Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected pc


  • This topic is locked This topic is locked
19 replies to this topic

#1 redfox62

redfox62

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 23 April 2012 - 02:33 AM

Hello. I'm new in this forum. I have a problem. All my browser are very slow and they didn't respond! All, except google chrome. I run avira, and it discover some hidden file infected, but it is not be able to remove. So, pc turn off suddenly. I tried malwarebytes, but it not show any virus. I was thinkin to usi combofix. Tell me what i can to do.
Thank you
Daniele.
Foie now i post Hijackthis log.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 AM

Posted 23 April 2012 - 02:53 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 redfox62

redfox62
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 23 April 2012 - 03:20 AM

thank you!
These are the security check log and dds logs.

Security check log:


Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

AVG PC Tuneup
Avira Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date HijackThis installed!
RegSupreme Pro
HijackThis 1.99.1
AVG PC Tuneup
CCleaner
EasyCleaner
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 11.2.202.233
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````


DDS LOGS:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Avv. Daniele D'Amico at 10:12:44 on 2012-04-23
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1334 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {00000018-003C-0000-08EE-1200700F9B00}
AV: AntiVir Desktop *Enabled/Updated* {00000018-003C-0000-08EE-1200640F9B00}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
C:\Programmi\Cobian Backup 9\cbService.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Programmi\UPHClean\uphclean.exe
C:\Programmi\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Documents and Settings\Avv. Daniele D'Amico\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Avv. Daniele D'Amico\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Avv. Daniele D'Amico\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: AutorunsDisabled - No File
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [KiesPDLR] c:\programmi\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [Google Update] "c:\documents and settings\avv. daniele d'amico\impostazioni locali\dati applicazioni\google\update\GoogleUpdate.exe" /c
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [avgnt] "c:\programmi\avira\antivir desktop\avgnt.exe" /min
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [APSDaemon] "c:\programmi\file comuni\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\programmi\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\programmi\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\logite~1.lnk - c:\programmi\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoActiveDesktop = 00000000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{221A8DD6-36BA-469D-95C1-4E55E7D8F111} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EC6EDCDD-FE21-4D2B-A619-EC4BE635C527} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fileco~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\avv. daniele d'amico\dati applicazioni\mozilla\firefox\profiles\bh16pu80.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=
FF - plugin: c:\documents and settings\avv. daniele d'amico\dati applicazioni\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\avv. daniele d'amico\impostazioni locali\dati applicazioni\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\programmi\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\google\picasa3\npPicasa3.dll
FF - plugin: c:\programmi\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\programmi\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\programmi\microsoft\office live\npOLW.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\programmi\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-1-4 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\avira\antivir desktop\sched.exe [2012-1-4 86224]
R2 AntiVirService;Avira Realtime Protection;c:\programmi\avira\antivir desktop\avguard.exe [2012-1-4 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-1-4 74640]
R2 CDMA Device Service;CDMA Device Service;c:\programmi\samsung\usb drivers\26_via_driver2\x86\VIAService.exe [2011-9-14 63488]
R2 CobianBackupAmanita;Cobian Backup 9 servizio;c:\programmi\cobian backup 9\cbService.exe [2009-2-16 583168]
R2 MBAMService;MBAMService;c:\programmi\malwarebytes' anti-malware\mbamservice.exe [2009-3-30 654408]
R2 PD91Agent;PD91Agent;c:\programmi\raxco\perfectdisk2008\PD91Agent.exe [2008-1-16 664840]
R2 wwEngineSvc;Window Washer Engine;c:\programmi\webroot\washer\WasherSvc.exe [2008-4-24 598856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-30 22344]
R3 xcpip;Driver protocollo TCP/IP;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;Driver IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate1c998f2177093f2;Servizio di Google Update (gupdate1c998f2177093f2);c:\programmi\google\update\GoogleUpdate.exe [2009-2-27 133104]
S3 ADM8511;Convertitore ADMtek ADM8511/AN986 da USB a Fast Ethernet;c:\windows\system32\drivers\adm8511.sys [2006-2-27 20160]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-23 253088]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-9-14 30312]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\google\update\GoogleUpdate.exe [2009-2-27 133104]
S3 nmwcdnsu;nmwcdnsu;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;nmwcdnsuc;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 OSCI_DRVNT;OSCI_DRVNT;c:\windows\system32\drivers\OSCI_DRVNT.sys [2006-2-4 6784]
S3 P1050VID;Creative WebCam Pro eX (Video);c:\windows\system32\drivers\P1050Wnt.sys [2006-2-7 179853]
S3 PD91Engine;PD91Engine;c:\programmi\raxco\perfectdisk2008\PD91Engine.exe [2008-1-16 894216]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-9-14 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-9-14 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-9-14 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-9-14 114280]
S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [2006-3-14 159616]
S4 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [2006-3-14 5248]
.
=============== Created Last 30 ================
.
2012-04-23 06:07:34 -------- d-----w- c:\documents and settings\avv. daniele d'amico\dati applicazioni\TeamViewer
2012-04-23 06:06:49 -------- d-----w- c:\programmi\TeamViewer
2012-04-23 06:02:18 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-21 15:41:51 -------- d-----w- c:\programmi\file comuni\Logitech
.
==================== Find3M ====================
.
2012-04-23 06:19:13 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-10 01:32:32 4431872 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-01 11:00:04 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:22 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:57:50 1860096 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 10.13.37,04 ===============

ATTACH txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 31/01/2006 17.37.15
System Uptime: 23/04/2012 10.04.31 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | nForce
Processor: AMD Sempron™ Processor 3000+ | Socket 754 | 1808/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 51 GiB total, 32,179 GiB free.
D: is FIXED (NTFS) - 247 GiB total, 220,41 GiB free.
E: is FIXED (NTFS) - 373 GiB total, 312,915 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play BIOS Extension
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: Plug and Play BIOS Extension
PNP Device ID: ROOT\SYSTEM\0003
Service: Vax347b
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
3D Windows XP Screen Saver
7-Zip 4.32
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS
Adobe Shockwave Player 11.5
Aggiornamento della protezione per Windows Internet Explorer 7 (KB933566)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB937143)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB942615)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB944533)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB950759)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB953838)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB956390)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB958215)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB960714)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB961260)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB963027)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB969897)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB972260)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB974455)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2183461)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2360131)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2416400)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2482017)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2497640)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2510531)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2530548)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2544521)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2559049)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2586448)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2618444)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2647516)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2675157)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB971961)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB974455)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB976325)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB978207)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB981332)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB982381)
Aggiornamento della protezione per Windows XP (KB2621440)
Aggiornamento della protezione per Windows XP (KB2641653)
Aggiornamento della protezione per Windows XP (KB2647518)
Aggiornamento della protezione per Windows XP (KB2653956)
Aggiornamento per Windows Internet Explorer 8 (KB975364)
Aggiornamento per Windows Internet Explorer 8 (KB976662)
Aggiornamento per Windows Internet Explorer 8 (KB976749)
Aggiornamento per Windows Internet Explorer 8 (KB980182)
Aggiornamento rapido per Windows Internet Explorer 7 (KB947864)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Assistente per l'accesso a Windows Live
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
µTorrent
Audacity 1.3.14 (Unicode)
AVG PC Tuneup
Avira Free Antivirus
Bonjour
Canon iP3300
Canon Setup Utility 2.3
Cap
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner
CDDRV_Installer
Cobian Backup 9
CodFree 6.00 - Codice Fiscale
dBpoweramp Aiff Codec
dBpoweramp DSP Effects
dBpoweramp FLAC Codec
dBpoweramp m4a Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp Music Converter
dBpoweramp WavPack Codec
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
dMC AccurateRip
EasyCleaner
erLT
ERUNT 1.1j
Estensione HighMAT per Masterizzazione guidata CD di Microsoft Windows XP
Exact Audio Copy 0.99pb5
Facebook Plug-In
Feurio! CD-Writer
FFmpeg for Audacity on Windows
FLAC 1.2.1b (remove only)
foobar2000 v1.1.11
Foxit Reader 5.1
Free FLV Converter V 7.3.0
Google Chrome
Google Earth
Google Update Helper
Hard Disk Low Level Format Tool 2.36 build 1181
HDD Health v3.3 Beta
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
iTunes
iZotope RX
Java Auto Updater
Java™ 6 Update 29
JDownloader
KhalInstallWrapper
L&H TTS3000 Italiano
LADSPA_plugins-win-0.4.15
LAME v3.98.2 for Audacity
LettoreVocale
Logitech SetPoint
Logitech Updater
Malwarebytes Anti-Malware versione 1.61.0.1400
MD5 Checksum Verifier 3.3
Medieval CUE Splitter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Italian Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Language Pack - DEU
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA
Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
Microsoft .NET Framework 3.5 Language Pack SP1 - ita
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Live Add-in 1.3
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Monkey's Audio
Mozilla Firefox 11.0 (x86 it)
MP3-Check (v1.0.40.0)
Mp3tag v2.50
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
MUD 2011
MyFreeCodec
Nero 6 Enterprise Edition
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenSSL 0.9.6m
Oplisker 0.1.4
PC-CAM Center
PDFCreator
PerfectDisk 2008 Professional
Picasa 3
QuickSFV (Remove only)
QuickTime
r8brain 1.9
r8brain PRO 1.5
Realtek AC'97 Audio
Registrazione utente Canon iP3300
RegSupreme Pro
Ricerca CAP 32-bit v4.21
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Segoe UI
Skins
Sony CD Architect 5.2
Strumento di caricamento di Windows Live
TeamViewer 7
TT-Dynamic-Range 1.1
Tweak UI
Unity Web Player
Unlocker 1.8.8
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User Profile Hive Cleanup Service
VC80CRTRedist - 8.0.50727.6195
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 2.0.1
WebFldrs XP
Window Washer
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR gestione archivi
xrecode II 1.0.0.189
.
==== End Of File ===========================

thank you!
These are the security check log and dds logs.

