-30 11:38:52 -------- d-----w- c:\windows\system32\Adobe
2011-12-28 09:59:26 344184 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\symtdiv.sys
2011-12-28 09:59:25 387192 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\symtdi.sys
2011-12-28 09:59:25 314488 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\symnets.sys
2011-12-28 09:59:24 897656 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\symefa.sys
2011-12-28 09:59:24 340088 ----a-r- c:\windows\system32\drivers\nis\1302000.00a\symds.sys
2011-12-28 09:59:24 31864 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\srtspx.sys
2011-12-28 09:59:23 566904 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\srtsp.sys
2011-12-28 09:59:23 149624 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\ironx86.sys
2011-12-28 09:59:23 132744 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\ccsetx86.sys
2011-12-28 09:57:37 -------- d-----w- c:\windows\system32\drivers\nis\1302000.00A
2011-12-28 06:42:35 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-12-28 06:42:35 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-28 06:42:35 -------- d-----w- c:\programmi\Symantec
2011-12-28 06:42:35 -------- d-----w- c:\programmi\file comuni\Symantec Shared
2011-12-28 06:40:01 -------- d-----w- c:\windows\system32\drivers\NIS
2011-12-28 06:39:46 -------- d-----w- c:\programmi\Norton Internet Security
2011-12-28 06:39:45 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Norton
2011-12-28 06:36:39 -------- d-----w- c:\programmi\NortonInstaller
2011-12-28 06:36:39 -------- d-----w- c:\documents and settings\all users\dati applicazioni\NortonInstaller
.
==================== Find3M ====================
.
2011-11-23 14:40:20 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:13:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13:31 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13:31 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:24:16 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07:12 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:46 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49:57 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:49:57 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:38 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:59 692736 ----a-w- c:\windows\system32\inetcomm.dll
2006-05-03 09:06:54 163328 -csha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 -csha-r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 -csha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 14.34.01,59 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 PM

Posted 03 January 2012 - 01:10 PM

Hello pized85,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


b]1.[/b]
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKIller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 pized85

pized85
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 04 January 2012 - 11:57 AM

Hi Fireman4it,

first of all thanks a lot for your help, i really appreciate that!

i run the 2 programs as you asked me, everything worked well, but the internet connection does not work because the pc cannot anymore generate a new IP(or at least the pc tells me that when i try to connect). It is not a problem of the line since i have no problem to use internet with my mobile.

Right now i am closed out of home so i cannot send you the two logs before tomorrow night. Till then can i do anything to restore the connection?

Thanks again,

Pized85

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 PM

Posted 04 January 2012 - 02:36 PM

I need to see those logs before we continue.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 pized85

pized85
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 05 January 2012 - 12:49 PM

As i said, the pc does not have internet connection anymore. Since i cannot connect it on the net, the tasks you ask me take a bit longer than usual( i do not have another pc at home). Thanks again



