Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser opens new windows with unwanted ads


  • This topic is locked This topic is locked
9 replies to this topic

#1 Gioguer

Gioguer

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Italy
  • Local time:08:11 PM

Posted 28 January 2012 - 11:07 AM

Hello, I've just signed in, please note I'm not an expert. My browser (Mozilla) keeps opening new windows with unwanted ads. Avira and Malwarebytes can't detect any infection.
I've just launched hijackthis and this is the logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.32.20, on 28/01/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\DivX\DivX Update\DivXUpdate.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Microsoft\BingBar\SeaPort.EXE
C:\Programmi\File comuni\DataViz\DvzIncMsgr.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\File comuni\Ahead\lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programmi\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Programmi\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Programmi\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programmi\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmi\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [PeerBlock] C:\Programmi\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Claudio\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Programmi\File comuni\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Programmi\Palm\Hotsync.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199379695062
O17 - HKLM\System\CCS\Services\Tcpip\..\{054EFC57-DA4D-4661-9C81-44F94D436194}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{41F2D112-185D-4413-81FA-C1459E1C02CF}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{5779FF95-C4CB-4DFD-9DA7-1FFA8401E341}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{E11C9101-F38A-427D-8013-4EBDCD5264FA}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{054EFC57-DA4D-4661-9C81-44F94D436194}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programmi\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\Claudio\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\Claudio\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 14875 bytes


What am I supposed to do? Thank you for your help!

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:11 PM

Posted 29 January 2012 - 08:38 PM

Hi,

Please do the following:



Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Gioguer

Gioguer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Italy
  • Local time:08:11 PM

Posted 30 January 2012 - 11:19 AM

Hello, thank you a lot for your fast reply. I'm doing what you suggested in two steps, I hope I'm doing it correctly.