Security check log:


Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

AVG PC Tuneup
Avira Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date HijackThis installed!
RegSupreme Pro
HijackThis 1.99.1
AVG PC Tuneup
CCleaner
EasyCleaner
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 11.2.202.233
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````


DDS LOGS:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Avv. Daniele D'Amico at 10:12:44 on 2012-04-23
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1334 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {00000018-003C-0000-08EE-1200700F9B00}
AV: AntiVir Desktop *Enabled/Updated* {00000018-003C-0000-08EE-1200640F9B00}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
C:\Programmi\Cobian Backup 9\cbService.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Programmi\UPHClean\uphclean.exe
C:\Programmi\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Documents and Settings\Avv. Daniele D'Amico\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Avv. Daniele D'Amico\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Avv. Daniele D'Amico\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: AutorunsDisabled - No File
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [KiesPDLR] c:\programmi\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [Google Update] "c:\documents and settings\avv. daniele d'amico\impostazioni locali\dati applicazioni\google\update\GoogleUpdate.exe" /c
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [avgnt] "c:\programmi\avira\antivir desktop\avgnt.exe" /min
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [APSDaemon] "c:\programmi\file comuni\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\programmi\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\programmi\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\logite~1.lnk - c:\programmi\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoActiveDesktop = 00000000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{221A8DD6-36BA-469D-95C1-4E55E7D8F111} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EC6EDCDD-FE21-4D2B-A619-EC4BE635C527} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fileco~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\avv. daniele d'amico\dati applicazioni\mozilla\firefox\profiles\bh16pu80.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=
FF - plugin: c:\documents and settings\avv. daniele d'amico\dati applicazioni\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\avv. daniele d'amico\impostazioni locali\dati applicazioni\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\programmi\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\google\picasa3\npPicasa3.dll
FF - plugin: c:\programmi\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\programmi\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\programmi\microsoft\office live\npOLW.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\programmi\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-1-4 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\avira\antivir desktop\sched.exe [2012-1-4 86224]
R2 AntiVirService;Avira Realtime Protection;c:\programmi\avira\antivir desktop\avguard.exe [2012-1-4 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-1-4 74640]
R2 CDMA Device Service;CDMA Device Service;c:\programmi\samsung\usb drivers\26_via_driver2\x86\VIAService.exe [2011-9-14 63488]
R2 CobianBackupAmanita;Cobian Backup 9 servizio;c:\programmi\cobian backup 9\cbService.exe [2009-2-16 583168]
R2 MBAMService;MBAMService;c:\programmi\malwarebytes' anti-malware\mbamservice.exe [2009-3-30 654408]
R2 PD91Agent;PD91Agent;c:\programmi\raxco\perfectdisk2008\PD91Agent.exe [2008-1-16 664840]
R2 wwEngineSvc;Window Washer Engine;c:\programmi\webroot\washer\WasherSvc.exe [2008-4-24 598856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-30 22344]
R3 xcpip;Driver protocollo TCP/IP;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;Driver IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate1c998f2177093f2;Servizio di Google Update (gupdate1c998f2177093f2);c:\programmi\google\update\GoogleUpdate.exe [2009-2-27 133104]
S3 ADM8511;Convertitore ADMtek ADM8511/AN986 da USB a Fast Ethernet;c:\windows\system32\drivers\adm8511.sys [2006-2-27 20160]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-23 253088]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-9-14 30312]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\google\update\GoogleUpdate.exe [2009-2-27 133104]
S3 nmwcdnsu;nmwcdnsu;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;nmwcdnsuc;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 OSCI_DRVNT;OSCI_DRVNT;c:\windows\system32\drivers\OSCI_DRVNT.sys [2006-2-4 6784]
S3 P1050VID;Creative WebCam Pro eX (Video);c:\windows\system32\drivers\P1050Wnt.sys [2006-2-7 179853]
S3 PD91Engine;PD91Engine;c:\programmi\raxco\perfectdisk2008\PD91Engine.exe [2008-1-16 894216]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-9-14 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-9-14 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-9-14 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-9-14 114280]
S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [2006-3-14 159616]
S4 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [2006-3-14 5248]
.
=============== Created Last 30 ================
.
2012-04-23 06:07:34 -------- d-----w- c:\documents and settings\avv. daniele d'amico\dati applicazioni\TeamViewer
2012-04-23 06:06:49 -------- d-----w- c:\programmi\TeamViewer
2012-04-23 06:02:18 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-21 15:41:51 -------- d-----w- c:\programmi\file comuni\Logitech
.
==================== Find3M ====================
.
2012-04-23 06:19:13 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-10 01:32:32 4431872 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-01 11:00:04 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:22 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:57:50 1860096 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 10.13.37,04 ===============

ATTACH txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 31/01/2006 17.37.15
System Uptime: 23/04/2012 10.04.31 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | nForce
Processor: AMD Sempron™ Processor 3000+ | Socket 754 | 1808/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 51 GiB total, 32,179 GiB free.
D: is FIXED (NTFS) - 247 GiB total, 220,41 GiB free.
E: is FIXED (NTFS) - 373 GiB total, 312,915 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play BIOS Extension
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: Plug and Play BIOS Extension
PNP Device ID: ROOT\SYSTEM\0003
Service: Vax347b
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
3D Windows XP Screen Saver
7-Zip 4.32
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS
Adobe Shockwave Player 11.5
Aggiornamento della protezione per Windows Internet Explorer 7 (KB933566)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB937143)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB942615)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB944533)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB950759)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB953838)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB956390)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB958215)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB960714)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB961260)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB963027)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB969897)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB972260)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB974455)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2183461)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2360131)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2416400)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2482017)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2497640)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2510531)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2530548)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2544521)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2559049)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2586448)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2618444)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2647516)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2675157)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB971961)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB974455)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB976325)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB978207)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB981332)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB982381)
Aggiornamento della protezione per Windows XP (KB2621440)
Aggiornamento della protezione per Windows XP (KB2641653)
Aggiornamento della protezione per Windows XP (KB2647518)
Aggiornamento della protezione per Windows XP (KB2653956)
Aggiornamento per Windows Internet Explorer 8 (KB975364)
Aggiornamento per Windows Internet Explorer 8 (KB976662)
Aggiornamento per Windows Internet Explorer 8 (KB976749)
Aggiornamento per Windows Internet Explorer 8 (KB980182)
Aggiornamento rapido per Windows Internet Explorer 7 (KB947864)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Assistente per l'accesso a Windows Live
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
µTorrent
Audacity 1.3.14 (Unicode)
AVG PC Tuneup
Avira Free Antivirus
Bonjour
Canon iP3300
Canon Setup Utility 2.3
Cap
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner
CDDRV_Installer
Cobian Backup 9
CodFree 6.00 - Codice Fiscale
dBpoweramp Aiff Codec
dBpoweramp DSP Effects
dBpoweramp FLAC Codec
dBpoweramp m4a Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp Music Converter
dBpoweramp WavPack Codec
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
dMC AccurateRip
EasyCleaner
erLT
ERUNT 1.1j
Estensione HighMAT per Masterizzazione guidata CD di Microsoft Windows XP
Exact Audio Copy 0.99pb5
Facebook Plug-In
Feurio! CD-Writer
FFmpeg for Audacity on Windows
FLAC 1.2.1b (remove only)
foobar2000 v1.1.11
Foxit Reader 5.1
Free FLV Converter V 7.3.0
Google Chrome
Google Earth
Google Update Helper
Hard Disk Low Level Format Tool 2.36 build 1181
HDD Health v3.3 Beta
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
iTunes
iZotope RX
Java Auto Updater
Java™ 6 Update 29
JDownloader
KhalInstallWrapper
L&H TTS3000 Italiano
LADSPA_plugins-win-0.4.15
LAME v3.98.2 for Audacity
LettoreVocale
Logitech SetPoint
Logitech Updater
Malwarebytes Anti-Malware versione 1.61.0.1400
MD5 Checksum Verifier 3.3
Medieval CUE Splitter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Italian Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Language Pack - DEU
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA
Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
Microsoft .NET Framework 3.5 Language Pack SP1 - ita
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Live Add-in 1.3
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Monkey's Audio
Mozilla Firefox 11.0 (x86 it)
MP3-Check (v1.0.40.0)
Mp3tag v2.50
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
MUD 2011
MyFreeCodec
Nero 6 Enterprise Edition
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenSSL 0.9.6m
Oplisker 0.1.4
PC-CAM Center
PDFCreator
PerfectDisk 2008 Professional
Picasa 3
QuickSFV (Remove only)
QuickTime
r8brain 1.9
r8brain PRO 1.5
Realtek AC'97 Audio
Registrazione utente Canon iP3300
RegSupreme Pro
Ricerca CAP 32-bit v4.21
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Segoe UI
Skins
Sony CD Architect 5.2
Strumento di caricamento di Windows Live
TeamViewer 7
TT-Dynamic-Range 1.1
Tweak UI
Unity Web Player
Unlocker 1.8.8
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User Profile Hive Cleanup Service
VC80CRTRedist - 8.0.50727.6195
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 2.0.1
WebFldrs XP
Window Washer
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR gestione archivi
xrecode II 1.0.0.189
.
==== End Of File ===========================

thank you!
These are the security check log and dds logs.

Security check log:


Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

AVG PC Tuneup
Avira Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date HijackThis installed!
RegSupreme Pro
HijackThis 1.99.1
AVG PC Tuneup
CCleaner
EasyCleaner
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 11.2.202.233
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````


DDS LOGS:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Avv. Daniele D'Amico at 10:12:44 on 2012-04-23
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1334 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {00000018-003C-0000-08EE-1200700F9B00}
AV: AntiVir Desktop *Enabled/Updated* {00000018-003C-0000-08EE-1200640F9B00}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
C:\Programmi\Cobian Backup 9\cbService.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Programmi\UPHClean\uphclean.exe
C:\Programmi\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Documents and Settings\Avv. Daniele D'Amico\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Avv. Daniele D'Amico\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Avv. Daniele D'Amico\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: AutorunsDisabled - No File
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [KiesPDLR] c:\programmi\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [Google Update] "c:\documents and settings\avv. daniele d'amico\impostazioni locali\dati applicazioni\google\update\GoogleUpdate.exe" /c
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [avgnt] "c:\programmi\avira\antivir desktop\avgnt.exe" /min
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [APSDaemon] "c:\programmi\file comuni\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\programmi\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\programmi\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\logite~1.lnk - c:\programmi\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoActiveDesktop = 00000000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{221A8DD6-36BA-469D-95C1-4E55E7D8F111} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EC6EDCDD-FE21-4D2B-A619-EC4BE635C527} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fileco~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\avv. daniele d'amico\dati applicazioni\mozilla\firefox\profiles\bh16pu80.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=
FF - plugin: c:\documents and settings\avv. daniele d'amico\dati applicazioni\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\avv. daniele d'amico\impostazioni locali\dati applicazioni\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\programmi\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\google\picasa3\npPicasa3.dll
FF - plugin: c:\programmi\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\programmi\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\programmi\microsoft\office live\npOLW.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\programmi\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\programmi\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-1-4 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\avira\antivir desktop\sched.exe [2012-1-4 86224]
R2 AntiVirService;Avira Realtime Protection;c:\programmi\avira\antivir desktop\avguard.exe [2012-1-4 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-1-4 74640]
R2 CDMA Device Service;CDMA Device Service;c:\programmi\samsung\usb drivers\26_via_driver2\x86\VIAService.exe [2011-9-14 63488]
R2 CobianBackupAmanita;Cobian Backup 9 servizio;c:\programmi\cobian backup 9\cbService.exe [2009-2-16 583168]
R2 MBAMService;MBAMService;c:\programmi\malwarebytes' anti-malware\mbamservice.exe [2009-3-30 654408]
R2 PD91Agent;PD91Agent;c:\programmi\raxco\perfectdisk2008\PD91Agent.exe [2008-1-16 664840]
R2 wwEngineSvc;Window Washer Engine;c:\programmi\webroot\washer\WasherSvc.exe [2008-4-24 598856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-30 22344]
R3 xcpip;Driver protocollo TCP/IP;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;Driver IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate1c998f2177093f2;Servizio di Google Update (gupdate1c998f2177093f2);c:\programmi\google\update\GoogleUpdate.exe [2009-2-27 133104]
S3 ADM8511;Convertitore ADMtek ADM8511/AN986 da USB a Fast Ethernet;c:\windows\system32\drivers\adm8511.sys [2006-2-27 20160]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-23 253088]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-9-14 30312]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\google\update\GoogleUpdate.exe [2009-2-27 133104]
S3 nmwcdnsu;nmwcdnsu;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;nmwcdnsuc;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 OSCI_DRVNT;OSCI_DRVNT;c:\windows\system32\drivers\OSCI_DRVNT.sys [2006-2-4 6784]
S3 P1050VID;Creative WebCam Pro eX (Video);c:\windows\system32\drivers\P1050Wnt.sys [2006-2-7 179853]
S3 PD91Engine;PD91Engine;c:\programmi\raxco\perfectdisk2008\PD91Engine.exe [2008-1-16 894216]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-9-14 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-9-14 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-9-14 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-9-14 114280]
S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [2006-3-14 159616]
S4 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [2006-3-14 5248]
.
=============== Created Last 30 ================
.
2012-04-23 06:07:34 -------- d-----w- c:\documents and settings\avv. daniele d'amico\dati applicazioni\TeamViewer
2012-04-23 06:06:49 -------- d-----w- c:\programmi\TeamViewer
2012-04-23 06:02:18 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-21 15:41:51 -------- d-----w- c:\programmi\file comuni\Logitech
.
==================== Find3M ====================
.
2012-04-23 06:19:13 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-10 01:32:32 4431872 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-01 11:00:04 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:22 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:57:50 1860096 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 10.13.37,04 ===============

