Jump to content

mauri

Members
 View Profile  See their activity

  • Posts

    18

  • Joined

  • Last visited

Reputation

0 Neutral
  1. mauri
    Hi Maurice. Everything is fine now. Thanks so much for all your time and help!! CIAO!
  2. mauri
    This 3 keys: HKLM\System\ControlSet001\Enum\Root\LEGACY_NEIBVNC\0000 HKLM\System\ControlSet002\Enum\Root\LEGACY_NEIBVNC\0000 HKLM\System\CurrentControlSet\Enum\Root\LEGACY_NEIBVNC\0000
  3. mauri
    Still have some leftovers inside the registry, but the system now is OK. How can I get rid of that keys? May be using Avenger's script for Registry keys? Waiting for you.
  4. mauri
    Ciao. Here the logs BitDefender QuickScan Beta 32-bit v0.9.9.5 ------------------------------------------ Scan date: Thu Jun 03 19:05:50 2010 Machine ID: 1843EDD8 No infection found. --------------------- Processes --------- <unsigned> AntiVir Desktop 3464 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe <unsigned> AntiVir Desktop 1588 C:\Program Files\Avira\AntiVir Desktop\avguard.exe <unsigned> AntiVir Desktop 1432 C:\Program Files\Avira\AntiVir Desktop\sched.exe <unsigned> BtvStack.exe 3456 C:\Program Files\Bluetooth Suite\BtvStack.exe <verified> Adobe Acrobat 3472 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe <verified> Firefox 568 C:\Program Files\Mozilla Firefox\firefox.exe <verified> Microsoft
  5. mauri
    Hey Maurice, how have you learnt Italian in this few hours? LOL Anyway, this mornin' i've tryied a tool named The Avenger. You know what? He removed the driver neibvnc.sys in the drivers folder. Still there the unremoveable contents in the registry, but for this I'll wait for your suggestions.
  6. mauri
    Ciao Maurice. The ESET Online scan has no log. The scanner has found 0 threats. Here the other two logs: All processes killed ========== PROCESSES ========== ========== FILES ========== File move failed. c:\windows\system32\drivers\neibvnc.sys scheduled to be moved on reboot. ========== COMMANDS ========== [EMPTYTEMP] User: Admin ->Temp folder emptied: 4902 bytes ->Temporary Internet Files folder emptied: 6850272 bytes ->Java cache emptied: 29624 bytes ->FireFox cache emptied: 67090488 bytes ->Flash cache emptied: 756 bytes User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: MCE User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1414015 bytes RecycleBin emptied: 473770764 bytes Total Files Cleaned = 524,00 mb OTL by OldTimer - Version 3.2.5.0 log created on 06022010_095443 Files\Folders moved on Reboot... File\Folder c:\windows\system32\drivers\neibvnc.sys not found! Registry entries deleted on Reboot... Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:29:56, on 02/06/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Bluetooth Suite\BtvStack.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\system32\wuauclt.exe C:\Users\Admin\Desktop\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O3 - Toolbar: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\tbmipo.dll O4 - HKLM\..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E6F7C885-2145-40ED-8E75-B23ACC0AA978}: NameServer = 88.149.128.12,208.67.222.222 O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Servizio profili utente ProfSvcehRecvr (ProfSvcehRecvr) - Unknown owner - C:\Windows\system32\accessibilitycplh.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - Unknown owner - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (file missing) -- End of file - 2984 bytes
  7. mauri
    Hi Maurice. Here: A device connected to the System is not in use Anyway, may you didn't see, but iI write this 4 posts ago.
  8. mauri
    Hi Maurice. You have a PM.
  9. mauri
    I cant upload the file. A window pops up sayin a device connected to thesystem is not in use
  10. mauri
    Is a service called neibvnc.sys in drivers folder that stops and run again.
  11. mauri
    Since the last time, about from 20.00 to now, firefox connects for a few minutes than disconnects. Now i've tried to reset the internet explorer settings and it can connect. But i'm not sure is for ever. Something run in the background and stops the connection....
