Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZwClose, ZwOpenFile Rootkit on Windows XP SP3


  • This topic is locked This topic is locked
17 replies to this topic

#1 iucaa

iucaa

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 05 September 2013 - 03:16 AM

Hi every one

I ran combofix on my pc and i got that kernel of windows XP SP3 NTDLL is infected with ZwClose, ZwOpenFile Rootkit, could you help me to remove it please?, I tryed in many way but without succes, I read after in this forum don't run combofix, I am sorry, I already did! :smash:
PC is working fine but It's become a little bit slow (i have probably same problem on house pc with Windows XP the other with Windows 7 is not infected).

I followed your istructions and this is my dss.txt  report

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.16705  BrowserJavaVersion: 10.9.2
Run by valerio at 9:56:18 on 2013-09-05
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.2038.883 [GMT 2:00]
.
AV: COMODO Antivirus *Enabled/Outdated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ================
.
C:\Programmi\COMODO Internet Security\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre7\bin\jqs.exe
c:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Programmi\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SMINST\Scheduler.exe
C:\Programmi\COMODO Internet Security\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\valerio\Menu Avvio\Programmi\Esecuzione automatica\snapper.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://open.telecomitalia.it/openlight/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=74&bd=smb&pf=desktop
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\programmi\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\programmi\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programmi\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programmi\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\programmi\adobe\/Adobe Contribute CS3/contributeieplugin.dll
EB: Web Test Recorder: {8C84B9F5-3D9E-4204-BB0B-F85D46455868} -
EB: &Ricerche: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\programmi\microsoft office\office11\REFIEBAR.DLL
uRun: [CUCore Agent] "c:\documents and settings\valerio\impostazioni locali\dati applicazioni\radvision\conference client\7.14.100.95\ConfAgent.exe" /minimize
uRun: [TClockEx] c:\programmi\tclockex\TCLOCKEX.EXE
uRun: [H/PC Connection Agent] "c:\programmi\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [COMODO Internet Security] "c:\programmi\comodo internet security\comodo\comodo internet security\cfp.exe" -h
mRun: [AutoMate6] c:\programmi\automate 6\AMEM.exe
mRun: [Communicator] "c:\programmi\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\fileco~1\micros~1\dw\dwtrig20.exe" -t
dRun: [Communicator] "c:\programmi\microsoft office communicator\Communicator.exe"
StartupFolder: c:\docume~1\valerio\menuav~1\progra~1\esecuz~1\outloo~1.lnk - c:\programmi\microsoft office\office12\OUTLOOK.EXE
StartupFolder: c:\docume~1\valerio\menuav~1\progra~1\esecuz~1\person~1.lnk - c:\archivi\vb6\personaldata - 2008\PersonalData.exe
StartupFolder: c:\documents and settings\valerio\menu avvio\programmi\esecuzione automatica\snapper.exe
StartupFolder: c:\docume~1\valerio\menuav~1\progra~1\esecuz~1\window~1.lnk - c:\programmi\windows media player\wmplayer.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append to existing PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\programmi\microsoft office\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\programmi\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\programmi\microsoft activesync\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{18F1A13D-16B4-4B91-9997-BFB265F6A72C} : NameServer = 156.54.17.165,156.54.95.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\programmi\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - LocalServer32 - <no file>
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\programmi\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\valerio\dati applicazioni\mozilla\firefox\profiles\9rwakkww.default\
FF - prefs.js: browser.startup.homepage - hxxp://it.yahoo.com/
FF - prefs.js: network.proxy.ftp - 165.46.18.23
FF - prefs.js: network.proxy.ftp_port - 8081
FF - prefs.js: network.proxy.http - 165.46.18.23
FF - prefs.js: network.proxy.http_port - 8081
FF - prefs.js: network.proxy.socks - 165.46.18.23
FF - prefs.js: network.proxy.socks_port - 8081
FF - prefs.js: network.proxy.ssl - 165.46.18.23
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\valerio\impostazioni locali\dati applicazioni\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\valerio\impostazioni locali\dati applicazioni\radvision\installer\1.5.0.1\npClientInstMgr.dll
FF - plugin: c:\programmi\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\programmi\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\programmi\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\programmi\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2011-1-6 15592]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 27576]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\programmi\comodo internet security\comodo\comodo internet security\cmdagent.exe [2011-1-18 1803224]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2010-9-15 6016]
R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]
S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);c:\windows\system32\drivers\webc3vid.sys [2010-4-22 166504]
S3 PAC7311;Cammaestro 1.0PT build 146;c:\windows\system32\drivers\PA707UCM.sys [2005-6-27 140800]
S3 VSPerfDrv;Performance Tools Driver;c:\programmi\microsoft visual studio 8\team tools\performance tools\VSPerfDrv.sys [2005-9-23 54464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AVGIDSAgent;AVGIDSAgent;"c:\programmi\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> c:\programmi\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?]
S4 avgwd;AVG WatchDog;c:\programmi\avg\avg10\avgwdsvc.exe --> c:\programmi\avg\avg10\avgwdsvc.exe [?]
S4 gupdate1c9a15d895c10f4;Servizio di Google Update (gupdate1c9a15d895c10f4);"c:\programmi\google\update\googleupdate.exe" /svc --> c:\programmi\google\update\GoogleUpdate.exe [?]
S4 MsDepSvc;Web Deployment Agent Service;c:\programmi\iis\microsoft web deploy\MsDepSvc.exe [2010-1-19 55184]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\programmi\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
S4 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);c:\programmi\microsoft sql server\mssql.3\reporting services\reportserver\bin\ReportingServicesService.exe [2006-4-14 14624]
S4 StarWindServiceAE;StarWind AE Service;c:\programmi\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2007-5-28 275968]
.
=============== File Associations ===============
.
ShellExec: Bryce5.exe: open=c:\progra~1\corel\bryce5~1\Bryce5.exe
ShellExec: dreamweaver.exe: Open="c:\programmi\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
ShellExec: pdfvista.exe: Open="c:\programmi\pdf complete\pdfvista.exe"
ShellExec: pdfvista.exe: Read="c:\programmi\pdf complete\pdfvista.exe"
.
=============== Created Last 30 ================
.
2013-09-04 07:41:36    --------    d-----w-    c:\programmi\ESET
.
==================== Find3M  ====================
.
2013-07-26 06:55:05    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-26 06:55:05    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH:  9:58:03,37 ===============

Have nice day, thank you in advance.

 

 

 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 AM

Posted 10 September 2013 - 03:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/506772 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 iucaa

iucaa
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 10 September 2013 - 06:34 AM

I am still having with root kit, thank you in advance for your help. :smash:



#4 polskamachina

polskamachina

  • Malware Response Team
  • 4,002 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 10 September 2013 - 10:30 PM

Hi iucaa :)

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

 

Thanks for your patience.

polskamachina


Edited by polskamachina, 10 September 2013 - 10:35 PM.


#5 iucaa

iucaa
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 11 September 2013 - 07:55 AM

Ok I don't know if you are automated message, by the way thank you in advance.



#6 polskamachina

polskamachina

  • Malware Response Team
  • 4,002 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 12 September 2013 - 05:54 AM

Hi iucaa :)

 

Can you please tell me what prompted you to run ComboFix? Was it based entirely on the fact that your computer had slow performance?

 

Also, could you please navigate to the folder, C:\ComboFix and open the file, ComboFix.txt. Then copy and paste it into your next reply.

 

polskamachina

 

 


Edited by polskamachina, 12 September 2013 - 05:55 AM.


#7 iucaa

iucaa
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 12 September 2013 - 09:18 AM

Hi polskamachina, thank you for your reply.

I run combofix usually to check deep if there is some rootkit that antivirus doesn't intercept, and so do I.
Pc sometime become slow and I lost three times partion of disk (internal PATA disk and USB Disk and USB KEY) since I have same rootkit (and same problem to loose partion on pc at home) I tought could be a virus.
This is my combofix report, thank you in advance.

