Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

bagle infection (only a sospect)


  • This topic is locked This topic is locked
26 replies to this topic

#1 itmak

itmak

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 26 May 2012 - 02:41 PM

hi! i've this problem on my brother's pc: it doesn't connect on the internet, it seems to go a little slower, it sayes that it can't connect to the wife connection and it's asking to text the network key (when i switch on the pc it spontaneously appeares). i've looked on forums what it should be, and in my opnion it seems to be a bagle infection. my brother told me that he had scanned the pc with avast and malwarebytes, and they both had found nothing.. i've tried to start combofix but it doesn't start. i've just started a new scan with anti malware.. i'm going to publish the log as soon as possible.
thanks for the help.

ps: i've scanned the pc also with hijackthis, i've tested the log on http://www.hijackthis.de/it#anl and there was nothing of dangerous. do you think that this website can be usefull? i know that hijack is not so powerfull.. the question is: is it better than an avast scan?
ps2: eset online scanner, which i've started to use as an extra tool in scaning the pc, doesn't work because it can't download anything.

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 01 June 2012 - 02:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/454965 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 itmak

itmak
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 02 June 2012 - 03:27 PM

hi! i still need some help! the computer still doesn't connect to the internect:it sayes that it can't connect to the wife connection and it's asking to text the network ke. it appears to go slow (it's my brother pc.. i don't use it so much.. but it seems not fast as i remember). i've made a scan also with malwarebites.. i'ven't the cd of windows.. i wasn't able to upload attach.txt and gmer.txt and dds.txt
.

dds.txt
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Paolo at 15:48:24 on 2012-04-02
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.495.61 [GMT 2:00]

.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Alwil Software\Avast5\avastUI.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Programmi\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.it/
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\programmi\alwil software\avast5\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\programmi\alwil software\avast5\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [POEngine5]
uRun: [PokerStrategy.com SideKick] "c:\documents and settings\paolo\menu avvio\programmi\pokerstrategy.com\PokerStrategy.com SideKick.appref-ms"
mRun: [MobileBroadband] c:\programmi\vodafone\vodafone mobile broadband\bin\MobileBroadband.exe /silent
mRun: [SunJavaUpdateSched] "c:\programmi\file comuni\java\java update\jusched.exe"
mRun: [avast] "c:\programmi\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\programmi\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\pokerstars.it\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-25 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-3 337880]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\documents and settings\all users\documenti\winxpvirtualcdcontrolpanel_21\VCdRom.sys [2011-5-3 8576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-3 20696]
R2 avast! Antivirus;avast! Antivirus;c:\programmi\alwil software\avast5\AvastSvc.exe [2011-5-3 44768]
R2 MBAMService;MBAMService;c:\programmi\malwarebytes' anti-malware\mbamservice.exe [2012-4-11 654408]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\telecom italia\wanminiport1st\srvany.exe [2011-7-26 8192]
R2 postgresql-9.1;postgresql-9.1 - PostgreSQL Server 9.1;C:/Programmi/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N "postgresql-9.1" -D "C:/Programmi/PostgreSQL/9.1/data" -w --> C:/Programmi/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N postgresql-9.1 [?]
R2 VmbService;Servizio Vodafone Mobile Broadband;c:\programmi\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-9-8 8704]
R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [2011-5-3 140288]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-11 22344]
R3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [2010-9-1 80000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Servizio Google Update (gupdate);c:\programmi\google\update\GoogleUpdate.exe [2012-2-27 136176]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\google\update\GoogleUpdate.exe [2012-2-27 136176]
S3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_cdc_acm.sys [2010-9-1 85888]
S3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\drivers\vodafone_K3805-z_cdc_ecm.sys [2010-9-1 50304]
S3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\drivers\vodafone_K3805-z_cpo.sys [2010-9-1 9728]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-26 06:13:02 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\Help
2012-05-24 20:11:32 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-05-24 20:11:32 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-24 20:05:46 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\Hold'em_Manager
2012-05-24 20:05:43 -------- d-----w- c:\documents and settings\paolo\dati applicazioni\HEM Data
2012-05-24 17:12:13 -------- d-----w- c:\programmi\ESET
2012-04-28 17:40:57 -------- d-----w- C:\JOKA POKER JPC
2012-04-23 15:10:51 -------- d-----w- C:\HM2Archive
2012-04-16 23:39:56 -------- d-----w- c:\programmi\Holdem Manager 2
2012-04-16 20:29:38 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\Deployment
2012-04-11 17:15:21 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-11 17:15:21 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2012-04-08 09:53:08 -------- d-----w- c:\windows\system32\NtmsData
2012-04-08 09:47:23 -------- d-----w- c:\programmi\Acer Dialer
2012-04-07 19:20:56 -------- d-----w- c:\programmi\CCleaner
2012-03-27 10:46:42 -------- d-s---w- C:\ComboFix
2012-03-26 17:26:36 388096 ----a-r- c:\documents and settings\paolo\dati applicazioni\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-26 17:26:34 -------- d-----w- c:\programmi\Trend Micro
2012-03-21 20:50:40 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\IsolatedStorage
2012-03-21 20:50:40 -------- d-----w- c:\documents and settings\all users\dati applicazioni\XHEO INC
2012-03-21 20:48:53 -------- d-----w- c:\documents and settings\paolo\dati applicazioni\HoldemManager
2012-03-21 20:37:57 -------- d-----w- c:\programmi\PSQLINSTALL
2012-03-19 20:59:35 -------- d-----w- c:\windows\system32\appmgmt
.
==================== Find3M ====================
.
2012-03-07 00:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-12 17:20:32 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:36 3072 ------w- c:\windows\system32\iacenc.dll
.
============= FINISH: 15.49.28,17 ===============






GMER.LOG
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-02 18:52:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK4025GAS rev.KA100A
Running: i739ygg8.exe; Driver: C:\DOCUME~1\Paolo\IMPOST~1\Temp\uwddyaob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB20B0DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB2165A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB20B185E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB20DDD5D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB20B62E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB20B6330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB20B6422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB20DD711]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB20B6252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB20B6374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB20B629A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB20B63DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB20B0E44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB20DE423]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB20DE6D9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB20B39A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB20DE28E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB20DE0F9]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB2165B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB20B0AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB20B0E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB20B3D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB20B1B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB20B630E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB20B6352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB20B6446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB20DDA6D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB20B6278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB20B3518]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB20B63AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB20B62C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB20B374C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB20B6400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB2165CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB20DDF74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB20B19CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB20DDDC6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB216FB68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB20DCD84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB20B0EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB20B0F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB20B0B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB20B0CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB20DE52A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB20B0C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB20B0D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xB2165D60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB20B0F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xB2165BE0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB217BD92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ObInsertObject 805650BA 5 Bytes JMP B217A74C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB08 4 Bytes CALL B20B219F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058124C 7 Bytes JMP B217BD96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A038B 5 Bytes JMP B2178C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xBA67E900]
.text win32k.sys!EngFreeUserMem + 674 BF8098E2 5 Bytes JMP B20B5180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C83E 5 Bytes JMP B20B507C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138D6 5 Bytes JMP B20B5036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11F0 BF81C55D 5 Bytes JMP B20B4724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240CD 5 Bytes JMP B20B3F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A37 5 Bytes JMP B20B52EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831482 5 Bytes JMP B20B54F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF839EC0 5 Bytes JMP B20B4F3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851755 5 Bytes JMP B20B3E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC7A 5 Bytes JMP B20B47E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2E4 5 Bytes JMP B20B4384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E36F 5 Bytes JMP B20B4562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5E2 5 Bytes JMP B20B3E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649B1 5 Bytes JMP B20B50BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873D00 5 Bytes JMP B20B451C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890FB2 5 Bytes JMP B20B47FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89455D 5 Bytes JMP B20B5232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895035 5 Bytes JMP B20B5450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3857 BF89C3DB 5 Bytes JMP B20B470C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89D970 5 Bytes JMP B20B3FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C1EF0 5 Bytes JMP B20B4104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA352 5 Bytes JMP B20B41AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA5D2 5 Bytes JMP B20B42E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC027 5 Bytes JMP B20B3D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB51 BF8F503A 5 Bytes JMP B20B473C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF91353B 5 Bytes JMP B20B3F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF91410F 5 Bytes JMP B20B40B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F2C BF916A88 5 Bytes JMP B20B467C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1940 BF946607 5 Bytes JMP B20B53A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\DOCUME~1\Paolo\IMPOST~1\Temp\mbr.sys Impossibile trovare il file specificato. !