  12. mauri
    Hi. I have removed uTorrent. Here all the contents.......... OTL logfile created on: 30/05/2010 20:45:31 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Admin\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,73 Gb Total Space | 4,92 Gb Free Space | 10,10% Space Free | Partition Type: NTFS Drive D: | 1814,19 Gb Total Space | 1205,26 Gb Free Space | 66,44% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 3,72 Gb Total Space | 1,35 Gb Free Space | 36,33% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MCE-PC Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/05/29 09:56:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe PRC - [2009/09/10 21:41:06 | 000,274,432 | ---- | M] () -- C:\Programmi\Bluetooth Suite\BtvStack.exe PRC - [2009/07/21 13:34:38 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe PRC - [2009/07/14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Windows Media Player\wmpnetwk.exe PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/07/14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2009/05/13 15:48:26 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\sched.exe PRC - [2009/03/02 12:08:52 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\avgnt.exe PRC - [2003/06/20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Common Files\microsoft shared\VS7DEBUG\MDM.EXE ========== Modules (SafeList) ========== MOD - [2010/05/29 09:56:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe MOD - [2009/07/14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009/07/14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009/07/14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009/07/14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009/07/14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009/07/14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009/07/14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009/07/14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (WERTWG) SRV - File not found [Disabled | Stopped] -- -- (VWGZKUOJM) SRV - File not found [Auto | Stopped] -- -- (Stereo Service) SRV - File not found [Disabled | Stopped] -- -- (SO) SRV - File not found [Auto | Stopped] -- -- (ProfSvcehRecvr) SRV - File not found [Disabled | Stopped] -- -- (CMG) SRV - [2009/07/21 13:34:38 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/07/14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009/07/14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009/07/14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009/07/14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009/07/14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009/07/14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009/07/14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009/07/14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programmi\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/07/14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009/07/14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/07/14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009/07/14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009/07/14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009/07/14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV) SRV - [2009/07/14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009/07/14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2009/05/13 15:48:26 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirScheduler) ========== Driver Services (SafeList) ========== DRV - [2010/04/04 00:55:31 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010/03/26 17:43:11 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009/11/25 11:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/09/11 18:43:42 | 000,032,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_sco.sys -- (BTATH_SCO) Atheros Bluetooth Audio Device (WDM) DRV - [2009/09/03 13:38:12 | 000,265,728 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV - [2009/08/21 22:24:03 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009/08/20 18:35:02 | 000,033,280 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort) DRV - [2009/08/20 15:32:52 | 000,048,640 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter) DRV - [2009/08/17 21:17:44 | 001,077,760 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009/08/11 10:50:50 | 000,018,944 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS) DRV - [2009/08/11 10:50:42 | 000,205,312 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV - [2009/08/11 10:50:38 | 000,100,480 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP) DRV - [2009/07/17 03:51:52 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\NVAMACPI.sys -- (nvamacpi) DRV - [2009/07/16 13:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2009/07/14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009/07/14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009/07/14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009/07/14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009/07/14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009/07/14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009/07/14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009/07/14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009/07/14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009/07/14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009/07/14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009/07/14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009/07/14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009/07/14 03:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009/07/14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009/07/14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009/07/14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009/07/14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009/07/14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009/07/14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009/07/14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009/07/14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009/07/14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009/07/14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009/07/14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009/07/14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009/07/14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009/07/14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009/07/14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009/07/14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009/07/14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009/07/14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009/07/14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009/07/14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009/07/14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009/07/14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009/07/14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009/07/14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009/07/14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009/07/14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009/07/14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009/07/14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009/07/14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009/07/14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009/07/14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009/07/14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009/07/14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009/07/14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009/07/14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009/07/14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt) DRV - [2009/07/14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009/07/14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009/07/14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009/07/14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009/07/14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009/07/14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009/07/14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009/07/14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009/07/14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009/07/14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009/07/06 12:48:02 | 000,011,448 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2009/06/29 02:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2009/06/01 16:35:14 | 000,020,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AthDfu.sys -- (AthDfu) DRV - [2009/05/23 08:52:04 | 000,167,936 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2009/05/11 09:12:28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/03/30 09:33:11 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009/02/28 20:40:18 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/03/27 13:43:08] [Kernel | Auto | Running] -- C:\Programmi\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) DRV - [2009/02/13 11:35:09 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programmi\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/08/01 00:42:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2007/12/17 19:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Programmi\mipony-plugin\tbmipo.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 69 AE 3F 94 D2 CA 01 [binary data] IE - HKCU\..\URLSearchHook: {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Programmi\mipony-plugin\tbmipo.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.it" FF - prefs.js..extensions.enabledItems: {90d46c30-9f25-4104-aea9-35c3f84477ff}:2.5.6.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/27 17:33:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 18:43:21 | 000,000,000 | ---D | M] [2010/04/02 20:47:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2010/05/30 16:07:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\4q1nzuwu.default\extensions [2010/05/14 20:10:21 | 000,000,000 | ---D | M] (mipony-plugin Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\4q1nzuwu.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff} [2010/05/30 16:07:20 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions [2010/04/01 19:17:18 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml [2010/04/01 19:17:18 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml [2010/04/01 19:17:18 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml [2010/04/01 19:17:18 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml O1 HOSTS File: ([2010/05/27 17:03:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKLM\..\Toolbar: (mipony-plugin Toolbar) - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Programmi\mipony-plugin\tbmipo.