ComboFix 13-09-10.03 - user 12/09/2013  15:38:43.7.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.2038.848 [GMT 2:00]
Eseguito da: c:\documents and settings\user\Documenti\Download\ComboFix.exe
AV: COMODO Antivirus *Enabled/Outdated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\user\Menu Avvio\Programmi\Esecuzione automatica\OUTLOOK.EXE.lnk
.
.
(((((((((((((((((((((((((   Files Creati Da 2013-08-12 al 2013-09-12  )))))))))))))))))))))))))))))))))))
.
.
2013-09-10 09:55 . 2013-06-18 14:42    884363    ----a-w-    c:\documents and settings\user\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\AntiTwin.exe
2013-09-06 09:51 . 2013-09-06 09:51    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2013-09-06 09:50 . 2013-09-06 10:22    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\Malwarebytes' Anti-Malware (portable)
2013-09-04 07:41 . 2013-09-04 07:41    --------    d-----w-    c:\programmi\ESET
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-23 06:30 . 2009-05-13 09:04    165232    ---ha-w-    c:\documents and settings\user\Dati applicazioni\Microsoft\Virtual PC\VPCKeyboard.dll
2013-07-26 06:55 . 2012-03-30 06:25    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-26 06:55 . 2011-05-25 08:15    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CUCore Agent"="c:\documents and settings\user\Impostazioni locali\Dati applicazioni\Radvision\Conference Client\7.14.100.95\ConfAgent.exe" [2012-03-05 126064]
"TClockEx"="c:\programmi\TClockEx\TCLOCKEX.EXE" [2000-03-08 89088]
"H/PC Connection Agent"="c:\programmi\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"COMODO Internet Security"="c:\programmi\COMODO Internet Security\COMODO\COMODO Internet Security\cfp.exe" [2011-01-17 2548552]
"AutoMate6"="c:\programmi\AutoMate 6\AMEM.exe" [2006-01-12 3299328]
"Communicator"="c:\programmi\Microsoft Office Communicator\communicator.exe" [2010-04-11 5116256]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
"Communicator"="c:\programmi\Microsoft Office Communicator\Communicator.exe" [2010-04-11 5116256]
.
c:\documents and settings\user\Menu Avvio\Programmi\Esecuzione automatica\
Personal Data.lnk - c:\archivi\VB6\PersonalData - 2008\PersonalData.exe [2008-8-26 1150976]
snapper.exe [2007-6-18 1731584]
Windows Media Player.lnk - c:\programmi\Windows Media Player\wmplayer.exe /prefetch:1 [2004-8-19 73728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Avvio^Programmi^Esecuzione automatica^Dropbox.lnk]
path=c:\documents and settings\user\Menu Avvio\Programmi\Esecuzione automatica\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Avvio^Programmi^Esecuzione automatica^Job Pause (2).lnk]
path=c:\documents and settings\user\Menu Avvio\Programmi\Esecuzione automatica\Job Pause (2).lnk
backup=c:\windows\pss\Job Pause (2).lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Avvio^Programmi^Esecuzione automatica^runatsta.bat]
path=c:\documents and settings\user\Menu Avvio\Programmi\Esecuzione automatica\runatsta.bat
backup=c:\windows\pss\runatsta.batStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Avvio^Programmi^Esecuzione automatica^runatsta.bat.lnk]
path=c:\documents and settings\user\Menu Avvio\Programmi\Esecuzione automatica\runatsta.bat.lnk
backup=c:\windows\pss\runatsta.bat.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Avvio^Programmi^Esecuzione automatica^Sommario di OneNote.onetoc2]
path=c:\documents and settings\user\Menu Avvio\Programmi\Esecuzione automatica\Sommario di OneNote.onetoc2
backup=c:\windows\pss\Sommario di OneNote.onetoc2Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2006-10-22 21:24    620152    ----a-w-    c:\programmi\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-13 18:14    110592    ----a-w-    c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Communicator]
2010-04-11 00:30    5116256    ----a-w-    c:\programmi\Microsoft Office Communicator\communicator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 18:14    15360    ----a-w-    c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48    157592    ----a-w-    c:\programmi\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-09-25 09:12    114688    ----a-w-    c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-09-25 09:13    98304    ----a-w-    c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:14    1695232    ----a-w-    c:\programmi\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-09-04 21:40    6856704    ----a-w-    c:\programmi\MSN Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-09-25 09:12    94208    ----a-w-    c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09    413696    ----a-w-    c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2006-05-12 12:50    1138688    ----a-w-    c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-03-31 14:44    761856    -c--a-w-    c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04    252848    ----a-w-    c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
2005-05-18 21:51    81920    ----a-w-    c:\programmi\TotalRecorder\TotRecSched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02    36352    ----a-w-    c:\programmi\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"UPS"=3 (0x3)
"SCardSvr"=3 (0x3)
"SavRoam"=3 (0x3)
"Themes"=3 (0x3)
"Bonjour Service"=2 (0x2)
"WmiApSrv"=3 (0x3)
"STI Simulator"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"SSDPSRV"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"PCA"=2 (0x2)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"IviRegMgr"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"CryptSvc"=3 (0x3)
"Adobe Version Cue CS3"=3 (0x3)
"Symantec AntiVirus"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"NMIndexingService"=3 (0x3)
"iPod Service"=3 (0x3)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"WZCSVC"=2 (0x2)
"TapiSrv"=3 (0x3)
"srservice"=2 (0x2)
"SbPF.Launcher"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"SharedAccess"=2 (0x2)
"ose"=3 (0x3)
"Dhcp"=2 (0x2)
"RSVP"=3 (0x3)
"gupdate1c9a15d895c10f4"=2 (0x2)
"wscsvc"=2 (0x2)
"SMTPSVC"=2 (0x2)
"LightScribeService"=2 (0x2)
"idsvc"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"CiSvc"=3 (0x3)
"BthServ"=2 (0x2)
"avgwd"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"ClipSrv"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"WSearch"=2 (0x2)
"seclogon"=2 (0x2)
"MozillaMaintenance"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gupdatem"=3 (0x3)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"wuauserv"=2 (0x2)
"Wmi"=3 (0x3)
"VSS"=3 (0x3)
"upnphost"=3 (0x3)
"UMWdf"=2 (0x2)
"TrkWks"=2 (0x2)
"TermService"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"Schedule"=2 (0x2)
"SamSs"=2 (0x2)
"ReportServer$SQLEXPRESS"=2 (0x2)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"NetDDEdsdm"=2 (0x2)
"NetDDE"=2 (0x2)
"Net Driver HPZ12"=2 (0x2)
"MSDTC"=3 (0x3)
"MsDepSvc"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"ERSvc"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"COMSysApp"=3 (0x3)
"Capture Device Service"=2 (0x2)
"BITS"=2 (0x2)
"AutoMate6"=2 (0x2)
"ALG"=3 (0x3)
"Alerter"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Adobe\\Adobe Flash CS3\\Flash.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\File comuni\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Microsoft Office Communicator\\communicator.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6129:TCP"= 6129:TCP:DameWare Mini Remote Control Service
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/08/2008 15:38 716272]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [06/01/2011 18:37 15592]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [06/01/2011 18:37 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [06/01/2011 18:37 27576]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [15/02/2007 20:00 26624]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [15/09/2010 14:12 6016]
R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [23/03/2007 2:00 30032]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys --> c:\windows\system32\DRIVERS\avgldx86.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);c:\windows\system32\drivers\webc3vid.sys [22/04/2010 11:35 166504]
S3 PAC7311;Cammaestro 1.0PT build 146;c:\windows\system32\drivers\PA707UCM.sys [27/06/2005 18:09 140800]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [23/02/2010 11:40 47360]
S3 VSPerfDrv;Performance Tools Driver;c:\programmi\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys [23/09/2005 2:42 54464]
S4 AVGIDSAgent;AVGIDSAgent;"c:\programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S4 avgwd;AVG WatchDog;c:\programmi\AVG\AVG10\avgwdsvc.exe --> c:\programmi\AVG\AVG10\avgwdsvc.exe [?]
S4 gupdate1c9a15d895c10f4;Servizio di Google Update (gupdate1c9a15d895c10f4);"c:\programmi\Google\Update\GoogleUpdate.exe" /svc --> c:\programmi\Google\Update\GoogleUpdate.exe [?]
S4 MsDepSvc;Web Deployment Agent Service;c:\programmi\IIS\Microsoft Web Deploy\MsDepSvc.exe [19/01/2010 17:49 55184]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\programmi\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 7:01 2799808]
S4 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);c:\programmi\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [14/04/2006 9:59 14624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-09-12 c:\windows\Tasks\BackupApp.job
- c:\archivi\VB6\BackupApplicazioni - 2012\BackupApp2012.exe [2012-11-23 09:07]
.
2013-09-12 c:\windows\Tasks\BackupUSB.job
- c:\archivi\bat\save_usbk.bat [2007-11-14 12:25]
.
2013-09-12 c:\windows\Tasks\savefirefox.job
- c:\archivi\bat\savefirefox.bat [2008-09-16 07:48]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://open.telecomitalia.it/openlight/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=74&bd=smb&pf=desktop
uInternet Settings,ProxyServer = 186.54.18.23:8081
uInternet Settings,ProxyOverride = 186.54.18.23:8081;
IE: Append to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{18F1A13D-16B4-4B91-9997-BFB265F6A72C}: NameServer = 156.54.17.165,156.54.95.220
FF - ProfilePath - c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\9rwakkww.default\
FF - prefs.js: browser.startup.homepage - hxxp://it.yahoo.com/
FF - prefs.js: network.proxy.ftp - 186.54.18.23
FF - prefs.js: network.proxy.ftp_port - 8081
FF - prefs.js: network.proxy.http - 186.54.18.23
FF - prefs.js: network.proxy.http_port - 8081
FF - prefs.js: network.proxy.socks - 186.54.18.23
FF - prefs.js: network.proxy.socks_port - 8081
FF - prefs.js: network.proxy.ssl - 186.54.18.23
FF - prefs.js: network.proxy.ssl_port - 8081
FF - prefs.js: network.proxy.type - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-12 15:57
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\programmi\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-3502305525-737835540-252757477-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D0BA9837-0ED6-AA7C-C5AD-1B2D4EC1C5AC}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hangfoogaehhknig"=hex:66,61,69,63,6a,6a,61,64,6a,6c,6b,69,00,00
"iaofpfalhkhjfjmfae"=hex:69,61,6c,63,62,6a,6a,6c,6f,63,6d,6a,70,6a,62,69,61,63,
   00,00
"haahbeifapjalfdb"=hex:69,61,6c,63,62,6a,6a,6c,6f,63,6d,6a,70,6a,62,69,61,63,
   00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\guard32.dll
.
Ora fine scansione: 2013-09-12  16:03:32
ComboFix-quarantined-files.txt  2013-09-12 14:03
.
Pre-Run: 2.833.436.672 byte disponibili
Post-Run: 2.812.432.384 byte disponibili
.
- - End Of File - - 8E7A2DFC64F1296DF04BA09FD5EA0578
4F02A8D4048A138C450ED7F867EB0144
 

 

 

#8 polskamachina

polskamachina

  • Malware Response Team
  • 4,002 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 13 September 2013 - 05:44 PM

Hi iucaa :)
 
Let's do some more investigating. What can you tell me about the proxy settings shown below from the ComboFix log?
 

FF - prefs.js: network.proxy.ftp - 165.46.18.23
FF - prefs.js: network.proxy.ftp_port - 8081
FF - prefs.js: network.proxy.http - 165.46.18.23
FF - prefs.js: network.proxy.http_port - 8081
FF - prefs.js: network.proxy.socks - 165.46.18.23
FF - prefs.js: network.proxy.socks_port - 8081
FF - prefs.js: network.proxy.ssl - 165.46.18.23
FF - prefs.js: network.proxy.ssl_port - 8080

 
Next:
 
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Finally,
 
Please visit the online Jotti Virus Scanner virus.gif<--link

  • Browse to the following filepath:

    ---------c:\windows\pss\runatsta.bat-------
  • Click on the Clipboard021.jpg button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

Let me know if you have any questions.
 
polskamachina



#9 iucaa

iucaa
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 18 September 2013 - 07:25 AM

Hi polskamachina

Thank You for your time dedicated to remove rootkit.