ATTACH txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 31/01/2006 17.37.15
System Uptime: 23/04/2012 10.04.31 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | nForce
Processor: AMD Sempron™ Processor 3000+ | Socket 754 | 1808/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 51 GiB total, 32,179 GiB free.
D: is FIXED (NTFS) - 247 GiB total, 220,41 GiB free.
E: is FIXED (NTFS) - 373 GiB total, 312,915 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play BIOS Extension
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: Plug and Play BIOS Extension
PNP Device ID: ROOT\SYSTEM\0003
Service: Vax347b
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
3D Windows XP Screen Saver
7-Zip 4.32
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS
Adobe Shockwave Player 11.5
Aggiornamento della protezione per Windows Internet Explorer 7 (KB933566)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB937143)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB942615)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB944533)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB950759)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB953838)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB956390)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB958215)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB960714)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB961260)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB963027)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB969897)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB972260)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB974455)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2183461)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2360131)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2416400)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2482017)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2497640)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2510531)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2530548)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2544521)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2559049)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2586448)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2618444)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2647516)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2675157)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB971961)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB974455)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB976325)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB978207)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB981332)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB982381)
Aggiornamento della protezione per Windows XP (KB2621440)
Aggiornamento della protezione per Windows XP (KB2641653)
Aggiornamento della protezione per Windows XP (KB2647518)
Aggiornamento della protezione per Windows XP (KB2653956)
Aggiornamento per Windows Internet Explorer 8 (KB975364)
Aggiornamento per Windows Internet Explorer 8 (KB976662)
Aggiornamento per Windows Internet Explorer 8 (KB976749)
Aggiornamento per Windows Internet Explorer 8 (KB980182)
Aggiornamento rapido per Windows Internet Explorer 7 (KB947864)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Assistente per l'accesso a Windows Live
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
µTorrent
Audacity 1.3.14 (Unicode)
AVG PC Tuneup
Avira Free Antivirus
Bonjour
Canon iP3300
Canon Setup Utility 2.3
Cap
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner
CDDRV_Installer
Cobian Backup 9
CodFree 6.00 - Codice Fiscale
dBpoweramp Aiff Codec
dBpoweramp DSP Effects
dBpoweramp FLAC Codec
dBpoweramp m4a Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp Music Converter
dBpoweramp WavPack Codec
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
dMC AccurateRip
EasyCleaner
erLT
ERUNT 1.1j
Estensione HighMAT per Masterizzazione guidata CD di Microsoft Windows XP
Exact Audio Copy 0.99pb5
Facebook Plug-In
Feurio! CD-Writer
FFmpeg for Audacity on Windows
FLAC 1.2.1b (remove only)
foobar2000 v1.1.11
Foxit Reader 5.1
Free FLV Converter V 7.3.0
Google Chrome
Google Earth
Google Update Helper
Hard Disk Low Level Format Tool 2.36 build 1181
HDD Health v3.3 Beta
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
iTunes
iZotope RX
Java Auto Updater
Java™ 6 Update 29
JDownloader
KhalInstallWrapper
L&H TTS3000 Italiano
LADSPA_plugins-win-0.4.15
LAME v3.98.2 for Audacity
LettoreVocale
Logitech SetPoint
Logitech Updater
Malwarebytes Anti-Malware versione 1.61.0.1400
MD5 Checksum Verifier 3.3
Medieval CUE Splitter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Italian Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Language Pack - DEU
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA
Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
Microsoft .NET Framework 3.5 Language Pack SP1 - ita
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Live Add-in 1.3
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Monkey's Audio
Mozilla Firefox 11.0 (x86 it)
MP3-Check (v1.0.40.0)
Mp3tag v2.50
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
MUD 2011
MyFreeCodec
Nero 6 Enterprise Edition
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenSSL 0.9.6m
Oplisker 0.1.4
PC-CAM Center
PDFCreator
PerfectDisk 2008 Professional
Picasa 3
QuickSFV (Remove only)
QuickTime
r8brain 1.9
r8brain PRO 1.5
Realtek AC'97 Audio
Registrazione utente Canon iP3300
RegSupreme Pro
Ricerca CAP 32-bit v4.21
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Segoe UI
Skins
Sony CD Architect 5.2
Strumento di caricamento di Windows Live
TeamViewer 7
TT-Dynamic-Range 1.1
Tweak UI
Unity Web Player
Unlocker 1.8.8
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User Profile Hive Cleanup Service
VC80CRTRedist - 8.0.50727.6195
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 2.0.1
WebFldrs XP
Window Washer
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR gestione archivi
xrecode II 1.0.0.189
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 AM

Posted 23 April 2012 - 10:15 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 redfox62

redfox62
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 23 April 2012 - 11:56 AM

Explorer and firefox don't run! Only google chrome runs good!

Here combofix log


ComboFix 12-04-22.02 - Avv. Daniele D'Amico 23/04/2012 18.30.19.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1446 [GMT 2:00]
Eseguito da: c:\documents and settings\Avv. Daniele D'Amico\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000018-003C-0000-08EE-1200640F9B00}
AV: AntiVir Desktop *Enabled/Updated* {00000018-003C-0000-08EE-1200700F9B00}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\AVV~1.DAN\IMPOST~1\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\Avv. Daniele D'Amico\Dati applicazioni\Mozilla\Firefox\Profiles\bh16pu80.default\weave\toFetch
c:\documents and settings\Avv. Daniele D'Amico\Dati applicazioni\Mozilla\Firefox\Profiles\bh16pu80.default\weave\toFetch\bookmarks.json
c:\documents and settings\Avv. Daniele D'Amico\Dati applicazioni\Mozilla\Firefox\Profiles\bh16pu80.default\weave\toFetch\clients.json
c:\documents and settings\Avv. Daniele D'Amico\Dati applicazioni\Mozilla\Firefox\Profiles\bh16pu80.default\weave\toFetch\forms.json
c:\documents and settings\Avv. Daniele D'Amico\Dati applicazioni\Mozilla\Firefox\Profiles\bh16pu80.default\weave\toFetch\history.json
c:\documents and settings\Avv. Daniele D'Amico\Dati applicazioni\Mozilla\Firefox\Profiles\bh16pu80.default\weave\toFetch\passwords.json
c:\documents and settings\Avv. Daniele D'Amico\Dati applicazioni\Mozilla\Firefox\Profiles\bh16pu80.default\weave\toFetch\prefs.json
c:\documents and settings\Avv. Daniele D'Amico\Dati applicazioni\Mozilla\Firefox\Profiles\bh16pu80.default\weave\toFetch\tabs.json
c:\documents and settings\Avv. Daniele D'Amico\Impostazioni locali\temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
c:\documents and settings\Avv. Daniele D'Amico\WINDOWS
c:\windows\IsUn0410.exe
c:\windows\iun6002.exe
c:\windows\system32\cfdcddece_d.dll
c:\windows\system32\default_user_class.dat.LOG
c:\windows\system32\Drivers\OSCI_DRVNT.sys
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\avrt.dll
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\mfplat.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\urttemp
c:\windows\system32\urttemp\fusion.dll
c:\windows\system32\urttemp\mscoree.dll
c:\windows\system32\urttemp\mscoree.dll.local
c:\windows\system32\urttemp\mscorsn.dll
c:\windows\system32\urttemp\mscorwks.dll
c:\windows\system32\urttemp\msvcr71.dll
c:\windows\system32\urttemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EPSONSTATUSAGENT2
-------\Service_EPSONStatusAgent2
-------\Service_xcpip
-------\Legacy_OSCI_DRVNT
-------\Service_OSCI_DRVNT
.
.
((((((((((((((((((((((((( Files Creati Da 2012-03-23 al 2012-04-23 )))))))))))))))))))))))))))))))))))
.
.
2012-04-23 15:32 . 2012-04-23 16:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2012-04-23 11:38 . 2012-04-23 11:38 388096 ----a-r- c:\documents and settings\Avv. Daniele D'Amico\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-23 11:38 . 2012-04-23 11:38 -------- d-----w- c:\programmi\Trend Micro
2012-04-23 10:19 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-23 10:17 . 2012-04-23 10:17 -------- d-----w- c:\windows\LastGood.Tmp
2012-04-23 09:53 . 2012-04-23 09:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-23 06:07 . 2012-04-23 06:07 -------- d-----w- c:\documents and settings\Avv. Daniele D'Amico\Dati applicazioni\TeamViewer
2012-04-23 06:06 . 2012-04-23 06:06 -------- d-----w- c:\programmi\TeamViewer
2012-04-23 06:02 . 2012-04-23 06:19 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-21 15:41 . 2012-04-21 15:41 -------- d-----w- c:\programmi\File comuni\Logitech
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-23 09:53 . 2010-04-29 10:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-23 06:19 . 2011-05-24 06:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2009-03-30 14:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-10 01:32 . 2012-03-10 01:32 4431872 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-01 11:00 . 2004-08-19 14:39 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2004-08-19 14:39 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:00 . 2004-08-19 14:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2008-05-07 10:29 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:10 . 2004-08-19 14:39 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 12:17 . 2004-08-19 14:26 385024 ----a-w- c:\windows\system32\html.iec
2012-02-15 13:41 . 2012-01-04 17:44 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-03 09:57 . 2008-05-07 10:29 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-03-20 08:58 . 2011-05-06 06:58 97208 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-09-29 20880]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2009-8-25 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *\0ssiefr.e
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Avv. Daniele D'Amico^Menu Avvio^Programmi^Esecuzione automatica^Logitech . Registrazione prodotti.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:14 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\programmi\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 16:22 421736 ----a-w- c:\programmi\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 01:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 16:25 1961984 ----a-w- c:\programmi\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 20:56 204288 ------w- c:\programmi\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"PDSched"=3 (0x3)
"ose"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1c998f2177093f2"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ServiceLayer"=3 (0x3)
"Bonjour Service"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\programmi\Windows Media Player\WMPNSCFG.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"49155:TCP"= 49155:TCP:vuze
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [04/01/2012 19.44.10 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [04/01/2012 19.44.11 86224]
R2 CDMA Device Service;CDMA Device Service;c:\programmi\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe [14/09/2011 16.37.29 63488]
R2 CobianBackupAmanita;Cobian Backup 9 servizio;c:\programmi\Cobian Backup 9\cbService.exe [16/02/2009 18.54.39 583168]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [30/03/2009 16.46.34 654408]
R2 PD91Agent;PD91Agent;c:\programmi\Raxco\PerfectDisk2008\PD91Agent.exe [16/01/2008 11.52.44 664840]
R2 wwEngineSvc;Window Washer Engine;c:\programmi\Webroot\Washer\WasherSvc.exe [24/04/2008 16.54.18 598856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30/03/2009 16.46.34 22344]
R3 xpsec;Driver IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 MpKsl19d94e45;MpKsl19d94e45;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{C09424EE-3648-4C3D-8071-22DABABE5D86}\MpKsl19d94e45.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{C09424EE-3648-4C3D-8071-22DABABE5D86}\MpKsl19d94e45.sys [?]
S3 ADM8511;Convertitore ADMtek ADM8511/AN986 da USB a Fast Ethernet;c:\windows\system32\drivers\adm8511.sys [27/02/2006 9.46.21 20160]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [23/04/2012 8.02.18 253088]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [14/09/2011 16.37.18 30312]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [27/02/2009 17.43.09 133104]
S3 nmwcdnsu;nmwcdnsu;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;nmwcdnsuc;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 P1050VID;Creative WebCam Pro eX (Video);c:\windows\system32\drivers\P1050Wnt.sys [07/02/2006 18.53.13 179853]
S3 PD91Engine;PD91Engine;c:\programmi\Raxco\PerfectDisk2008\PD91Engine.exe [16/01/2008 11.52.48 894216]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [14/09/2011 16.37.18 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [14/09/2011 16.37.19 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [14/09/2011 16.37.19 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [14/09/2011 16.37.19 114280]
S4 gupdate1c998f2177093f2;Servizio di Google Update (gupdate1c998f2177093f2);c:\programmi\Google\Update\GoogleUpdate.exe [27/02/2009 17.43.09 133104]
S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [14/03/2006 17.17.43 159616]
S4 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [14/03/2006 17.17.43 5248]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - uphcleanhlp
*Deregistered* - xcpip
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 06:19]
.
2012-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-27 15:43]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-27 15:43]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1390067357-682003330-1005Core.job
- c:\documents and settings\Avv. Daniele D'Amico\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-04-21 16:10]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1390067357-682003330-1005UA.job
- c:\documents and settings\Avv. Daniele D'Amico\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-04-21 16:10]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Avv. Daniele D'Amico\Dati applicazioni\Mozilla\Firefox\Profiles\bh16pu80.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-10 - (no file)
AddRemove-Facebook Plug-In - c:\documents and settings\Avv. Daniele D'Amico\Dati applicazioni\Facebook\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-23 18:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\09\01\1a\0d\182«"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows Media Format SDK\SP0\KB891122\Filelist]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Mass Storage]
@DACL=(02 0000)
"DeviceInterface"="{53F5630D-B6BF-11D0-94F2-00A0C91EFB8B}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players]
@DACL=(02 0000)
"DeviceInterface"="{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}"
"FilterParameter"="UseExtendedWmdm"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE]
@DACL=(02 0000)
"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE RNDIS]
@DACL=(02 0000)
"DeviceInterface"="{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDevices]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDevice]
@DACL=(02 0000)
"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"
"WMDMSPCLSID"="{067B4B81-B1EC-489f-B111-940EBDC44EBE}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDeviceRNDIS]
@DACL=(02 0000)
"DeviceInterface"="{ad498944-762f-11d0-8dcb-00c04fc3358c}"
"WMDMSPCLSID"="{067B4B81-B1EC-489f-B111-940EBDC44EBE}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\NeroBurnPlugin]
@DACL=(02 0000)
"ProgID"="MDNeroBurnPlugin.MDNeroBurnPlugin"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1180)
c:\windows\system32\Ati2evxx.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(268)
c:\windows\system32\WININET.dll
c:\programmi\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
c:\programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\UPHClean\uphclean.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Ora fine scansione: 2012-04-23 18:52:33 - Il pc č stato riavviato
ComboFix-quarantined-files.txt 2012-04-23 16:52
.
Pre-Run: 34.829.111.296 byte disponibili
Post-Run: 35.153.461.248 byte disponibili
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D27249063C1AD7E4635939663AF42959