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (mipony-plugin Toolbar) - {90D46C30-9F25-4104-AEA9-35C3F84477FF} - C:\Programmi\mipony-plugin\tbmipo.dll (Conduit Ltd.) O4 - HKLM..\Run: [AtherosBtStack] C:\Programmi\Bluetooth Suite\BtvStack.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Scarica con Mipony - C:\Program Files\MiPony\Browser\IEContext.htm () O9 - Extra Button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/06/09 22:32:18 | 000,000,096 | ---- | M] () - F:\AUTORUN.INF -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/05/30 20:35:04 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2010/05/30 20:34:57 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\TFC.exe [2010/05/30 15:37:53 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Admin\Desktop\HijackThis.exe [2010/05/29 23:05:18 | 000,000,000 | ---D | C] -- C:\Programmi\Unlocker [2010/05/29 12:29:27 | 000,000,000 | ---D | C] -- C:\Programmi\CCleaner [2010/05/27 17:05:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010/05/27 17:05:50 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010/05/25 21:55:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\MCE [2010/05/25 20:22:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/05/25 07:10:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010/05/24 20:11:46 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010/05/19 18:55:13 | 000,000,000 | ---D | C] -- C:\Programmi\UltraVPN [2010/05/16 09:59:28 | 000,000,000 | ---D | C] -- C:\Programmi\Common Files\Nero [2010/05/16 09:59:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Nero [2010/05/16 09:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2010/05/16 09:45:14 | 000,000,000 | ---D | C] -- C:\Programmi\Nero [2010/05/14 22:25:25 | 000,000,000 | ---D | C] -- C:\Programmi\Ashkon Software [2010/05/12 20:06:53 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\widestream [2010/05/12 20:06:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\WideStream [2010/05/12 20:06:40 | 000,000,000 | ---D | C] -- C:\Programmi\Widestream6 [2010/05/12 20:06:40 | 000,000,000 | ---D | C] -- C:\Programmi\OfferBoxSearch [2010/05/12 20:06:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\OfferBox [2010/05/12 20:06:23 | 000,000,000 | ---D | C] -- C:\Programmi\OfferBox [2010/05/05 07:37:31 | 000,066,560 | ---- | C] (Rekenwonder Software) -- C:\Users\Admin\Desktop\revealer.exe ========== Files - Modified Within 30 Days ========== [2010/05/30 20:48:24 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\neibvnc.sys [2010/05/30 20:43:52 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2010/05/30 20:43:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/05/30 20:43:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/05/30 20:43:43 | 2415,271,936 | -HS- | M] () -- C:\hiberfil.sys [2010/05/30 20:43:10 | 001,835,008 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT [2010/05/30 20:43:07 | 002,737,553 | -H-- | M] () -- C:\Users\Admin\AppData\Local\IconCache.db [2010/05/30 20:33:14 | 000,867,892 | ---- | M] () -- C:\Users\Admin\Desktop\SecurityCheck.exe [2010/05/30 20:22:36 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\TFC.exe [2010/05/30 16:05:24 | 000,525,824 | ---- | M] () -- C:\Users\Admin\Desktop\dds.scr [2010/05/30 15:37:06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Admin\Desktop\HijackThis.exe [2010/05/30 15:14:19 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/05/30 15:14:19 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/05/30 15:11:17 | 001,524,466 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/05/30 15:11:17 | 000,692,090 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2010/05/30 15:11:17 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/05/30 15:11:17 | 000,125,396 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2010/05/30 15:11:17 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/05/29 23:04:22 | 001,035,478 | ---- | M] () -- C:\Users\Admin\Desktop\unlocker1.8.9.exe [2010/05/29 22:17:56 | 030,609,408 | ---- | M] () -- C:\Windows\System32\Q [2010/05/29 12:29:28 | 000,001,838 | ---- | M] () -- C:\Users\Admin\Desktop\CCleaner.lnk [2010/05/29 09:56:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2010/05/29 07:55:04 | 000,000,032 | --S- | M] () -- C:\Windows\System32\2164475518.dat [2010/05/27 18:46:37 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2010/05/27 17:03:17 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010/05/27 17:03:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010/05/19 18:55:14 | 000,001,083 | ---- | M] () -- C:\Users\Admin\Desktop\UltraVPN.lnk [2010/05/16 10:47:13 | 000,000,012 | ---- | M] () -- C:\Users\Admin\intlname.ols [2010/05/14 22:25:26 | 000,001,096 | ---- | M] () -- C:\Users\Admin\Desktop\Easy File Joiner.lnk [2010/05/14 20:09:50 | 000,000,944 | ---- | M] () -- C:\Users\Admin\Desktop\MiPony.lnk [2010/05/12 20:06:40 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Widestream6.lnk [2010/05/05 07:37:37 | 000,066,560 | ---- | M] (Rekenwonder Software) -- C:\Users\Admin\Desktop\revealer.exe ========== Files Created - No Company Name ========== [2010/05/30 20:35:12 | 000,867,892 | ---- | C] () -- C:\Users\Admin\Desktop\SecurityCheck.exe [2010/05/30 16:06:54 | 000,525,824 | ---- | C] () -- C:\Users\Admin\Desktop\dds.scr [2010/05/29 23:04:48 | 001,035,478 | ---- | C] () -- C:\Users\Admin\Desktop\unlocker1.8.9.exe [2010/05/29 22:15:46 | 030,609,408 | ---- | C] () -- C:\Windows\System32\Q [2010/05/29 12:29:28 | 000,001,838 | ---- | C] () -- C:\Users\Admin\Desktop\CCleaner.lnk [2010/05/27 18:46:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/05/27 17:26:48 | 000,000,032 | --S- | C] () -- C:\Windows\System32\2164475518.dat [2010/05/24 20:20:29 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\neibvnc.sys [2010/05/19 19:34:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl [2010/05/19 18:55:14 | 000,001,083 | ---- | C] () -- C:\Users\Admin\Desktop\UltraVPN.lnk [2010/05/16 10:47:13 | 000,000,012 | ---- | C] () -- C:\Users\Admin\intlname.ols [2010/05/14 22:25:26 | 000,001,096 | ---- | C] () -- C:\Users\Admin\Desktop\Easy File Joiner.lnk [2010/05/14 22:22:31 | 000,350,720 | ---- | C] () -- C:\Users\Admin\Desktop\hjsplit.exe [2010/05/14 20:09:50 | 000,000,944 | ---- | C] () -- C:\Users\Admin\Desktop\MiPony.lnk [2010/05/12 20:06:40 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\Widestream6.lnk [2010/03/26 17:48:29 | 000,000,424 | ---- | C] () -- C:\Windows\ODBC.INI [2010/03/26 17:37:06 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll [2010/03/26 17:37:06 | 000,012,400 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2010/03/26 17:31:50 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010/03/26 17:16:47 | 000,029,397 | ---- | C] () -- C:\Windows\Ascd_log.ini [2010/03/26 17:15:18 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010/03/26 17:15:13 | 000,021,584 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010/03/26 12:01:31 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010/03/26 12:01:30 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010/03/26 12:01:29 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010/03/26 12:01:28 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010/03/26 12:01:26 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2010/03/26 12:01:25 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009/07/16 13:36:30 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/07/14 01:19:28 | 000,048,585 | ---- | C] () -- C:\Windows\System32\activedsh.sys [2009/07/06 12:48:02 | 000,011,448 | R--- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys [2009/04/02 22:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2003/04/01 12:49:16 | 000,005,360 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2010/04/09 20:12:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite [2010/05/25 19:28:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mipony [2010/05/14 19:58:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OfferBox [2010/04/23 19:11:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer [2010/04/02 16:12:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\URSoft [2010/05/30 20:36:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent [2010/04/18 10:52:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\VSO [2010/05/12 20:06:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\widestream [2010/05/29 22:11:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\XBMC [2010/05/25 10:56:29 | 000,032,498 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 164 bytes -> C:\ProgramData\Temp:1CE11B51 < End of report > OTL Extras logfile created on: 30/05/2010 20:45:31 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Admin\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,73 Gb Total Space | 4,92 Gb Free Space | 10,10% Space Free | Partition Type: NTFS Drive D: | 1814,19 Gb Total Space | 1205,26 Gb Free Space | 66,44% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 3,72 Gb Total Space | 1,35 Gb Free Space | 36,33% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MCE-PC Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 15 "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.76 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{835525BE-63BD-4EC4-9425-00CEAD4849C2}" = Widestream6 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{AC76BA86-7AD7-1040-7B44-A92000000001}" = Adobe Reader 9.2 - Italiano "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "7-Zip" = 7-Zip 9.12 beta "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only) "Easy File Joiner_is1" = Easy File Joiner "HaaliMkx" = Haali Media Splitter "HijackThis" = HijackThis 2.0.2 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Manager Piattaforma "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "JDownloader" = JDownloader "KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MiPony" = MiPony 1.0.9 "mipony-plugin Toolbar" = mipony-plugin Toolbar "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Nero Lite 9.2.6.02.2" = Nero Lite 9.2.6.0 Build.2.2 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenVPN" = UltraVPN "Tag&Rename_is1" = Tag&Rename 3.5.3 "Unlocker" = Unlocker 1.8.9 "WinRAR archiver" = WinRAR gestione archivi "YU2010_is1" = Your Uninstaller! 