ComboFix 12-01-03.04 - Admin 03/01/2012 21.24.29.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.502.243 [GMT 1:00]
Eseguito da: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Dati applicazioni\OfferBox
c:\documents and settings\Admin\Dati applicazioni\OfferBox\config.dat
c:\documents and settings\Admin\Dati applicazioni\OfferBox\config.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\1.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\a.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\b.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\c.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\d.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\e.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\f.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\g.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\h.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\i.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\j.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\k.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\l.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\m.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\mru.xml
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\n.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\o.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\p.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\q.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\r.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\s.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\t.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\u.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\v.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\w.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\wlu.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\x.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\y.txt
c:\documents and settings\Admin\Dati applicazioni\PriceGong\Data\z.txt
c:\programmi\OfferBox
c:\programmi\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
c:\windows\$NtUninstallKB34996$\2761492807
c:\windows\$NtUninstallKB34996$\46303862\@
c:\windows\$NtUninstallKB34996$\46303862\bckfg.tmp
c:\windows\$NtUninstallKB34996$\46303862\cfg.ini
c:\windows\$NtUninstallKB34996$\46303862\Desktop.ini
c:\windows\$NtUninstallKB34996$\46303862\keywords
c:\windows\$NtUninstallKB34996$\46303862\kwrd.dll
c:\windows\$NtUninstallKB34996$\46303862\L\wosjueif
c:\windows\$NtUninstallKB34996$\46303862\U\00000001.@
c:\windows\$NtUninstallKB34996$\46303862\U\00000002.@
c:\windows\$NtUninstallKB34996$\46303862\U\00000004.@
c:\windows\$NtUninstallKB34996$\46303862\U\80000000.@
c:\windows\$NtUninstallKB34996$\46303862\U\80000004.@
c:\windows\$NtUninstallKB34996$\46303862\U\80000032.@
c:\windows\dasetup.log
c:\windows\qfe11E.tmp
c:\windows\WindowsXP-KB822603-x86.exe
c:\windows\$NtUninstallKB34996$ . . . . Eliminazione Fallita
.
.
((((((((((((((((((((((((( Files Creati Da 2011-12-03 al 2012-01-03 )))))))))))))))))))))))))))))))))))
.
.
2012-01-03 02:43 . 2012-01-03 02:43 -------- d-----w- c:\documents and settings\Admin\Impostazioni locali\Dati applicazioni\WMTools Downloaded Files
2012-01-03 01:38 . 2012-01-03 01:38 -------- d-----r- c:\documents and settings\NetworkService\Preferiti
2012-01-02 18:44 . 2012-01-02 18:44 -------- d-----w- c:\documents and settings\Admin\Dati applicazioni\Malwarebytes
2012-01-02 18:43 . 2012-01-02 18:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2012-01-01 21:25 . 2012-01-01 21:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-30 11:38 . 2011-12-30 11:38 -------- d-----w- c:\windows\system32\Adobe
2011-12-28 06:42 . 2011-12-28 09:54 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2011-12-28 06:42 . 2011-12-28 06:42 -------- d-----w- c:\programmi\Symantec
2011-12-28 06:42 . 2011-12-28 06:42 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-12-28 06:42 . 2011-12-28 06:42 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-28 06:40 . 2011-12-28 14:35 -------- d-----w- c:\windows\system32\drivers\NIS
2011-12-28 06:39 . 2011-12-28 06:40 -------- d-----w- c:\programmi\Norton Internet Security
2011-12-28 06:39 . 2011-12-28 06:39 -------- d-----w- c:\programmi\Windows Sidebar
2011-12-28 06:39 . 2011-12-28 06:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norton
2011-12-28 06:36 . 2011-12-28 06:36 -------- d-----w- c:\programmi\NortonInstaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 14:40 . 2008-04-13 16:50 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2008-11-06 15:11 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-11-06 15:10 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2008-11-06 15:10 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:24 . 2008-11-06 15:10 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-04-13 17:13 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-13 17:13 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-13 18:55 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2008-04-13 16:54 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-18 11:13 . 2008-04-13 17:13 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-03-16 11:05 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-11-25 14:42 . 2011-03-28 10:35 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 -csha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 -csha-r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 -csha-r- c:\windows\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-11-06 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPWAUDAP"="c:\programmi\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"PMHandler"="c:\windows\system32\PMHandler.exe" [2006-05-20 24576]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-05-18 98304]
"snp2std"="c:\windows\vsnp2std.exe" [2006-04-21 675840]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2009-05-21 19:48 34080 ----a-w- c:\programmi\Lenovo\HOTKEY\tphklock.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Admin\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BTTray.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 17:17 207424 -c--a-w- c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-02-15 01:32 1230704 ----a-w- c:\programmi\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-26 23:22 421160 -c--a-w- c:\programmi\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49 249064 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Nakido\\nakido.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1302000.00A\symds.sys [28/12/2011 10.59.24 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1302000.00A\symefa.sys [28/12/2011 10.59.24 897656]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111221.003\BHDrvx86.sys [21/12/2011 22.50.32 819320]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1302000.00A\ccsetx86.sys [28/12/2011 10.59.23 132744]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [12/05/2008 18.04.04 13480]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [21/12/2005 14.09.50 10240]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1302000.00A\ironx86.sys [28/12/2011 10.59.23 149624]
R2 FNF5SVC;Fn+F5 Service;c:\programmi\Lenovo\HOTKEY\FnF5svc.exe [16/03/2011 12.27.48 54560]
R2 Nakido;Nakido;c:\programmi\Nakido\nakido.exe [08/09/2010 7.09.44 337408]
R2 NIS;Norton Internet Security;c:\programmi\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe [28/12/2011 10.58.18 138760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [28/12/2011 8.06.36 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111228.001\IDSXpx86.sys [29/12/2011 9.08.17 356280]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Settings,ProxyOverride = *.local
IE: Invia a periferica &Bluetooth... - c:\programmi\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Admin\Dati applicazioni\Mozilla\Firefox\Profiles\qfasmip7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://de.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-Free Audio CD Burner_is1 - c:\programmi\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Uninstall_is1 - c:\programmi\File comuni\DVDVideoSoft\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-03 21:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\programmi\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\programmi\Norton Internet Security\Engine\19.2.0.10\diMaster.dll\" /prefetch:1"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\programmi\Lenovo\HOTKEY\tphklock.dll
.
- - - - - - - > 'explorer.exe'(3560)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\agrsmsvc.exe
c:\programmi\Lenovo\Bluetooth Software\bin\btwdins.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\PMSveH.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2012-01-03 21:40:54 - Il pc stato riavviato
ComboFix-quarantined-files.txt 2012-01-03 20:40
.
Pre-Run: 476.955.586.560 byte disponibili
Post-Run: 477.170.053.120 byte disponibili
.
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 26D4F9C42312E2B2ED498669E41D4635