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 AM

Posted 23 April 2012 - 09:42 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 redfox62

redfox62
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 24 April 2012 - 05:08 AM

Ok, After TDSSKiller computer runs very good. Explorer and firefox are very fast.
But i can't run aswMBR.exe, because after scanning start windows XP crash with the message: MACHINE_CHECK_EXCEPTION. But during the scan, before crash, i see: DISK 0 "malicious win32:MBRoot code@sector 625137348!

I traied three time to run aswMBR.exe, but pc crash every time.


08:26:38.0750 3092 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
08:26:38.0984 3092 ============================================================
08:26:38.0984 3092 Current date / time: 2012/04/24 08:26:38.0984
08:26:38.0984 3092 SystemInfo:
08:26:38.0984 3092
08:26:38.0984 3092 OS Version: 5.1.2600 ServicePack: 3.0
08:26:38.0984 3092 Product type: Workstation
08:26:38.0984 3092 ComputerName: PRE-0B8EC001DD0
08:26:38.0984 3092 UserName: Avv. Daniele D'Amico
08:26:38.0984 3092 Windows directory: C:\WINDOWS
08:26:38.0984 3092 System windows directory: C:\WINDOWS
08:26:38.0984 3092 Processor architecture: Intel x86
08:26:38.0984 3092 Number of processors: 1
08:26:38.0984 3092 Page size: 0x1000
08:26:38.0984 3092 Boot type: Normal boot
08:26:38.0984 3092 ============================================================
08:26:39.0437 3092 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:26:39.0453 3092 Drive \Device\Harddisk1\DR1 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBD435, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000050
08:26:39.0453 3092 ============================================================
08:26:39.0453 3092 \Device\Harddisk0\DR0:
08:26:39.0453 3092 MBR partitions:
08:26:39.0453 3092 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x65A73EC
08:26:39.0453 3092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x65A746A, BlocksNum 0x1EE86257
08:26:39.0453 3092 \Device\Harddisk1\DR1:
08:26:39.0453 3092 MBR partitions:
08:26:39.0453 3092 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2E9384A1
08:26:39.0453 3092 ============================================================
08:26:39.0468 3092 C: <-> \Device\Harddisk0\DR0\Partition0
08:26:39.0500 3092 D: <-> \Device\Harddisk0\DR0\Partition1
08:26:39.0515 3092 E: <-> \Device\Harddisk1\DR1\Partition0
08:26:39.0515 3092 ============================================================
08:26:39.0515 3092 Initialize success
08:26:39.0515 3092 ============================================================
08:26:42.0921 1352 ============================================================
08:26:42.0921 1352 Scan started
08:26:42.0921 1352 Mode: Manual;
08:26:42.0921 1352 ============================================================
08:26:43.0171 1352 Abiosdsk - ok
08:26:43.0187 1352 abp480n5 - ok
08:26:43.0234 1352 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:26:43.0250 1352 ACPI - ok
08:26:43.0312 1352 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:26:43.0312 1352 ACPIEC - ok
08:26:43.0343 1352 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
08:26:43.0343 1352 ADM8511 - ok
08:26:43.0406 1352 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:26:43.0406 1352 AdobeFlashPlayerUpdateSvc - ok
08:26:43.0421 1352 adpu160m - ok
08:26:43.0453 1352 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:26:43.0453 1352 aec - ok
08:26:43.0500 1352 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:26:43.0500 1352 AFD - ok
08:26:43.0515 1352 Aha154x - ok
08:26:43.0515 1352 aic78u2 - ok
08:26:43.0531 1352 aic78xx - ok
08:26:43.0812 1352 ALCXWDM (f5d4d3899e16e1f75398297844386226) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
08:26:43.0828 1352 ALCXWDM - ok
08:26:43.0953 1352 Alerter (14a077ad0cf6116d1102631d8e1edee8) C:\WINDOWS\system32\alrsvc.dll
08:26:43.0953 1352 Alerter - ok
08:26:44.0000 1352 ALG (79fe2e0d7859738225816658f0bb2a0d) C:\WINDOWS\System32\alg.exe
08:26:44.0000 1352 ALG - ok
08:26:44.0015 1352 AliIde - ok
08:26:44.0062 1352 AmdK8 (e4061645af86f9d0e508d257f6eb870c) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
08:26:44.0062 1352 AmdK8 - ok
08:26:44.0078 1352 amsint - ok
08:26:44.0109 1352 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
08:26:44.0109 1352 androidusb - ok
08:26:44.0203 1352 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Programmi\Avira\AntiVir Desktop\sched.exe
08:26:44.0203 1352 AntiVirSchedulerService - ok
08:26:44.0234 1352 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Programmi\Avira\AntiVir Desktop\avguard.exe
08:26:44.0234 1352 AntiVirService - ok
08:26:44.0296 1352 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:26:44.0296 1352 Apple Mobile Device - ok
08:26:44.0343 1352 AppMgmt (9062ed05b7519324fd7f0d6afb9d1147) C:\WINDOWS\System32\appmgmts.dll
08:26:44.0343 1352 AppMgmt - ok
08:26:44.0359 1352 asc - ok
08:26:44.0359 1352 asc3350p - ok
08:26:44.0375 1352 asc3550 - ok
08:26:44.0406 1352 ASPI32 - ok
08:26:44.0500 1352 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:26:44.0515 1352 aspnet_state - ok
08:26:44.0531 1352 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:26:44.0546 1352 AsyncMac - ok
08:26:44.0578 1352 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:26:44.0578 1352 atapi - ok
08:26:44.0593 1352 Atdisk - ok
08:26:44.0703 1352 Ati HotKey Poller (3e47191ddaffcdd9b28cbc50fb6499b5) C:\WINDOWS\system32\Ati2evxx.exe
08:26:44.0703 1352 Ati HotKey Poller - ok
08:26:44.0750 1352 ATI Smart (096c9955485f2b3f910f4c503c318d74) C:\WINDOWS\system32\ati2sgag.exe
08:26:44.0765 1352 ATI Smart - ok
08:26:44.0953 1352 ati2mtag (e51aa5adf535c847072c0aed3e642912) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:26:44.0968 1352 ati2mtag - ok
08:26:45.0093 1352 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:26:45.0093 1352 Atmarpc - ok
08:26:45.0140 1352 AudioSrv (1b58d118049304e88464be614c6d0014) C:\WINDOWS\System32\audiosrv.dll
08:26:45.0140 1352 AudioSrv - ok
08:26:45.0171 1352 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:26:45.0171 1352 audstub - ok
08:26:45.0203 1352 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
08:26:45.0203 1352 avgntflt - ok
08:26:45.0234 1352 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
08:26:45.0234 1352 avipbb - ok
08:26:45.0250 1352 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
08:26:45.0250 1352 avkmgr - ok
08:26:45.0312 1352 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:26:45.0312 1352 Beep - ok
08:26:45.0359 1352 BITS (48c4763a9c8990fb48b73445beb15d6a) C:\WINDOWS\system32\qmgr.dll
08:26:45.0375 1352 BITS - ok
08:26:45.0453 1352 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programmi\Bonjour\mDNSResponder.exe
08:26:45.0453 1352 Bonjour Service - ok
08:26:45.0484 1352 Browser (4314623fd836e96a51343ce5c74b48a8) C:\WINDOWS\System32\browser.dll
08:26:45.0484 1352 Browser - ok
08:26:45.0593 1352 catchme - ok
08:26:45.0625 1352 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:26:45.0625 1352 cbidf2k - ok
08:26:45.0640 1352 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:26:45.0640 1352 CCDECODE - ok
08:26:45.0656 1352 cd20xrnt - ok
08:26:45.0687 1352 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:26:45.0687 1352 Cdaudio - ok
08:26:45.0734 1352 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:26:45.0734 1352 Cdfs - ok
08:26:45.0781 1352 CDMA Device Service (bb402688e25e6a58188a4fbe8cfb58df) C:\Programmi\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
08:26:45.0781 1352 CDMA Device Service - ok
08:26:45.0812 1352 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:26:45.0812 1352 Cdrom - ok
08:26:45.0828 1352 Changer - ok
08:26:45.0859 1352 CiSvc (d04f2beb5ea63d0766e12e44aef7c38d) C:\WINDOWS\system32\cisvc.exe
08:26:45.0859 1352 CiSvc - ok
08:26:45.0906 1352 ClipSrv (48cb1defa1a6506c3cf09e4950f82ef6) C:\WINDOWS\system32\clipsrv.exe
08:26:45.0906 1352 ClipSrv - ok
08:26:46.0000 1352 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:26:46.0046 1352 clr_optimization_v2.0.50727_32 - ok
08:26:46.0062 1352 CmdIde - ok
08:26:46.0140 1352 CobianBackupAmanita (56d0e6119db156c964a6f1bde7821866) C:\Programmi\Cobian Backup 9\cbService.exe
08:26:46.0140 1352 CobianBackupAmanita - ok
08:26:46.0156 1352 COMSysApp - ok
08:26:46.0171 1352 Cpqarray - ok
08:26:46.0218 1352 CryptSvc (b6fcbb157e9c8abdca4134c535535a8b) C:\WINDOWS\System32\cryptsvc.dll
08:26:46.0218 1352 CryptSvc - ok
08:26:46.0234 1352 dac2w2k - ok
08:26:46.0250 1352 dac960nt - ok
08:26:46.0296 1352 DcomLaunch (bc4e0226341aaec1222336b3aed86bab) C:\WINDOWS\system32\rpcss.dll
08:26:46.0296 1352 DcomLaunch - ok
08:26:46.0343 1352 DefragFS (d38c27df7b3e8840b4b92ed5c5c06c2c) C:\WINDOWS\system32\DRIVERS\DefragFS.sys
08:26:46.0343 1352 DefragFS - ok
08:26:46.0375 1352 Dhcp (699ee7f752a25180aeb92c3a0eaee440) C:\WINDOWS\System32\dhcpcsvc.dll
08:26:46.0390 1352 Dhcp - ok
08:26:46.0406 1352 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:26:46.0406 1352 Disk - ok
08:26:46.0421 1352 dmadmin - ok
08:26:46.0500 1352 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
08:26:46.0515 1352 dmboot - ok
08:26:46.0531 1352 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