1) "What can you tell me about the proxy settings shown below from the ComboFix log?": that's ok is the proxy of my company, it work fine.

 

2) I runned TDSSKiller: I got window with "Threats detected" this what i got image.jpg

 

 

 

 

, I stop there, no more actions taken (I closed window)

Report from TDSSKiller (please note for privacy i change username with string *** HIDDEN ***)

 

13:52:06.0156 0x04c8  TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
13:52:06.0421 0x04c8  ============================================================
13:52:06.0421 0x04c8  Current date / time: 2013/09/18 13:52:06.0421
13:52:06.0421 0x04c8  SystemInfo:
13:52:06.0421 0x04c8  
13:52:06.0421 0x04c8  OS Version: 5.1.2600 ServicePack: 3.0
13:52:06.0421 0x04c8  Product type: Workstation
13:52:06.0421 0x04c8  ComputerName: *** HIDDEN ***
13:52:06.0421 0x04c8  UserName: valerio
13:52:06.0421 0x04c8  Windows directory: C:\WINDOWS
13:52:06.0421 0x04c8  System windows directory: C:\WINDOWS
13:52:06.0421 0x04c8  Processor architecture: Intel x86
13:52:06.0421 0x04c8  Number of processors: 2
13:52:06.0421 0x04c8  Page size: 0x1000
13:52:06.0421 0x04c8  Boot type: Normal boot
13:52:06.0421 0x04c8  ============================================================
13:52:09.0125 0x04c8  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:52:09.0125 0x04c8  Drive \Device\Harddisk1\DR3 - Size: 0x39AA7E800 (14.42 Gb), SectorSize: 0x200, Cylinders: 0x759, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:52:09.0125 0x04c8  ============================================================
13:52:09.0125 0x04c8  \Device\Harddisk0\DR0:
13:52:09.0125 0x04c8  MBR partitions:
13:52:09.0125 0x04c8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1160E866
13:52:09.0125 0x04c8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11612766, BlocksNum 0x140249A
13:52:09.0125 0x04c8  \Device\Harddisk1\DR3:
13:52:09.0125 0x04c8  MBR partitions:
13:52:09.0125 0x04c8  \Device\Harddisk1\DR3\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1CD17DA
13:52:09.0125 0x04c8  ============================================================
13:52:09.0140 0x04c8  C: <-> \Device\Harddisk0\DR0\Partition1
13:52:09.0171 0x04c8  D: <-> \Device\Harddisk0\DR0\Partition2
13:52:09.0171 0x04c8  ============================================================
13:52:09.0171 0x04c8  Initialize success
13:52:09.0171 0x04c8  ============================================================
13:53:08.0546 0x0e54  ============================================================
13:53:08.0546 0x0e54  Scan started
13:53:08.0546 0x0e54  Mode: Manual;
13:53:08.0546 0x0e54  ============================================================
13:53:10.0671 0x0e54  ================ Scan system memory ========================
13:53:10.0671 0x0e54  System memory - ok
13:53:10.0671 0x0e54  ================ Scan services =============================
13:53:10.0843 0x0e54  Abiosdsk - ok
13:53:10.0843 0x0e54  abp480n5 - ok
13:53:10.0890 0x0e54  [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc        C:\WINDOWS\system32\drivers\ac97intc.sys
13:53:10.0906 0x0e54  ac97intc - ok
13:53:10.0953 0x0e54  [ D766E636187B8F240BBFBABCD51EB2C6 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:53:10.0968 0x0e54  ACPI - ok
13:53:10.0984 0x0e54  [ 49AC5CD87FBDDA62F3E25190019E7627 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
13:53:11.0015 0x0e54  ACPIEC - ok
13:53:11.0125 0x0e54  [ 303C174A7303A7702A68653152FC65A0 ] Adobe LM Service C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
13:53:11.0500 0x0e54  Adobe LM Service - ok
13:53:11.0578 0x0e54  [ 3109B16A0939BA11696EEB04F345D099 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:53:11.0578 0x0e54  AdobeFlashPlayerUpdateSvc - ok
13:53:11.0593 0x0e54  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:53:11.0609 0x0e54  adpu160m - ok
13:53:11.0640 0x0e54  [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320         C:\WINDOWS\system32\DRIVERS\adpu320.sys
13:53:11.0781 0x0e54  adpu320 - ok
13:53:11.0812 0x0e54  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
13:53:11.0812 0x0e54  aec - ok
13:53:11.0859 0x0e54  [ E3049B90FE06F3F740B7CFDA44995E2C ] AFD             C:\WINDOWS\System32\drivers\afd.sys
13:53:11.0859 0x0e54  AFD - ok
13:53:11.0875 0x0e54  Aha154x - ok
13:53:11.0890 0x0e54  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:53:11.0921 0x0e54  aic78u2 - ok
13:53:11.0953 0x0e54  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:53:11.0953 0x0e54  aic78xx - ok
13:53:11.0968 0x0e54  [ 14A077AD0CF6116D1102631D8E1EDEE8 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
13:53:11.0968 0x0e54  Alerter - ok
13:53:12.0000 0x0e54  [ 79FE2E0D7859738225816658F0BB2A0D ] ALG             C:\WINDOWS\System32\alg.exe
13:53:12.0031 0x0e54  ALG - ok
13:53:12.0031 0x0e54  AliIde - ok
13:53:12.0046 0x0e54  amsint - ok
13:53:12.0125 0x0e54  [ B8E865D24F2753A35CC2A9A6A3CE1AD4 ] Apple Mobile Device C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
13:53:12.0359 0x0e54  Apple Mobile Device - ok
13:53:12.0406 0x0e54  [ 9062ED05B7519324FD7F0D6AFB9D1147 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
13:53:12.0421 0x0e54  AppMgmt - ok
13:53:12.0421 0x0e54  asc - ok
13:53:12.0421 0x0e54  asc3350p - ok
13:53:12.0437 0x0e54  asc3550 - ok
13:53:12.0578 0x0e54  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:53:12.0609 0x0e54  aspnet_state - ok
13:53:12.0640 0x0e54  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:53:12.0640 0x0e54  AsyncMac - ok
13:53:12.0687 0x0e54  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
13:53:12.0687 0x0e54  atapi - ok
13:53:12.0703 0x0e54  Atdisk - ok
13:53:12.0750 0x0e54  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:53:12.0765 0x0e54  Atmarpc - ok
13:53:12.0812 0x0e54  [ 1B58D118049304E88464BE614C6D0014 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
13:53:12.0812 0x0e54  AudioSrv - ok
13:53:12.0843 0x0e54  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
13:53:12.0843 0x0e54  audstub - ok
13:53:12.0984 0x0e54  [ CD4FE39DB2212CB2F1A9AC8C14741099 ] AutoMate6       C:\Programmi\AutoMate 6\AMTS.exe
13:53:13.0765 0x0e54  AutoMate6 - ok
13:53:13.0765 0x0e54  AVGIDSAgent - ok
13:53:13.0781 0x0e54  AVGIDSDriver - ok
13:53:13.0781 0x0e54  AVGIDSEH - ok
13:53:13.0781 0x0e54  AVGIDSFilter - ok
13:53:13.0796 0x0e54  AVGIDSShim - ok
13:53:13.0796 0x0e54  Avgldx86 - ok
13:53:13.0812 0x0e54  Avgmfx86 - ok
13:53:13.0812 0x0e54  Avgrkx86 - ok
13:53:13.0812 0x0e54  Avgtdix - ok
13:53:13.0828 0x0e54  avgwd - ok
13:53:13.0843 0x0e54  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
13:53:13.0859 0x0e54  Beep - ok
13:53:13.0906 0x0e54  [ 48C4763A9C8990FB48B73445BEB15D6A ] BITS            C:\WINDOWS\system32\qmgr.dll
13:53:13.0906 0x0e54  BITS - ok
13:53:13.0968 0x0e54  [ 9EFE4236F8670846B6E7C5B0EFF6E715 ] Bonjour Service C:\Programmi\Bonjour\mDNSResponder.exe
13:53:14.0125 0x0e54  Bonjour Service - ok
13:53:14.0171 0x0e54  [ 4314623FD836E96A51343CE5C74B48A8 ] Browser         C:\WINDOWS\System32\browser.dll
13:53:14.0187 0x0e54  Browser - ok
13:53:14.0218 0x0e54  [ B279426E3C0C344893ED78A613A73BDE ] BthEnum         C:\WINDOWS\system32\DRIVERS\BthEnum.sys
13:53:14.0218 0x0e54  BthEnum - ok
13:53:14.0265 0x0e54  [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM        C:\WINDOWS\system32\DRIVERS\bthmodem.sys
13:53:14.0281 0x0e54  BTHMODEM - ok
13:53:14.0328 0x0e54  [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
13:53:14.0343 0x0e54  BthPan - ok
13:53:14.0375 0x0e54  [ AD0DA527DEC931C85647CB265CEDA13D ] BTHPORT         C:\WINDOWS\system32\Drivers\BTHport.sys
13:53:14.0390 0x0e54  BTHPORT - ok
13:53:14.0421 0x0e54  [ 2EEEC087A3B3104667AFE2C3111CDCB5 ] BthServ         C:\WINDOWS\System32\bthserv.dll
13:53:14.0421 0x0e54  BthServ - ok
13:53:14.0468 0x0e54  [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB          C:\WINDOWS\system32\Drivers\BTHUSB.sys
13:53:14.0484 0x0e54  BTHUSB - ok
13:53:14.0515 0x0e54  [ 3014CA345E8AD68587BABFB162DDDEC5 ] Capture Device Service C:\Programmi\File comuni\InterVideo\DeviceService\DevSvc.exe
13:53:14.0531 0x0e54  Capture Device Service - ok
13:53:14.0703 0x0e54  catchme - ok
13:53:14.0734 0x0e54  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
13:53:14.0734 0x0e54  cbidf2k - ok
13:53:14.0765 0x0e54  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:53:14.0765 0x0e54  CCDECODE - ok
13:53:14.0781 0x0e54  cd20xrnt - ok
13:53:14.0812 0x0e54  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
13:53:14.0812 0x0e54  Cdaudio - ok
13:53:14.0828 0x0e54  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
13:53:14.0828 0x0e54  Cdfs - ok
13:53:14.0859 0x0e54  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:53:14.0859 0x0e54  Cdrom - ok
13:53:14.0859 0x0e54  Changer - ok
13:53:14.0906 0x0e54  [ D04F2BEB5EA63D0766E12E44AEF7C38D ] CiSvc           C:\WINDOWS\system32\cisvc.exe
13:53:14.0921 0x0e54  CiSvc - ok
13:53:14.0968 0x0e54  [ 48CB1DEFA1A6506C3CF09E4950F82EF6 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
13:53:14.0984 0x0e54  ClipSrv - ok
13:53:15.0062 0x0e54  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:53:15.0187 0x0e54  clr_optimization_v2.0.50727_32 - ok
13:53:15.0234 0x0e54  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:53:15.0375 0x0e54  clr_optimization_v4.0.30319_32 - ok
13:53:15.0484 0x0e54  [ A98775F9140D0337F019C381707444A1 ] cmdAgent        C:\Programmi\COMODO Internet Security\COMODO\COMODO Internet Security\cmdagent.exe
13:53:15.0562 0x0e54  cmdAgent - ok
13:53:15.0593 0x0e54  [ 61B20CA85950870FA23587B26F3E4D7D ] cmderd          C:\WINDOWS\system32\DRIVERS\cmderd.sys