20:52:52.0281 2696 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
20:52:53.0875 2696 ============================================================
20:52:53.0875 2696 Current date / time: 2012/01/03 20:52:53.0875
20:52:53.0875 2696 SystemInfo:
20:52:53.0875 2696
20:52:53.0875 2696 OS Version: 5.1.2600 ServicePack: 3.0
20:52:53.0875 2696 Product type: Workstation
20:52:53.0875 2696 ComputerName: ADMIN-C99477835
20:52:53.0875 2696 UserName: Admin
20:52:53.0875 2696 Windows directory: C:\WINDOWS
20:52:53.0875 2696 System windows directory: C:\WINDOWS
20:52:53.0875 2696 Processor architecture: Intel x86
20:52:53.0875 2696 Number of processors: 2
20:52:53.0875 2696 Page size: 0x1000
20:52:53.0875 2696 Boot type: Normal boot
20:52:53.0875 2696 ============================================================
20:52:59.0312 2696 Initialize success
20:53:07.0453 3292 ============================================================
20:53:07.0453 3292 Scan started
20:53:07.0453 3292 Mode: Manual;
20:53:07.0453 3292 ============================================================
20:53:09.0687 3292 Abiosdsk - ok
20:53:09.0703 3292 abp480n5 - ok
20:53:09.0765 3292 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:53:09.0781 3292 ACPI - ok
20:53:09.0812 3292 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:53:09.0843 3292 ACPIEC - ok
20:53:09.0890 3292 ADIHdAudAddService (de325887ffd27aef6ec9b3d41c4a03a9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
20:53:09.0890 3292 ADIHdAudAddService - ok
20:53:09.0906 3292 adpu160m - ok
20:53:09.0984 3292 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:53:10.0000 3292 aec - ok
20:53:10.0062 3292 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:53:10.0093 3292 AegisP - ok
20:53:10.0125 3292 AFD (a590271bf23df0cc00b085e7874e5298) C:\WINDOWS\System32\drivers\afd.sys
20:53:10.0234 3292 AFD - ok
20:53:10.0375 3292 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
20:53:10.0437 3292 AgereSoftModem - ok
20:53:10.0453 3292 Aha154x - ok
20:53:10.0468 3292 aic78u2 - ok
20:53:10.0484 3292 aic78xx - ok
20:53:10.0500 3292 AliIde - ok
20:53:10.0515 3292 amsint - ok
20:53:10.0578 3292 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:53:10.0578 3292 Arp1394 - ok
20:53:10.0578 3292 asc - ok
20:53:10.0593 3292 asc3350p - ok
20:53:10.0609 3292 asc3550 - ok
20:53:10.0703 3292 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:53:10.0703 3292 AsyncMac - ok
20:53:10.0734 3292 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:53:10.0734 3292 atapi - ok
20:53:10.0734 3292 Atdisk - ok
20:53:10.0765 3292 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:53:10.0781 3292 Atmarpc - ok
20:53:10.0796 3292 ATSWPDRV (d19c1309c83123647b233a71e8a05683) C:\WINDOWS\system32\Drivers\ATSwpDrv.sys
20:53:10.0828 3292 ATSWPDRV - ok
20:53:10.0875 3292 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:53:10.0906 3292 audstub - ok
20:53:10.0953 3292 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:53:10.0984 3292 Beep - ok
20:53:11.0171 3292 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111221.003\BHDrvx86.sys
20:53:11.0250 3292 BHDrvx86 - ok
20:53:11.0375 3292 BTKRNL (4ebd4ebff01617fbda6ce7963f150918) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
20:53:11.0468 3292 BTKRNL - ok
20:53:11.0531 3292 BTWUSB (589400f357f6cb156a6f804035514da0) C:\WINDOWS\system32\Drivers\btwusb.sys
20:53:11.0546 3292 BTWUSB - ok
20:53:11.0562 3292 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:53:11.0578 3292 cbidf2k - ok
20:53:11.0640 3292 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:53:11.0640 3292 CCDECODE - ok
20:53:11.0734 3292 ccSet_NIS (2b2f9b4a08190334a9c36446b208bae9) C:\WINDOWS\system32\drivers\NIS\1302000.00A\ccSetx86.sys
20:53:11.0765 3292 ccSet_NIS - ok
20:53:11.0781 3292 cd20xrnt - ok
20:53:11.0843 3292 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:53:11.0859 3292 Cdaudio - ok
20:53:11.0921 3292 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:53:11.0921 3292 Cdfs - ok
20:53:11.0968 3292 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:53:11.0984 3292 Cdrom - ok
20:53:11.0984 3292 Changer - ok
20:53:12.0093 3292 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:53:12.0109 3292 CmBatt - ok