So, in this first message I'm attaching the zipped attach.txt and including the following dds.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Claudio at 16:47:29 on 2012-01-30
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1015.335 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {00000000-0715-0000-08F2-12003094807C}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5C49-7C92-0300-000000000000}
AV: Avira Desktop *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Microsoft\BingBar\SeaPort.EXE
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\DivX\DivX Update\DivXUpdate.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\File comuni\DataViz\DvzIncMsgr.exe
C:\Programmi\Palm\Hotsync.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://search.findeer.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar con blocco Pop-Up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Supporto di collegamento per Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\programmi\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmi\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programmi\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmi\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\programmi\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\programmi\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\programmi\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\programmi\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmi\google\google toolbar\GoogleToolbar_32.dll
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\programmi\file comuni\ahead\lib\NMBgMonitor.exe"
uRun: [swg] "c:\programmi\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [TomTomHOME.exe] "c:\programmi\tomtom home 2\TomTomHOMERunner.exe"
uRun: [PeerBlock] c:\programmi\peerblock\peerblock.exe
uRun: [Skype] "c:\programmi\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Facebook Update] "c:\documents and settings\claudio\impostazioni locali\dati applicazioni\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [SUPERAntiSpyware] c:\programmi\superantispyware\SUPERAntiSpyware.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [AdobeVersionCue] c:\programmi\adobe\adobe version cue\controlpanel\VersionCueTray.exe
mRun: [Acrobat Assistant 7.0] "c:\programmi\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [QuickTime Task] "c:\programmi\quicktime\QTTask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [APSDaemon] "c:\programmi\file comuni\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\programmi\file comuni\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\programmi\itunes\iTunesHelper.exe"
mRun: [PosService] c:\documents and settings\all users\documenti\appdata\poapp\PLauncher.exe
mRun: [DivXUpdate] "c:\programmi\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avgnt] "c:\programmi\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\programmi\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programmi\file comuni\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\adobeg~1.lnk - c:\programmi\file comuni\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\datavi~1.lnk - c:\programmi\file comuni\dataviz\DvzIncMsgr.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\hotsyn~1.lnk - c:\programmi\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\nkbmon~1.lnk - c:\programmi\nikon\pictureproject\NkbMonitor.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programmi\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programmi\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\programmi\file comuni\microsoft shared\encarta search bar\ENCSBAR.DLL
LSP: c:\programmi\avira\antivir desktop\avsda.dll
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199379695062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{054EFC57-DA4D-4661-9C81-44F94D436194} : NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{41F2D112-185D-4413-81FA-C1459E1C02CF} : NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{5779FF95-C4CB-4DFD-9DA7-1FFA8401E341} : NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{5779FF95-C4CB-4DFD-9DA7-1FFA8401E341} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E11C9101-F38A-427D-8013-4EBDCD5264FA} : NameServer = 176.31.229.24,176.31.229.25
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programmi\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\programmi\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programmi\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\claudio\dati applicazioni\mozilla\firefox\profiles\su30zz67.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567691&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Wikipedia (it)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\claudio\dati applicazioni\mozilla\firefox\profiles\su30zz67.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\claudio\dati applicazioni\mozilla\firefox\profiles\su30zz67.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\claudio\impostazioni locali\dati applicazioni\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\programmi\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\programmi\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\programmi\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\programmi\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\programmi\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\programmi\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\programmi\microsoft\office live\npOLW.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programmi\picasa2\npPicasa3.dll
FF - plugin: c:\programmi\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\programmi\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-14 36000]
R1 SASDIFSV;SASDIFSV;c:\programmi\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\programmi\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\programmi\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AntiVirMailService;Avira Mail Protection;c:\programmi\avira\antivir desktop\avmailc.exe [2011-12-14 342480]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\avira\antivir desktop\sched.exe [2011-12-14 86224]
R2 AntiVirService;Avira Realtime Protection;c:\programmi\avira\antivir desktop\avguard.exe [2011-12-14 110032]
R2 AntiVirWebService;Avira Web Protection;c:\programmi\avira\antivir desktop\avwebgrd.exe [2011-12-14 463824]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-14 74640]
R2 BBUpdate;BBUpdate;c:\programmi\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-15 54752]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 BBSvc;Bing Bar Update Service;c:\programmi\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\google\update\GoogleUpdate.exe [2009-12-28 135664]
S2 PowerOffer Service;Pos Service;c:\documents and settings\claudio\impostazioni locali\dati applicazioni\posservice\Pos.exe [2011-11-24 164864]
S2 ServUpdater;Serv Updater;c:\documents and settings\claudio\impostazioni locali\dati applicazioni\servupdater\ServiceUpd.exe [2011-11-24 156160]
S3 FLXG750;FreeLan 802.11g XG750 Driver;c:\windows\system32\drivers\WLANUTG.SYS [2008-1-3 494848]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\google\update\GoogleUpdate.exe [2009-12-28 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\programmi\lavasoft\ad-aware\kernexplorer.sys --> c:\programmi\lavasoft\ad-aware\KernExplorer.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
=============== Created Last 30 ================
.
2012-01-28 15:30:22 388096 ----a-r- c:\documents and settings\claudio\dati applicazioni\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-28 15:30:19 -------- d-----w- c:\programmi\Trend Micro
2012-01-14 11:41:34 -------- d-----w- c:\documents and settings\claudio\dati applicazioni\wsInspector
2012-01-14 11:20:07 -------- d-----w- c:\programmi\Startup Inspector for Windows
2012-01-09 18:00:07 626688 ----a-w- c:\programmi\mozilla firefox\msvcr80.dll
2012-01-09 18:00:07 548864 ----a-w- c:\programmi\mozilla firefox\msvcp80.dll
2012-01-09 18:00:07 479232 ----a-w- c:\programmi\mozilla firefox\msvcm80.dll
2012-01-09 18:00:07 43992 ----a-w- c:\programmi\mozilla firefox\mozutils.dll
2012-01-03 07:22:02 103864 ----a-w- c:\programmi\mozilla firefox\plugins\nppdf32.dll
2012-01-03 07:22:02 103864 ----a-w- c:\programmi\internet explorer\plugins\nppdf32.dll
2012-01-01 13:24:21 -------- d-----w- c:\documents and settings\claudio\dati applicazioni\SUPERAntiSpyware.com
2012-01-01 13:23:21 -------- d-----w- c:\programmi\SUPERAntiSpyware
2012-01-01 13:23:21 -------- d-----w- c:\documents and settings\all users\dati applicazioni\SUPERAntiSpyware.com
2012-01-01 13:23:07 -------- d-----w- c:\documents and settings\all users\dati applicazioni\SUPERSetup
2011-12-31 16:52:21 -------- d-----w- c:\windows\system32\NtmsData
2011-12-31 16:48:45 -------- d-----w- c:\programmi\Navilog1
.
==================== Find3M ====================
.
2011-12-10 14:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 15:17:01 26624 ----a-w- c:\windows\system32\userinit.exe
2011-12-03 18:55:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-01 17:02:51 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-01 17:02:51 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-25 21:57:07 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40:20 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12:28 60928 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:22:12 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22:11 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:13:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13:31 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13:31 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:24:16 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:28 386560 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:28 1297408 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:12 1288192 ----a-w- c:\windows\system32\ole32.dll
2004-07-26 01:16:20 598086 -c--a-w- c:\programmi\DVD Shrink 3.2.exe
.
============= FINISH: 16.48.20,82 ===============
Attached File  attach 30Jan2012.zip   3.96KB   0 downloads