---- User code sections - GMER 1.0.15 ----

.text C:\Programmi\Google\Update\GoogleUpdate.exe[388] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programmi\Google\Update\GoogleUpdate.exe[388] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programmi\Google\Update\GoogleUpdate.exe[388] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programmi\Google\Update\GoogleUpdate.exe[388] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programmi\Google\Update\GoogleUpdate.exe[388] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00391014
.text C:\Programmi\Google\Update\GoogleUpdate.exe[388] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00390804
.text C:\Programmi\Google\Update\GoogleUpdate.exe[388] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00390A08
.text C:\Programmi\Google\Update\GoogleUpdate.exe[388] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00390C0C
.text C:\Programmi\Google\Update\GoogleUpdate.exe[388] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00390E10
.text C:\Programmi\Google\Update\GoogleUpdate.exe[388] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003901F8
.text C:\Programmi\Google\Update\GoogleUpdate.exe[388] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003903FC
.text C:\Programmi\Google\Update\GoogleUpdate.exe[388] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00390600
.text C:\Programmi\Google\Update\GoogleUpdate.exe[388] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Programmi\Google\Update\GoogleUpdate.exe[388] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Programmi\Google\Update\GoogleUpdate.exe[388] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Programmi\Google\Update\GoogleUpdate.exe[388] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Programmi\Google\Update\GoogleUpdate.exe[388] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
.text C:\Programmi\Java\jre6\bin\jqs.exe[476] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programmi\Java\jre6\bin\jqs.exe[476] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programmi\Java\jre6\bin\jqs.exe[476] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programmi\Java\jre6\bin\jqs.exe[476] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programmi\Java\jre6\bin\jqs.exe[476] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00391014
.text C:\Programmi\Java\jre6\bin\jqs.exe[476] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00390804
.text C:\Programmi\Java\jre6\bin\jqs.exe[476] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00390A08
.text C:\Programmi\Java\jre6\bin\jqs.exe[476] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00390C0C
.text C:\Programmi\Java\jre6\bin\jqs.exe[476] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00390E10
.text C:\Programmi\Java\jre6\bin\jqs.exe[476] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003901F8
.text C:\Programmi\Java\jre6\bin\jqs.exe[476] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003903FC
.text C:\Programmi\Java\jre6\bin\jqs.exe[476] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00390600
.text C:\Programmi\Java\jre6\bin\jqs.exe[476] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Programmi\Java\jre6\bin\jqs.exe[476] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Programmi\Java\jre6\bin\jqs.exe[476] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Programmi\Java\jre6\bin\jqs.exe[476] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Programmi\Java\jre6\bin\jqs.exe[476] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[516] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[516] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Paolo\Desktop\i739ygg8.exe[576] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Documents and Settings\Paolo\Desktop\i739ygg8.exe[576] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[704] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000501F8
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[704] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[704] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000503FC
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[704] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[704] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 003D1014
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[704] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 003D0804
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[704] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 003D0A08
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[704] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 003D0C0C
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[704] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 003D0E10
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[704] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003D01F8
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[704] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003D03FC
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[704] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 003D0600
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[704] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003E0804
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[704] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003E0A08
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[704] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003E0600
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[704] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003E01F8
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe[704] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\csrss.exe[712] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[712] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[736] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[736] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00421014
.text C:\WINDOWS\system32\winlogon.exe[736] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00420804
.text C:\WINDOWS\system32\winlogon.exe[736] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00420A08
.text C:\WINDOWS\system32\winlogon.exe[736] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00420C0C
.text C:\WINDOWS\system32\winlogon.exe[736] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00420E10
.text C:\WINDOWS\system32\winlogon.exe[736] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 004201F8
.text C:\WINDOWS\system32\winlogon.exe[736] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 004203FC
.text C:\WINDOWS\system32\winlogon.exe[736] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00420600
.text C:\WINDOWS\system32\winlogon.exe[736] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00430804
.text C:\WINDOWS\system32\winlogon.exe[736] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00430A08
.text C:\WINDOWS\system32\winlogon.exe[736] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00430600
.text C:\WINDOWS\system32\winlogon.exe[736] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 004301F8
.text C:\WINDOWS\system32\winlogon.exe[736] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 004303FC
.text C:\WINDOWS\system32\services.exe[780] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[780] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[780] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[780] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[780] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[780] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[780] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[780] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[792] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[792] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[792] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[792] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[792] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1032] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1032] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1032] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1032] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1032] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1032] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1032] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1032] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1032] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1032] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe[1100] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe[1100] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe[1100] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe[1100] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00391014
.text C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00390804
.text C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00390A08
.text C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00390C0C
.text C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00390E10
.text C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe[1100] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003901F8
.text C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe[1100] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003903FC
.text C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe[1100] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00390600
.text C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe[1100] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe[1100] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe[1100] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe[1100] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe[1100] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
.text C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe[1416] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000801F8
.text C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe[1416] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe[1416] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000803FC
.text C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe[1416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe[1416] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe[1416] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe[1416] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe[1416] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe[1416] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe[1416] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002D1014
.text C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe[1416] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002D0804
.text C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe[1416] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002D0A08
.text C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe[1416] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002D0C0C
.text C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe[1416] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002D0E10
.text C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe[1416] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002D01F8
.text C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe[1416] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002D03FC
.text C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe[1416] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002D0600
.text C:\Programmi\Alwil Software\Avast5\AvastSvc.exe[1480] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programmi\Alwil Software\Avast5\AvastSvc.exe[1480] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Programmi\Alwil Software\Avast5\AvastSvc.exe[1480] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programmi\PostgreSQL\9.1\bin\pg_ctl.exe[1584] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000501F8
.text C:\Programmi\PostgreSQL\9.1\bin\pg_ctl.exe[1584] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programmi\PostgreSQL\9.1\bin\pg_ctl.exe[1584] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000503FC
.text C:\Programmi\PostgreSQL\9.1\bin\pg_ctl.exe[1584] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programmi\PostgreSQL\9.1\bin\pg_ctl.exe[1584] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00841014
.text C:\Programmi\PostgreSQL\9.1\bin\pg_ctl.exe[1584] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00840804
.text C:\Programmi\PostgreSQL\9.1\bin\pg_ctl.exe[1584] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00840A08
.text C:\Programmi\PostgreSQL\9.1\bin\pg_ctl.exe[1584] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00840C0C
.text C:\Programmi\PostgreSQL\9.1\bin\pg_ctl.exe[1584] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00840E10
.text C:\Programmi\PostgreSQL\9.1\bin\pg_ctl.exe[1584] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 008401F8
.text C:\Programmi\PostgreSQL\9.1\bin\pg_ctl.exe[1584] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 008403FC
.text C:\Programmi\PostgreSQL\9.1\bin\pg_ctl.exe[1584] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00840600
.text C:\Programmi\PostgreSQL\9.1\bin\pg_ctl.exe[1584] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00850804
.text C:\Programmi\PostgreSQL\9.1\bin\pg_ctl.exe[1584] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00850A08
.text C:\Programmi\PostgreSQL\9.1\bin\pg_ctl.exe[1584] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00850600
.text C:\Programmi\PostgreSQL\9.1\bin\pg_ctl.exe[1584] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 008501F8
.text C:\Programmi\PostgreSQL\9.1\bin\pg_ctl.exe[1584] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 008503FC
.text C:\Programmi\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[1604] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programmi\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[1604] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programmi\File comuni\Java\Java Update\jusched.exe[1632] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programmi\File comuni\Java\Java Update\jusched.exe[1632] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programmi\File comuni\Java\Java Update\jusched.exe[1632] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programmi\File comuni\Java\Java Update\jusched.exe[1632] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programmi\File comuni\Java\Java Update\jusched.exe[1632] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 003A1014
.text C:\Programmi\File comuni\Java\Java Update\jusched.exe[1632] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 003A0804
.text C:\Programmi\File comuni\Java\Java Update\jusched.exe[1632] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 003A0A08
.text C:\Programmi\File comuni\Java\Java Update\jusched.exe[1632] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 003A0C0C
.text C:\Programmi\File comuni\Java\Java Update\jusched.exe[1632] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 003A0E10
.text C:\Programmi\File comuni\Java\Java Update\jusched.exe[1632] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003A01F8
.text C:\Programmi\File comuni\Java\Java Update\jusched.exe[1632] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003A03FC
.text C:\Programmi\File comuni\Java\Java Update\jusched.exe[1632] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 003A0600
.text C:\Programmi\File comuni\Java\Java Update\jusched.exe[1632] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003B0804
.text C:\Programmi\File comuni\Java\Java Update\jusched.exe[1632] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 3 Bytes JMP 003B0A08
.text C:\Programmi\File comuni\Java\Java Update\jusched.exe[1632] USER32.dll!UnhookWindowsHookEx + 4 7E3AD5F7 1 Byte [82]
.text C:\Programmi\File comuni\Java\Java Update\jusched.exe[1632] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003B0600
.text C:\Programmi\File comuni\Java\Java Update\jusched.exe[1632] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003B01F8
.text C:\Programmi\File comuni\Java\Java Update\jusched.exe[1632] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003B03FC
.text C:\Programmi\Alwil Software\Avast5\avastUI.exe[1648] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programmi\Alwil Software\Avast5\avastUI.exe[1648] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[1680] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000501F8
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[1680] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[1680] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000503FC
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[1680] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[1680] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002B1014
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[1680] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002B0804
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[1680] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002B0A08
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[1680] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002B0C0C
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[1680] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002B0E10
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[1680] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002B01F8
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[1680] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002B03FC
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[1680] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002B0600
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[1680] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[1680] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[1680] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[1680] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[1680] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[1720] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[1720] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1720] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\Explorer.EXE[1744] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1744] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1744] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1744] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[1744] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[1744] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[1744] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[1744] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\svchost.exe[1816] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1816] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1816] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1816] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1816] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1816] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1816] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1816] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\spoolsv.exe[1852] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1852] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1852] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1852] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[1852] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1852] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1852] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1852] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[1852] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1852] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[1852] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1852] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[1852] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[1852] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[1852] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[1852] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1972] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1972] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1972] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1972] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1972] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[1984] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000501F8
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[1984] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[1984] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000503FC
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[1984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[1984] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 003D1014
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[1984] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 003D0804
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[1984] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 003D0A08
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[1984] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 003D0C0C
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[1984] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 003D0E10
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[1984] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003D01F8
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[1984] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003D03FC
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[1984] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 003D0600
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[1984] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003E0804
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[1984] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003E0A08
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[1984] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003E0600
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[1984] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003E01F8
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[1984] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003E03FC
.text C:\Programmi\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[2032] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programmi\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[2032] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2220] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2220] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2528] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2528] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[2672] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[2672] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[2684] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[2684] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[2696] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[2696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[2708] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programmi\PostgreSQL\9.1\bin\postgres.exe[2708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3032] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3032] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3224] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3224] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[780] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[780] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
IAT C:\Programmi\Alwil Software\Avast5\AvastSvc.exe[1480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Programmi\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Programmi\Alwil Software\Avast5\avastUI.exe[1648] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Programmi\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----