20:53:12.0125 3292 CmdIde - ok
20:53:12.0125 3292 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:53:12.0140 3292 Compbatt - ok
20:53:12.0156 3292 Cpqarray - ok
20:53:12.0171 3292 dac2w2k - ok
20:53:12.0187 3292 dac960nt - ok
20:53:12.0203 3292 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:53:12.0218 3292 Disk - ok
20:53:12.0281 3292 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
20:53:12.0312 3292 dmboot - ok
20:53:12.0343 3292 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
20:53:12.0375 3292 dmio - ok
20:53:12.0406 3292 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:53:12.0406 3292 dmload - ok
20:53:12.0484 3292 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:53:12.0484 3292 DMusic - ok
20:53:12.0515 3292 dpti2o - ok
20:53:12.0593 3292 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:53:12.0593 3292 drmkaud - ok
20:53:12.0703 3292 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys
20:53:12.0750 3292 eeCtrl - ok
20:53:12.0796 3292 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:53:12.0812 3292 EraserUtilRebootDrv - ok
20:53:12.0953 3292 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:53:12.0953 3292 Fastfat - ok
20:53:12.0984 3292 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:53:12.0984 3292 Fdc - ok
20:53:13.0000 3292 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
20:53:13.0000 3292 Fips - ok
20:53:13.0093 3292 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:53:13.0093 3292 Flpydisk - ok
20:53:13.0140 3292 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:53:13.0156 3292 FltMgr - ok
20:53:13.0234 3292 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:53:13.0250 3292 Fs_Rec - ok
20:53:13.0265 3292 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:53:13.0281 3292 Ftdisk - ok
20:53:13.0343 3292 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:53:13.0375 3292 GEARAspiWDM - ok
20:53:13.0437 3292 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:53:13.0437 3292 Gpc - ok
20:53:13.0484 3292 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:53:13.0484 3292 HDAudBus - ok
20:53:13.0671 3292 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:53:13.0703 3292 HidUsb - ok
20:53:13.0718 3292 hpn - ok
20:53:13.0781 3292 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:53:13.0796 3292 HTTP - ok
20:53:13.0812 3292 i2omgmt - ok
20:53:13.0828 3292 i2omp - ok
20:53:13.0953 3292 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:53:13.0953 3292 i8042prt - ok
20:53:14.0015 3292 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:53:14.0062 3292 ialm - ok
20:53:14.0296 3292 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111228.001\IDSxpx86.sys
20:53:14.0296 3292 IDSxpx86 - ok
20:53:14.0359 3292 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:53:14.0359 3292 Imapi - ok
20:53:14.0375 3292 ini910u - ok
20:53:14.0390 3292 IntelIde - ok
20:53:14.0406 3292 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:53:14.0437 3292 intelppm - ok
20:53:14.0484 3292 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:53:14.0484 3292 Ip6Fw - ok
20:53:14.0531 3292 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:53:14.0546 3292 IpFilterDriver - ok
20:53:14.0562 3292 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:53:14.0562 3292 IpInIp - ok
20:53:14.0593 3292 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:53:14.0593 3292 IpNat - ok
20:53:14.0625 3292 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:53:14.0625 3292 IPSec - ok
20:53:14.0656 3292 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:53:14.0687 3292 IRENUM - ok
20:53:14.0718 3292 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:53:14.0718 3292 isapnp - ok
20:53:14.0765 3292 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:53:14.0765 3292 Kbdclass - ok
20:53:14.0812 3292 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:53:14.0828 3292 kmixer - ok
20:53:14.0828 3292 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:53:14.0843 3292 KSecDD - ok
20:53:14.0859 3292 lbrtfdc - ok
20:53:14.0890 3292 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\WINDOWS\system32\DRIVERS\smiif32.sys
20:53:14.0906 3292 lenovo.smi - ok
20:53:14.0953 3292 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:53:14.0953 3292 mnmdd - ok