#4 Gioguer

Gioguer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Italy
  • Local time:08:11 PM

Posted 30 January 2012 - 11:28 AM

Hello again.
In this second message I'm attaching the zipped mbr.dat and including the following aswMBR file:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-30 16:55:05
-----------------------------
16:55:05.453 OS Version: Windows 5.1.2600 Service Pack 3
16:55:05.453 Number of processors: 1 586 0x401
16:55:05.453 ComputerName: CLAUDIO-34E5D12 UserName: Claudio
16:55:06.171 Initialize success
17:09:59.140 AVAST engine defs: 12013000
17:12:04.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
17:12:04.796 Disk 0 Vendor: MAXTOR_STM3250310AS 3.AAC Size: 238475MB BusType: 3
17:12:04.796 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-19
17:12:04.796 Disk 1 Vendor: Maxtor_6L120M0 BACE1G10 Size: 117246MB BusType: 3
17:12:04.812 Disk 0 MBR read successfully
17:12:04.812 Disk 0 MBR scan
17:12:04.921 Disk 0 Windows XP default MBR code
17:12:04.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
17:12:04.984 Disk 0 scanning sectors +488376000
17:12:05.156 Disk 0 scanning C:\WINDOWS\system32\drivers
17:12:32.437 Service scanning
17:12:33.781 Modules scanning
17:12:44.859 Disk 0 trace - called modules:
17:12:44.875 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:12:44.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86358ab8]
17:12:44.875 3 CLASSPNP.SYS[f764afd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8635cd98]
17:12:47.578 AVAST engine scan C:\WINDOWS
17:13:00.375 AVAST engine scan C:\WINDOWS\system32
17:20:10.359 AVAST engine scan C:\WINDOWS\system32\drivers
17:20:48.296 AVAST engine scan C:\Documents and Settings\Claudio
17:22:04.609 Disk 0 MBR has been saved successfully to "E:\Claudio\Documenti\Giovanna\Documenti Giovanna\Computer\MBR.dat"
17:22:04.625 The log file has been saved successfully to "E:\Claudio\Documenti\Giovanna\Documenti Giovanna\Computer\aswMBR30Jan2012.txt"


Attached File  MBR.zip   529bytes   1 downloads

Thank you!