ATTACH.TXT
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 03/05/2011 18.40.39
System Uptime: 02/04/2012 15.43.29 (0 hours ago)
.
Motherboard: Acer | | TravelMate 2350
Processor: Intel® Celeron® M processor 1500MHz | mPGA478 | 1498/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 27,7 GiB free.
D: is CDROM ()
E: is Removable
Z: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Modem PCI
Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_00711025&REV_03\3&61AAA01&0&FE
Manufacturer:
Name: Modem PCI
PNP Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_00711025&REV_03\3&61AAA01&0&FE
Service:
.
==== System Restore Points ===================
.
RP10: 26/03/2012 20.10.20 - Punto di arresto del sistema
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Aggiornamento della protezione per Windows Internet Explorer 7 (KB2497640)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2482017)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2497640)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2510531)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2530548)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2544521)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2559049)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2586448)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2618444)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2647516)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB982381)
Aggiornamento della protezione per Windows Media Player (KB975558)
Aggiornamento della protezione per Windows Media Player (KB978695)
Aggiornamento della protezione per Windows XP (KB2079403)
Aggiornamento della protezione per Windows XP (KB2115168)
Aggiornamento della protezione per Windows XP (KB2121546)
Aggiornamento della protezione per Windows XP (KB2296011)
Aggiornamento della protezione per Windows XP (KB2347290)
Aggiornamento della protezione per Windows XP (KB2360937)
Aggiornamento della protezione per Windows XP (KB2387149)
Aggiornamento della protezione per Windows XP (KB2393802)
Aggiornamento della protezione per Windows XP (KB2412687)
Aggiornamento della protezione per Windows XP (KB2419632)
Aggiornamento della protezione per Windows XP (KB2423089)
Aggiornamento della protezione per Windows XP (KB2440591)
Aggiornamento della protezione per Windows XP (KB2476490)
Aggiornamento della protezione per Windows XP (KB2476687)
Aggiornamento della protezione per Windows XP (KB2478960)
Aggiornamento della protezione per Windows XP (KB2478971)
Aggiornamento della protezione per Windows XP (KB2479943)
Aggiornamento della protezione per Windows XP (KB2481109)
Aggiornamento della protezione per Windows XP (KB2483185)
Aggiornamento della protezione per Windows XP (KB2485663)
Aggiornamento della protezione per Windows XP (KB2503658)
Aggiornamento della protezione per Windows XP (KB2503665)
Aggiornamento della protezione per Windows XP (KB2506212)
Aggiornamento della protezione per Windows XP (KB2506223)
Aggiornamento della protezione per Windows XP (KB2507618)
Aggiornamento della protezione per Windows XP (KB2507938)
Aggiornamento della protezione per Windows XP (KB2508272)
Aggiornamento della protezione per Windows XP (KB2508429)
Aggiornamento della protezione per Windows XP (KB2509553)
Aggiornamento della protezione per Windows XP (KB2510581)
Aggiornamento della protezione per Windows XP (KB2511455)
Aggiornamento della protezione per Windows XP (KB2524375)
Aggiornamento della protezione per Windows XP (KB2535512)
Aggiornamento della protezione per Windows XP (KB2536276-v2)
Aggiornamento della protezione per Windows XP (KB2536276)
Aggiornamento della protezione per Windows XP (KB2544893-v2)
Aggiornamento della protezione per Windows XP (KB2544893)
Aggiornamento della protezione per Windows XP (KB2555917)
Aggiornamento della protezione per Windows XP (KB2562937)
Aggiornamento della protezione per Windows XP (KB2566454)
Aggiornamento della protezione per Windows XP (KB2567053)
Aggiornamento della protezione per Windows XP (KB2567680)
Aggiornamento della protezione per Windows XP (KB2570222)
Aggiornamento della protezione per Windows XP (KB2570947)
Aggiornamento della protezione per Windows XP (KB2585542)
Aggiornamento della protezione per Windows XP (KB2592799)
Aggiornamento della protezione per Windows XP (KB2598479)
Aggiornamento della protezione per Windows XP (KB2603381)
Aggiornamento della protezione per Windows XP (KB2618451)
Aggiornamento della protezione per Windows XP (KB2619339)
Aggiornamento della protezione per Windows XP (KB2620712)
Aggiornamento della protezione per Windows XP (KB2624667)
Aggiornamento della protezione per Windows XP (KB2631813)
Aggiornamento della protezione per Windows XP (KB2633171)
Aggiornamento della protezione per Windows XP (KB2639417)
Aggiornamento della protezione per Windows XP (KB2646524)
Aggiornamento della protezione per Windows XP (KB2660465)
Aggiornamento della protezione per Windows XP (KB2661637)
Aggiornamento della protezione per Windows XP (KB923561)
Aggiornamento della protezione per Windows XP (KB923789)
Aggiornamento della protezione per Windows XP (KB950762)
Aggiornamento della protezione per Windows XP (KB950974)
Aggiornamento della protezione per Windows XP (KB951376-v2)
Aggiornamento della protezione per Windows XP (KB952004)
Aggiornamento della protezione per Windows XP (KB952954)
Aggiornamento della protezione per Windows XP (KB954459)
Aggiornamento della protezione per Windows XP (KB956572)
Aggiornamento della protezione per Windows XP (KB956744)
Aggiornamento della protezione per Windows XP (KB956802)
Aggiornamento della protezione per Windows XP (KB956844)
Aggiornamento della protezione per Windows XP (KB958644)
Aggiornamento della protezione per Windows XP (KB959426)
Aggiornamento della protezione per Windows XP (KB960803)
Aggiornamento della protezione per Windows XP (KB960859)
Aggiornamento della protezione per Windows XP (KB961501)
Aggiornamento della protezione per Windows XP (KB969059)
Aggiornamento della protezione per Windows XP (KB970430)
Aggiornamento della protezione per Windows XP (KB971657)
Aggiornamento della protezione per Windows XP (KB972270)
Aggiornamento della protezione per Windows XP (KB973507)
Aggiornamento della protezione per Windows XP (KB973869)
Aggiornamento della protezione per Windows XP (KB973904)
Aggiornamento della protezione per Windows XP (KB974112)
Aggiornamento della protezione per Windows XP (KB974318)
Aggiornamento della protezione per Windows XP (KB974392)
Aggiornamento della protezione per Windows XP (KB974571)
Aggiornamento della protezione per Windows XP (KB975467)
Aggiornamento della protezione per Windows XP (KB975560)
Aggiornamento della protezione per Windows XP (KB975562)
Aggiornamento della protezione per Windows XP (KB975713)
Aggiornamento della protezione per Windows XP (KB977816)
Aggiornamento della protezione per Windows XP (KB977914)
Aggiornamento della protezione per Windows XP (KB978338)
Aggiornamento della protezione per Windows XP (KB978542)
Aggiornamento della protezione per Windows XP (KB978601)
Aggiornamento della protezione per Windows XP (KB978706)
Aggiornamento della protezione per Windows XP (KB979482)
Aggiornamento della protezione per Windows XP (KB979687)
Aggiornamento della protezione per Windows XP (KB980436)
Aggiornamento della protezione per Windows XP (KB981322)
Aggiornamento della protezione per Windows XP (KB982132)
Aggiornamento della protezione per Windows XP (KB982665)
Aggiornamento della sicurezza per Microsoft Windows (KB2564958)
Aggiornamento per Windows Internet Explorer 8 (KB2447568)
Aggiornamento per Windows XP (KB2345886)
Aggiornamento per Windows XP (KB2467659)
Aggiornamento per Windows XP (KB2541763)
Aggiornamento per Windows XP (KB2607712)
Aggiornamento per Windows XP (KB2616676)
Aggiornamento per Windows XP (KB2641690)
Aggiornamento per Windows XP (KB898461)
Aggiornamento per Windows XP (KB951978)
Aggiornamento per Windows XP (KB955759)
Aggiornamento per Windows XP (KB967715)
Aggiornamento per Windows XP (KB968389)
Aggiornamento per Windows XP (KB971029)
Aggiornamento per Windows XP (KB971737)
Aggiornamento per Windows XP (KB973687)
Aggiornamento per Windows XP (KB973815)
Aggiornamento rapido per Windows Internet Explorer 7 (KB947864)
Aggiornamento rapido per Windows XP (KB2443685)
Aggiornamento rapido per Windows XP (KB2570791)
Aggiornamento rapido per Windows XP (KB2633952)
Aggiornamento rapido per Windows XP (KB942288-v3)
Aggiornamento rapido per Windows XP (KB952287)
Aggiornamento rapido per Windows XP (KB961118)
avast! Free Antivirus
bwin Poker JPC 1.0.0
CCleaner
Foxit Reader
GDpoker JPC 1.0.0
Google Update Helper
HiJackThis
Holdem Manager 2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Installazione Guidata Alice
Intel® Extreme Graphics 2 Driver
Java Auto Updater
Java™ 6 Update 25
Joka JPC 1.0.0
Malwarebytes Anti-Malware versione 1.61.0.1400
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
Microsoft .NET Framework 4 Client Profile ITA Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended - Language Pack (ITA)
Microsoft .NET Framework 4 Extended ITA Language Pack
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
PokerStars.it
PokerStrategy.com Equilab
PostgreSQL 9.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Vodafone Mobile Broadband Lite
WanMiniport1st
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
WinRAR archiver
.
==== End Of File ===========================

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:41 AM

Posted 02 June 2012 - 06:59 PM

Hi,

sorry for the slow reply,

I take it you have access to another machine to download and transfer programs

please do the following:


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT


Note: These instructions advise that the Recovery console will be downloaded - obviously you wont be able to do that without a connection, so just OK through that part, we will look after that once we have re-established the connection

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.



NEXT

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Edited by CatByte, 02 June 2012 - 07:00 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 itmak

itmak
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 03 June 2012 - 08:21 AM