2010 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "XBMC" = XBMC ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 25/05/2010 02:58:26 | Computer Name = MCE-PC | Source = Application Error | ID = 1000 Description = Nome dell'applicazione che ha generato l'errore: mbam.exe, versione: 1.45.0.0, timestamp: 0x4bb10678 Nome del modulo che ha generato l'errore: KERNELBASE.dll, versione: 6.1.7600.16385, timestamp: 0x4a5bdaae Codice eccezione: 0xe06d7363 Offset errore 0x00009617 ID processo che ha generato l'errore: 0x788 Ora di avvio dell'applicazione che ha generato l'errore: 0x01cafbd66225f3e0 Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Percorso del modulo che ha generato l'errore: C:\Windows\system32\KERNELBASE.dll ID segnalazione: ea572a80-67ca-11df-b276-fe728b94edda Error - 25/05/2010 03:27:33 | Computer Name = MCE-PC | Source = SideBySide | ID = 16842785 Description = Generazione del contesto di attivazione non riuscita per "H:\TweakUIPowertoySetup_ia64.exe". Impossibile trovare l'assembly dipendente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0". Utilizzare sxstrace.exe per ottenere una diagnosi dettagliata. Error - 25/05/2010 04:12:14 | Computer Name = MCE-PC | Source = Application Error | ID = 1000 Description = Nome dell'applicazione che ha generato l'errore: mbam.exe, versione: 1.45.0.0, timestamp: 0x4bb10678 Nome del modulo che ha generato l'errore: KERNELBASE.dll, versione: 6.1.7600.16385, timestamp: 0x4a5bdaae Codice eccezione: 0xe06d7363 Offset errore 0x00009617 ID processo che ha generato l'errore: 0x1c0 Ora di avvio dell'applicazione che ha generato l'errore: 0x01cafbdfd25cc3b0 Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Percorso del modulo che ha generato l'errore: C:\Windows\system32\KERNELBASE.dll ID segnalazione: 399f2430-67d5-11df-a002-002683019b14 Error - 25/05/2010 04:56:23 | Computer Name = MCE-PC | Source = Application Error | ID = 1000 Description = Nome dell'applicazione che ha generato l'errore: svchost.exe_ProfSvc, versione: 6.1.7600.16385, timestamp: 0x4a5bc100 Nome del modulo che ha generato l'errore: ntdll.dll, versione: 6.1.7600.16385, timestamp: 0x4a5bdadb Codice eccezione: 0xc0000005 Offset errore 0x00028b05 ID processo che ha generato l'errore: 0x40c Ora di avvio dell'applicazione che ha generato l'errore: 0x01cafbe4a5a268c0 Percorso dell'applicazione che ha generato l'errore: C:\Windows\system32\svchost.exe Percorso del modulo che ha generato l'errore: C:\Windows\SYSTEM32\ntdll.dll ID segnalazione: 648a1b2c-67db-11df-9f58-002683019b14 Error - 25/05/2010 15:55:39 | Computer Name = MCE-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1533 Description = Impossibile eliminare la directory di profilo C:\Users\MCE. L'errore potrebbe essersi verificato perch
  13. mauri
    The ComboFix log i just delete it. Here are the other two. DDS (Ver_10-03-17.01) - NTFSx86 Run by Admin at 16:08:19,88 on 30/05/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_15 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.3071.2179 [GMT 2:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Bluetooth Suite\BtvStack.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Users\Admin\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.it/ uURLSearchHooks: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll mURLSearchHooks: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll TB: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll mRun: [AtherosBtStack] c:\program files\bluetooth suite\BtvStack.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Scarica con Mipony - file://c:\program files\mipony\browser\IEContext.htm IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: {E6F7C885-2145-40ED-8E75-B23ACC0AA978} = 192.168.1.1,208.67.222.222 ================= FIREFOX =================== FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\4q1nzuwu.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.it FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\4q1nzuwu.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\FFExternalAlert.dll FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\4q1nzuwu.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\RadioWMPCore.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\drivers\nvamacpi.sys [2010-3-26 24608] R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-7-6 11448] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-2 11608] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/03/27 13:43:08];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536] R2 AntiVirScheduler;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-2 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-2 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-2 56816] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2009-8-20 33280] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2009-9-3 265728] R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2009-8-11 18944] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2009-8-11 205312] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2009-8-11 100480] R3 BTATH_SCO;Atheros Bluetooth Audio Device (WDM);c:\windows\system32\drivers\btath_sco.sys [2009-9-11 32256] R3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2009-8-20 48640] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-4-24 66592] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-26 167936] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-3-26 1077760] S2 ProfSvcehRecvr;Servizio profili utente ProfSvcehRecvr;c:\windows\system32\accessibilitycplh.exe srv --> c:\windows\system32\accessibilitycplh.exe srv [?] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvscpapisvr.exe --> c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [?] S3 AthDfu;Atheros Valkyrie USB BootROM;c:\windows\system32\drivers\AthDfu.sys [2009-6-1 20480] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S4 CMG;CMG;c:\users\admin\appdata\local\temp\CMG.exe [2010-5-29 531328] S4 SO;SO;c:\users\admin\appdata\local\temp\SO.exe [2010-5-29 461696] S4 VWGZKUOJM;VWGZKUOJM;c:\users\admin\appdata\local\temp\VWGZKUOJM.exe [2010-5-29 576384] S4 WERTWG;WERTWG;c:\users\admin\appdata\local\temp\WERTWG.exe [2010-5-29 539520] =============== Created Last 30 ================ 2010-05-29 21:05:18 0 d-----w- c:\program files\Unlocker 2010-05-29 20:15:46 30609408 ----a-w- c:\windows\system32\Q 2010-05-29 10:29:27 0 d-----w- c:\program files\CCleaner 2010-05-27 15:26:48 32 --s-a-w- c:\windows\system32\2164475518.dat 2010-05-27 15:05:54 0 d-sh--w- C:\$RECYCLE.BIN 2010-05-24 18:20:29 823808 ----a-w- c:\windows\system32\drivers\neibvnc.sys 2010-05-19 17:34:08 65536 ------w- c:\windows\system32\Ikeext.etl 2010-05-19 16:55:13 0 d-----w- c:\program files\UltraVPN 2010-05-16 08:47:13 12 ----a-w- c:\users\admin\intlname.ols 2010-05-16 07:59:26 0 d-----w- c:\programdata\Nero 2010-05-16 07:45:14 0 d-----w- c:\program files\Nero 2010-05-14 20:25:25 0 d-----w- c:\program files\Ashkon Software 2010-05-12 18:06:53 0 d-----w- c:\users\admin\appdata\roaming\widestream 2010-05-12 18:06:40 0 d-----w- c:\program files\Widestream6 2010-05-12 18:06:40 0 d-----w- c:\program files\OfferBoxSearch 2010-05-12 18:06:24 0 d-----w- c:\users\admin\appdata\roaming\OfferBox 2010-05-12 18:06:23 0 d-----w- c:\program files\OfferBox ==================== Find3M ==================== 2010-05-30 13:11:17 692090 ----a-w- c:\windows\system32\perfh010.dat 2010-05-30 13:11:17 125396 ----a-w- c:\windows\system32\perfc010.dat 2010-04-03 16:27:00 985704 ----a-w- c:\windows\system32\nvsvc.dll 2010-04-03 16:27:00 1515624 ----a-w- c:\windows\system32\nvsvcr.dll 2010-04-03 16:27:00 13683816 ----a-w- c:\windows\system32\nvcpl.dll 2010-04-03 16:27:00 129640 ----a-w- c:\windows\system32\nvvsvc.exe 2010-04-03 16:27:00 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-04-02 14:54:38 600680 ----a-w- c:\windows\system32\NVUNINST.EXE 2010-03-27 16:49:27 659667 ----a-w- c:\windows\AT3N7A-I-ASUS-0216.zip 2010-03-27 16:29:12 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-27 12:39:43 29480 ----a-w- c:\windows\system32\msxml3a.dll 2010-03-27 12:39:42 505128 ----a-w- c:\windows\system32\msvcp71.dll 2010-03-27 12:39:42 353576 ----a-w- c:\windows\system32\msvcr71.dll 2010-03-14 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-07-14 08:21:00 37534 ----a-w- c:\windows\inf\perflib\0410\perfd.dat 2009-07-14 08:21:00 37534 ----a-w- c:\windows\inf\perflib\0410\perfc.dat 2009-07-14 08:21:00 335478 ----a-w- c:\windows\inf\perflib\0410\perfi.dat 2009-07-14 08:21:00 335478 ----a-w- c:\windows\inf\perflib\0410\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 16:09:01,43 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 26/03/2010 16:13:15 System Uptime: 30/05/2010 15:06:46 (1 hours ago) Motherboard: ASUSTeK Computer INC. | | AT3N7A-I Processor: Intel® Atom CPU 330 @ 1.60GHz | Socket 437 | 1600/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 49 GiB total, 5,115 GiB free. D: is FIXED (NTFS) - 1814 GiB total, 1205,263 GiB free. E: is CDROM () F: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== 7-Zip 9.12 beta Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.2 - Italiano DDS.txt Attach.txt
  14. mauri
    Sorry........ Here: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:45:38, on 30/05/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Bluetooth Suite\BtvStack.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Users\Admin\Desktop\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\tbmipo.dll O3 - Toolbar: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\tbmipo.dll O4 - HKLM\..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Scarica con Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E6F7C885-2145-40ED-8E75-B23ACC0AA978}: NameServer = 192.168.1.1,208.67.222.222 O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Servizio profili utente ProfSvcehRecvr (ProfSvcehRecvr) - Unknown owner - C:\Windows\system32\accessibilitycplh.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - Unknown owner - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (file missing) -- End of file - 2771 bytes And here: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-29 22:51:30 Windows 6.1.7600 Running: gmer.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uwldypow.sys ---- System - GMER 1.0.15 ---- SSDT 805B7A64 ZwCreateThread SSDT 805B7A50 ZwOpenProcess SSDT 805B7A55 ZwOpenThread SSDT 805B7A5F ZwTerminateProcess INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28AF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C283F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C10634 INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C10898 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C281DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C286F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28F2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C291A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C88579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CACF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 34C 82CB484C 4 Bytes [64, 7A, 5B, 80] .text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82CB49E8 4 Bytes [50, 7A, 5B, 80] .text ntkrnlpa.exe!RtlSidHashLookup + 508 82CB4A08 4 Bytes [55, 7A, 5B, 80] .text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82CB4CB8 4 Bytes [5F, 7A, 5B, 80] ? System32\Drivers\neibvnc.sys Un dispositivo collegato al sistema non
  15. mauri
    So here are two logs from HJT and GMer.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.