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:11 PM

Posted 30 January 2012 - 05:23 PM

Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 Gioguer

Gioguer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Italy
  • Local time:08:11 PM

Posted 31 January 2012 - 10:12 AM

Hello, I've done TDSSKiller.exe, no maliciuos object were found:

16:01:26.0671 1128 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
16:01:28.0671 1128 ============================================================
16:01:28.0671 1128 Current date / time: 2012/01/31 16:01:28.0671
16:01:28.0671 1128 SystemInfo:
16:01:28.0671 1128
16:01:28.0671 1128 OS Version: 5.1.2600 ServicePack: 3.0
16:01:28.0671 1128 Product type: Workstation
16:01:28.0671 1128 ComputerName: CLAUDIO-34E5D12
16:01:28.0671 1128 UserName: Claudio
16:01:28.0671 1128 Windows directory: C:\WINDOWS
16:01:28.0671 1128 System windows directory: C:\WINDOWS
16:01:28.0671 1128 Processor architecture: Intel x86
16:01:28.0671 1128 Number of processors: 1
16:01:28.0671 1128 Page size: 0x1000
16:01:28.0671 1128 Boot type: Normal boot
16:01:28.0671 1128 ============================================================
16:01:32.0171 1128 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:01:32.0187 1128 Drive \Device\Harddisk1\DR1 - Size: 0x1C9FEF0000 (114.50 Gb), SectorSize: 0x200, Cylinders: 0x3A62, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:01:32.0203 1128 \Device\Harddisk0\DR0:
16:01:32.0203 1128 MBR used
16:01:32.0203 1128 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
16:01:32.0203 1128 \Device\Harddisk1\DR1:
16:01:32.0203 1128 MBR used
16:01:32.0203 1128 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE4F80E2
16:01:32.0343 1128 Initialize success
16:01:32.0343 1128 ============================================================
16:01:38.0703 0500 ============================================================
16:01:38.0703 0500 Scan started
16:01:38.0703 0500 Mode: Manual;
16:01:38.0703 0500 ============================================================
16:01:39.0062 0500 Abiosdsk - ok
16:01:39.0093 0500 abp480n5 - ok
16:01:39.0140 0500 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:01:39.0156 0500 ACPI - ok
16:01:39.0203 0500 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:01:39.0234 0500 ACPIEC - ok
16:01:39.0250 0500 adpu160m - ok
16:01:39.0328 0500 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:01:39.0390 0500 aec - ok
16:01:39.0484 0500 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:01:39.0515 0500 AFD - ok
16:01:39.0562 0500 Aha154x - ok
16:01:39.0593 0500 aic78u2 - ok
16:01:39.0625 0500 aic78xx - ok
16:01:39.0671 0500 AliIde - ok
16:01:39.0703 0500 amsint - ok
16:01:39.0765 0500 asc - ok
16:01:39.0796 0500 asc3350p - ok
16:01:39.0828 0500 asc3550 - ok
16:01:39.0906 0500 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:01:39.0937 0500 AsyncMac - ok
16:01:39.0984 0500 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:01:39.0984 0500 atapi - ok
16:01:40.0015 0500 Atdisk - ok
16:01:40.0078 0500 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:01:40.0093 0500 Atmarpc - ok
16:01:40.0187 0500 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:01:40.0234 0500 audstub - ok
16:01:40.0328 0500 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:01:40.0343 0500 avgntflt - ok
16:01:40.0390 0500 avipbb (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:01:40.0437 0500 avipbb - ok
16:01:40.0484 0500 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
16:01:40.0515 0500 avkmgr - ok
16:01:40.0578 0500 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:01:40.0625 0500 Beep - ok
16:01:40.0718 0500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:01:40.0750 0500 cbidf2k - ok
16:01:40.0796 0500 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:01:40.0812 0500 CCDECODE - ok
16:01:40.0875 0500 cd20xrnt - ok
16:01:40.0937 0500 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:01:40.0968 0500 Cdaudio - ok
16:01:41.0031 0500 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:01:41.0031 0500 Cdfs - ok
16:01:41.0109 0500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:01:41.0125 0500 Cdrom - ok
16:01:41.0156 0500 Changer - ok
16:01:41.0218 0500 CmdIde - ok