13:53:15.0593 0x0e54  cmderd - ok
13:53:15.0609 0x0e54  [ DD530EE7D9EFBB0EC42AEBE7226B8A93 ] cmdGuard        C:\WINDOWS\system32\DRIVERS\cmdguard.sys
13:53:15.0609 0x0e54  cmdGuard - ok
13:53:15.0656 0x0e54  [ 07CBBE993ED08A52DAFAC1E6CF27B6A5 ] cmdHlp          C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
13:53:15.0656 0x0e54  cmdHlp - ok
13:53:15.0656 0x0e54  CmdIde - ok
13:53:15.0671 0x0e54  COMSysApp - ok
13:53:15.0671 0x0e54  Cpqarray - ok
13:53:15.0718 0x0e54  [ B6FCBB157E9C8ABDCA4134C535535A8B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
13:53:15.0718 0x0e54  CryptSvc - ok
13:53:15.0765 0x0e54  [ D491F164E6D5EBACBB73E0F85D47E9D9 ] CTL511Plus      C:\WINDOWS\system32\DRIVERS\webc3vid.sys
13:53:16.0031 0x0e54  CTL511Plus - ok
13:53:16.0031 0x0e54  dac2w2k - ok
13:53:16.0031 0x0e54  dac960nt - ok
13:53:16.0078 0x0e54  [ DB0C9517C2374D86A18DBFA12B35B129 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
13:53:16.0078 0x0e54  DcomLaunch - ok
13:53:16.0140 0x0e54  [ 699EE7F752A25180AEB92C3A0EAEE440 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
13:53:16.0140 0x0e54  Dhcp - ok
13:53:16.0187 0x0e54  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
13:53:16.0187 0x0e54  Disk - ok
13:53:16.0187 0x0e54  dmadmin - ok
13:53:16.0296 0x0e54  [ 82BC125A8ED33F5F0E75F2AAC1065323 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
13:53:16.0343 0x0e54  dmboot - ok
13:53:16.0375 0x0e54  [ E959DDC0EA7AC11EE5E5602E2A364310 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
13:53:16.0375 0x0e54  dmio - ok
13:53:16.0406 0x0e54  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
13:53:16.0406 0x0e54  dmload - ok
13:53:16.0437 0x0e54  [ A01858C50704B2D2EDEEBBF6BBBCED2A ] dmserver        C:\WINDOWS\System32\dmserver.dll
13:53:16.0437 0x0e54  dmserver - ok
13:53:16.0453 0x0e54  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
13:53:16.0453 0x0e54  DMusic - ok
13:53:16.0500 0x0e54  [ 5A4DAC2ED68EDF6FDD78529D78CB994E ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
13:53:16.0500 0x0e54  Dnscache - ok
13:53:16.0546 0x0e54  [ D580D77DFF316BD8C9D73B38695DE8DC ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
13:53:16.0562 0x0e54  Dot3svc - ok
13:53:16.0593 0x0e54  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:53:16.0609 0x0e54  dpti2o - ok
13:53:16.0640 0x0e54  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
13:53:16.0640 0x0e54  drmkaud - ok
13:53:16.0687 0x0e54  [ 5A402C57F621114C99F813C6AE7BC37A ] dwvkbd          C:\WINDOWS\system32\DRIVERS\dwvkbd.sys
13:53:16.0703 0x0e54  dwvkbd - ok
13:53:16.0750 0x0e54  [ 5C940A174DFB2C42B9F6BA6EDC2BAA0B ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:53:16.0828 0x0e54  E100B - ok
13:53:16.0875 0x0e54  [ 86B1F123BACD444E81960B339BAE3FF2 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
13:53:16.0890 0x0e54  EapHost - ok
13:53:16.0921 0x0e54  [ B6599EDA9F3EBEF064504EE35BBECA1C ] ERSvc           C:\WINDOWS\System32\ersvc.dll
13:53:16.0921 0x0e54  ERSvc - ok
13:53:16.0937 0x0e54  [ DAC0440C89B1EA4E35684896D5BF856E ] Eventlog        C:\WINDOWS\system32\services.exe
13:53:16.0953 0x0e54  Eventlog - ok
13:53:17.0000 0x0e54  [ 8360CB9756E598A5C6214EACFB3677C3 ] EventSystem     C:\WINDOWS\system32\es.dll
13:53:17.0000 0x0e54  EventSystem - ok
13:53:17.0046 0x0e54  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
13:53:17.0046 0x0e54  Fastfat - ok
13:53:17.0093 0x0e54  [ A982208204830A213D7963BF2A215E56 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:53:17.0093 0x0e54  FastUserSwitchingCompatibility - ok
13:53:17.0125 0x0e54  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
13:53:17.0125 0x0e54  Fdc - ok
13:53:17.0156 0x0e54  [ 2CFEA3326981A18C6BAF2BD9BE76225B ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
13:53:17.0156 0x0e54  Fips - ok
13:53:17.0234 0x0e54  [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:53:17.0250 0x0e54  FLEXnet Licensing Service - ok
13:53:17.0281 0x0e54  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:53:17.0281 0x0e54  Flpydisk - ok
13:53:17.0343 0x0e54  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
13:53:17.0343 0x0e54  FltMgr - ok
13:53:17.0421 0x0e54  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:53:17.0421 0x0e54  FontCache3.0.0.0 - ok
13:53:17.0468 0x0e54  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:53:17.0468 0x0e54  Fs_Rec - ok
13:53:17.0500 0x0e54  [ F3269A6EE547EA87B949A1CEA4816B38 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:53:17.0500 0x0e54  Ftdisk - ok
13:53:17.0546 0x0e54  [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:53:17.0546 0x0e54  GEARAspiWDM - ok
13:53:17.0593 0x0e54  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:53:17.0593 0x0e54  Gpc - ok
13:53:17.0625 0x0e54  gupdate1c9a15d895c10f4 - ok
13:53:17.0640 0x0e54  gupdatem - ok
13:53:17.0687 0x0e54  [ 7929A161F9951D173CA9900FE7067391 ] hamachi         C:\WINDOWS\system32\DRIVERS\hamachi.sys
13:53:17.0687 0x0e54  hamachi - ok
13:53:17.0734 0x0e54  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:53:17.0734 0x0e54  HDAudBus - ok
13:53:17.0828 0x0e54  [ 6CE66B51B4EB23D9D073F92698C55C8D ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:53:17.0843 0x0e54  helpsvc - ok
13:53:17.0875 0x0e54  [ 43D985A9A51E0295091B6EBE84C96B78 ] HidServ         C:\WINDOWS\System32\hidserv.dll
13:53:17.0890 0x0e54  HidServ - ok
13:53:17.0906 0x0e54  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:53:17.0906 0x0e54  HidUsb - ok
13:53:17.0953 0x0e54  [ 00CAD842F48947887A972828ACA665F7 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
13:53:17.0968 0x0e54  hkmsvc - ok
13:53:17.0968 0x0e54  hpn - ok
13:53:18.0015 0x0e54  [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
13:53:18.0031 0x0e54  HTTP - ok
13:53:18.0062 0x0e54  [ 450091AEBFCD08E5858533EAB5B9A436 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
13:53:18.0078 0x0e54  HTTPFilter - ok
13:53:18.0078 0x0e54  i2omgmt - ok
13:53:18.0093 0x0e54  i2omp - ok
13:53:18.0125 0x0e54  [ 610726E28AF55B95043C5C35A727E320 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:53:18.0125 0x0e54  i8042prt - ok
13:53:18.0171 0x0e54  [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x            C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
13:53:18.0171 0x0e54  i81x - ok
13:53:18.0203 0x0e54  [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0         C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
13:53:18.0218 0x0e54  iAimFP0 - ok
13:53:18.0234 0x0e54  [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1         C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
13:53:18.0250 0x0e54  iAimFP1 - ok
13:53:18.0265 0x0e54  [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2         C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
13:53:18.0265 0x0e54  iAimFP2 - ok
13:53:18.0296 0x0e54  [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3         C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
13:53:18.0296 0x0e54  iAimFP3 - ok
13:53:18.0312 0x0e54  [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4         C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
13:53:18.0312 0x0e54  iAimFP4 - ok
13:53:18.0343 0x0e54  [ 0308AEF61941E4AF478FA1A0F83812F5 ] iAimFP5         C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
13:53:18.0359 0x0e54  iAimFP5 - ok
13:53:18.0375 0x0e54  [ 714038A8AA5DE08E12062202CD7EAEB5 ] iAimFP6         C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
13:53:18.0375 0x0e54  iAimFP6 - ok
13:53:18.0406 0x0e54  [ 7BB3AA595E4507A788DE1CDC63F4C8C4 ] iAimFP7         C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
13:53:18.0437 0x0e54  iAimFP7 - ok
13:53:18.0437 0x0e54  [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0         C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
13:53:18.0468 0x0e54  iAimTV0 - ok
13:53:18.0468 0x0e54  [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1         C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
13:53:18.0500 0x0e54  iAimTV1 - ok
13:53:18.0515 0x0e54  [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3         C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
13:53:18.0515 0x0e54  iAimTV3 - ok
13:53:18.0515 0x0e54  [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4         C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
13:53:18.0531 0x0e54  iAimTV4 - ok
13:53:18.0546 0x0e54  [ 791CC45DE6E50445BE72E8AD6401FF45 ] iAimTV5         C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
13:53:18.0546 0x0e54  iAimTV5 - ok
13:53:18.0546 0x0e54  [ 352FA0E98BC461CE1CE5D41F64DB558D ] iAimTV6         C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
13:53:18.0578 0x0e54  iAimTV6 - ok
13:53:18.0640 0x0e54  [ 85D42B7F0DD406ADF5E3EC7659A279EC ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:53:18.0703 0x0e54  ialm - ok
13:53:18.0781 0x0e54  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:53:18.0843 0x0e54  idsvc - ok
13:53:18.0906 0x0e54  [ DE79878A8B41CF879A5D0FD80163A7C8 ] IISADMIN        C:\WINDOWS\system32\inetsrv\inetinfo.exe
13:53:18.0921 0x0e54  IISADMIN - ok
13:53:18.0953 0x0e54  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
13:53:18.0953 0x0e54  Imapi - ok
13:53:18.0984 0x0e54  [ DB491237445F172FDDDF00541DE1A51D ] ImapiService    C:\WINDOWS\system32\imapi.exe
13:53:19.0015 0x0e54  ImapiService - ok
13:53:19.0031 0x0e54  ini910u - ok
13:53:19.0062 0x0e54  [ 8154A2C13B72B08DB11157673C60C3EB ] Inspect         C:\WINDOWS\system32\DRIVERS\inspect.sys
13:53:19.0062 0x0e54  Inspect - ok
13:53:19.0218 0x0e54  [ B29781B9A90CD55FC5D859C0B1C243BC ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:53:19.0359 0x0e54  IntcAzAudAddService - ok