08:26:46.0531 1352 dmio - ok
08:26:46.0546 1352 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:26:46.0546 1352 dmload - ok
08:26:46.0578 1352 dmserver (a01858c50704b2d2edeebbf6bbbced2a) C:\WINDOWS\System32\dmserver.dll
08:26:46.0578 1352 dmserver - ok
08:26:46.0609 1352 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:26:46.0609 1352 DMusic - ok
08:26:46.0640 1352 Dnscache (b7a1162b1a26df7b60d5d9500006096c) C:\WINDOWS\System32\dnsrslvr.dll
08:26:46.0640 1352 Dnscache - ok
08:26:46.0671 1352 Dot3svc (d580d77dff316bd8c9d73b38695de8dc) C:\WINDOWS\System32\dot3svc.dll
08:26:46.0671 1352 Dot3svc - ok
08:26:46.0687 1352 dpti2o - ok
08:26:46.0703 1352 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:26:46.0703 1352 drmkaud - ok
08:26:46.0750 1352 EapHost (86b1f123bacd444e81960b339bae3ff2) C:\WINDOWS\System32\eapsvc.dll
08:26:46.0750 1352 EapHost - ok
08:26:46.0781 1352 ERSvc (b6599eda9f3ebef064504ee35bbeca1c) C:\WINDOWS\System32\ersvc.dll
08:26:46.0781 1352 ERSvc - ok
08:26:46.0812 1352 Eventlog (26845f272435302e0f3322e660a24f7d) C:\WINDOWS\system32\services.exe
08:26:46.0812 1352 Eventlog - ok
08:26:46.0859 1352 EventSystem (8360cb9756e598a5c6214eacfb3677c3) C:\WINDOWS\system32\es.dll
08:26:46.0875 1352 EventSystem - ok
08:26:46.0906 1352 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:26:46.0921 1352 Fastfat - ok
08:26:46.0953 1352 FastUserSwitchingCompatibility (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
08:26:46.0953 1352 FastUserSwitchingCompatibility - ok
08:26:46.0984 1352 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:26:46.0984 1352 Fdc - ok
08:26:47.0031 1352 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
08:26:47.0031 1352 Fips - ok
08:26:47.0062 1352 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:26:47.0062 1352 Flpydisk - ok
08:26:47.0093 1352 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:26:47.0109 1352 FltMgr - ok
08:26:47.0187 1352 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:26:47.0187 1352 FontCache3.0.0.0 - ok
08:26:47.0218 1352 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:26:47.0218 1352 Fs_Rec - ok
08:26:47.0234 1352 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:26:47.0234 1352 Ftdisk - ok
08:26:47.0281 1352 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
08:26:47.0281 1352 GEARAspiWDM - ok
08:26:47.0296 1352 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:26:47.0312 1352 Gpc - ok
08:26:47.0390 1352 gupdate1c998f2177093f2 (626a24ed1228580b9518c01930936df9) C:\Programmi\Google\Update\GoogleUpdate.exe
08:26:47.0390 1352 gupdate1c998f2177093f2 - ok
08:26:47.0406 1352 gupdatem (626a24ed1228580b9518c01930936df9) C:\Programmi\Google\Update\GoogleUpdate.exe
08:26:47.0406 1352 gupdatem - ok
08:26:47.0453 1352 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
08:26:47.0453 1352 gusvc - ok
08:26:47.0515 1352 helpsvc (6ce66b51b4eb23d9d073f92698c55c8d) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:26:47.0515 1352 helpsvc - ok
08:26:47.0546 1352 HidServ (43d985a9a51e0295091b6ebe84c96b78) C:\WINDOWS\System32\hidserv.dll
08:26:47.0546 1352 HidServ - ok
08:26:47.0562 1352 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:26:47.0562 1352 hidusb - ok
08:26:47.0593 1352 hkmsvc (00cad842f48947887a972828aca665f7) C:\WINDOWS\System32\kmsvc.dll
08:26:47.0609 1352 hkmsvc - ok
08:26:47.0609 1352 hpn - ok
08:26:47.0656 1352 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:26:47.0656 1352 HTTP - ok
08:26:47.0687 1352 HTTPFilter (450091aebfcd08e5858533eab5b9a436) C:\WINDOWS\System32\w3ssl.dll
08:26:47.0687 1352 HTTPFilter - ok
08:26:47.0687 1352 i2omgmt - ok
08:26:47.0703 1352 i2omp - ok
08:26:47.0734 1352 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:26:47.0734 1352 i8042prt - ok
08:26:47.0828 1352 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:26:47.0843 1352 idsvc - ok
08:26:47.0875 1352 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:26:47.0875 1352 Imapi - ok
08:26:47.0921 1352 ImapiService (db491237445f172fdddf00541de1a51d) C:\WINDOWS\system32\imapi.exe
08:26:47.0921 1352 ImapiService - ok
08:26:47.0937 1352 ini910u - ok
08:26:47.0968 1352 IntelIde - ok
08:26:48.0000 1352 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:26:48.0000 1352 Ip6Fw - ok
08:26:48.0015 1352 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:26:48.0015 1352 IpFilterDriver - ok
08:26:48.0046 1352 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:26:48.0046 1352 IpInIp - ok
08:26:48.0078 1352 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:26:48.0078 1352 IpNat - ok
08:26:48.0156 1352 iPod Service (49918803b661367023bf325cf602afdc) C:\Programmi\iPod\bin\iPodService.exe
08:26:48.0171 1352 iPod Service - ok
08:26:48.0203 1352 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:26:48.0203 1352 IPSec - ok
08:26:48.0234 1352 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:26:48.0234 1352 IRENUM - ok
08:26:48.0265 1352 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:26:48.0265 1352 isapnp - ok
08:26:48.0375 1352 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programmi\Java\jre6\bin\jqs.exe
08:26:48.0375 1352 JavaQuickStarterService - ok
08:26:48.0390 1352 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:26:48.0390 1352 Kbdclass - ok
08:26:48.0421 1352 kbdhid (4c61c226bdda2ef1672b2c5f4e56625e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:26:48.0421 1352 kbdhid - ok
08:26:48.0468 1352 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:26:48.0468 1352 kmixer - ok
08:26:48.0484 1352 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:26:48.0484 1352 KSecDD - ok
08:26:48.0515 1352 lanmanserver (0f726d49c0b19e5a506a1cdfce0ee42f) C:\WINDOWS\System32\srvsvc.dll
08:26:48.0515 1352 lanmanserver - ok
08:26:48.0546 1352 lanmanworkstation (e13b0181dda60b93e3253eff52a79cbe) C:\WINDOWS\System32\wkssvc.dll
08:26:48.0546 1352 lanmanworkstation - ok
08:26:48.0562 1352 Lbd - ok
08:26:48.0578 1352 lbrtfdc - ok
08:26:48.0656 1352 LBTServ (a0f7dc0080e4f97dc97de08b699e231b) C:\Programmi\File comuni\Logishrd\Bluetooth\LBTServ.exe
08:26:48.0656 1352 LBTServ - ok
08:26:48.0687 1352 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
08:26:48.0687 1352 LHidFilt - ok
08:26:48.0734 1352 LmHosts (e01255727d0b158538d7c2b469b533a8) C:\WINDOWS\System32\lmhsvc.dll
08:26:48.0734 1352 LmHosts - ok
08:26:48.0750 1352 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
08:26:48.0750 1352 LMouFilt - ok
08:26:48.0781 1352 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
08:26:48.0781 1352 MBAMProtector - ok
08:26:48.0859 1352 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
08:26:48.0875 1352 MBAMService - ok
08:26:48.0968 1352 MDM (11f714f85530a2bd134074dc30e99fca) C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
08:26:48.0968 1352 MDM - ok
08:26:49.0000 1352 Messenger (3b32f662c8607e891f325e41f7ee225c) C:\WINDOWS\System32\msgsvc.dll
08:26:49.0000 1352 Messenger - ok
08:26:49.0031 1352 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:26:49.0031 1352 mnmdd - ok
08:26:49.0062 1352 mnmsrvc (514a299ec926baada3c718b171476aa4) C:\WINDOWS\system32\mnmsrvc.exe
08:26:49.0062 1352 mnmsrvc - ok
08:26:49.0093 1352 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
08:26:49.0109 1352 Modem - ok
08:26:49.0125 1352 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:26:49.0125 1352 Mouclass - ok
08:26:49.0171 1352 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:26:49.0171 1352 mouhid - ok
08:26:49.0203 1352 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:26:49.0203 1352 MountMgr - ok
08:26:49.0281 1352 MpKsl19d94e45 - ok
08:26:49.0296 1352 mraid35x - ok
08:26:49.0312 1352 MRENDIS5 - ok
08:26:49.0328 1352 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:26:49.0328 1352 MRxDAV - ok
08:26:49.0390 1352 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:26:49.0390 1352 MRxSmb - ok
08:26:49.0421 1352 MSDTC (01f77e9e473235c31796ade46107b0ad) C:\WINDOWS\system32\msdtc.exe
08:26:49.0421 1352 MSDTC - ok
08:26:49.0453 1352 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:26:49.0453 1352 Msfs - ok
08:26:49.0468 1352 MSIServer - ok
08:26:49.0500 1352 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:26:49.0500 1352 MSKSSRV - ok
08:26:49.0515 1352 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:26:49.0515 1352 MSPCLOCK - ok
08:26:49.0531 1352 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:26:49.0531 1352 MSPQM - ok
08:26:49.0562 1352 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:26:49.0562 1352 mssmbios - ok
08:26:49.0593 1352 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:26:49.0593 1352 MSTEE - ok
08:26:49.0609 1352 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:26:49.0609 1352 Mup - ok
08:26:49.0640 1352 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:26:49.0640 1352 NABTSFEC - ok
08:26:49.0687 1352 napagent (911587fd303c9690a428bb4b04732b61) C:\WINDOWS\System32\qagentrt.dll
08:26:49.0687 1352 napagent - ok
08:26:49.0734 1352 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:26:49.0734 1352 NDIS - ok
08:26:49.0750 1352 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:26:49.0750 1352 NdisIP - ok
08:26:49.0796 1352 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:26:49.0796 1352 NdisTapi - ok