16:01:41.0281 0500 cmuda (ddcde8ced6e753f9ebbd07659f808d9d) C:\WINDOWS\system32\drivers\cmuda.sys
16:01:41.0312 0500 cmuda - ok
16:01:41.0359 0500 Cpqarray - ok
16:01:41.0390 0500 dac2w2k - ok
16:01:41.0421 0500 dac960nt - ok
16:01:41.0500 0500 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:01:41.0500 0500 Disk - ok
16:01:41.0593 0500 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
16:01:41.0671 0500 dmboot - ok
16:01:41.0765 0500 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
16:01:41.0765 0500 dmio - ok
16:01:41.0796 0500 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:01:41.0796 0500 dmload - ok
16:01:41.0859 0500 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:01:41.0890 0500 DMusic - ok
16:01:41.0953 0500 dpti2o - ok
16:01:42.0015 0500 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:01:42.0046 0500 drmkaud - ok
16:01:42.0187 0500 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:01:42.0187 0500 Fastfat - ok
16:01:42.0234 0500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:01:42.0265 0500 Fdc - ok
16:01:42.0375 0500 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
16:01:42.0390 0500 Fips - ok
16:01:42.0468 0500 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:01:42.0515 0500 Flpydisk - ok
16:01:42.0578 0500 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:01:42.0593 0500 FltMgr - ok
16:01:42.0687 0500 FLXG750 (1fd4be45f40f7534472b7b23fa223f6e) C:\WINDOWS\system32\DRIVERS\WlanUTG.sys
16:01:42.0812 0500 FLXG750 - ok
16:01:42.0890 0500 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
16:01:42.0906 0500 fssfltr - ok
16:01:42.0984 0500 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:01:43.0015 0500 Fs_Rec - ok
16:01:43.0093 0500 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:01:43.0093 0500 Ftdisk - ok
16:01:43.0187 0500 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
16:01:43.0218 0500 GEARAspiWDM - ok
16:01:43.0296 0500 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:01:43.0328 0500 Gpc - ok
16:01:43.0421 0500 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:01:43.0453 0500 hidusb - ok
16:01:43.0500 0500 hpn - ok
16:01:43.0562 0500 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:01:43.0562 0500 HTTP - ok
16:01:43.0640 0500 i2omgmt - ok
16:01:43.0671 0500 i2omp - ok
16:01:43.0734 0500 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:01:43.0765 0500 i8042prt - ok
16:01:43.0843 0500 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:01:43.0937 0500 ialm - ok
16:01:44.0046 0500 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:01:44.0078 0500 Imapi - ok
16:01:44.0109 0500 InCDFs - ok
16:01:44.0125 0500 InCDPass - ok
16:01:44.0156 0500 InCDRm - ok
16:01:44.0203 0500 ini910u - ok
16:01:44.0265 0500 IntelIde (027fe9b28fb0f861c181d25923b31e78) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:01:44.0265 0500 IntelIde - ok
16:01:44.0359 0500 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:01:44.0359 0500 intelppm - ok
16:01:44.0421 0500 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:01:44.0453 0500 Ip6Fw - ok
16:01:44.0515 0500 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:01:44.0515 0500 IpFilterDriver - ok
16:01:44.0578 0500 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:01:44.0609 0500 IpInIp - ok
16:01:44.0703 0500 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:01:44.0703 0500 IpNat - ok
16:01:44.0781 0500 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:01:44.0812 0500 IPSec - ok
16:01:44.0890 0500 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:01:44.0921 0500 IRENUM - ok
16:01:45.0000 0500 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:01:45.0000 0500 isapnp - ok
16:01:45.0062 0500 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:01:45.0093 0500 Kbdclass - ok
16:01:45.0187 0500 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:01:45.0218 0500 kmixer - ok
16:01:45.0281 0500 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:01:45.0281 0500 KSecDD - ok
16:01:45.0343 0500 Lavasoft Kernexplorer - ok
16:01:45.0406 0500 Lbd - ok
16:01:45.0421 0500 lbrtfdc - ok
16:01:45.0515 0500 LVUSBSta (c0883f7914afa7feaa41ada0d513ac16) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