13:53:19.0375 0x0e54  [ 027FE9B28FB0F861C181D25923B31E78 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
13:53:19.0406 0x0e54  IntelIde - ok
13:53:19.0437 0x0e54  [ EBD830A0970C438047006A49C23E287F ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:53:19.0437 0x0e54  intelppm - ok
13:53:19.0468 0x0e54  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
13:53:19.0484 0x0e54  Ip6Fw - ok
13:53:19.0531 0x0e54  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:53:19.0531 0x0e54  IpFilterDriver - ok
13:53:19.0546 0x0e54  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:53:19.0546 0x0e54  IpInIp - ok
13:53:19.0578 0x0e54  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:53:19.0578 0x0e54  IpNat - ok
13:53:19.0625 0x0e54  [ D2E8EFB8AF35FCF5A7AF22F5A0CE1A82 ] iPod Service    C:\Programmi\iPod\bin\iPodService.exe
13:53:19.0671 0x0e54  iPod Service - ok
13:53:19.0687 0x0e54  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:53:19.0703 0x0e54  IPSec - ok
13:53:19.0734 0x0e54  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
13:53:19.0750 0x0e54  IRENUM - ok
13:53:19.0765 0x0e54  [ 0953594BEB81CC72FCC62D37921B25A6 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:53:19.0765 0x0e54  isapnp - ok
13:53:19.0828 0x0e54  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr       C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
13:53:20.0125 0x0e54  IviRegMgr - ok
13:53:20.0250 0x0e54  [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programmi\Java\jre7\bin\jqs.exe
13:53:20.0250 0x0e54  JavaQuickStarterService - ok
13:53:20.0250 0x0e54  [ 28B6EACE513CA7EABA3B809AD4BC274D ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:53:20.0250 0x0e54  Kbdclass - ok
13:53:20.0281 0x0e54  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
13:53:20.0281 0x0e54  kmixer - ok
13:53:20.0312 0x0e54  [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
13:53:20.0312 0x0e54  KSecDD - ok
13:53:20.0343 0x0e54  [ CFCF4AEE4F81C6185EE663097F7189D3 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
13:53:20.0343 0x0e54  lanmanserver - ok
13:53:20.0390 0x0e54  [ 9071A3BEDCD40CCB221B98F230FDDE9A ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:53:20.0390 0x0e54  lanmanworkstation - ok
13:53:20.0390 0x0e54  lbrtfdc - ok
13:53:20.0468 0x0e54  [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Programmi\File comuni\LightScribe\LSSrvc.exe
13:53:20.0671 0x0e54  LightScribeService - ok
13:53:20.0687 0x0e54  [ E01255727D0B158538D7C2B469B533A8 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
13:53:20.0734 0x0e54  LmHosts - ok
13:53:20.0781 0x0e54  [ D5BA9B816AFEF5292FE13C9A6267B6AB ] Macromedia Licensing Service C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
13:53:21.0031 0x0e54  Macromedia Licensing Service - ok
13:53:21.0062 0x0e54  [ 3B32F662C8607E891F325E41F7EE225C ] Messenger       C:\WINDOWS\System32\msgsvc.dll
13:53:21.0078 0x0e54  Messenger - ok
13:53:21.0187 0x0e54  [ 033B947AF4A997820E86FCB070B1F450 ] Microsoft Office Groove Audit Service C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe
13:53:21.0343 0x0e54  Microsoft Office Groove Audit Service - ok
13:53:21.0359 0x0e54  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
13:53:21.0375 0x0e54  mnmdd - ok
13:53:21.0406 0x0e54  [ 514A299EC926BAADA3C718B171476AA4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
13:53:21.0406 0x0e54  mnmsrvc - ok
13:53:21.0453 0x0e54  [ 8CB6636806D76B85FAFAEE94D75F5129 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
13:53:21.0468 0x0e54  Modem - ok
13:53:21.0515 0x0e54  [ E904EBED608055A2BFB824C07F59766C ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:53:21.0515 0x0e54  Mouclass - ok
13:53:21.0531 0x0e54  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
13:53:21.0531 0x0e54  MountMgr - ok
13:53:21.0609 0x0e54  [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
13:53:21.0625 0x0e54  MozillaMaintenance - ok
13:53:21.0640 0x0e54  mraid35x - ok
13:53:21.0671 0x0e54  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:53:21.0671 0x0e54  MRxDAV - ok
13:53:21.0703 0x0e54  [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:53:21.0718 0x0e54  MRxSmb - ok
13:53:21.0750 0x0e54  [ A84EF9EBE9C54E9115F625D9AB5A2CCE ] MsDepSvc        C:\Programmi\IIS\Microsoft Web Deploy\MsDepSvc.exe
13:53:21.0968 0x0e54  MsDepSvc - ok
13:53:22.0000 0x0e54  [ 01F77E9E473235C31796ADE46107B0AD ] MSDTC           C:\WINDOWS\system32\msdtc.exe
13:53:22.0015 0x0e54  MSDTC - ok
13:53:22.0046 0x0e54  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
13:53:22.0046 0x0e54  Msfs - ok
13:53:22.0062 0x0e54  MSIServer - ok
13:53:22.0078 0x0e54  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:53:22.0093 0x0e54  MSKSSRV - ok
13:53:22.0109 0x0e54  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:53:22.0109 0x0e54  MSPCLOCK - ok
13:53:22.0140 0x0e54  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
13:53:22.0171 0x0e54  MSPQM - ok
13:53:22.0218 0x0e54  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:53:22.0218 0x0e54  mssmbios - ok
13:53:22.0312 0x0e54  MSSQL$MSSMLBIZ - ok
13:53:22.0343 0x0e54  MSSQL$SQLEXPRESS - ok
13:53:22.0406 0x0e54  [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper c:\Programmi\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:53:22.0406 0x0e54  MSSQLServerADHelper - ok
13:53:22.0437 0x0e54  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
13:53:22.0437 0x0e54  MSTEE - ok
13:53:22.0640 0x0e54  [ 73FA09B84B23A1897809A84F976D5D99 ] msvsmon80       C:\Programmi\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
13:53:22.0718 0x0e54  msvsmon80 - ok
13:53:22.0734 0x0e54  [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
13:53:22.0750 0x0e54  Mup - ok
13:53:22.0796 0x0e54  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:53:22.0796 0x0e54  NABTSFEC - ok
13:53:22.0859 0x0e54  [ 911587FD303C9690A428BB4B04732B61 ] napagent        C:\WINDOWS\System32\qagentrt.dll
13:53:22.0875 0x0e54  napagent - ok
13:53:22.0921 0x0e54  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
13:53:22.0921 0x0e54  NDIS - ok
13:53:22.0937 0x0e54  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:53:22.0953 0x0e54  NdisIP - ok
13:53:22.0984 0x0e54  [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:53:22.0984 0x0e54  NdisTapi - ok
13:53:23.0015 0x0e54  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:53:23.0015 0x0e54  Ndisuio - ok
13:53:23.0046 0x0e54  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:53:23.0046 0x0e54  NdisWan - ok
13:53:23.0109 0x0e54  [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
13:53:23.0109 0x0e54  NDProxy - ok
13:53:23.0234 0x0e54  [ A0101E836D2A39682E134C47B1565256 ] Nero BackItUp Scheduler 3 C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
13:53:23.0281 0x0e54  Nero BackItUp Scheduler 3 - ok
13:53:23.0312 0x0e54  [ 949941E4DE88DF1FAF49A4B3CFFB756F ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
13:53:23.0531 0x0e54  Net Driver HPZ12 - ok
13:53:23.0562 0x0e54  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
13:53:23.0562 0x0e54  NetBIOS - ok
13:53:23.0578 0x0e54  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
13:53:23.0578 0x0e54  NetBT - ok
13:53:23.0640 0x0e54  [ 1B09227E41F414A93DBC0BAF80C4D527 ] NetDDE          C:\WINDOWS\system32\netdde.exe
13:53:23.0656 0x0e54  NetDDE - ok
13:53:23.0671 0x0e54  [ 1B09227E41F414A93DBC0BAF80C4D527 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
13:53:23.0671 0x0e54  NetDDEdsdm - ok
13:53:23.0718 0x0e54  [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] Netlogon        C:\WINDOWS\system32\lsass.exe
13:53:23.0718 0x0e54  Netlogon - ok
13:53:23.0765 0x0e54  [ 02815B70FC4CA8611A926176F1C39FC2 ] Netman          C:\WINDOWS\System32\netman.dll
13:53:23.0765 0x0e54  Netman - ok
13:53:23.0828 0x0e54  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:53:23.0890 0x0e54  NetTcpPortSharing - ok
13:53:23.0937 0x0e54  [ 2C67745B5DF03CB227679B2DB895AF1D ] Nla             C:\WINDOWS\System32\mswsock.dll
13:53:23.0937 0x0e54  Nla - ok
13:53:24.0031 0x0e54  [ 6EF0506CE1F553E9BD085645933C8686 ] NMIndexingService C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
13:53:24.0062 0x0e54  NMIndexingService - ok
13:53:24.0109 0x0e54  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
13:53:24.0109 0x0e54  Npfs - ok
13:53:24.0125 0x0e54  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
13:53:24.0140 0x0e54  Ntfs - ok
13:53:24.0140 0x0e54  [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
13:53:24.0156 0x0e54  NtLmSsp - ok
13:53:24.0234 0x0e54  [ 89DB90B5F35D2795D9FC56D933CC72B8 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
13:53:24.0265 0x0e54  NtmsSvc - ok
13:53:24.0296 0x0e54  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
13:53:24.0296 0x0e54  Null - ok
13:53:24.0312 0x0e54  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:53:24.0312 0x0e54  NwlnkFlt - ok
13:53:24.0328 0x0e54  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:53:24.0343 0x0e54  NwlnkFwd - ok
13:53:24.0453 0x0e54  [ E54AA592A65F317390EEE386A8821692 ] odserv          C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE
13:53:24.0703 0x0e54  odserv - ok
13:53:24.0734 0x0e54  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
13:53:24.0765 0x0e54  ose - ok
13:53:24.0796 0x0e54  [ BF634AEF90B88C406D3CFA644EE7AAAA ] P3              C:\WINDOWS\system32\DRIVERS\p3.sys
13:53:24.0796 0x0e54  P3 - ok
13:53:24.0843 0x0e54  [ 95BD9287B49B01A3CF2488AF8A1AC312 ] PAC7311         C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS
13:53:25.0078 0x0e54  PAC7311 - ok