08:26:49.0812 1352 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:26:49.0812 1352 Ndisuio - ok
08:26:49.0843 1352 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:26:49.0843 1352 NdisWan - ok
08:26:49.0875 1352 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:26:49.0875 1352 NDProxy - ok
08:26:49.0921 1352 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:26:49.0921 1352 NetBIOS - ok
08:26:49.0953 1352 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:26:49.0968 1352 NetBT - ok
08:26:50.0015 1352 NetDDE (1b09227e41f414a93dbc0baf80c4d527) C:\WINDOWS\system32\netdde.exe
08:26:50.0015 1352 NetDDE - ok
08:26:50.0031 1352 NetDDEdsdm (1b09227e41f414a93dbc0baf80c4d527) C:\WINDOWS\system32\netdde.exe
08:26:50.0031 1352 NetDDEdsdm - ok
08:26:50.0062 1352 Netlogon (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
08:26:50.0062 1352 Netlogon - ok
08:26:50.0109 1352 Netman (02815b70fc4ca8611a926176f1c39fc2) C:\WINDOWS\System32\netman.dll
08:26:50.0109 1352 Netman - ok
08:26:50.0187 1352 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:26:50.0187 1352 NetTcpPortSharing - ok
08:26:50.0234 1352 Nla (c6b69a18d39744725fb73ac85e46032b) C:\WINDOWS\System32\mswsock.dll
08:26:50.0234 1352 Nla - ok
08:26:50.0265 1352 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
08:26:50.0265 1352 nm - ok
08:26:50.0281 1352 nmwcd - ok
08:26:50.0296 1352 nmwcdc - ok
08:26:50.0312 1352 nmwcdnsu - ok
08:26:50.0328 1352 nmwcdnsuc - ok
08:26:50.0359 1352 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:26:50.0359 1352 Npfs - ok
08:26:50.0406 1352 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:26:50.0421 1352 Ntfs - ok
08:26:50.0421 1352 NtLmSsp (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
08:26:50.0437 1352 NtLmSsp - ok
08:26:50.0484 1352 NtmsSvc (89db90b5f35d2795d9fc56d933cc72b8) C:\WINDOWS\system32\ntmssvc.dll
08:26:50.0484 1352 NtmsSvc - ok
08:26:50.0515 1352 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:26:50.0515 1352 Null - ok
08:26:50.0562 1352 nvatabus (46deed4c6c5fa765f9a2c723be60348d) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
08:26:50.0562 1352 nvatabus - ok
08:26:50.0593 1352 NVENETFD (ac050fdc2d24c678bc49b5d5671e13be) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
08:26:50.0593 1352 NVENETFD - ok
08:26:50.0625 1352 nvnetbus (81339157c429aada7a6aea97f3177da7) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
08:26:50.0625 1352 nvnetbus - ok
08:26:50.0640 1352 nvraid (a5c77d944410fadee380fb20b432760d) C:\WINDOWS\system32\DRIVERS\nvraid.sys
08:26:50.0640 1352 nvraid - ok
08:26:50.0656 1352 nv_agp (3194e2f6c9000c39dcf9d0580754f714) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
08:26:50.0656 1352 nv_agp - ok
08:26:50.0687 1352 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:26:50.0687 1352 NwlnkFlt - ok
08:26:50.0718 1352 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:26:50.0718 1352 NwlnkFwd - ok
08:26:50.0796 1352 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
08:26:50.0796 1352 ose - ok
08:26:50.0828 1352 P1050VID (e272b27367c6f3879a3722da7235dc68) C:\WINDOWS\system32\DRIVERS\P1050Wnt.sys
08:26:50.0828 1352 P1050VID - ok
08:26:50.0859 1352 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\DRIVERS\parport.sys
08:26:50.0859 1352 Parport - ok
08:26:50.0875 1352 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:26:50.0875 1352 PartMgr - ok
08:26:50.0921 1352 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
08:26:50.0921 1352 ParVdm - ok
08:26:50.0937 1352 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
08:26:50.0937 1352 pccsmcfd - ok
08:26:50.0984 1352 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
08:26:50.0984 1352 PCI - ok
08:26:51.0000 1352 PCIDump - ok
08:26:51.0015 1352 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:26:51.0015 1352 PCIIde - ok
08:26:51.0078 1352 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:26:51.0078 1352 Pcmcia - ok
08:26:51.0171 1352 PD91Agent (b0b4af4613caabea218d5074502e44c7) C:\Programmi\Raxco\PerfectDisk2008\PD91Agent.exe
08:26:51.0171 1352 PD91Agent - ok
08:26:51.0250 1352 PD91Engine (30c8d9bf31c6f1f9b1e6dd4a63baaf5d) C:\Programmi\Raxco\PerfectDisk2008\PD91Engine.exe
08:26:51.0265 1352 PD91Engine - ok
08:26:51.0343 1352 PDCOMP - ok
08:26:51.0359 1352 PDFRAME - ok
08:26:51.0375 1352 PDRELI - ok
08:26:51.0390 1352 PDRFRAME - ok
08:26:51.0390 1352 perc2 - ok
08:26:51.0406 1352 perc2hib - ok
08:26:51.0453 1352 PlugPlay (26845f272435302e0f3322e660a24f7d) C:\WINDOWS\system32\services.exe
08:26:51.0468 1352 PlugPlay - ok
08:26:51.0500 1352 PolicyAgent (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
08:26:51.0500 1352 PolicyAgent - ok
08:26:51.0531 1352 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:26:51.0531 1352 PptpMiniport - ok
08:26:51.0562 1352 Processor (b479f50e883b2297a5f7f212aaee6f6c) C:\WINDOWS\system32\DRIVERS\processr.sys
08:26:51.0562 1352 Processor - ok
08:26:51.0578 1352 ProtectedStorage (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
08:26:51.0578 1352 ProtectedStorage - ok
08:26:51.0609 1352 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:26:51.0609 1352 PSched - ok
08:26:51.0625 1352 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:26:51.0625 1352 Ptilink - ok
08:26:51.0640 1352 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:26:51.0640 1352 PxHelp20 - ok
08:26:51.0656 1352 ql1080 - ok
08:26:51.0671 1352 Ql10wnt - ok
08:26:51.0687 1352 ql12160 - ok
08:26:51.0703 1352 ql1240 - ok
08:26:51.0703 1352 ql1280 - ok
08:26:51.0734 1352 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:26:51.0734 1352 RasAcd - ok
08:26:51.0765 1352 RasAuto (9839b418343d6e6e52659bdf3ff1fe67) C:\WINDOWS\System32\rasauto.dll
08:26:51.0765 1352 RasAuto - ok
08:26:51.0781 1352 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:26:51.0796 1352 Rasl2tp - ok
08:26:51.0828 1352 RasMan (62ad41548e720db4763b86f95e44f3fa) C:\WINDOWS\System32\rasmans.dll
08:26:51.0828 1352 RasMan - ok
08:26:51.0843 1352 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:26:51.0843 1352 RasPppoe - ok
08:26:51.0859 1352 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:26:51.0859 1352 Raspti - ok
08:26:51.0906 1352 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:26:51.0906 1352 Rdbss - ok
08:26:51.0921 1352 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:26:51.0921 1352 RDPCDD - ok
08:26:52.0031 1352 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:26:52.0031 1352 rdpdr - ok
08:26:52.0078 1352 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
08:26:52.0078 1352 RDPWD - ok
08:26:52.0140 1352 RDSessMgr (cc72e6ae90245f0ae48bf1236a7e1f9c) C:\WINDOWS\system32\sessmgr.exe
08:26:52.0140 1352 RDSessMgr - ok
08:26:52.0171 1352 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:26:52.0171 1352 redbook - ok
08:26:52.0203 1352 RemoteAccess (7ebbf16fbd3e0e34f084fa635c1844e3) C:\WINDOWS\System32\mprdim.dll
08:26:52.0203 1352 RemoteAccess - ok
08:26:52.0234 1352 RemoteRegistry (f667a41bced959988e53feecc8bf5da0) C:\WINDOWS\system32\regsvc.dll
08:26:52.0234 1352 RemoteRegistry - ok
08:26:52.0265 1352 RpcLocator (dc97f6c8a94691834439872b9e8ff2b3) C:\WINDOWS\system32\locator.exe
08:26:52.0265 1352 RpcLocator - ok
08:26:52.0312 1352 RpcSs (bc4e0226341aaec1222336b3aed86bab) C:\WINDOWS\System32\rpcss.dll
08:26:52.0312 1352 RpcSs - ok
08:26:52.0359 1352 RSVP (dce0d20f8fb66df41d53734bff9d66f0) C:\WINDOWS\system32\rsvp.exe
08:26:52.0359 1352 RSVP - ok
08:26:52.0390 1352 SamSs (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
08:26:52.0390 1352 SamSs - ok
08:26:52.0421 1352 SCardSvr (1d456f1cd76a80793c07ba52cf3a7455) C:\WINDOWS\System32\SCardSvr.exe
08:26:52.0421 1352 SCardSvr - ok
08:26:52.0468 1352 Schedule (511886e5bd060046cce8373e92e62edf) C:\WINDOWS\system32\schedsvc.dll
08:26:52.0468 1352 Schedule - ok
08:26:52.0500 1352 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:26:52.0500 1352 Secdrv - ok
08:26:52.0531 1352 seclogon (17c6354ca08e7c7972e12c67478ae134) C:\WINDOWS\System32\seclogon.dll
08:26:52.0546 1352 seclogon - ok
08:26:52.0578 1352 SENS (a0eca1ce0fccb29c5e4e1f416e95e73e) C:\WINDOWS\system32\sens.dll
08:26:52.0578 1352 SENS - ok
08:26:52.0609 1352 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:26:52.0625 1352 serenum - ok
08:26:52.0640 1352 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\DRIVERS\serial.sys
08:26:52.0640 1352 Serial - ok
08:26:52.0671 1352 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
08:26:52.0687 1352 Sfloppy - ok
08:26:52.0734 1352 SharedAccess (152c0555925dfe028e3148fd215146bb) C:\WINDOWS\System32\ipnathlp.dll
08:26:52.0734 1352 SharedAccess - ok
08:26:52.0765 1352 ShellHWDetection (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
08:26:52.0781 1352 ShellHWDetection - ok
08:26:52.0796 1352 Simbad - ok
08:26:52.0812 1352 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:26:52.0812 1352 SLIP - ok
08:26:52.0828 1352 Sparrow - ok
08:26:52.0859 1352 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:26:52.0859 1352 splitter - ok
08:26:52.0906 1352 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:26:52.0906 1352 Spooler - ok
08:26:52.0953 1352 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
08:26:52.0953 1352 sr - ok