16:01:45.0546 0500 LVUSBSta - ok
16:01:45.0656 0500 LVUVC (0d8d733e13a0bdd81ce567fa54f6c8c1) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
16:01:45.0750 0500 LVUVC - ok
16:01:45.0875 0500 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:01:45.0906 0500 mnmdd - ok
16:01:45.0984 0500 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
16:01:45.0984 0500 Modem - ok
16:01:46.0062 0500 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:01:46.0093 0500 Mouclass - ok
16:01:46.0140 0500 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:01:46.0171 0500 mouhid - ok
16:01:46.0250 0500 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:01:46.0265 0500 MountMgr - ok
16:01:46.0281 0500 mraid35x - ok
16:01:46.0343 0500 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:01:46.0359 0500 MRxDAV - ok
16:01:46.0421 0500 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:01:46.0437 0500 MRxSmb - ok
16:01:46.0562 0500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:01:46.0562 0500 Msfs - ok
16:01:46.0640 0500 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:01:46.0671 0500 MSKSSRV - ok
16:01:46.0718 0500 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:01:46.0750 0500 MSPCLOCK - ok
16:01:46.0828 0500 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:01:46.0843 0500 MSPQM - ok
16:01:46.0921 0500 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:01:46.0921 0500 mssmbios - ok
16:01:46.0968 0500 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:01:46.0984 0500 MSTEE - ok
16:01:47.0031 0500 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:01:47.0062 0500 Mup - ok
16:01:47.0109 0500 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:01:47.0140 0500 NABTSFEC - ok
16:01:47.0234 0500 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:01:47.0234 0500 NDIS - ok
16:01:47.0281 0500 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:01:47.0296 0500 NdisIP - ok
16:01:47.0359 0500 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:01:47.0406 0500 NdisTapi - ok
16:01:47.0484 0500 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:01:47.0515 0500 Ndisuio - ok
16:01:47.0562 0500 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:01:47.0593 0500 NdisWan - ok
16:01:47.0734 0500 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:01:47.0781 0500 NDProxy - ok
16:01:47.0875 0500 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:01:47.0875 0500 NetBIOS - ok
16:01:47.0937 0500 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:01:48.0000 0500 NetBT - ok
16:01:48.0156 0500 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:01:48.0156 0500 Npfs - ok
16:01:48.0203 0500 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:01:48.0203 0500 Ntfs - ok
16:01:48.0296 0500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:01:48.0312 0500 Null - ok
16:01:48.0375 0500 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:01:48.0390 0500 NwlnkFlt - ok
16:01:48.0453 0500 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:01:48.0468 0500 NwlnkFwd - ok
16:01:48.0562 0500 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
16:01:48.0593 0500 PalmUSBD - ok
16:01:48.0640 0500 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\DRIVERS\parport.sys
16:01:48.0671 0500 Parport - ok
16:01:48.0781 0500 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:01:48.0781 0500 PartMgr - ok
16:01:48.0843 0500 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
16:01:48.0875 0500 ParVdm - ok
16:01:48.0937 0500 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
16:01:48.0937 0500 PCI - ok
16:01:49.0000 0500 PCIDump - ok
16:01:49.0062 0500 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:01:49.0062 0500 PCIIde - ok
16:01:49.0125 0500 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:01:49.0171 0500 Pcmcia - ok
16:01:49.0218 0500 PDCOMP - ok
16:01:49.0265 0500 PDFRAME - ok
16:01:49.0281 0500 PDRELI - ok
16:01:49.0312 0500 PDRFRAME - ok
16:01:49.0343 0500 perc2 - ok
16:01:49.0375 0500 perc2hib - ok
16:01:49.0484 0500 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:01:49.0515 0500 PptpMiniport - ok
16:01:49.0562 0500 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:01:49.0593 0500 PSched - ok