hi! thanks for the help.. i've scanned the pc... combofix doesn't work. i can instal it, but the blue window disappear after just a few second and also the icon on the desktop disappear.
kaspersky scan:
13:00:32.0890 3580 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
13:00:33.0078 3580 ============================================================
13:00:33.0078 3580 Current date / time: 2012/04/03 13:00:33.0078
13:00:33.0078 3580 SystemInfo:
13:00:33.0078 3580
13:00:33.0078 3580 OS Version: 5.1.2600 ServicePack: 3.0
13:00:33.0078 3580 Product type: Workstation
13:00:33.0078 3580 ComputerName: TRAVELMATE
13:00:33.0078 3580 UserName: Paolo
13:00:33.0078 3580 Windows directory: C:\WINDOWS
13:00:33.0078 3580 System windows directory: C:\WINDOWS
13:00:33.0078 3580 Processor architecture: Intel x86
13:00:33.0078 3580 Number of processors: 1
13:00:33.0078 3580 Page size: 0x1000
13:00:33.0078 3580 Boot type: Normal boot
13:00:33.0078 3580 ============================================================
13:00:47.0984 3580 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:00:48.0359 3580 Drive \Device\Harddisk1\DR2 - Size: 0x7B000000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:00:48.0359 3580 ============================================================
13:00:48.0359 3580 \Device\Harddisk0\DR0:
13:00:48.0656 3580 MBR partitions:
13:00:48.0656 3580 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400
13:00:48.0656 3580 \Device\Harddisk1\DR2:
13:00:48.0656 3580 MBR partitions:
13:00:48.0656 3580 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x3D7FE0
13:00:48.0656 3580 ============================================================
13:00:50.0515 3580 C: <-> \Device\Harddisk0\DR0\Partition0
13:00:50.0734 3580 ============================================================
13:00:50.0734 3580 Initialize success
13:00:50.0734 3580 ============================================================
13:01:08.0078 1132 ============================================================
13:01:08.0078 1132 Scan started
13:01:08.0078 1132 Mode: Manual; TDLFS;
13:01:08.0078 1132 ============================================================
13:01:08.0796 1132 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
13:01:08.0796 1132 Aavmker4 - ok
13:01:08.0812 1132 Abiosdsk - ok
13:01:08.0828 1132 abp480n5 - ok
13:01:08.0984 1132 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:01:08.0984 1132 ACPI - ok
13:01:09.0093 1132 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:01:09.0171 1132 ACPIEC - ok
13:01:09.0187 1132 adpu160m - ok
13:01:09.0390 1132 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:01:09.0453 1132 aec - ok
13:01:09.0546 1132 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:01:09.0546 1132 AFD - ok
13:01:09.0562 1132 Aha154x - ok
13:01:09.0578 1132 aic78u2 - ok
13:01:09.0593 1132 aic78xx - ok
13:01:09.0906 1132 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
13:01:10.0015 1132 ALCXSENS - ok
13:01:10.0265 1132 ALCXWDM (4d4593c10f2c90d48da9fd1b14ace825) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
13:01:10.0281 1132 ALCXWDM - ok
13:01:10.0359 1132 Alerter (14a077ad0cf6116d1102631d8e1edee8) C:\WINDOWS\system32\alrsvc.dll
13:01:10.0359 1132 Alerter - ok
13:01:10.0453 1132 ALG (79fe2e0d7859738225816658f0bb2a0d) C:\WINDOWS\System32\alg.exe
13:01:10.0453 1132 ALG - ok
13:01:10.0468 1132 AliIde - ok
13:01:10.0484 1132 amsint - ok
13:01:10.0625 1132 AppMgmt (9062ed05b7519324fd7f0d6afb9d1147) C:\WINDOWS\System32\appmgmts.dll
13:01:10.0625 1132 AppMgmt - ok
13:01:10.0640 1132 asc - ok
13:01:10.0656 1132 asc3350p - ok
13:01:10.0671 1132 asc3550 - ok
13:01:11.0796 1132 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:01:11.0843 1132 aspnet_state - ok
13:01:11.0968 1132 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
13:01:11.0984 1132 aswFsBlk - ok
13:01:12.0078 1132 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
13:01:12.0125 1132 aswMon2 - ok
13:01:12.0281 1132 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
13:01:12.0281 1132 aswRdr - ok
13:01:12.0515 1132 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
13:01:12.0546 1132 aswSnx - ok
13:01:12.0703 1132 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
13:01:12.0718 1132 aswSP - ok
13:01:12.0812 1132 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
13:01:12.0843 1132 aswTdi - ok
13:01:12.0968 1132 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:01:12.0984 1132 AsyncMac - ok
13:01:13.0125 1132 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:01:13.0125 1132 atapi - ok
13:01:13.0140 1132 Atdisk - ok
13:01:13.0187 1132 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:01:13.0187 1132 Atmarpc - ok
13:01:13.0218 1132 AudioSrv (1b58d118049304e88464be614c6d0014) C:\WINDOWS\System32\audiosrv.dll
13:01:13.0218 1132 AudioSrv - ok
13:01:13.0312 1132 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:01:13.0328 1132 audstub - ok
13:01:13.0546 1132 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
13:01:13.0546 1132 avast! Antivirus - ok
13:01:13.0937 1132 BITS (48c4763a9c8990fb48b73445beb15d6a) C:\WINDOWS\system32\qmgr.dll
13:01:14.0031 1132 BITS - ok
13:01:14.0140 1132 Browser (4314623fd836e96a51343ce5c74b48a8) C:\WINDOWS\System32\browser.dll
13:01:14.0156 1132 Browser - ok
13:01:14.0218 1132 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:01:14.0250 1132 cbidf2k - ok
13:01:14.0265 1132 cd20xrnt - ok
13:01:14.0328 1132 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:01:14.0343 1132 Cdaudio - ok
13:01:14.0515 1132 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:01:14.0546 1132 Cdfs - ok
13:01:14.0578 1132 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:01:14.0640 1132 Cdrom - ok
13:01:14.0656 1132 Changer - ok
13:01:14.0687 1132 CiSvc (d04f2beb5ea63d0766e12e44aef7c38d) C:\WINDOWS\system32\cisvc.exe
13:01:14.0703 1132 CiSvc - ok
13:01:14.0750 1132 ClipSrv (b39855cc900bb6eda6312117f995d573) C:\WINDOWS\system32\clipsrv.exe
13:01:14.0750 1132 ClipSrv - ok
13:01:15.0015 1132 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:01:15.0171 1132 clr_optimization_v2.0.50727_32 - ok
13:01:16.0031 1132 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:01:16.0281 1132 clr_optimization_v4.0.30319_32 - ok
13:01:16.0359 1132 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:01:16.0375 1132 CmBatt - ok
13:01:16.0375 1132 CmdIde - ok
13:01:16.0437 1132 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:01:16.0484 1132 Compbatt - ok
13:01:16.0500 1132 COMSysApp - ok
13:01:16.0515 1132 Cpqarray - ok
13:01:16.0671 1132 CryptSvc (b6fcbb157e9c8abdca4134c535535a8b) C:\WINDOWS\System32\cryptsvc.dll
13:01:16.0687 1132 CryptSvc - ok
13:01:16.0687 1132 dac2w2k - ok
13:01:16.0718 1132 dac960nt - ok
13:01:16.0875 1132 DcomLaunch (bc4e0226341aaec1222336b3aed86bab) C:\WINDOWS\system32\rpcss.dll
13:01:16.0937 1132 DcomLaunch - ok
13:01:16.0984 1132 Dhcp (699ee7f752a25180aeb92c3a0eaee440) C:\WINDOWS\System32\dhcpcsvc.dll
13:01:16.0984 1132 Dhcp - ok
13:01:17.0046 1132 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:01:17.0046 1132 Disk - ok
13:01:17.0062 1132 dmadmin - ok
13:01:17.0234 1132 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
13:01:17.0281 1132 dmboot - ok
13:01:17.0328 1132 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
13:01:17.0328 1132 dmio - ok
13:01:17.0390 1132 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:01:17.0406 1132 dmload - ok
13:01:17.0453 1132 dmserver (a01858c50704b2d2edeebbf6bbbced2a) C:\WINDOWS\System32\dmserver.dll
13:01:17.0484 1132 dmserver - ok
13:01:17.0546 1132 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:01:17.0562 1132 DMusic - ok
13:01:17.0656 1132 Dnscache (b7a1162b1a26df7b60d5d9500006096c) C:\WINDOWS\System32\dnsrslvr.dll
13:01:17.0656 1132 Dnscache - ok
13:01:17.0781 1132 Dot3svc (d580d77dff316bd8c9d73b38695de8dc) C:\WINDOWS\System32\dot3svc.dll
13:01:17.0875 1132 Dot3svc - ok
13:01:17.0890 1132 dpti2o - ok
13:01:17.0937 1132 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:01:17.0937 1132 drmkaud - ok
13:01:17.0968 1132 EapHost (86b1f123bacd444e81960b339bae3ff2) C:\WINDOWS\System32\eapsvc.dll
13:01:18.0015 1132 EapHost - ok
13:01:18.0046 1132 ERSvc (b6599eda9f3ebef064504ee35bbeca1c) C:\WINDOWS\System32\ersvc.dll
13:01:18.0078 1132 ERSvc - ok
13:01:18.0218 1132 Eventlog (26845f272435302e0f3322e660a24f7d) C:\WINDOWS\system32\services.exe
13:01:18.0250 1132 Eventlog - ok
13:01:18.0484 1132 EventSystem (8360cb9756e598a5c6214eacfb3677c3) C:\WINDOWS\system32\es.dll
13:01:18.0546 1132 EventSystem - ok
13:01:18.0656 1132 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:01:18.0671 1132 Fastfat - ok
13:01:18.0718 1132 FastUserSwitchingCompatibility (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
13:01:18.0765 1132 FastUserSwitchingCompatibility - ok
13:01:18.0812 1132 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:01:18.0921 1132 Fdc - ok
13:01:18.0968 1132 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
13:01:19.0000 1132 Fips - ok
13:01:19.0046 1132 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:01:19.0078 1132 Flpydisk - ok
13:01:19.0140 1132 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:01:19.0187 1132 FltMgr - ok
13:01:19.0437 1132 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:01:19.0453 1132 FontCache3.0.0.0 - ok
13:01:19.0531 1132 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:01:19.0531 1132 Fs_Rec - ok
13:01:19.0578 1132 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:01:19.0593 1132 Ftdisk - ok
13:01:19.0625 1132 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:01:19.0640 1132 Gpc - ok
13:01:19.0984 1132 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programmi\Google\Update\GoogleUpdate.exe
13:01:20.0031 1132 gupdate - ok
13:01:20.0078 1132 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programmi\Google\Update\GoogleUpdate.exe
13:01:20.0078 1132 gupdatem - ok
13:01:20.0203 1132 HidServ (43d985a9a51e0295091b6ebe84c96b78) C:\WINDOWS\System32\hidserv.dll
13:01:20.0234 1132 HidServ - ok
13:01:20.0359 1132 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:01:20.0390 1132 HidUsb - ok
13:01:20.0453 1132 hkmsvc (00cad842f48947887a972828aca665f7) C:\WINDOWS\System32\kmsvc.dll
13:01:20.0484 1132 hkmsvc - ok
13:01:20.0500 1132 hpn - ok
13:01:20.0796 1132 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:01:20.0828 1132 HTTP - ok
13:01:20.0890 1132 HTTPFilter (450091aebfcd08e5858533eab5b9a436) C:\WINDOWS\System32\w3ssl.dll
13:01:20.0906 1132 HTTPFilter - ok
13:01:20.0921 1132 i2omgmt - ok
13:01:20.0921 1132 i2omp - ok
13:01:21.0031 1132 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:01:21.0031 1132 i8042prt - ok
13:01:21.0078 1132 ialm (b076eb745ec3c669d4ae953225366f1d) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:01:21.0156 1132 ialm - ok
13:01:22.0125 1132 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:01:22.0265 1132 idsvc - ok
13:01:22.0296 1132 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:01:22.0343 1132 Imapi - ok
13:01:22.0437 1132 ImapiService (db491237445f172fdddf00541de1a51d) C:\WINDOWS\system32\imapi.exe
13:01:22.0468 1132 ImapiService - ok
13:01:22.0484 1132 ini910u - ok
13:01:22.0562 1132 IntelIde (027fe9b28fb0f861c181d25923b31e78) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:01:22.0578 1132 IntelIde - ok
13:01:22.0656 1132 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:01:22.0656 1132 intelppm - ok
13:01:22.0703 1132 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:01:22.0734 1132 Ip6Fw - ok
13:01:22.0781 1132 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:01:22.0781 1132 IpFilterDriver - ok
13:01:22.0859 1132 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:01:22.0875 1132 IpInIp - ok
13:01:22.0921 1132 IPN2220 (eadcbd84f788d887e73d8c7691b2c508) C:\WINDOWS\system32\DRIVERS\i2220ntx.sys
13:01:22.0968 1132 IPN2220 - ok
13:01:23.0000 1132 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:01:23.0031 1132 IpNat - ok
13:01:23.0109 1132 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:01:23.0156 1132 IPSec - ok
13:01:23.0234 1132 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:01:23.0234 1132 IRENUM - ok
13:01:23.0343 1132 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:01:23.0343 1132 isapnp - ok
13:01:23.0734 1132 JavaQuickStarterService (f99444c6541527accdad019f3dc1eb4d) C:\Programmi\Java\jre6\bin\jqs.exe
13:01:23.0765 1132 JavaQuickStarterService - ok
13:01:23.0843 1132 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:01:23.0859 1132 Kbdclass - ok
13:01:23.0921 1132 kbdhid (4c61c226bdda2ef1672b2c5f4e56625e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:01:23.0921 1132 kbdhid - ok
13:01:23.0968 1132 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:01:23.0968 1132 kmixer - ok
13:01:24.0015 1132 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:01:24.0031 1132 KSecDD - ok
13:01:24.0156 1132 LanmanServer (0f726d49c0b19e5a506a1cdfce0ee42f) C:\WINDOWS\System32\srvsvc.dll
13:01:24.0187 1132 LanmanServer - ok
13:01:24.0375 1132 lanmanworkstation (e13b0181dda60b93e3253eff52a79cbe) C:\WINDOWS\System32\wkssvc.dll
13:01:24.0437 1132 lanmanworkstation - ok
13:01:24.0453 1132 lbrtfdc - ok
13:01:24.0531 1132 LmHosts (e01255727d0b158538d7c2b469b533a8) C:\WINDOWS\System32\lmhsvc.dll
13:01:24.0578 1132 LmHosts - ok
13:01:24.0703 1132 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
13:01:24.0812 1132 MBAMProtector - ok
13:01:25.0046 1132 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
13:01:25.0078 1132 MBAMService - ok
13:01:25.0140 1132 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
13:01:25.0156 1132 Modem - ok
13:01:25.0234 1132 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:01:25.0234 1132 Mouclass - ok
13:01:25.0296 1132 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:01:25.0296 1132 mouhid - ok
13:01:25.0390 1132 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:01:25.0406 1132 MountMgr - ok
13:01:25.0421 1132 mraid35x - ok
13:01:25.0453 1132 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:01:25.0468 1132 MRxDAV - ok
13:01:25.0656 1132 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:01:25.0687 1132 MRxSmb - ok
13:01:25.0765 1132 MSDTC (18f3faaf8fcd88bbfc29d8cf8fe991fa) C:\WINDOWS\system32\msdtc.exe
13:01:25.0796 1132 MSDTC - ok
13:01:25.0843 1132 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:01:25.0843 1132 Msfs - ok
13:01:25.0859 1132 MSIServer - ok
13:01:25.0953 1132 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:01:25.0953 1132 MSKSSRV - ok
13:01:26.0000 1132 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:01:26.0000 1132 MSPCLOCK - ok
13:01:26.0031 1132 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:01:26.0031 1132 MSPQM - ok
13:01:26.0062 1132 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:01:26.0078 1132 mssmbios - ok
13:01:26.0203 1132 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:01:26.0234 1132 Mup - ok
13:01:26.0468 1132 napagent (911587fd303c9690a428bb4b04732b61) C:\WINDOWS\System32\qagentrt.dll