20:53:15.0000 3292 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
20:53:15.0015 3292 Modem - ok
20:53:15.0062 3292 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:53:15.0062 3292 Mouclass - ok
20:53:15.0109 3292 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:53:15.0125 3292 mouhid - ok
20:53:15.0125 3292 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:53:15.0140 3292 MountMgr - ok
20:53:15.0140 3292 mraid35x - ok
20:53:15.0203 3292 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:53:15.0203 3292 MRxDAV - ok
20:53:15.0250 3292 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:53:15.0265 3292 MRxSmb - ok
20:53:15.0328 3292 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:53:15.0328 3292 Msfs - ok
20:53:15.0437 3292 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:53:15.0453 3292 MSKSSRV - ok
20:53:15.0500 3292 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:53:15.0531 3292 MSPCLOCK - ok
20:53:15.0546 3292 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:53:15.0546 3292 MSPQM - ok
20:53:15.0593 3292 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:53:15.0593 3292 mssmbios - ok
20:53:15.0625 3292 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:53:15.0656 3292 MSTEE - ok
20:53:15.0703 3292 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:53:15.0718 3292 Mup - ok
20:53:15.0781 3292 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:53:15.0796 3292 NABTSFEC - ok
20:53:15.0984 3292 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120102.036\NAVENG.SYS
20:53:16.0015 3292 NAVENG - ok
20:53:16.0078 3292 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120102.036\NAVEX15.SYS
20:53:16.0546 3292 NAVEX15 - ok
20:53:16.0750 3292 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:53:16.0765 3292 NDIS - ok
20:53:16.0828 3292 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:53:16.0828 3292 NdisIP - ok
20:53:16.0859 3292 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:53:16.0890 3292 NdisTapi - ok
20:53:16.0921 3292 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:53:16.0937 3292 Ndisuio - ok
20:53:16.0984 3292 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:53:16.0984 3292 NdisWan - ok
20:53:17.0015 3292 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:53:17.0046 3292 NDProxy - ok
20:53:17.0062 3292 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:53:17.0062 3292 NetBIOS - ok
20:53:17.0093 3292 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:53:17.0109 3292 NetBT - ok
20:53:17.0250 3292 NETw3x32 (50f5de54e1d1646c02078f3eddc15a8e) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
20:53:17.0296 3292 NETw3x32 - ok
20:53:17.0343 3292 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:53:17.0343 3292 NIC1394 - ok
20:53:17.0359 3292 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:53:17.0359 3292 Npfs - ok
20:53:17.0390 3292 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:53:17.0406 3292 Ntfs - ok
20:53:17.0453 3292 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:53:17.0468 3292 Null - ok
20:53:17.0515 3292 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:53:17.0531 3292 NwlnkFlt - ok
20:53:17.0625 3292 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:53:17.0625 3292 NwlnkFwd - ok
20:53:17.0640 3292 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:53:17.0671 3292 ohci1394 - ok
20:53:17.0718 3292 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\drivers\Parport.sys
20:53:17.0781 3292 Parport - ok
20:53:17.0796 3292 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:53:17.0812 3292 PartMgr - ok
20:53:17.0859 3292 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
20:53:17.0859 3292 ParVdm - ok
20:53:17.0890 3292 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
20:53:17.0921 3292 PCI - ok
20:53:17.0937 3292 PCIDump - ok
20:53:18.0000 3292 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:53:18.0031 3292 PCIIde - ok
20:53:18.0046 3292 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:53:18.0062 3292 Pcmcia - ok
20:53:18.0062 3292 PDCOMP - ok
20:53:18.0078 3292 PDFRAME - ok
20:53:18.0093 3292 PDRELI - ok
20:53:18.0109 3292 PDRFRAME - ok
20:53:18.0125 3292 perc2 - ok
20:53:18.0140 3292 perc2hib - ok