16:01:49.0640 0500 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:01:49.0671 0500 Ptilink - ok
16:01:49.0750 0500 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:01:49.0750 0500 PxHelp20 - ok
16:01:49.0796 0500 ql1080 - ok
16:01:49.0828 0500 Ql10wnt - ok
16:01:49.0859 0500 ql12160 - ok
16:01:49.0890 0500 ql1240 - ok
16:01:49.0906 0500 ql1280 - ok
16:01:49.0968 0500 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:01:49.0984 0500 RasAcd - ok
16:01:50.0093 0500 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:01:50.0109 0500 Rasl2tp - ok
16:01:50.0171 0500 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:01:50.0203 0500 RasPppoe - ok
16:01:50.0281 0500 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:01:50.0296 0500 Raspti - ok
16:01:50.0406 0500 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:01:50.0406 0500 Rdbss - ok
16:01:50.0453 0500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:01:50.0468 0500 RDPCDD - ok
16:01:50.0515 0500 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:01:50.0562 0500 rdpdr - ok
16:01:50.0625 0500 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:01:50.0703 0500 RDPWD - ok
16:01:50.0796 0500 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:01:50.0828 0500 redbook - ok
16:01:50.0921 0500 rtl8139 (d0ac0b0355a3ffb85eb77b083cd0627c) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
16:01:50.0953 0500 rtl8139 - ok
16:01:51.0046 0500 SASDIFSV (39763504067962108505bff25f024345) C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS
16:01:51.0046 0500 SASDIFSV - ok
16:01:51.0078 0500 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Programmi\SUPERAntiSpyware\SASKUTIL.SYS
16:01:51.0078 0500 SASKUTIL - ok
16:01:51.0187 0500 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:01:51.0203 0500 Secdrv - ok
16:01:51.0296 0500 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:01:51.0343 0500 serenum - ok
16:01:51.0375 0500 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\DRIVERS\serial.sys
16:01:51.0406 0500 Serial - ok
16:01:51.0578 0500 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:01:51.0609 0500 Sfloppy - ok
16:01:51.0671 0500 Simbad - ok
16:01:51.0718 0500 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:01:51.0734 0500 SLIP - ok
16:01:51.0781 0500 Sparrow - ok
16:01:51.0859 0500 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:01:51.0875 0500 splitter - ok
16:01:51.0968 0500 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
16:01:51.0968 0500 sr - ok
16:01:52.0046 0500 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:01:52.0062 0500 Srv - ok
16:01:52.0125 0500 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:01:52.0156 0500 ssmdrv - ok
16:01:52.0218 0500 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:01:52.0250 0500 streamip - ok
16:01:52.0328 0500 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:01:52.0375 0500 swenum - ok
16:01:52.0453 0500 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:01:52.0484 0500 swmidi - ok
16:01:52.0531 0500 symc810 - ok
16:01:52.0562 0500 symc8xx - ok
16:01:52.0593 0500 sym_hi - ok
16:01:52.0625 0500 sym_u3 - ok
16:01:52.0687 0500 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:01:52.0718 0500 sysaudio - ok
16:01:52.0859 0500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:01:52.0937 0500 Tcpip - ok
16:01:53.0000 0500 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:01:53.0015 0500 TDPIPE - ok
16:01:53.0078 0500 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:01:53.0109 0500 TDTCP - ok
16:01:53.0171 0500 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:01:53.0203 0500 TermDD - ok
16:01:53.0265 0500 TosIde - ok
16:01:53.0328 0500 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:01:53.0359 0500 Udfs - ok
16:01:53.0406 0500 ultra - ok
16:01:53.0484 0500 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:01:53.0562 0500 Update - ok
16:01:53.0671 0500 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:01:53.0687 0500 USBAAPL - ok
16:01:53.0765 0500 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:01:53.0796 0500 usbaudio - ok
16:01:53.0875 0500 usbbus (5353218b3265e3b8190335059f697a11) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
16:01:53.0906 0500 usbbus - ok