13:01:26.0500 1132 napagent - ok
13:01:26.0609 1132 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:01:26.0687 1132 NDIS - ok
13:01:26.0765 1132 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:01:26.0781 1132 NdisTapi - ok
13:01:26.0843 1132 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:01:26.0859 1132 Ndisuio - ok
13:01:26.0921 1132 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:01:26.0921 1132 NdisWan - ok
13:01:27.0015 1132 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:01:27.0015 1132 NDProxy - ok
13:01:27.0062 1132 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:01:27.0078 1132 NetBIOS - ok
13:01:27.0109 1132 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:01:27.0125 1132 NetBT - ok
13:01:27.0156 1132 NetDDE (1b09227e41f414a93dbc0baf80c4d527) C:\WINDOWS\system32\netdde.exe
13:01:27.0171 1132 NetDDE - ok
13:01:27.0187 1132 NetDDEdsdm (1b09227e41f414a93dbc0baf80c4d527) C:\WINDOWS\system32\netdde.exe
13:01:27.0218 1132 NetDDEdsdm - ok
13:01:27.0281 1132 Netlogon (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
13:01:27.0296 1132 Netlogon - ok
13:01:27.0421 1132 Netman (02815b70fc4ca8611a926176f1c39fc2) C:\WINDOWS\System32\netman.dll
13:01:27.0421 1132 Netman - ok
13:01:28.0125 1132 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:01:28.0156 1132 NetTcpPortSharing - ok
13:01:28.0265 1132 Network WanMiniport First Position (4635935fc972c582632bf45c26bfcb0e) C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
13:01:28.0265 1132 Network WanMiniport First Position - ok
13:01:28.0328 1132 Nla (c6b69a18d39744725fb73ac85e46032b) C:\WINDOWS\System32\mswsock.dll
13:01:28.0343 1132 Nla - ok
13:01:28.0406 1132 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:01:28.0437 1132 Npfs - ok
13:01:28.0703 1132 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:01:28.0734 1132 Ntfs - ok
13:01:28.0750 1132 NtLmSsp (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
13:01:28.0765 1132 NtLmSsp - ok
13:01:28.0859 1132 NtmsSvc (89db90b5f35d2795d9fc56d933cc72b8) C:\WINDOWS\system32\ntmssvc.dll
13:01:28.0984 1132 NtmsSvc - ok
13:01:29.0046 1132 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:01:29.0093 1132 Null - ok
13:01:29.0281 1132 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
13:01:29.0296 1132 ose - ok
13:01:29.0390 1132 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\drivers\Parport.sys
13:01:29.0437 1132 Parport - ok
13:01:29.0468 1132 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:01:29.0468 1132 PartMgr - ok
13:01:29.0546 1132 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:01:29.0546 1132 ParVdm - ok
13:01:29.0656 1132 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
13:01:29.0656 1132 PCI - ok
13:01:29.0671 1132 PCIDump - ok
13:01:29.0750 1132 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:01:29.0750 1132 PCIIde - ok
13:01:29.0812 1132 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
13:01:29.0828 1132 Pcmcia - ok
13:01:29.0843 1132 PDCOMP - ok
13:01:29.0859 1132 PDFRAME - ok
13:01:29.0875 1132 PDRELI - ok
13:01:29.0890 1132 PDRFRAME - ok
13:01:29.0906 1132 perc2 - ok
13:01:29.0921 1132 perc2hib - ok
13:01:30.0046 1132 PlugPlay (26845f272435302e0f3322e660a24f7d) C:\WINDOWS\system32\services.exe
13:01:30.0062 1132 PlugPlay - ok
13:01:30.0078 1132 PolicyAgent (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
13:01:30.0078 1132 PolicyAgent - ok
13:01:30.0328 1132 postgresql-9.1 - ok
13:01:30.0437 1132 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:01:30.0484 1132 PptpMiniport - ok
13:01:30.0500 1132 ProtectedStorage (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
13:01:30.0500 1132 ProtectedStorage - ok
13:01:30.0531 1132 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:01:30.0578 1132 PSched - ok
13:01:30.0671 1132 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:01:30.0687 1132 Ptilink - ok
13:01:30.0703 1132 ql1080 - ok
13:01:30.0718 1132 Ql10wnt - ok
13:01:30.0734 1132 ql12160 - ok
13:01:30.0750 1132 ql1240 - ok
13:01:30.0765 1132 ql1280 - ok
13:01:30.0828 1132 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:01:30.0843 1132 RasAcd - ok
13:01:31.0000 1132 RasAuto (9839b418343d6e6e52659bdf3ff1fe67) C:\WINDOWS\System32\rasauto.dll
13:01:31.0031 1132 RasAuto - ok
13:01:31.0156 1132 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:01:31.0187 1132 Rasl2tp - ok
13:01:31.0375 1132 RasMan (62ad41548e720db4763b86f95e44f3fa) C:\WINDOWS\System32\rasmans.dll
13:01:31.0437 1132 RasMan - ok
13:01:31.0546 1132 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:01:31.0562 1132 RasPppoe - ok
13:01:31.0640 1132 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:01:31.0656 1132 Raspti - ok
13:01:31.0812 1132 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:01:31.0859 1132 Rdbss - ok
13:01:31.0890 1132 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:01:31.0968 1132 RDPCDD - ok
13:01:32.0140 1132 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:01:32.0171 1132 rdpdr - ok
13:01:32.0281 1132 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:01:32.0406 1132 RDPWD - ok
13:01:32.0609 1132 RDSessMgr (cc72e6ae90245f0ae48bf1236a7e1f9c) C:\WINDOWS\system32\sessmgr.exe
13:01:32.0687 1132 RDSessMgr - ok
13:01:32.0796 1132 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:01:32.0859 1132 redbook - ok
13:01:33.0031 1132 RemoteAccess (7ebbf16fbd3e0e34f084fa635c1844e3) C:\WINDOWS\System32\mprdim.dll
13:01:33.0046 1132 RemoteAccess - ok
13:01:33.0125 1132 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
13:01:33.0140 1132 ROOTMODEM - ok
13:01:33.0203 1132 RpcLocator (dc97f6c8a94691834439872b9e8ff2b3) C:\WINDOWS\system32\locator.exe
13:01:33.0250 1132 RpcLocator - ok
13:01:33.0500 1132 RpcSs (bc4e0226341aaec1222336b3aed86bab) C:\WINDOWS\system32\rpcss.dll
13:01:33.0515 1132 RpcSs - ok
13:01:33.0687 1132 RSVP (dce0d20f8fb66df41d53734bff9d66f0) C:\WINDOWS\system32\rsvp.exe
13:01:33.0734 1132 RSVP - ok
13:01:33.0828 1132 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
13:01:33.0843 1132 rtl8139 - ok
13:01:33.0921 1132 SamSs (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
13:01:33.0921 1132 SamSs - ok
13:01:34.0000 1132 SCardSvr (1d456f1cd76a80793c07ba52cf3a7455) C:\WINDOWS\System32\SCardSvr.exe
13:01:34.0046 1132 SCardSvr - ok
13:01:34.0187 1132 Schedule (511886e5bd060046cce8373e92e62edf) C:\WINDOWS\system32\schedsvc.dll
13:01:34.0218 1132 Schedule - ok
13:01:34.0296 1132 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:01:34.0343 1132 Secdrv - ok
13:01:34.0390 1132 seclogon (17c6354ca08e7c7972e12c67478ae134) C:\WINDOWS\System32\seclogon.dll
13:01:34.0421 1132 seclogon - ok
13:01:34.0500 1132 SENS (a0eca1ce0fccb29c5e4e1f416e95e73e) C:\WINDOWS\system32\sens.dll
13:01:34.0515 1132 SENS - ok
13:01:34.0593 1132 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\drivers\Serial.sys
13:01:34.0625 1132 Serial - ok
13:01:34.0718 1132 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:01:34.0734 1132 Sfloppy - ok
13:01:35.0046 1132 SharedAccess (152c0555925dfe028e3148fd215146bb) C:\WINDOWS\System32\ipnathlp.dll
13:01:35.0109 1132 SharedAccess - ok
13:01:35.0265 1132 ShellHWDetection (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
13:01:35.0281 1132 ShellHWDetection - ok
13:01:35.0296 1132 Simbad - ok
13:01:35.0328 1132 Sparrow - ok
13:01:35.0390 1132 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:01:35.0406 1132 splitter - ok
13:01:35.0453 1132 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:01:35.0484 1132 Spooler - ok
13:01:35.0718 1132 Sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
13:01:35.0750 1132 Sr - ok
13:01:35.0765 1132 srservice (b3e3da70a7a76e69b872de3d06d32c19) C:\WINDOWS\system32\srsvc.dll
13:01:35.0812 1132 srservice - ok
13:01:36.0234 1132 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:01:36.0296 1132 Srv - ok
13:01:36.0468 1132 SSDPSRV (5215569dd3a8fbc65a85e85f3c12258b) C:\WINDOWS\System32\ssdpsrv.dll
13:01:36.0500 1132 SSDPSRV - ok
13:01:36.0703 1132 stisvc (3b9263e137896e4d303494f116e00608) C:\WINDOWS\system32\wiaservc.dll
13:01:36.0843 1132 stisvc - ok
13:01:36.0921 1132 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:01:37.0015 1132 swenum - ok
13:01:37.0171 1132 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:01:37.0187 1132 swmidi - ok
13:01:37.0203 1132 SwPrv - ok
13:01:37.0218 1132 symc810 - ok
13:01:37.0234 1132 symc8xx - ok
13:01:37.0250 1132 sym_hi - ok
13:01:37.0265 1132 sym_u3 - ok
13:01:37.0359 1132 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:01:37.0406 1132 sysaudio - ok
13:01:37.0546 1132 SysmonLog (a34a9a872eec4c026fd542ac7156fe0b) C:\WINDOWS\system32\smlogsvc.exe
13:01:37.0609 1132 SysmonLog - ok
13:01:37.0765 1132 TapiSrv (6b85f1a9dce45d45bffad3222c21f297) C:\WINDOWS\System32\tapisrv.dll
13:01:37.0796 1132 TapiSrv - ok
13:01:38.0140 1132 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:01:38.0359 1132 Tcpip - ok
13:01:38.0484 1132 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:01:38.0515 1132 TDPIPE - ok
13:01:38.0562 1132 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:01:38.0656 1132 TDTCP - ok
13:01:38.0796 1132 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:01:38.0812 1132 TermDD - ok
13:01:39.0015 1132 TermService (fe5a5329ccfc33d645c33077ff04f052) C:\WINDOWS\System32\termsrv.dll
13:01:39.0218 1132 TermService - ok
13:01:39.0453 1132 Themes (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
13:01:39.0500 1132 Themes - ok
13:01:39.0625 1132 TlntSvr (2fff150ea4396956f10b66211687f335) C:\WINDOWS\system32\tlntsvr.exe
13:01:39.0812 1132 TlntSvr - ok
13:01:39.0859 1132 TosIde - ok
13:01:39.0937 1132 TrkWks (690294999df1248faf85d95b31955d0c) C:\WINDOWS\system32\trkwks.dll
13:01:40.0109 1132 TrkWks - ok
13:01:40.0437 1132 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:01:40.0515 1132 Udfs - ok
13:01:40.0515 1132 ultra - ok
13:01:40.0843 1132 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:01:41.0046 1132 Update - ok
13:01:41.0296 1132 upnphost (8057b0744d9842a090e51d2845861d5f) C:\WINDOWS\System32\upnphost.dll
13:01:41.0343 1132 upnphost - ok
13:01:41.0390 1132 UPS (f5e8b846ec10e1df8dca64119e2eb709) C:\WINDOWS\System32\ups.exe
13:01:41.0406 1132 UPS - ok
13:01:41.0484 1132 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:01:41.0484 1132 usbccgp - ok
13:01:41.0593 1132 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:01:41.0593 1132 usbehci - ok
13:01:41.0687 1132 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:01:41.0718 1132 usbhub - ok
13:01:41.0859 1132 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:01:41.0875 1132 USBSTOR - ok
13:01:41.0953 1132 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:01:42.0015 1132 usbuhci - ok
13:01:42.0328 1132 vcdrom (bfa4ae30b3ac10e9223830bf103f5a3f) C:\Documents and Settings\All Users\Documenti\winxpvirtualcdcontrolpanel_21\VCdRom.sys
13:01:42.0375 1132 vcdrom - ok
13:01:42.0453 1132 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:01:42.0484 1132 VgaSave - ok
13:01:42.0484 1132 ViaIde - ok
13:01:42.0953 1132 VmbService (184f8f8c967a8455b0397944e864bae0) C:\Programmi\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
13:01:42.0953 1132 VmbService - ok
13:01:43.0218 1132 vodafone_K3805-z_cdc_acm (58b38d0d3944f9ea5e451e7ac94170f3) C:\WINDOWS\system32\DRIVERS\vodafone_K3805-z_cdc_acm.sys
13:01:43.0234 1132 vodafone_K3805-z_cdc_acm - ok
13:01:43.0453 1132 vodafone_K3805-z_cdc_ecm (af066b09e09dc27fcfdc9e0afe804945) C:\WINDOWS\system32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys
13:01:43.0546 1132 vodafone_K3805-z_cdc_ecm - ok
13:01:43.0609 1132 vodafone_K3805-z_cpo (ee5c3866842670440216d0724d348a72) C:\WINDOWS\system32\DRIVERS\vodafone_K3805-z_cpo.sys
13:01:43.0734 1132 vodafone_K3805-z_cpo - ok
13:01:43.0859 1132 vodafone_K3805-z_dc_enum (381ba57c1ee2ab1bafcb4a6035cc305f) C:\WINDOWS\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
13:01:43.0875 1132 vodafone_K3805-z_dc_enum - ok
13:01:44.0031 1132 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
13:01:44.0046 1132 VolSnap - ok
13:01:44.0375 1132 VSS (c2fe17125256102f5b44194d5db0a799) C:\WINDOWS\System32\vssvc.exe
13:01:44.0421 1132 VSS - ok
13:01:44.0546 1132 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:01:44.0546 1132 Wanarp - ok
13:01:45.0046 1132 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
13:01:45.0218 1132 Wdf01000 - ok
13:01:45.0234 1132 WDICA - ok
13:01:45.0312 1132 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:01:45.0406 1132 wdmaud - ok
13:01:45.0500 1132 WebClient (2ec50ee79b65f60c8e8b4a03bbb3a42f) C:\WINDOWS\System32\webclnt.dll
13:01:45.0531 1132 WebClient - ok
13:01:45.0843 1132 winmgmt (40911e98d0f1cbb1015f2101982f1ddf) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:01:45.0890 1132 winmgmt - ok
13:01:46.0468 1132 Wmi (f63cb6dbe268ea0620c67a90cf43885e) C:\WINDOWS\System32\advapi32.dll
13:01:46.0906 1132 Wmi - ok
13:01:47.0125 1132 WmiApSrv (81fd02839fdb10acf0ec40b809b9f8cc) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:01:47.0125 1132 WmiApSrv - ok
13:01:49.0125 1132 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:01:49.0703 1132 WPFFontCache_v0400 - ok
13:01:49.0953 1132 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:01:49.0968 1132 WS2IFSL - ok
13:01:49.0984 1132 wscsvc - ok
13:01:50.0062 1132 wuauserv (cc48415e6c7cbaa441a3d6a6dccbcfa6) C:\WINDOWS\system32\wuauserv.dll
13:01:50.0078 1132 wuauserv - ok
13:01:50.0562 1132 WZCSVC (053e0307a08cac60793e27e921b46b3e) C:\WINDOWS\System32\wzcsvc.dll
13:01:50.0671 1132 WZCSVC - ok
13:01:50.0843 1132 xmlprov (5526482dcba6047641b13bf9c75a74e0) C:\WINDOWS\System32\xmlprov.dll
13:01:50.0921 1132 xmlprov - ok
13:01:51.0109 1132 {6080A529-897E-4629-A488-ABA0C29B635E} (61002db7b6efb5711685b9d79b8e8ce6) C:\WINDOWS\system32\drivers\ialmsbw.sys
13:01:51.0140 1132 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
13:01:51.0234 1132 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (35ce2baa708ea038ab72359de87bab87) C:\WINDOWS\system32\drivers\ialmkchw.sys
13:01:51.0250 1132 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
13:01:51.0281 1132 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
13:01:54.0234 1132 \Device\Harddisk0\DR0 - ok
13:01:54.0265 1132 MBR (0x1B8) (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk1\DR2
13:01:58.0906 1132 \Device\Harddisk1\DR2 - ok
13:01:58.0937 1132 Boot (0x1200) (a72d9339c93d007197d1f7a07c678077) \Device\Harddisk0\DR0\Partition0
13:01:58.0937 1132 \Device\Harddisk0\DR0\Partition0 - ok
13:01:58.0953 1132 Boot (0x1200) (f3719852c8acbb29c0e1aff1602bbaa6) \Device\Harddisk1\DR2\Partition0
13:01:58.0953 1132 \Device\Harddisk1\DR2\Partition0 - ok
13:01:58.0968 1132 ============================================================
13:01:58.0968 1132 Scan finished
13:01:58.0968 1132 ============================================================
13:01:59.0000 1140 Detected object count: 0
13:01:59.0000 1140 Actual detected object count: 0