13:53:25.0125 0x0e54  [ 4E9408A178B2D955871C2CDD278DE3C3 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
13:53:25.0125 0x0e54  Parport - ok
13:53:25.0125 0x0e54  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
13:53:25.0125 0x0e54  PartMgr - ok
13:53:25.0171 0x0e54  [ 0DABEF655A444CB1E193626FB1D24B9F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
13:53:25.0171 0x0e54  ParVdm - ok
13:53:25.0250 0x0e54  [ 2A42DDAEAAE7743C55A3FA68A7AD9538 ] PCA             C:\WINDOWS\SMINST\PCAngel.exe
13:53:25.0625 0x0e54  PCA - ok
13:53:25.0656 0x0e54  [ F40A46892AFEBB0314536B849D57C11E ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
13:53:25.0656 0x0e54  PCI - ok
13:53:25.0671 0x0e54  PCIDump - ok
13:53:25.0718 0x0e54  [ B2DF00D650FD6C4EE781740ED3C8E67F ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
13:53:25.0718 0x0e54  PCIIde - ok
13:53:25.0765 0x0e54  [ 815C50F2B1D1562800BDCE8BE895000E ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
13:53:25.0796 0x0e54  Pcmcia - ok
13:53:25.0812 0x0e54  [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin        C:\WINDOWS\system32\Drivers\pcouffin.sys
13:53:25.0812 0x0e54  pcouffin - ok
13:53:25.0828 0x0e54  PDCOMP - ok
13:53:25.0828 0x0e54  PDFRAME - ok
13:53:25.0843 0x0e54  PDRELI - ok
13:53:25.0843 0x0e54  PDRFRAME - ok
13:53:25.0843 0x0e54  perc2 - ok
13:53:25.0859 0x0e54  perc2hib - ok
13:53:25.0890 0x0e54  [ 444F122E68DB44C0589227781F3C8B3F ] pfc             C:\WINDOWS\system32\drivers\pfc.sys
13:53:25.0890 0x0e54  pfc - ok
13:53:25.0906 0x0e54  [ DAC0440C89B1EA4E35684896D5BF856E ] PlugPlay        C:\WINDOWS\system32\services.exe
13:53:25.0906 0x0e54  PlugPlay - ok
13:53:25.0921 0x0e54  [ 2F4CA141A609CAF5C98F6E4760EF1B9B ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
13:53:26.0078 0x0e54  Pml Driver HPZ12 - ok
13:53:26.0109 0x0e54  [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
13:53:26.0109 0x0e54  PolicyAgent - ok
13:53:26.0156 0x0e54  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:53:26.0156 0x0e54  PptpMiniport - ok
13:53:26.0156 0x0e54  [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:53:26.0156 0x0e54  ProtectedStorage - ok
13:53:26.0171 0x0e54  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:53:26.0171 0x0e54  Ptilink - ok
13:53:26.0218 0x0e54  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:53:26.0218 0x0e54  PxHelp20 - ok
13:53:26.0218 0x0e54  ql1080 - ok
13:53:26.0234 0x0e54  Ql10wnt - ok
13:53:26.0234 0x0e54  ql12160 - ok
13:53:26.0250 0x0e54  ql1240 - ok
13:53:26.0250 0x0e54  ql1280 - ok
13:53:26.0281 0x0e54  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:53:26.0281 0x0e54  RasAcd - ok
13:53:26.0328 0x0e54  [ 9839B418343D6E6E52659BDF3FF1FE67 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
13:53:26.0343 0x0e54  RasAuto - ok
13:53:26.0375 0x0e54  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:53:26.0375 0x0e54  Rasl2tp - ok
13:53:26.0421 0x0e54  [ 62AD41548E720DB4763B86F95E44F3FA ] RasMan          C:\WINDOWS\System32\rasmans.dll
13:53:26.0421 0x0e54  RasMan - ok
13:53:26.0437 0x0e54  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:53:26.0437 0x0e54  RasPppoe - ok
13:53:26.0453 0x0e54  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
13:53:26.0453 0x0e54  Raspti - ok
13:53:26.0500 0x0e54  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:53:26.0500 0x0e54  Rdbss - ok
13:53:26.0515 0x0e54  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:53:26.0515 0x0e54  RDPCDD - ok
13:53:26.0531 0x0e54  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:53:26.0531 0x0e54  rdpdr - ok
13:53:26.0578 0x0e54  [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
13:53:26.0593 0x0e54  RDPWD - ok
13:53:26.0609 0x0e54  [ CC72E6AE90245F0AE48BF1236A7E1F9C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
13:53:26.0640 0x0e54  RDSessMgr - ok
13:53:26.0671 0x0e54  [ 393FC252593323B624B230ECA6B85E63 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
13:53:26.0671 0x0e54  redbook - ok
13:53:26.0718 0x0e54  [ 7EBBF16FBD3E0E34F084FA635C1844E3 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
13:53:26.0718 0x0e54  RemoteAccess - ok
13:53:26.0781 0x0e54  [ F667A41BCED959988E53FEECC8BF5DA0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
13:53:26.0796 0x0e54  RemoteRegistry - ok
13:53:26.0890 0x0e54  [ 9645EE0A9C91381A50D99BCEFD92F6CC ] ReportServer$SQLEXPRESS c:\Programmi\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
13:53:27.0125 0x0e54  ReportServer$SQLEXPRESS - ok
13:53:27.0171 0x0e54  [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM          C:\WINDOWS\system32\DRIVERS\rfcomm.sys
13:53:27.0171 0x0e54  RFCOMM - ok
13:53:27.0234 0x0e54  [ DC97F6C8A94691834439872B9E8FF2B3 ] RpcLocator      C:\WINDOWS\system32\locator.exe
13:53:27.0234 0x0e54  RpcLocator - ok
13:53:27.0265 0x0e54  [ DB0C9517C2374D86A18DBFA12B35B129 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
13:53:27.0281 0x0e54  RpcSs - ok
13:53:27.0328 0x0e54  [ DCE0D20F8FB66DF41D53734BFF9D66F0 ] RSVP            C:\WINDOWS\system32\rsvp.exe
13:53:27.0343 0x0e54  RSVP - ok
13:53:27.0375 0x0e54  [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] SamSs           C:\WINDOWS\system32\lsass.exe
13:53:27.0375 0x0e54  SamSs - ok
13:53:27.0421 0x0e54  [ 1D456F1CD76A80793C07BA52CF3A7455 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
13:53:27.0421 0x0e54  SCardSvr - ok
13:53:27.0468 0x0e54  [ 511886E5BD060046CCE8373E92E62EDF ] Schedule        C:\WINDOWS\system32\schedsvc.dll
13:53:27.0468 0x0e54  Schedule - ok
13:53:27.0531 0x0e54  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:53:27.0546 0x0e54  Secdrv - ok
13:53:27.0593 0x0e54  [ 17C6354CA08E7C7972E12C67478AE134 ] seclogon        C:\WINDOWS\System32\seclogon.dll
13:53:27.0609 0x0e54  seclogon - ok
13:53:27.0687 0x0e54  [ A0ECA1CE0FCCB29C5E4E1F416E95E73E ] SENS            C:\WINDOWS\system32\sens.dll
13:53:27.0687 0x0e54  SENS - ok
13:53:27.0703 0x0e54  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
13:53:27.0718 0x0e54  serenum - ok
13:53:27.0750 0x0e54  [ FDBD9D64E2E03270021D424F0DCCF79D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
13:53:27.0781 0x0e54  Serial - ok
13:53:27.0828 0x0e54  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
13:53:27.0843 0x0e54  Sfloppy - ok
13:53:27.0968 0x0e54  [ 152C0555925DFE028E3148FD215146BB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
13:53:27.0984 0x0e54  SharedAccess - ok
13:53:28.0031 0x0e54  [ A982208204830A213D7963BF2A215E56 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:53:28.0031 0x0e54  ShellHWDetection - ok
13:53:28.0046 0x0e54  Simbad - ok
13:53:28.0125 0x0e54  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:53:28.0140 0x0e54  SLIP - ok
13:53:28.0171 0x0e54  [ DE79878A8B41CF879A5D0FD80163A7C8 ] SMTPSVC         C:\WINDOWS\system32\inetsrv\inetinfo.exe
13:53:28.0171 0x0e54  SMTPSVC - ok
13:53:28.0171 0x0e54  Sparrow - ok
13:53:28.0203 0x0e54  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
13:53:28.0218 0x0e54  splitter - ok
13:53:28.0265 0x0e54  [ 60977C9BAE8F86F9075829325303D0C9 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
13:53:28.0296 0x0e54  Spooler - ok
13:53:28.0437 0x0e54  [ 7F1B7C4D446CD3F926AF45B8C48BD593 ] sptd            C:\WINDOWS\system32\Drivers\sptd.sys
13:53:28.0437 0x0e54  Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7F1B7C4D446CD3F926AF45B8C48BD593
13:53:28.0437 0x0e54  sptd ( LockedFile.Multi.Generic ) - warning
13:53:28.0437 0x0e54  sptd - detected LockedFile.Multi.Generic (1)
13:53:28.0484 0x0e54  [ 1563EBBBEF5B7391262AB60588491147 ] spupdsvc        C:\WINDOWS\system32\spupdsvc.exe
13:53:28.0515 0x0e54  spupdsvc - ok
13:53:28.0609 0x0e54  [ D2B096CD2F56FAC6EEEED9A77DDF6DC8 ] SQLBrowser      c:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:53:28.0640 0x0e54  SQLBrowser - ok
13:53:28.0671 0x0e54  [ 54902536AAD0E9B99BC65F89C0CAF93F ] SQLWriter       c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:53:28.0687 0x0e54  SQLWriter - ok
13:53:28.0750 0x0e54  [ 618718CAE288BF7CBD8FCBAB2577D932 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
13:53:28.0765 0x0e54  sr - ok
13:53:28.0859 0x0e54  [ B3E3DA70A7A76E69B872DE3D06D32C19 ] srservice       C:\WINDOWS\system32\srsvc.dll
13:53:28.0875 0x0e54  srservice - ok
13:53:28.0921 0x0e54  [ 5252605079810904E31C332E241CD59B ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
13:53:28.0921 0x0e54  Srv - ok
13:53:28.0968 0x0e54  [ 2D4027C46B4C6E45875E3C4BA3F67492 ] sscdbus         C:\WINDOWS\system32\DRIVERS\sscdbus.sys
13:53:28.0968 0x0e54  sscdbus - ok
13:53:29.0031 0x0e54  [ F548F1EBA107BC19E91189E6A460BD0E ] sscdmdfl        C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
13:53:29.0046 0x0e54  sscdmdfl - ok
13:53:29.0062 0x0e54  [ 71D348D53597379DFE1DE255D70AF13C ] sscdmdm         C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
13:53:29.0078 0x0e54  sscdmdm - ok
13:53:29.0125 0x0e54  [ 5215569DD3A8FBC65A85E85F3C12258B ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
13:53:29.0125 0x0e54  SSDPSRV - ok
13:53:29.0171 0x0e54  [ 306521935042FC0A6988D528643619B3 ] StarOpen        C:\WINDOWS\system32\drivers\StarOpen.sys
13:53:29.0171 0x0e54  StarOpen - ok
13:53:29.0218 0x0e54  [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Programmi\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
13:53:29.0250 0x0e54  StarWindServiceAE - ok
13:53:29.0296 0x0e54  [ ED78DFAD8EFCDFBC89500492C4D14645 ] STI Simulator   C:\WINDOWS\System32\PAStiSvc.exe
13:53:29.0593 0x0e54  STI Simulator - ok
13:53:29.0656 0x0e54  [ 3B9263E137896E4D303494F116E00608 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
13:53:29.0671 0x0e54  stisvc - ok