20:53:18.0250 3292 PMHler (c6114ccd63db3925a0450b1089ece503) C:\WINDOWS\system32\drivers\PMHler.sys
20:53:18.0250 3292 PMHler - ok
20:53:18.0312 3292 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:53:18.0312 3292 PptpMiniport - ok
20:53:18.0375 3292 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:53:18.0375 3292 PSched - ok
20:53:18.0390 3292 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:53:18.0390 3292 Ptilink - ok
20:53:18.0453 3292 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:53:18.0484 3292 PxHelp20 - ok
20:53:18.0500 3292 ql1080 - ok
20:53:18.0515 3292 Ql10wnt - ok
20:53:18.0531 3292 ql12160 - ok
20:53:18.0531 3292 ql1240 - ok
20:53:18.0546 3292 ql1280 - ok
20:53:18.0625 3292 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:53:18.0640 3292 RasAcd - ok
20:53:18.0671 3292 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:53:18.0687 3292 Rasl2tp - ok
20:53:18.0703 3292 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:53:18.0703 3292 RasPppoe - ok
20:53:18.0718 3292 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:53:18.0718 3292 Raspti - ok
20:53:18.0765 3292 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:53:18.0781 3292 Rdbss - ok
20:53:18.0812 3292 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:53:18.0812 3292 RDPCDD - ok
20:53:18.0859 3292 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:53:18.0937 3292 RDPWD - ok
20:53:19.0031 3292 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:53:19.0031 3292 redbook - ok
20:53:19.0062 3292 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
20:53:19.0062 3292 rimmptsk - ok
20:53:19.0093 3292 rimsptsk (1e6047d4184ccf52e31da2f4f3e3eb27) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
20:53:19.0093 3292 rimsptsk - ok
20:53:19.0125 3292 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
20:53:19.0125 3292 rismxdp - ok
20:53:19.0187 3292 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:53:19.0218 3292 rtl8139 - ok
20:53:19.0312 3292 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:53:19.0343 3292 s24trans - ok
20:53:19.0390 3292 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:53:19.0390 3292 sdbus - ok
20:53:19.0406 3292 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:53:19.0406 3292 Secdrv - ok
20:53:19.0437 3292 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\drivers\Serial.sys
20:53:19.0437 3292 Serial - ok
20:53:19.0531 3292 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
20:53:19.0531 3292 sffdisk - ok
20:53:19.0546 3292 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
20:53:19.0546 3292 sffp_sd - ok
20:53:19.0562 3292 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:53:19.0593 3292 Sfloppy - ok
20:53:19.0609 3292 Simbad - ok
20:53:19.0656 3292 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:53:19.0656 3292 SLIP - ok
20:53:19.0796 3292 SNP2STD (72281c3c24871a9ce52a0dd7cb735568) C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
20:53:20.0015 3292 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\snp2sxp.sys. Real md5: 72281c3c24871a9ce52a0dd7cb735568, Fake md5: 28380b82b00c9b532142386cd4e2628a
20:53:21.0578 3292 SNP2STD ( ForgedFile.Multi.Generic ) - warning
20:53:21.0578 3292 SNP2STD - detected ForgedFile.Multi.Generic (1)
20:53:21.0609 3292 Sparrow - ok
20:53:21.0640 3292 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:53:21.0656 3292 splitter - ok
20:53:21.0718 3292 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
20:53:21.0796 3292 sr - ok
20:53:21.0890 3292 SRTSP (2c5fbf6a00a4a3dcf643e46e8acb20c2) C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SRTSP.SYS
20:53:21.0921 3292 SRTSP - ok
20:53:21.0937 3292 SRTSPX (9034ea58552b55f370e5293a7175c5ac) C:\WINDOWS\system32\drivers\NIS\1302000.00A\SRTSPX.SYS
20:53:21.0953 3292 SRTSPX - ok
20:53:22.0062 3292 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:53:22.0078 3292 Srv - ok
20:53:22.0109 3292 sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
20:53:22.0125 3292 sscdbus - ok
20:53:22.0156 3292 sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
20:53:22.0156 3292 sscdmdfl - ok
20:53:22.0171 3292 sscdmdm (71d348d53597379dfe1de255d70af13c) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