Attached Files

  • Attached File  FSS.txt   3.83KB   3 downloads


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:41 AM

Posted 03 June 2012 - 09:50 AM

Hi,

Please re-run Farbar Service Scanner

Type the following in the edit box after "Search:".

wscsvc.dll


Click Search Files button and post the log (FSS.txt) it makes to your reply.


NEXT

Delete the copy of ComboFix that you have on your desktop and download a fresh copy, but rename it to svchost.exe before saving it.

Now boot into safe mode and run it.

If it still wont run, reboot and try it again.

Give it much more time to run than you think it should take, it might appear to have stalled, but may be working in the background.


To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 itmak

itmak
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 07 June 2012 - 03:15 PM

hi! i've posted 2 log made with farbar because you haven't said if i had to check all the options were checked (Internet Services Windows Firewal System Restore Security Center Windows Update Windows Defender). i wasn't able to scan with combix it doesn't work.. i've tried to do as you said several time but nothing..everytime i've kept it turn on after i started it in safe mode.. but it still doesn't work..

Attached Files



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:41 AM

Posted 07 June 2012 - 05:54 PM

Hi,

Please delete the copy of ComboFix that you have on your desktop and download a fresh copy, but rename it to svchost.exe before saving it, make sure your security programs are disabled before you run it (it will run from the USB drive)

if it still wont run, reboot the machine and try running it immediately upon reboot

give it lots of time to complete,

if it still wont run, boot into safe mode and try running it in safe mode:

Link 1

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account


NEXT

If your not using your Ethernet cable to your router, then it will read that the Media (Ethernet cable) is disconnected, this shouldn't affect your wireless connection.
Go to Control Panel/Internet Options/Connections/LAN Settings. Make sure all of the boxes are unchecked. Now go to Control Panel/Network Connections Right click the Local Area Connection and make sure it is Enabled. Now choose Properties Scroll down to Internet Protocol IPv4 and IPv6/Properties. make sure Obtain an IP Address and DNS server address Automatically are both checked. Now go back to the command prompt and type ipconfig /release and hit enter. The ip address should now read 0.0.0.0 now type ipconfig /flushdns and hit enter. now type ipconfig /renew. You may get the message that Local Area Connection is disabled. Now search for wireless networks and choose your router, and connect.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 itmak

itmak
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 12 June 2012 - 02:46 PM

sorry if i'm late. i've tried several time with combofix in safe mode but it doesn't work.
i've looked on the control pannel
- Control Panel/Internet Options/Connections/LAN Settings all unchecked
-ocal Area Connection Enabled.

when i press enter on the promts it appears a black windows in which is written something but it closes in just a second.. i can't read anything.
after texting the renew prompt it doesn't connect.

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:41 AM

Posted 12 June 2012 - 08:58 PM

Please run the following:

Please download MiniToolBox, save it to your desktop and run it.

Place a checkmark in the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using the "Reset FF Proxy Settings" option, Firefox should be closed.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 itmak

itmak
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 14 June 2012 - 02:43 AM

hi!

MiniToolBox by Farbar Version: 09-06-2012
Ran by hope (administrator) on 14-04-2012 at 09:41:48
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Configurazione IP di Windows



Impossibile svuotare la cache del resolver DNS: Errore nell'esecuzione della funzione.




========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

NIC Fast Ethernet PCI Realtek RTL8139 Family = Connessione alla rete locale (LAN) (Media disconnected)
acer IPN2220 Wireless LAN Card = Connessione rete senza fili 2 (Media disconnected)


# ----------------------------------
# Configurazione IP interfaccia
# ----------------------------------
pushd interface ip


# Configurazione IP interfaccia per "Connessione alla rete locale (LAN)"

set address name="Connessione alla rete locale (LAN)" source=dhcp
set dns name="Connessione alla rete locale (LAN)" source=dhcp register=PRIMARY
set wins name="Connessione alla rete locale (LAN)" source=dhcp

# Configurazione IP interfaccia per "Connessione rete senza fili 2"

set address name="Connessione rete senza fili 2" source=dhcp
set dns name="Connessione rete senza fili 2" source=dhcp register=PRIMARY
set wins name="Connessione rete senza fili 2" source=dhcp


popd
# Termine della configurazione IP interfaccia




Configurazione IP di Windows



Nome host . . . . . . . . . . . . . . : travelmate

Suffisso DNS primario . . . . . . . :

Tipo nodo . . . . . . . . . : Sconosciuto

Routing IP abilitato. . . . . . . . . : No

Proxy WINS abilitato . . . . . . . . : Sì



Scheda Ethernet Connessione alla rete locale (LAN):



Stato supporto . . . . . . . . . . . : Supporto disconnesso

Descrizione . . . . . . . . . . . . . : NIC Fast Ethernet PCI Realtek RTL8139 Family

Indirizzo fisico. . . . . . . . . . . : 00-02-3F-0E-77-22



Scheda Ethernet Connessione rete senza fili 2:



Stato supporto . . . . . . . . . . . : Supporto disconnesso

Descrizione . . . . . . . . . . . . . : acer IPN2220 Wireless LAN Card

Indirizzo fisico. . . . . . . . . . . : 00-0E-9B-89-A0-E9

Server: UnKnown
Address: 127.0.0.1

Impossibile trovare l'host google.com.Verificare che il nome sia corretto e riprovare.