13:53:29.0718 0x0e54  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:53:29.0718 0x0e54  streamip - ok
13:53:29.0734 0x0e54  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
13:53:29.0734 0x0e54  swenum - ok
13:53:29.0750 0x0e54  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
13:53:29.0750 0x0e54  swmidi - ok
13:53:29.0765 0x0e54  SwPrv - ok
13:53:29.0796 0x0e54  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
13:53:29.0796 0x0e54  symc810 - ok
13:53:29.0796 0x0e54  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:53:29.0812 0x0e54  symc8xx - ok
13:53:29.0828 0x0e54  [ F2B7E8416F508368AC6730E2AE1C614F ] Symmpi          C:\WINDOWS\system32\DRIVERS\symmpi.sys
13:53:29.0937 0x0e54  Symmpi - ok
13:53:29.0937 0x0e54  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:53:29.0937 0x0e54  sym_hi - ok
13:53:29.0937 0x0e54  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:53:29.0953 0x0e54  sym_u3 - ok
13:53:29.0968 0x0e54  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
13:53:29.0984 0x0e54  sysaudio - ok
13:53:30.0015 0x0e54  [ A34A9A872EEC4C026FD542AC7156FE0B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
13:53:30.0031 0x0e54  SysmonLog - ok
13:53:30.0093 0x0e54  [ 6B85F1A9DCE45D45BFFAD3222C21F297 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
13:53:30.0156 0x0e54  TapiSrv - ok
13:53:30.0203 0x0e54  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:53:30.0218 0x0e54  Tcpip - ok
13:53:30.0250 0x0e54  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
13:53:30.0250 0x0e54  TDPIPE - ok
13:53:30.0281 0x0e54  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
13:53:30.0296 0x0e54  TDTCP - ok
13:53:30.0312 0x0e54  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
13:53:30.0328 0x0e54  TermDD - ok
13:53:30.0359 0x0e54  [ FE5A5329CCFC33D645C33077FF04F052 ] TermService     C:\WINDOWS\System32\termsrv.dll
13:53:30.0390 0x0e54  TermService - ok
13:53:30.0421 0x0e54  [ A982208204830A213D7963BF2A215E56 ] Themes          C:\WINDOWS\System32\shsvcs.dll
13:53:30.0421 0x0e54  Themes - ok
13:53:30.0468 0x0e54  [ 2FFF150EA4396956F10B66211687F335 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
13:53:30.0500 0x0e54  TlntSvr - ok
13:53:30.0500 0x0e54  TosIde - ok
13:53:30.0546 0x0e54  [ 690294999DF1248FAF85D95B31955D0C ] TrkWks          C:\WINDOWS\system32\trkwks.dll
13:53:30.0578 0x0e54  TrkWks - ok
13:53:30.0625 0x0e54  [ 3831D5499AD1E61217ABB88E93BB17DC ] UdfReadr        C:\WINDOWS\system32\drivers\UdfReadr.sys
13:53:30.0625 0x0e54  UdfReadr - ok
13:53:30.0687 0x0e54  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
13:53:30.0703 0x0e54  Udfs - ok
13:53:30.0750 0x0e54  [ 5DA331BE5E7F226A49B269C102A782FD ] UleadBurningHelper C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
13:53:30.0750 0x0e54  UleadBurningHelper - ok
13:53:30.0765 0x0e54  ultra - ok
13:53:30.0828 0x0e54  [ 8057B0744D9842A090E51D2845861D5F ] upnphost        C:\WINDOWS\System32\upnphost.dll
13:53:30.0859 0x0e54  upnphost - ok
13:53:30.0890 0x0e54  [ F5E8B846EC10E1DF8DCA64119E2EB709 ] UPS             C:\WINDOWS\System32\ups.exe
13:53:30.0906 0x0e54  UPS - ok
13:53:30.0968 0x0e54  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
13:53:30.0984 0x0e54  usbaudio - ok
13:53:31.0015 0x0e54  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:53:31.0015 0x0e54  usbccgp - ok
13:53:31.0062 0x0e54  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:53:31.0062 0x0e54  usbehci - ok
13:53:31.0078 0x0e54  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:53:31.0078 0x0e54  usbhub - ok
13:53:31.0109 0x0e54  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:53:31.0109 0x0e54  USBSTOR - ok
13:53:31.0125 0x0e54  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:53:31.0125 0x0e54  usbuhci - ok
13:53:31.0171 0x0e54  [ AE4DF3B7D1DB9373B08DB4ED224E26B6 ] usb_rndisx      C:\WINDOWS\system32\DRIVERS\usb8023x.sys
13:53:31.0421 0x0e54  usb_rndisx - ok
13:53:31.0468 0x0e54  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
13:53:31.0468 0x0e54  VgaSave - ok
13:53:31.0500 0x0e54  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
13:53:31.0531 0x0e54  ViaIde - ok
13:53:31.0578 0x0e54  [ 590C7A3A1133E51A7E1CEF67366E75AF ] vmm             C:\WINDOWS\system32\Drivers\vmm.sys
13:53:31.0593 0x0e54  vmm - ok
13:53:31.0625 0x0e54  [ B67632451F760797BB183E1FB99F4B39 ] vnccom          C:\WINDOWS\system32\Drivers\vnccom.SYS
13:53:31.0640 0x0e54  vnccom - ok
13:53:31.0656 0x0e54  [ 4EC979B157D1AA075330362ACB5424E5 ] vncdrv          C:\WINDOWS\system32\DRIVERS\vncdrv.sys
13:53:31.0656 0x0e54  vncdrv - ok
13:53:31.0703 0x0e54  [ E46C1B5A56DA7DA603D09DFCC79EC59E ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
13:53:31.0703 0x0e54  VolSnap - ok
13:53:31.0718 0x0e54  [ F96A678DEBDCCB0B4BB7F38CB2580589 ] VPCNetS2        C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
13:53:31.0718 0x0e54  VPCNetS2 - ok
13:53:31.0796 0x0e54  [ 50E4422DF0DFFAADEB49FAE98E8CBFC3 ] VSPerfDrv       C:\Programmi\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys
13:53:31.0812 0x0e54  VSPerfDrv - ok
13:53:31.0937 0x0e54  [ C2FE17125256102F5B44194D5DB0A799 ] VSS             C:\WINDOWS\System32\vssvc.exe
13:53:31.0953 0x0e54  VSS - ok
13:53:32.0000 0x0e54  [ 2969DD84B584A6BB541A5273103957A3 ] W32Time         C:\WINDOWS\system32\w32time.dll
13:53:32.0015 0x0e54  W32Time - ok
13:53:32.0031 0x0e54  [ DE79878A8B41CF879A5D0FD80163A7C8 ] W3SVC           C:\WINDOWS\system32\inetsrv\inetinfo.exe
13:53:32.0031 0x0e54  W3SVC - ok
13:53:32.0046 0x0e54  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:53:32.0046 0x0e54  Wanarp - ok
13:53:32.0093 0x0e54  [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh        C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
13:53:32.0093 0x0e54  wceusbsh - ok
13:53:32.0093 0x0e54  WDICA - ok
13:53:32.0125 0x0e54  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
13:53:32.0125 0x0e54  wdmaud - ok
13:53:32.0187 0x0e54  [ 2EC50EE79B65F60C8E8B4A03BBB3A42F ] WebClient       C:\WINDOWS\System32\webclnt.dll
13:53:32.0187 0x0e54  WebClient - ok
13:53:32.0265 0x0e54  [ 40911E98D0F1CBB1015F2101982F1DDF ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
13:53:32.0281 0x0e54  winmgmt - ok
13:53:32.0328 0x0e54  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
13:53:32.0343 0x0e54  WmdmPmSN - ok
13:53:32.0406 0x0e54  [ 069D6BDF23EE96FCDE2ADF9FAB27AE0D ] Wmi             C:\WINDOWS\System32\advapi32.dll
13:53:32.0437 0x0e54  Wmi - ok
13:53:32.0468 0x0e54  [ 81FD02839FDB10ACF0EC40B809B9F8CC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:53:32.0468 0x0e54  WmiApSrv - ok
13:53:32.0562 0x0e54  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:53:32.0687 0x0e54  WPFFontCache_v0400 - ok
13:53:32.0718 0x0e54  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:53:32.0718 0x0e54  WS2IFSL - ok
13:53:32.0750 0x0e54  [ 926D921C93CFF1E19EF4DE3E4C8368CA ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
13:53:32.0765 0x0e54  wscsvc - ok
13:53:32.0796 0x0e54  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:53:32.0812 0x0e54  WSTCODEC - ok
13:53:32.0843 0x0e54  [ CC48415E6C7CBAA441A3D6A6DCCBCFA6 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
13:53:32.0843 0x0e54  wuauserv - ok
13:53:32.0906 0x0e54  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:53:33.0156 0x0e54  WudfPf - ok
13:53:33.0171 0x0e54  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:53:33.0171 0x0e54  WudfRd - ok
13:53:33.0203 0x0e54  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
13:53:33.0203 0x0e54  WudfSvc - ok
13:53:33.0265 0x0e54  [ 053E0307A08CAC60793E27E921B46B3E ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
13:53:33.0281 0x0e54  WZCSVC - ok
13:53:33.0328 0x0e54  [ 5526482DCBA6047641B13BF9C75A74E0 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
13:53:33.0359 0x0e54  xmlprov - ok
13:53:33.0390 0x0e54  [ FD255B2A8F614BDCDFAE5F0A289D605E ] xpvcom          C:\WINDOWS\system32\DRIVERS\XPVCOM.sys
13:53:33.0390 0x0e54  xpvcom - ok
13:53:33.0421 0x0e54  ================ Scan global ===============================
13:53:33.0437 0x0e54  [ 17DDFE6A0B5404C5EF4C03AD996D0562 ] C:\WINDOWS\system32\basesrv.dll
13:53:33.0500 0x0e54  [ 5764B5D964E0CF313DACBB69C8AA1B2B ] C:\WINDOWS\system32\winsrv.dll
13:53:33.0500 0x0e54  [ 5764B5D964E0CF313DACBB69C8AA1B2B ] C:\WINDOWS\system32\winsrv.dll
13:53:33.0531 0x0e54  [ DAC0440C89B1EA4E35684896D5BF856E ] C:\WINDOWS\system32\services.exe
13:53:33.0531 0x0e54  [Global] - ok
13:53:33.0531 0x0e54  ================ Scan MBR ==================================
13:53:33.0546 0x0e54  [ 4F02A8D4048A138C450ED7F867EB0144 ] \Device\Harddisk0\DR0
13:53:34.0046 0x0e54  \Device\Harddisk0\DR0 - ok
13:53:34.0062 0x0e54  [ F1BC9A487FAD21118DA4D5B596310BA4 ] \Device\Harddisk1\DR3
13:53:37.0171 0x0e54  \Device\Harddisk1\DR3 - ok
13:53:37.0171 0x0e54  ================ Scan VBR ==================================
13:53:37.0171 0x0e54  [ 219BD9CCDF6A80BDC7136C736C0DF1BC ] \Device\Harddisk0\DR0\Partition1
13:53:37.0187 0x0e54  \Device\Harddisk0\DR0\Partition1 - ok
13:53:37.0187 0x0e54  [ 6B1546366C0590A5DC3F8C41751D929E ] \Device\Harddisk0\DR0\Partition2
13:53:37.0187 0x0e54  \Device\Harddisk0\DR0\Partition2 - ok
13:53:37.0187 0x0e54  [ 7D7B727E6D6EBDA7A5C1BB8BF775F893 ] \Device\Harddisk1\DR3\Partition1
13:53:37.0187 0x0e54  \Device\Harddisk1\DR3\Partition1 - ok
13:53:37.0203 0x0e54  ============================================================
13:53:37.0203 0x0e54  Scan finished
13:53:37.0203 0x0e54  ============================================================
13:53:37.0203 0x0cfc  Detected object count: 1
13:53:37.0203 0x0cfc  Actual detected object count: 1
 