20:53:22.0187 3292 sscdmdm - ok
20:53:22.0265 3292 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
20:53:22.0312 3292 StarOpen - ok
20:53:22.0343 3292 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:53:22.0359 3292 streamip - ok
20:53:22.0375 3292 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:53:22.0375 3292 swenum - ok
20:53:22.0406 3292 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:53:22.0406 3292 swmidi - ok
20:53:22.0421 3292 symc810 - ok
20:53:22.0437 3292 symc8xx - ok
20:53:22.0500 3292 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1302000.00A\SYMDS.SYS
20:53:22.0531 3292 SymDS - ok
20:53:22.0593 3292 SymEFA (fc6d4a81b3611693f4e14e75908b6767) C:\WINDOWS\system32\drivers\NIS\1302000.00A\SYMEFA.SYS
20:53:22.0625 3292 SymEFA - ok
20:53:22.0859 3292 SymEvent (98d28d08e68145fb550ee7670b43baf2) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
20:53:22.0906 3292 SymEvent - ok
20:53:22.0953 3292 SymIRON (39c35ddbb570e9f334f239248e4de34d) C:\WINDOWS\system32\drivers\NIS\1302000.00A\Ironx86.SYS
20:53:22.0984 3292 SymIRON - ok
20:53:23.0031 3292 SYMTDI (aaae36e8235dab7da8a64bd10de281e5) C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SYMTDI.SYS
20:53:23.0046 3292 SYMTDI - ok
20:53:23.0062 3292 sym_hi - ok
20:53:23.0078 3292 sym_u3 - ok
20:53:23.0187 3292 SynTP (ae4052fc36bd4c390cee45a38ec1199a) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:53:23.0218 3292 SynTP - ok
20:53:23.0250 3292 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:53:23.0250 3292 sysaudio - ok
20:53:23.0359 3292 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:53:23.0468 3292 Tcpip - ok
20:53:23.0562 3292 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:53:23.0562 3292 TDPIPE - ok
20:53:23.0593 3292 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:53:23.0609 3292 TDTCP - ok
20:53:23.0656 3292 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:53:23.0687 3292 TermDD - ok
20:53:23.0703 3292 TosIde - ok
20:53:23.0734 3292 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:53:23.0750 3292 Udfs - ok
20:53:23.0750 3292 ultra - ok
20:53:23.0812 3292 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:53:23.0828 3292 Update - ok
20:53:23.0953 3292 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:53:23.0984 3292 USBAAPL - ok
20:53:24.0031 3292 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:53:24.0062 3292 usbehci - ok
20:53:24.0109 3292 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:53:24.0140 3292 usbhub - ok
20:53:24.0203 3292 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:53:24.0203 3292 usbprint - ok
20:53:24.0296 3292 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:53:24.0312 3292 usbscan - ok
20:53:24.0359 3292 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:53:24.0375 3292 USBSTOR - ok
20:53:24.0437 3292 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:53:24.0453 3292 usbuhci - ok
20:53:24.0500 3292 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:53:24.0500 3292 VgaSave - ok
20:53:24.0500 3292 ViaIde - ok
20:53:24.0562 3292 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
20:53:24.0578 3292 VolSnap - ok
20:53:24.0609 3292 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:53:24.0625 3292 Wanarp - ok
20:53:24.0640 3292 WDICA - ok
20:53:24.0703 3292 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:53:24.0703 3292 wdmaud - ok
20:53:24.0765 3292 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:53:24.0796 3292 WSTCODEC - ok
20:53:24.0843 3292 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
20:53:25.0031 3292 \Device\Harddisk0\DR0 - ok
20:53:25.0046 3292 Boot (0x1200) (670d9b501566307f2781bc4ddd176944) \Device\Harddisk0\DR0\Partition0
20:53:25.0046 3292 \Device\Harddisk0\DR0\Partition0 - ok
20:53:25.0046 3292 ============================================================
20:53:25.0046 3292 Scan finished
20:53:25.0046 3292 ============================================================
20:53:25.0062 3280 Detected object count: 1
20:53:25.0062 3280 Actual detected object count: 1
20:55:01.0250 3280 SNP2STD ( ForgedFile.Multi.Generic ) - skipped by user
20:55:01.0250 3280 SNP2STD ( ForgedFile.Multi.Generic ) - User select action: Skip
20:55:16.0750 0908 Deinitialize success