08:26:52.0984 1352 srservice (b3e3da70a7a76e69b872de3d06d32c19) C:\WINDOWS\system32\srsvc.dll
08:26:53.0000 1352 srservice - ok
08:26:53.0046 1352 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:26:53.0046 1352 Srv - ok
08:26:53.0093 1352 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
08:26:53.0093 1352 ssadbus - ok
08:26:53.0125 1352 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
08:26:53.0125 1352 ssadmdfl - ok
08:26:53.0140 1352 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
08:26:53.0156 1352 ssadmdm - ok
08:26:53.0171 1352 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\WINDOWS\system32\DRIVERS\ssadserd.sys
08:26:53.0171 1352 ssadserd - ok
08:26:53.0203 1352 SSDPSRV (5215569dd3a8fbc65a85e85f3c12258b) C:\WINDOWS\System32\ssdpsrv.dll
08:26:53.0203 1352 SSDPSRV - ok
08:26:53.0234 1352 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
08:26:53.0234 1352 ssmdrv - ok
08:26:53.0281 1352 stisvc (3b9263e137896e4d303494f116e00608) C:\WINDOWS\system32\wiaservc.dll
08:26:53.0296 1352 stisvc - ok
08:26:53.0328 1352 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:26:53.0328 1352 streamip - ok
08:26:53.0343 1352 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:26:53.0343 1352 swenum - ok
08:26:53.0390 1352 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:26:53.0390 1352 swmidi - ok
08:26:53.0406 1352 SwPrv - ok
08:26:53.0421 1352 symc810 - ok
08:26:53.0437 1352 symc8xx - ok
08:26:53.0437 1352 sym_hi - ok
08:26:53.0468 1352 sym_u3 - ok
08:26:53.0484 1352 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:26:53.0484 1352 sysaudio - ok
08:26:53.0515 1352 SysmonLog (a34a9a872eec4c026fd542ac7156fe0b) C:\WINDOWS\system32\smlogsvc.exe
08:26:53.0515 1352 SysmonLog - ok
08:26:53.0546 1352 TapiSrv (6b85f1a9dce45d45bffad3222c21f297) C:\WINDOWS\System32\tapisrv.dll
08:26:53.0562 1352 TapiSrv - ok
08:26:53.0609 1352 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:26:53.0609 1352 Tcpip - ok
08:26:53.0640 1352 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:26:53.0640 1352 TDPIPE - ok
08:26:53.0671 1352 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:26:53.0671 1352 TDTCP - ok
08:26:53.0703 1352 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:26:53.0703 1352 TermDD - ok
08:26:53.0750 1352 TermService (fe5a5329ccfc33d645c33077ff04f052) C:\WINDOWS\System32\termsrv.dll
08:26:53.0750 1352 TermService - ok
08:26:53.0796 1352 Themes (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
08:26:53.0796 1352 Themes - ok
08:26:53.0828 1352 tifsfilter (6dcb8ddb481cd3c40fa68593723b4d89) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
08:26:53.0828 1352 tifsfilter - ok
08:26:53.0859 1352 timounter (394fc70b88b7958fa85798bbc76d140a) C:\WINDOWS\system32\DRIVERS\timntr.sys
08:26:53.0875 1352 timounter - ok
08:26:53.0906 1352 TlntSvr (2fff150ea4396956f10b66211687f335) C:\WINDOWS\system32\tlntsvr.exe
08:26:53.0906 1352 TlntSvr - ok
08:26:53.0921 1352 TosIde - ok
08:26:53.0953 1352 TrkWks (690294999df1248faf85d95b31955d0c) C:\WINDOWS\system32\trkwks.dll
08:26:53.0953 1352 TrkWks - ok
08:26:53.0984 1352 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:26:53.0984 1352 Udfs - ok
08:26:54.0000 1352 ultra - ok
08:26:54.0046 1352 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:26:54.0062 1352 Update - ok
08:26:54.0140 1352 UPHClean (325fb38c323c63c7f57885b4dfb1b91e) C:\Programmi\UPHClean\uphclean.exe
08:26:54.0140 1352 UPHClean - ok
08:26:54.0171 1352 upnphost (8057b0744d9842a090e51d2845861d5f) C:\WINDOWS\System32\upnphost.dll
08:26:54.0171 1352 upnphost - ok
08:26:54.0187 1352 UPS (f5e8b846ec10e1df8dca64119e2eb709) C:\WINDOWS\System32\ups.exe
08:26:54.0203 1352 UPS - ok
08:26:54.0234 1352 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:26:54.0234 1352 usbccgp - ok
08:26:54.0265 1352 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:26:54.0265 1352 usbehci - ok
08:26:54.0296 1352 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:26:54.0296 1352 usbhub - ok
08:26:54.0312 1352 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:26:54.0328 1352 usbohci - ok
08:26:54.0343 1352 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:26:54.0343 1352 usbprint - ok
08:26:54.0375 1352 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:26:54.0375 1352 usbscan - ok
08:26:54.0406 1352 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:26:54.0406 1352 usbstor - ok
08:26:54.0453 1352 Vax347b (cb3400d696bee266c38cae330c2b4337) C:\WINDOWS\system32\DRIVERS\Vax347b.sys
08:26:54.0453 1352 Vax347b - ok
08:26:54.0468 1352 Vax347s (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\System32\Drivers\Vax347s.sys
08:26:54.0468 1352 Vax347s - ok
08:26:54.0484 1352 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:26:54.0484 1352 VgaSave - ok
08:26:54.0500 1352 ViaIde - ok
08:26:54.0515 1352 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
08:26:54.0515 1352 VolSnap - ok
08:26:54.0546 1352 VSS (c2fe17125256102f5b44194d5db0a799) C:\WINDOWS\System32\vssvc.exe
08:26:54.0562 1352 VSS - ok
08:26:54.0593 1352 W32Time (2969dd84b584a6bb541a5273103957a3) C:\WINDOWS\system32\w32time.dll
08:26:54.0593 1352 W32Time - ok
08:26:54.0625 1352 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:26:54.0640 1352 Wanarp - ok
08:26:54.0687 1352 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
08:26:54.0687 1352 Wdf01000 - ok
08:26:54.0703 1352 WDICA - ok
08:26:54.0734 1352 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:26:54.0734 1352 wdmaud - ok
08:26:54.0765 1352 WebClient (2ec50ee79b65f60c8e8b4a03bbb3a42f) C:\WINDOWS\System32\webclnt.dll
08:26:54.0765 1352 WebClient - ok
08:26:54.0828 1352 winmgmt (40911e98d0f1cbb1015f2101982f1ddf) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:26:54.0828 1352 winmgmt - ok
08:26:54.0937 1352 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Programmi\Windows Live\installer\WLSetupSvc.exe
08:26:54.0937 1352 WLSetupSvc - ok
08:26:54.0984 1352 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
08:26:54.0984 1352 WmdmPmSN - ok
08:26:55.0046 1352 Wmi (f63cb6dbe268ea0620c67a90cf43885e) C:\WINDOWS\System32\advapi32.dll
08:26:55.0062 1352 Wmi - ok
08:26:55.0093 1352 WmiApSrv (81fd02839fdb10acf0ec40b809b9f8cc) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:26:55.0093 1352 WmiApSrv - ok
08:26:55.0187 1352 WMPNetworkSvc (f30dc8f80cf65a323e8b6a2db81561e3) C:\Programmi\Windows Media Player\WMPNetwk.exe
08:26:55.0203 1352 WMPNetworkSvc - ok
08:26:55.0250 1352 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
08:26:55.0250 1352 WpdUsb - ok
08:26:55.0281 1352 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:26:55.0281 1352 WS2IFSL - ok
08:26:55.0312 1352 wscsvc (926d921c93cff1e19ef4de3e4c8368ca) C:\WINDOWS\system32\wscsvc.dll
08:26:55.0328 1352 wscsvc - ok
08:26:55.0359 1352 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:26:55.0359 1352 WSTCODEC - ok
08:26:55.0390 1352 wuauserv (cc48415e6c7cbaa441a3d6a6dccbcfa6) C:\WINDOWS\system32\wuauserv.dll
08:26:55.0390 1352 wuauserv - ok
08:26:55.0437 1352 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:26:55.0453 1352 WudfPf - ok
08:26:55.0468 1352 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:26:55.0484 1352 WudfRd - ok
08:26:55.0515 1352 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
08:26:55.0515 1352 WudfSvc - ok
08:26:55.0609 1352 wwEngineSvc (2b0f34fdfb7ec281bd308fe40a53dda6) C:\Programmi\Webroot\Washer\WasherSvc.exe
08:26:55.0609 1352 wwEngineSvc - ok
08:26:55.0656 1352 WZCSVC (053e0307a08cac60793e27e921b46b3e) C:\WINDOWS\System32\wzcsvc.dll
08:26:55.0671 1352 WZCSVC - ok
08:26:55.0687 1352 xcpip - ok
08:26:55.0718 1352 xmlprov (5526482dcba6047641b13bf9c75a74e0) C:\WINDOWS\System32\xmlprov.dll
08:26:55.0718 1352 xmlprov - ok
08:26:55.0734 1352 xpsec - ok
08:26:55.0781 1352 MBR (0x1B8) (05db01ba6567b64d20d0d42c1f755887) \Device\Harddisk0\DR0
08:26:55.0781 1352 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
08:26:55.0781 1352 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
08:26:55.0796 1352 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
08:26:55.0796 1352 \Device\Harddisk1\DR1 - ok
08:26:55.0812 1352 Boot (0x1200) (ae6a3430e2742d87e4d5a6bc52175c7f) \Device\Harddisk0\DR0\Partition0
08:26:55.0812 1352 \Device\Harddisk0\DR0\Partition0 - ok
08:26:55.0828 1352 Boot (0x1200) (3392f2fc821199b1460a5d6f87d3e9c6) \Device\Harddisk0\DR0\Partition1
08:26:55.0828 1352 \Device\Harddisk0\DR0\Partition1 - ok
08:26:55.0843 1352 Boot (0x1200) (6855c94b0d8bfa9963497eb71685e6a5) \Device\Harddisk1\DR1\Partition0
08:26:55.0843 1352 \Device\Harddisk1\DR1\Partition0 - ok
08:26:55.0843 1352 ============================================================
08:26:55.0843 1352 Scan finished
08:26:55.0843 1352 ============================================================
08:26:55.0859 3852 Detected object count: 1
08:26:55.0859 3852 Actual detected object count: 1
08:27:07.0000 3852 \Device\Harddisk0\DR0\# - copied to quarantine
08:27:07.0000 3852 \Device\Harddisk0\DR0 - copied to quarantine
08:27:07.0031 3852 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
08:27:07.0031 3852 \Device\Harddisk0\DR0 - ok
08:27:07.0031 3852 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
08:27:19.0593 2688 Deinitialize success