Server: UnKnown
Address: 127.0.0.1

Impossibile trovare l'host yahoo.com.Verificare che il nome sia corretto e riprovare.

Server: UnKnown
Address: 127.0.0.1

Impossibile trovare l'host bleepingcomputer.com.Verificare che il nome sia corretto e riprovare.



Esecuzione di Ping 127.0.0.1 con 32 byte di dati:



Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128

Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128



Statistiche Ping per 127.0.0.1:

Pacchetti: Trasmessi = 2, Ricevuti = 2, Persi = 0 (0% persi),

Tempo approssimativo percorsi andata/ritorno in millisecondi:

Minimo = 0ms, Massimo = 0ms, Medio = 0ms

===========================================================================
Elenco interfacce
0x1 ........................... MS TCP Loopback interface
0x2 ...00 02 3f 0e 77 22 ...... NIC Fast Ethernet PCI Realtek RTL8139 Family - Miniport dell'Utilità di pianificazione pacchetti
0x3 ...00 0e 9b 89 a0 e9 ...... acer IPN2220 Wireless LAN Card - Miniport dell'Utilità di pianificazione pacchetti
===========================================================================
===========================================================================
Route attive:
Indirizzo rete Mask Gateway Interfac. Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
255.255.255.255 255.255.255.255 255.255.255.255 3 1
===========================================================================
Route permanenti:
Nessuno
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [247296] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/14/2012 09:21:55 AM) (Source: VmbService) (User: )
Description: conflictManagerTypeValue

Error: (04/12/2012 07:44:10 PM) (Source: Application Hang) (User: )
Description: Applicazione in stallo mshta.exe, versione 8.0.6001.18702, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error: (04/12/2012 07:37:35 PM) (Source: Application Hang) (User: )
Description: Applicazione in stallo mshta.exe, versione 8.0.6001.18702, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error: (04/12/2012 07:24:13 PM) (Source: VmbService) (User: )
Description: conflictManagerTypeValue

Error: (04/12/2012 07:23:58 PM) (Source: PostgreSQL) (User: )
Description: Timed out waiting for server startup

Error: (04/07/2012 03:41:16 PM) (Source: VmbService) (User: )
Description: conflictManagerTypeValue

Error: (04/05/2012 06:26:57 PM) (Source: VmbService) (User: )
Description: conflictManagerTypeValue

Error: (04/04/2012 02:48:56 PM) (Source: VmbService) (User: )
Description: conflictManagerTypeValue

Error: (04/04/2012 02:48:37 PM) (Source: PostgreSQL) (User: )
Description: Timed out waiting for server startup

Error: (04/03/2012 00:58:57 PM) (Source: VmbService) (User: )
Description: conflictManagerTypeValue


System errors:
=============
Error: (05/26/2012 03:35:12 PM) (Source: DCOM) (User: SYSTEM)
Description: Il server {4EB61BAC-A3B6-4760-9581-655041EF4D69} non si è registrato con DCOM entro il tempo d'attesa richiesto.

Error: (05/26/2012 08:09:08 AM) (Source: DCOM) (User: SYSTEM)
Description: Il server {4EB61BAC-A3B6-4760-9581-655041EF4D69} non si è registrato con DCOM entro il tempo d'attesa richiesto.

Error: (05/25/2012 11:47:36 PM) (Source: DCOM) (User: SYSTEM)
Description: Il server {4EB61BAC-A3B6-4760-9581-655041EF4D69} non si è registrato con DCOM entro il tempo d'attesa richiesto.

Error: (05/25/2012 05:22:22 PM) (Source: DCOM) (User: SYSTEM)
Description: Il server {4EB61BAC-A3B6-4760-9581-655041EF4D69} non si è registrato con DCOM entro il tempo d'attesa richiesto.

Error: (05/25/2012 07:51:56 AM) (Source: DCOM) (User: SYSTEM)
Description: Il server {4EB61BAC-A3B6-4760-9581-655041EF4D69} non si è registrato con DCOM entro il tempo d'attesa richiesto.

Error: (05/24/2012 10:14:08 PM) (Source: DCOM) (User: SYSTEM)
Description: Il server {4EB61BAC-A3B6-4760-9581-655041EF4D69} non si è registrato con DCOM entro il tempo d'attesa richiesto.

Error: (05/24/2012 09:55:50 PM) (Source: DCOM) (User: SYSTEM)
Description: Il server {4EB61BAC-A3B6-4760-9581-655041EF4D69} non si è registrato con DCOM entro il tempo d'attesa richiesto.

Error: (05/24/2012 09:08:50 PM) (Source: DCOM) (User: SYSTEM)
Description: Il server {4EB61BAC-A3B6-4760-9581-655041EF4D69} non si è registrato con DCOM entro il tempo d'attesa richiesto.

Error: (05/24/2012 00:20:08 PM) (Source: DCOM) (User: SYSTEM)
Description: Il server {4EB61BAC-A3B6-4760-9581-655041EF4D69} non si è registrato con DCOM entro il tempo d'attesa richiesto.

Error: (05/24/2012 09:23:30 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM ha ricevuto l'errore "%%1053" durante il tentativo di avviare il servizio gupdate con gli argomenti "/comsvc"
per eseguire il server
{4EB61BAC-A3B6-4760-9581-655041EF4D69}


Microsoft Office Sessions:
=========================
Error: (04/14/2012 09:21:55 AM) (Source: VmbService)(User: )
Description: conflictManagerTypeValue

Error: (04/12/2012 07:44:10 PM) (Source: Application Hang)(User: )
Description: mshta.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (04/12/2012 07:37:35 PM) (Source: Application Hang)(User: )
Description: mshta.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (04/12/2012 07:24:13 PM) (Source: VmbService)(User: )
Description: conflictManagerTypeValue

Error: (04/12/2012 07:23:58 PM) (Source: PostgreSQL)(User: )
Description: Timed out waiting for server startup

Error: (04/07/2012 03:41:16 PM) (Source: VmbService)(User: )
Description: conflictManagerTypeValue

Error: (04/05/2012 06:26:57 PM) (Source: VmbService)(User: )
Description: conflictManagerTypeValue

Error: (04/04/2012 02:48:56 PM) (Source: VmbService)(User: )
Description: conflictManagerTypeValue

Error: (04/04/2012 02:48:37 PM) (Source: PostgreSQL)(User: )
Description: Timed out waiting for server startup

Error: (04/03/2012 00:58:57 PM) (Source: VmbService)(User: )
Description: conflictManagerTypeValue


=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.3.181.34)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB2497640) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2482017) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2497640) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2510531) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2530548) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2544521) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2559049) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2586448) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2618444) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2647516) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB982381) (Version: 1)
Aggiornamento della protezione per Windows Media Player (KB975558)
Aggiornamento della protezione per Windows Media Player (KB978695)
Aggiornamento della protezione per Windows XP (KB2079403) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2115168) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2121546) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2296011) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2347290) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2360937) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2387149) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2393802) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2412687) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2419632) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2423089) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2440591) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2476490) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2476687) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2478960) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2478971) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2479943) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2481109) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2483185) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2485663) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2503658) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2503665) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2506212) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2506223) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2507618) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2507938) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2508272) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2508429) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2509553) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2510581) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2511455) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2524375) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2535512) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2536276-v2) (Version: 2)
Aggiornamento della protezione per Windows XP (KB2536276) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2544893-v2) (Version: 2)
Aggiornamento della protezione per Windows XP (KB2544893) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2555917) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2562937) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2566454) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2567053) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2567680) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2570222) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2570947) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2585542) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2592799) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2598479) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2603381) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2618451) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2619339) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2620712) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2624667) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2631813) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2633171) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2639417) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2646524) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2660465) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2661637) (Version: 1)
Aggiornamento della protezione per Windows XP (KB923561) (Version: 1)
Aggiornamento della protezione per Windows XP (KB923789)
Aggiornamento della protezione per Windows XP (KB950762) (Version: 1)
Aggiornamento della protezione per Windows XP (KB950974) (Version: 1)
Aggiornamento della protezione per Windows XP (KB951376-v2) (Version: 2)
Aggiornamento della protezione per Windows XP (KB952004) (Version: 1)
Aggiornamento della protezione per Windows XP (KB952954) (Version: 1)
Aggiornamento della protezione per Windows XP (KB954459) (Version: 1)
Aggiornamento della protezione per Windows XP (KB956572) (Version: 1)
Aggiornamento della protezione per Windows XP (KB956744) (Version: 1)
Aggiornamento della protezione per Windows XP (KB956802) (Version: 1)
Aggiornamento della protezione per Windows XP (KB956844) (Version: 1)
Aggiornamento della protezione per Windows XP (KB958644) (Version: 1)
Aggiornamento della protezione per Windows XP (KB959426) (Version: 1)
Aggiornamento della protezione per Windows XP (KB960803) (Version: 1)
Aggiornamento della protezione per Windows XP (KB960859) (Version: 1)
Aggiornamento della protezione per Windows XP (KB961501) (Version: 1)
Aggiornamento della protezione per Windows XP (KB969059) (Version: 1)
Aggiornamento della protezione per Windows XP (KB970430) (Version: 1)
Aggiornamento della protezione per Windows XP (KB971657) (Version: 1)
Aggiornamento della protezione per Windows XP (KB972270) (Version: 1)
Aggiornamento della protezione per Windows XP (KB973507) (Version: 1)
Aggiornamento della protezione per Windows XP (KB973869) (Version: 1)
Aggiornamento della protezione per Windows XP (KB973904) (Version: 1)
Aggiornamento della protezione per Windows XP (KB974112) (Version: 1)
Aggiornamento della protezione per Windows XP (KB974318) (Version: 1)
Aggiornamento della protezione per Windows XP (KB974392) (Version: 1)
Aggiornamento della protezione per Windows XP (KB974571) (Version: 1)
Aggiornamento della protezione per Windows XP (KB975467) (Version: 1)
Aggiornamento della protezione per Windows XP (KB975560) (Version: 1)
Aggiornamento della protezione per Windows XP (KB975562) (Version: 1)
Aggiornamento della protezione per Windows XP (KB975713) (Version: 1)
Aggiornamento della protezione per Windows XP (KB977816) (Version: 1)
Aggiornamento della protezione per Windows XP (KB977914) (Version: 1)
Aggiornamento della protezione per Windows XP (KB978338) (Version: 1)
Aggiornamento della protezione per Windows XP (KB978542) (Version: 1)
Aggiornamento della protezione per Windows XP (KB978601) (Version: 1)
Aggiornamento della protezione per Windows XP (KB978706) (Version: 1)
Aggiornamento della protezione per Windows XP (KB979482) (Version: 1)
Aggiornamento della protezione per Windows XP (KB979687) (Version: 1)
Aggiornamento della protezione per Windows XP (KB980436) (Version: 1)
Aggiornamento della protezione per Windows XP (KB981322) (Version: 1)
Aggiornamento della protezione per Windows XP (KB982132) (Version: 1)
Aggiornamento della protezione per Windows XP (KB982665) (Version: 1)
Aggiornamento della sicurezza per Microsoft Windows (KB2564958)
Aggiornamento per Windows Internet Explorer 8 (KB2447568) (Version: 1)
Aggiornamento per Windows XP (KB2345886) (Version: 1)
Aggiornamento per Windows XP (KB2467659) (Version: 1)
Aggiornamento per Windows XP (KB2541763) (Version: 1)
Aggiornamento per Windows XP (KB2607712) (Version: 1)
Aggiornamento per Windows XP (KB2616676) (Version: 1)
Aggiornamento per Windows XP (KB2641690) (Version: 1)
Aggiornamento per Windows XP (KB898461) (Version: 1)
Aggiornamento per Windows XP (KB951978) (Version: 1)
Aggiornamento per Windows XP (KB955759) (Version: 1)
Aggiornamento per Windows XP (KB967715) (Version: 1)
Aggiornamento per Windows XP (KB968389) (Version: 1)
Aggiornamento per Windows XP (KB971029) (Version: 1)
Aggiornamento per Windows XP (KB971737) (Version: 1)
Aggiornamento per Windows XP (KB973687) (Version: 1)
Aggiornamento per Windows XP (KB973815) (Version: 1)
Aggiornamento rapido per Windows Internet Explorer 7 (KB947864) (Version: 1)
Aggiornamento rapido per Windows XP (KB2443685) (Version: 1)
Aggiornamento rapido per Windows XP (KB2570791) (Version: 1)
Aggiornamento rapido per Windows XP (KB2633952) (Version: 1)
Aggiornamento rapido per Windows XP (KB942288-v3) (Version: 3)
Aggiornamento rapido per Windows XP (KB952287) (Version: 1)
Aggiornamento rapido per Windows XP (KB961118) (Version: 1)
avast! Free Antivirus (Version: 7.0.1426.0)
bwin Poker JPC 1.0.0 (Version: 1.0.0)
CCleaner (Version: 3.17)
Foxit Reader
GDpoker JPC 1.0.0 (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.111)
HiJackThis (Version: 1.0.0)
Holdem Manager 2
Installazione Guidata Alice
Intel® Extreme Graphics 2 Driver
Java Auto Updater (Version: 2.0.4.1)
Java™ 6 Update 25 (Version: 6.0.250)
Joka JPC 1.0.0 (Version: 1.0.0)
Malwarebytes Anti-Malware versione 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile ITA Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended - Language Pack (ITA) (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended ITA Language Pack (Version: 4.0.30319)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
PokerStars.it
PokerStrategy.com Equilab (Version: 1.2.0.0)
PostgreSQL 9.1 (Version: 9.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Vodafone Mobile Broadband Lite (Version: 10.1.001.26030)
WanMiniport1st
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 75%
Total physical RAM: 495.48 MB
Available physical RAM: 121.46 MB
Total Pagefile: 1158.11 MB
Available Pagefile: 741.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.48 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:37.25 GB) (Free:27.59 GB) NTFS
3 Drive e: (CHIAVETTA) (Removable) (Total:1.92 GB) (Free:1.9 GB) FAT32
4 Drive z: (OFFICE11) (CDROM) (Total:0.48 GB) (Free:0 GB) CDFS