 

 

 

Thank You


Edited by iucaa, 18 September 2013 - 07:35 AM.


#10 polskamachina

polskamachina

  • Malware Response Team
  • 4,002 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 20 September 2013 - 11:25 AM

Hi iucaa :)
 
The detection by TDSSKiller as shown in the log,

 
13:53:28.0437 0x0e54  [ 7F1B7C4D446CD3F926AF45B8C48BD593 ] sptd            C:\WINDOWS\system32\Drivers\sptd.sys
13:53:28.0437 0x0e54  Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7F1B7C4D446CD3F926AF45B8C48BD593
13:53:28.0437 0x0e54  sptd ( LockedFile.Multi.Generic ) - warning
13:53:28.0437 0x0e54  sptd - detected LockedFile.Multi.Generic (1)

is not malware.

 
However I would still like you to perform the following check:
 
 
Please visit the online Jotti Virus Scanner virus.gif<--link

  • Browse to the following filepath:

    ---------c:\windows\pss\runatsta.bat-------
  • Click on the Clipboard021.jpg button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

Please let me know how your PC is running now. Are you still experiencing malware symptoms?
 
polskamachina



#11 iucaa

iucaa
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 23 September 2013 - 04:13 AM

Hi polskamachina :)

This is the log I got from jotti antivirus

 

File name runatsta.bat State
0 su 22 antivirus didn't find malware.
  lun 23 set 2013 11:08:20 (CET) Permalink    

By the way runatsat.bat is a file batch I created to make same job at start of window.
PC is running good.

Thank you again.



#12 polskamachina

polskamachina

  • Malware Response Team
  • 4,002 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 26 September 2013 - 05:42 PM

Hi iucaa :)
 
Let's do some more checking. I would like you to download the following two programs, run them, and copy and paste the logs in your next reply to me. The details are below:
 
Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
 
 
Next:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • Click on Report.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

Let me know if you have any questions.

 

polskamachina



#13 iucaa

iucaa
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 30 September 2013 - 08:01 AM

Hi those are logs (I translate in english some strings)

 

****** MALWAREBYETS ********

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Versione database: v2013.04.04.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
tony  :: PCNAME [admin]

30/09/2013 13:51:56
mbam-log-2013-09-30 (13-51-56).txt

Type scan: fast
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Elements : 266905

Processi found in memory: 0
(non dangerous elements found)

 

***************************** AdwCleaner log ************************************

 

# AdwCleaner v3.005 - Report created 30/09/2013 at 14:52:50
# Updated 22/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : valerio - PCVALEBUCC
# Running from : C:\Documents and Settings\valerio\Documenti\Download\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\valerio\Dati applicazioni\Mozilla\Firefox\Profiles\9rwakkww.default\\invalidprefs.js
Folder Found C:\Documents and Settings\valerio\Dati applicazioni\Mozilla\Firefox\Profiles\9rwakkww.default\jetpack

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16705


-\\ Mozilla Firefox v23.0.1 (it)

[ File : C:\Documents and Settings\valerio\Dati applicazioni\Mozilla\Firefox\Profiles\9rwakkww.default\prefs.js ]


[ File : C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\0f43dn29.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\valerio\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1752 octets] - [30/09/2013 14:52:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1812 octets] ##########


Have nice day, thank you in advance



#14 polskamachina

polskamachina

  • Malware Response Team
  • 4,002 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 01 October 2013 - 11:49 AM

Hi iucaa :)
 
Can you please open your most recent MalwareBytes log in the Logs section of the program and check to see if you pasted the entire log in your last reply? It appears there might be something missing from the end of the log.
 
Next:
 
Please run AdwCleaner again and follow the directions below:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan.
  • When the scan is complete, then click on Clean.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Let me know if you have any questions. How is your PC running now?
 
polskamachina



#15 polskamachina

polskamachina

  • Malware Response Team
  • 4,002 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 05 October 2013 - 12:11 AM

Hi iucaa :)

 

 

It's been several days since I've heard from you. Do you still need help with this? If not, this topic will be closed in 72 hours.

 

Let me know if you have any questions.

 

polskamachina






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users