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 AM

Posted 24 April 2012 - 07:12 AM

HelpAsst_mebroot_fix

  • Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
  • Close out all other open programs and windows.
  • Double click the file to run it and follow any prompts.
  • If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
  • Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

    • helpasst -mbrt
  • Make sure you leave a space between helpasst and -mbrt !
  • When it completes, a log will open.
  • Please post the contents of that log.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 redfox62

redfox62
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 24 April 2012 - 08:58 AM

I have runned Helpasst_mebroot_fix.

No detection.....The pc seems ok and fast. I hope I have resolved... I have only some doubts about the maliciuos win32:MBroot code @sector...625137348 finded by aswMBR...

Thank you very much for helping!!!
Daniele

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 AM

Posted 24 April 2012 - 12:34 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 AM

Posted 24 April 2012 - 12:37 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"49155:TCP"=-
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 redfox62

redfox62
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 26 April 2012 - 02:53 AM

Pc seems run very good and fast.
Here the Combofix log as request.
Thank you for all!
Daniele


ComboFix 12-04-22.02 - Avv. Daniele D'Amico 26/04/2012 9.18.39.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1389 [GMT 2:00]
Eseguito da: c:\documents and settings\Avv. Daniele D'Amico\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Avv. Daniele D'Amico\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000018-003C-0000-08EE-1200640F9B00}
AV: AntiVir Desktop *Enabled/Updated* {00000018-003C-0000-08EE-1200700F9B00}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\AVV~1.DAN\IMPOST~1\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\Avv. Daniele D'Amico\Impostazioni locali\temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Files Creati Da 2012-03-26 al 2012-04-26 )))))))))))))))))))))))))))))))))))
.
.
2012-04-24 14:10 . 2012-04-24 14:06 89088 ----a-w- C:\mbr.exe
2012-04-24 13:53 . 2012-04-24 13:53 -------- d-----w- C:\HelpAsst_backup
2012-04-24 06:51 . 2012-04-24 06:51 -------- d-----w- c:\documents and settings\Avv. Daniele D'Amico\Dati applicazioni\SUPERAntiSpyware.com
2012-04-24 06:50 . 2012-04-24 06:51 -------- d-----w- c:\programmi\SUPERAntiSpyware
2012-04-24 06:50 . 2012-04-24 06:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2012-04-24 06:27 . 2012-04-24 06:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-24 06:11 . 2012-04-24 06:11 -------- d-----w- c:\documents and settings\Avv. Daniele D'Amico\Impostazioni locali\Dati applicazioni\PCHealth
2012-04-23 17:19 . 2012-04-23 17:19 388096 ----a-r- c:\documents and settings\Avv. Daniele D'Amico\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-23 17:19 . 2012-04-23 17:19 -------- d-----w- c:\programmi\Trend Micro
2012-04-23 15:32 . 2012-04-24 06:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2012-04-23 10:19 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-23 09:53 . 2012-04-23 09:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-23 06:07 . 2012-04-23 06:07 -------- d-----w- c:\documents and settings\Avv. Daniele D'Amico\Dati applicazioni\TeamViewer
2012-04-23 06:06 . 2012-04-23 06:06 -------- d-----w- c:\programmi\TeamViewer
2012-04-23 06:02 . 2012-04-23 06:19 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-21 15:41 . 2012-04-21 15:41 -------- d-----w- c:\programmi\File comuni\Logitech
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-23 09:53 . 2010-04-29 10:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-23 06:19 . 2011-05-24 06:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2009-03-30 14:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-10 01:32 . 2012-03-10 01:32 4431872 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-01 11:00 . 2004-08-19 14:39 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2004-08-19 14:39 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:00 . 2004-08-19 14:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2008-05-07 10:29 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:10 . 2004-08-19 14:39 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 12:17 . 2004-08-19 14:26 385024 ----a-w- c:\windows\system32\html.iec
2012-02-15 13:41 . 2012-01-04 17:44 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-03 09:57 . 2008-05-07 10:29 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-03-20 08:58 . 2011-05-06 06:58 97208 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-09-29 20880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2009-8-25 805392]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *\0ssiefr.e
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Avv. Daniele D'Amico^Menu Avvio^Programmi^Esecuzione automatica^Logitech . Registrazione prodotti.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:14 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\programmi\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 16:22 421736 ----a-w- c:\programmi\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 01:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 16:25 1961984 ----a-w- c:\programmi\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 20:56 204288 ------w- c:\programmi\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"PDSched"=3 (0x3)
"ose"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1c998f2177093f2"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ServiceLayer"=3 (0x3)
"Bonjour Service"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\programmi\Windows Media Player\WMPNSCFG.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"49155:TCP"= 49155:TCP:vuze
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [04/01/2012 19.44.10 36000]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 18.27.02 12880]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 23.55.22 67664]
R2 !SASCORE;SAS Core Service;c:\programmi\SUPERAntiSpyware\SASCore.exe [12/08/2011 1.38.07 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [04/01/2012 19.44.11 86224]
R2 CDMA Device Service;CDMA Device Service;c:\programmi\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe [14/09/2011 16.37.29 63488]
R2 CobianBackupAmanita;Cobian Backup 9 servizio;c:\programmi\Cobian Backup 9\cbService.exe [16/02/2009 18.54.39 583168]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [30/03/2009 16.46.34 654408]
R2 PD91Agent;PD91Agent;c:\programmi\Raxco\PerfectDisk2008\PD91Agent.exe [16/01/2008 11.52.44 664840]
R2 wwEngineSvc;Window Washer Engine;c:\programmi\Webroot\Washer\WasherSvc.exe [24/04/2008 16.54.18 598856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30/03/2009 16.46.34 22344]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 MpKsl19d94e45;MpKsl19d94e45;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{C09424EE-3648-4C3D-8071-22DABABE5D86}\MpKsl19d94e45.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{C09424EE-3648-4C3D-8071-22DABABE5D86}\MpKsl19d94e45.sys [?]
S3 ADM8511;Convertitore ADMtek ADM8511/AN986 da USB a Fast Ethernet;c:\windows\system32\drivers\adm8511.sys [27/02/2006 9.46.21 20160]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [23/04/2012 8.02.18 253088]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [14/09/2011 16.37.18 30312]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [27/02/2009 17.43.09 133104]
S3 nmwcdnsu;nmwcdnsu;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;nmwcdnsuc;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 P1050VID;Creative WebCam Pro eX (Video);c:\windows\system32\drivers\P1050Wnt.sys [07/02/2006 18.53.13 179853]
S3 PD91Engine;PD91Engine;c:\programmi\Raxco\PerfectDisk2008\PD91Engine.exe [16/01/2008 11.52.48 894216]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [14/09/2011 16.37.18 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [14/09/2011 16.37.19 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [14/09/2011 16.37.19 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [14/09/2011 16.37.19 114280]
S3 xpsec;Driver IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S4 gupdate1c998f2177093f2;Servizio di Google Update (gupdate1c998f2177093f2);c:\programmi\Google\Update\GoogleUpdate.exe [27/02/2009 17.43.09 133104]
S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [14/03/2006 17.17.43 159616]
S4 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [14/03/2006 17.17.43 5248]
.
--- Altri Servizi/Drivers In Memoria ---
.
*Deregistered* - uphcleanhlp
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 06:19]
.
2012-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-27 15:43]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-27 15:43]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1390067357-682003330-1005Core.job
- c:\documents and settings\Avv. Daniele D'Amico\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-04-21 16:10]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1390067357-682003330-1005UA.job
- c:\documents and settings\Avv. Daniele D'Amico\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-04-21 16:10]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Avv. Daniele D'Amico\Dati applicazioni\Mozilla\Firefox\Profiles\bh16pu80.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-26 09:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\09\01\1a\0d\182«"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows Media Format SDK\SP0\KB891122\Filelist]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Mass Storage]
@DACL=(02 0000)
"DeviceInterface"="{53F5630D-B6BF-11D0-94F2-00A0C91EFB8B}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players]
@DACL=(02 0000)
"DeviceInterface"="{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}"
"FilterParameter"="UseExtendedWmdm"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE]
@DACL=(02 0000)
"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE RNDIS]
@DACL=(02 0000)
"DeviceInterface"="{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDevices]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDevice]
@DACL=(02 0000)
"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"
"WMDMSPCLSID"="{067B4B81-B1EC-489f-B111-940EBDC44EBE}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDeviceRNDIS]
@DACL=(02 0000)
"DeviceInterface"="{ad498944-762f-11d0-8dcb-00c04fc3358c}"
"WMDMSPCLSID"="{067B4B81-B1EC-489f-B111-940EBDC44EBE}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\NeroBurnPlugin]
@DACL=(02 0000)
"ProgID"="MDNeroBurnPlugin.MDNeroBurnPlugin"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1128)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(2344)
c:\windows\system32\WININET.dll
c:\programmi\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\UPHClean\uphclean.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\windows\SOUNDMAN.EXE
c:\programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Ora fine scansione: 2012-04-26 09:30:32 - Il pc č stato riavviato
ComboFix-quarantined-files.txt 2012-04-26 07:30
.
Pre-Run: 35.503.464.448 byte disponibili
Post-Run: 35.485.679.616 byte disponibili
.
- - End Of File - - 6649346DEED6AB16A9E5A8F9411595CC

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 AM

Posted 26 April 2012 - 06:39 AM

Hello Daniele

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 redfox62

redfox62
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 26 April 2012 - 07:37 AM

Ok.
Then....i have already disinstalled Java Update 29 and installed the update version.....
I have not disinstalled uTorrent, because I only use it for secure torrent files on specialised and legal live music forum. I does not download nothing else!

Here the MBAM and Hijackthis log.


Malwarebytes Anti-Malware (Prova) 1.61.0.1400
www.malwarebytes.org

Versione database: v2012.04.26.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Avv. Daniele D'Amico :: PRE-0B8EC001DD0 [amministratore]

Protezione: Disattivata

26/04/2012 14.17.02
mbam-log-2012-04-26 (14-17-02).txt

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 229199
Tempo impiegato: 7 minuti, 18 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14.33.17, on 26/04/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
C:\Programmi\Cobian Backup 9\cbService.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Programmi\UPHClean\uphclean.exe
C:\Programmi\Webroot\Washer\WasherSvc.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
C:\Documents and Settings\Avv. Daniele D'Amico\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Avv. Daniele D'Amico\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Avv. Daniele D'Amico\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [KiesPDLR] C:\Programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CDMA Device Service - Unknown owner - C:\Programmi\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
O23 - Service: Cobian Backup 9 servizio (CobianBackupAmanita) - Luis Cobian - C:\Programmi\Cobian Backup 9\cbService.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows ® Codename Longhorn DDK provider - C:\Programmi\UPHClean\uphclean.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Programmi\Webroot\Washer\WasherSvc.exe

--
End of file - 7221 bytes


Thank you
Daniele

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 AM

Posted 26 April 2012 - 12:33 PM

Greetings Daniele

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [KiesPDLR] C:\Programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
      O4 - Global Startup: Logitech SetPoint.lnk = ?
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users