========================= Users: ========================================

Account utente per \\TRAVELMATE

Administrator ASPNET Guest
HelpAssistant hope Paolo
postgres TEMP
Esecuzione comando riuscita.

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

#12 itmak

itmak
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 14 June 2012 - 07:12 AM

combofix finally worked.. i've created a new account in the computer and deleted the one which was affected with the virus. here is the log in the new account.
ComboFix 12-06-13.05 - hope 14/06/2012 10.08.18.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.495.142 [GMT 2:00]
Eseguito da: E:\ComboFix.exe
* Creato nuovo punto di ripristino
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\inf\System.inf
c:\windows\system32\msconfig.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-05-14 al 2012-06-14 )))))))))))))))))))))))))))))))))))
.
.
2012-05-25 15:35 . 2012-05-25 15:35 -------- d-----r- C:\MSOCache
2012-05-24 20:11 . 2012-05-24 20:11 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-24 20:05 . 2012-05-24 20:05 -------- d--h--r- c:\documents and settings\postgres.TRAVELMATE\Dati applicazioni
2012-05-24 20:05 . 2012-05-24 20:05 -------- d-----w- c:\documents and settings\postgres.TRAVELMATE\Documenti
2012-05-24 20:05 . 2012-05-24 20:05 -------- d--h--w- c:\documents and settings\postgres.TRAVELMATE\Risorse di stampa
2012-05-24 20:05 . 2012-05-24 20:05 -------- d--h--w- c:\documents and settings\postgres.TRAVELMATE\Risorse di rete
2012-05-24 20:05 . 2012-05-24 20:05 -------- d--h--w- c:\documents and settings\postgres.TRAVELMATE\Modelli
2012-05-24 20:05 . 2012-05-24 20:05 -------- d-----w- c:\documents and settings\postgres.TRAVELMATE\Preferiti
2012-05-24 20:05 . 2012-05-24 20:05 -------- d-----r- c:\documents and settings\postgres.TRAVELMATE\Menu Avvio
2012-05-24 20:03 . 2012-05-24 20:03 -------- d-----r- c:\documents and settings\TEMP\Documenti
2012-05-24 20:03 . 2012-05-24 20:03 -------- d-----r- c:\documents and settings\TEMP\Menu Avvio
2012-05-24 20:03 . 2012-05-24 20:03 -------- d--h--w- c:\documents and settings\TEMP\Risorse di stampa
2012-05-24 20:03 . 2012-05-24 20:03 -------- d--h--w- c:\documents and settings\TEMP\Risorse di rete
2012-05-24 20:03 . 2012-05-24 20:03 -------- d--h--w- c:\documents and settings\TEMP\Modelli
2012-05-24 17:12 . 2012-05-24 17:12 -------- d-----w- c:\programmi\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 13:56 . 2012-04-11 17:15 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
[-] 2008-05-09 19:52 . 93280713AD73145BBC4FC0DB9AF97158 . 856064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-05-09 . 294764D2C8066667DC1E3344BD548C81 . 1187328 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . B0E8797B2532E440BBC447B943D1D97F . 429056 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
.
.
c:\windows\System32\drivers\beep.sys ... è mancante !!
c:\windows\System32\wscntfy.exe ... è mancante !!
c:\windows\System32\regsvc.dll ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\programmi\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileBroadband"="c:\programmi\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-09-08 272384]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-01-07 253672]
"avast"="c:\programmi\Alwil Software\Avast5\avastUI.exe" [2012-03-07 4241512]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25/07/2011 21.52.06 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/05/2011 19.58.29 337880]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\documents and settings\All Users\Documenti\winxpvirtualcdcontrolpanel_21\VCdRom.sys [03/05/2011 19.54.35 8576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/05/2011 19.58.30 20696]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [11/04/2012 19.15.23 654408]
R2 postgresql-9.1;postgresql-9.1 - PostgreSQL Server 9.1;C:/Programmi/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N "postgresql-9.1" -D "C:/Programmi/PostgreSQL/9.1/data" -w --> C:/Programmi/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N postgresql-9.1 [?]
R2 VmbService;Servizio Vodafone Mobile Broadband;c:\programmi\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [08/09/2010 16.44.16 8704]
R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [03/05/2011 21.45.24 140288]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/04/2012 19.15.21 22344]
R3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [01/09/2010 14.33.12 80000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14.16.28 130384]
S2 gupdate;Servizio Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [27/02/2012 13.50.05 136176]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [26/07/2011 17.02.30 8192]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [27/02/2012 13.50.05 136176]
S3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_cdc_acm.sys [01/09/2010 14.33.10 85888]
S3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\drivers\vodafone_K3805-z_cdc_ecm.sys [01/09/2010 14.33.12 50304]
S3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\drivers\vodafone_K3805-z_cpo.sys [01/09/2010 14.33.12 9728]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd09c7fde1c2e.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2012-02-27 11:49]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-14 10:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-9.1]
"ImagePath"="C:/Programmi/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N \"postgresql-9.1\" -D \"C:/Programmi/PostgreSQL/9.1/data\" -w"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-9.1]
"ImagePath"="C:/Programmi/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N \"postgresql-9.1\" -D \"C:/Programmi/PostgreSQL/9.1/data\" -w"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
- - - - - - - > 'lsass.exe'(792)
c:\windows\system32\SETUPAPI.dll
.
Ora fine scansione: 2012-06-14 10:21:13
ComboFix-quarantined-files.txt 2012-06-14 08:21
.
Pre-Run: 29.548.126.208 byte disponibili
Post-Run: 29.743.759.360 byte disponibili
.
- - End Of File - - FDD6DABC05116018B83079E57EEACA4E

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:41 AM

Posted 14 June 2012 - 06:22 PM

Please try the following trouble shooting steps to see if we can get the connection back

  • Click on the Start button.
  • Click on the Settings menu option.
  • Click on the Control Panel option.
  • When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.
  • You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.
  • click on the Repair menu option.

Posted Image

Let the repair process perform its tasks and when it has finished, your Internet connection should be working again.


if no luck - try this:

  • Go to Start > Control Panel, and choose Network Connections.
  • Right click on your default connection, usually Local Area Connection for cable and DSL or Dial-up Connection if you are using Dial-up, and choose Properties.
  • Click the Networking tab
  • Double-click on the Internet Protocol (TCP/IP) item.
  • Write down the settings in case you should need to change them back.
  • Select the radio button that says "Obtain DNS servers automatically".
  • Click OK twice to get out of the properties screen and restart your computer.
  • If not prompted to reboot go ahead and reboot manually.

In I.E.
  • Check internet options settings.
  • Tools > Internet Options > Connections
  • LAN settings
  • Choose "automatically detect settings"
  • uncheck both proxy settings boxes

In FireFox
  • Click on Advanced -> Network -> Settings…
  • the No Proxy option should be selected



Next: - try this:

Go to Start > Run > type in CMD to open a command prompt.

Type in the following command in the command prompt and press Enter.


netsh int ip reset reset.log

Then also type the following command and hit enter.

netsh winsock reset catalog

Once that completes then restart the system and see then if you are able to get online.


next this -

Go to Start > Run then type: CMD into the run box

You will now see a black DOS-like screen.

Type the following at the command prompt:

IPconfig /release. (Note the space between the "g" and the slash / it needs to be there)

Hit enter Then type:

IPconfig /Renew (Note the space between the "g" and the slash / it needs to be there)

Hit enter

NEXT

Go to Control Panel/Internet Options/Connections/LAN Settings. Make sure all of the boxes are unchecked. Now go to Control Panel/Network Connections Right click the Local Area Connection and make sure it is Enabled. Now choose Properties Scroll down to Internet Protocol IPv4 and IPv6/Properties. make sure Obtain an IP Address and DNS server address Automatically are both checked. Now go back to the command prompt and type ipconfig /release and hit enter. The ip address should now read 0.0.0.0 now type ipconfig /flushdns and hit enter. now type ipconfig /renew. You may get the message that Local Area Connection is disabled. Now search for wireless networks and choose your router, and connect.

let me know if any of those steps result in a connection

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 itmak

itmak
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 15 June 2012 - 08:38 AM

nope! it doesn't connect.. i've tried both with wifi and with the cable.. it finds a connection but it is anable to connect. i'm sorry

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:41 AM

Posted 15 June 2012 - 10:43 PM

Hi

go into the services window > click start > run > type services.msc > click ok


locate the following service:

Dnscache Service

from the FSS log:
The start type of Dnscache service is set to Demand. The default start type is Auto.

change the start type to auto and start the service

see if that enables a connection

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users