16:01:53.0984 0500 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:01:54.0015 0500 usbccgp - ok
16:01:54.0062 0500 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:01:54.0093 0500 usbehci - ok
16:01:54.0156 0500 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:01:54.0187 0500 usbhub - ok
16:01:54.0281 0500 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
16:01:54.0296 0500 USBModem - ok
16:01:54.0390 0500 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:01:54.0421 0500 usbprint - ok
16:01:54.0515 0500 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:01:54.0531 0500 usbscan - ok
16:01:54.0562 0500 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:01:54.0625 0500 USBSTOR - ok
16:01:54.0718 0500 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:01:54.0750 0500 usbuhci - ok
16:01:54.0812 0500 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
16:01:54.0843 0500 usb_rndisx - ok
16:01:54.0906 0500 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:01:54.0937 0500 VgaSave - ok
16:01:54.0984 0500 ViaIde - ok
16:01:55.0046 0500 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
16:01:55.0062 0500 VolSnap - ok
16:01:55.0187 0500 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:01:55.0218 0500 Wanarp - ok
16:01:55.0265 0500 WDICA - ok
16:01:55.0296 0500 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:01:55.0328 0500 wdmaud - ok
16:01:55.0484 0500 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:01:55.0531 0500 WpdUsb - ok
16:01:55.0609 0500 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:01:55.0640 0500 WS2IFSL - ok
16:01:55.0703 0500 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:01:55.0734 0500 WSTCODEC - ok
16:01:55.0828 0500 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:01:55.0843 0500 WudfPf - ok
16:01:55.0890 0500 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:01:55.0921 0500 WudfRd - ok
16:01:56.0000 0500 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
16:01:56.0156 0500 \Device\Harddisk0\DR0 - ok
16:01:56.0171 0500 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk1\DR1
16:01:56.0515 0500 \Device\Harddisk1\DR1 - ok
16:01:56.0531 0500 Boot (0x1200) (e115918a97bcb9edd197b44238400a07) \Device\Harddisk0\DR0\Partition0
16:01:56.0531 0500 \Device\Harddisk0\DR0\Partition0 - ok
16:01:56.0546 0500 Boot (0x1200) (4ec7931f6c480db42ef226369bb0e159) \Device\Harddisk1\DR1\Partition0
16:01:56.0546 0500 \Device\Harddisk1\DR1\Partition0 - ok
16:01:56.0546 0500 ============================================================
16:01:56.0546 0500 Scan finished
16:01:56.0546 0500 ============================================================
16:01:56.0578 2244 Detected object count: 0
16:01:56.0578 2244 Actual detected object count: 0


As regards ComboFix, I had already downloaded it some days ago, but I can find neither the .txt nor the .exe file; however, I can still see a Folder named Combofix on my C Drive, including disks, units, etc. Therefore, I don't know whether I have to download ComboFix once more or first do something to remove the old folder.

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:11 PM

Posted 31 January 2012 - 06:59 PM

No, just download a fresh copy to your desktop and run it

make sure your security programs are disabled

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 Gioguer

Gioguer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Italy
  • Local time:08:11 PM

Posted 31 January 2012 - 07:45 PM

I've got Avira Antivirus Premium. Even after disabling realtime protection (and seeing a closed umbrella), it still interfered with ComboFix. After two or three alerts from Combofix, I had to stop scanning.
Then, if my antivirus is completely disabled, how could I safely download Microsoft Windows recovery console?

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:11 PM

Posted 31 January 2012 - 08:30 PM

Please uninstall Avira until we have finished cleaning your machine so it wont interfere

Combofix downloads the recovery console for you, it is safe to allow it to download and install it.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:11 PM

Posted 06 February 2012 - 06:48 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users