Attached Files



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 PM

Posted 05 January 2012 - 05:57 PM

Ok thanks for the logs. Now we need to run another scanner that will look at your internet connection so we can see if we can fix it or not.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 pized85

pized85
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 06 January 2012 - 06:23 AM

There you are:




Farbar Service Scanner
Ran by Admin (administrator) on 06-01-2012 at 12:20:50
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2008-04-13 18:13] - [2008-04-13 18:13] - 0126976 ____A (Microsoft Corporation) 699EE7F752A25180AEB92C3A0EAEE440

C:\WINDOWS\system32\Drivers\afd.sys
[2008-04-13 11:19] - [2011-08-17 14:49] - 0138496 ____A () A590271BF23DF0CC00B085E7874E5298

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2008-04-13 18:13] - [2009-04-20 18:18] - 0045568 ____A (Microsoft Corporation) B7A1162B1A26DF7B60D5D9500006096C

C:\WINDOWS\system32\ipnathlp.dll
[2008-04-13 18:13] - [2008-04-13 18:13] - 0332288 ____A (Microsoft Corporation) 152C0555925DFE028E3148FD215146BB

C:\WINDOWS\system32\netman.dll
[2008-04-13 18:13] - [2008-04-13 18:13] - 0198144 ____A (Microsoft Corporation) 02815B70FC4CA8611A926176F1C39FC2

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2011-03-16 12:02] - [2008-04-13 18:13] - 0145408 ____A (Microsoft Corporation) 40911E98D0F1CBB1015F2101982F1DDF

C:\WINDOWS\system32\srsvc.dll
[2011-03-16 12:05] - [2008-04-13 18:13] - 0171520 ____A (Microsoft Corporation) B3E3DA70A7A76E69B872DE3D06D32C19

C:\WINDOWS\system32\Drivers\sr.sys
[2011-03-16 12:05] - [2008-04-13 17:56] - 0073472 ____A (Microsoft Corporation) 618718CAE288BF7CBD8FCBAB2577D932

C:\WINDOWS\system32\wscsvc.dll
[2008-04-13 18:13] - [2008-04-13 18:13] - 0080896 ____A (Microsoft Corporation) 926D921C93CFF1E19EF4DE3E4C8368CA

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2011-03-16 12:02] - [2008-04-13 18:13] - 0145408 ____A (Microsoft Corporation) 40911E98D0F1CBB1015F2101982F1DDF

C:\WINDOWS\system32\svchost.exe
[2008-04-13 18:14] - [2008-04-13 18:14] - 0014336 ____A (Microsoft Corporation) BB8363ABEC09AA2F9B363484E282117C

C:\WINDOWS\system32\rpcss.dll
[2008-04-13 18:13] - [2009-02-09 11:51] - 0401408 ____A (Microsoft Corporation) BC4E0226341AAEC1222336B3AED86BAB

C:\WINDOWS\system32\services.exe
[2008-04-13 18:14] - [2009-02-09 12:22] - 0111104 ____A (Microsoft Corporation) 26845F272435302E0F3322E660A24F7D


Extra List:
=======
AegisP(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) s24trans(8) SYMTDI(11) Tcpip(4)
0x0A00000005000000010000000200000003000000040000000B00000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 PM

Posted 06 January 2012 - 07:00 PM

  • Go to Start -> Control Panel -> Network and Internet Connection ->Network Connections.
  • Right-click your default connection, usually Local Area Connection or Dial-up Connection (if you are using dial-up), and left-click on the Properties option.
  • Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says "Obtain DNS servers automatically".
  • Click OK twice.
    spacer.gif
  • Go to Start -> Run...
  • In the Open: field type cmd and click OK or hit Enter.
    This will open a Command Prompt.
  • At the DOS prompt screen, type in ipconfig /flushdns and then press Enter (notice the space between "ipconfig" and "/flushdns").
  • Exit the Command Prompt.
  • Reboot your PC and try to open any website.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 pized85

pized85
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 08 January 2012 - 05:42 AM

The button was already on "Obtain DNS servers automatically".

I did what you asked but nothing changed, i still do not get any connection.

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 PM

Posted 08 January 2012 - 12:54 PM

Go to Start -> Run...
In the Open: field type cmd and click OK or hit Enter.
This will open a Command Prompt.
At the DOS prompt screen, type in or copy and paste netsh int ip reset resetlog.txt and then press Enter
Exit the Command Prompt.
Reboot your PC and try to open any website.


Are you connected to the internet through a router? IF so we need to reset that router.
How to reset your router.

Edited by fireman4it, 08 January 2012 - 12:57 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 pized85

pized85
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 09 January 2012 - 12:41 PM

I typed "netsh int ip reset resetlog.txt" but nothing happened( was it supposed to?) , rebooted my pc and nothing changed, still the same problem.

I do not have a router, i use a normal modem.

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 PM

Posted 09 January 2012 - 06:28 PM

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\system32\Drivers\afd.sys

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 pized85

pized85
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 10 January 2012 - 02:28 PM

I did the new configuration of the hidden files, but how can i go on a websitew if my internet doesn't work?

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 PM

Posted 10 January 2012 - 06:26 PM

How have you been downloading and running the tools we have been using?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 pized85

pized85
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 11 January 2012 - 01:19 AM

At the beginning the connection was working, since i had the problem i was downloading the softwares in a usb key, and then transfering them in the pc with the problem. Now you ask me to use a online service, not to download anything.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users