Jump to content

Recommended Posts

Hello! I'm newbie and I'm not English mothertongue so please forgive me for any mistake...

I was surfing on the web and, clicking on a website about facebook images, I caught a lot of malwares.

A little bit later I shutted down my PC since a lot of popups came up.

Then I scanned it with AVIRA and MBAM. Some of them were removed, but some others are still there and I'm not able to remove them. Very important: my hard disk is split: one part works with Windows XP (the one I use most of the time and the one I was websurfing with), the other one is with Vista. I scanned only the XP part.

AVIRA found a virus called "Trash.gen" (deleted but I'm not sure if it's really gone)

MBAM found these other 2, which I delete (MBAM says: "quarantined and deleted successfully") but every time I scan my PC again, they are still there. I tried to delete them, then turn off System Restore and reboot, but it was no help. Here's what MBAM says after the first scan:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Versione database: 5363

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

10/05/2011 15.42.47

mbam-log-2011-05-10 (15-42-37).txt

Tipo di scansione: Scansione completa (C:\|D:\|F:\|)

Elementi esaminati: 280331

Tempo trascorso: 1 ore, 18 minuti, 20 secondi

Processi infetti in memoria: 0

Moduli di memoria infetti: 0

Chiavi di registro infette: 1

Valori di registro infetti: 0

Voci infette nei dati di registro: 0

Cartelle infette: 0

File infetti: 1

Processi infetti in memoria:

(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:

(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Valori di registro infetti:

(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:

(Non sono stati rilevati elementi nocivi)

Cartelle infette:

(Non sono stati rilevati elementi nocivi)

File infetti:

f:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> No action taken.

I was trying to use advices read in this forum, but I wasn't sure they are ok with my PC and my 2 OS.

THANKS FOR ANY HELP!

Link to post
Share on other sites

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Ok, first of all thank you so much for your help, you're like water in the desert!

So here' the DDS report:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Gabri at 16.03.16,46 on 12/05/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05

Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2046.1563 [GMT 2:00]

.

AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}

AV: AntiVir Desktop *Disabled/Outdated* {0000007F-F204-0012-9E93-807C7F000000}

AV: AntiVir Desktop *Enabled/Outdated* {0012F2B4-55E1-7C92-0300-000000000000}

.

============== Running Processes ===============

.

F:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

F:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\Programmi\Avira\AntiVir Desktop\sched.exe

F:\WINDOWS\Explorer.EXE

svchost.exe

F:\Programmi\Synaptics\SynTP\SynTPEnh.exe

F:\Programmi\Synaptics\SynTP\SynToshiba.exe

F:\WINDOWS\system32\RUNDLL32.EXE

F:\Programmi\Toshiba\Toshiba Applet\thotkey.exe

F:\Programmi\TOSHIBA\ConfigFree\NDSTray.exe

F:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe

F:\WINDOWS\system32\TDispVol.exe

F:\WINDOWS\RTHDCPL.EXE

F:\Programmi\Java\jre1.6.0_05\bin\jusched.exe

F:\WINDOWS\CTHELPER.EXE

F:\Programmi\Avira\AntiVir Desktop\avgnt.exe

F:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Programmi\Windows Live\Messenger\MsnMsgr.Exe

F:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

F:\Programmi\Avira\AntiVir Desktop\avguard.exe

F:\DOCUME~1\Gabri\IMPOST~1\Temp\Qn0.exe

F:\WINDOWS\system32\rundll32.exe

F:\WINDOWS\system32\AvidSDMService.exe

F:\Programmi\Avira\AntiVir Desktop\avshadow.exe

F:\Programmi\TOSHIBA\Bluetooth Monitor\BtMon2.exe

F:\WINDOWS\TEMP\Qnw.exe

F:\Programmi\Bonjour\mDNSResponder.exe

F:\WINDOWS\system32\RAMASST.exe

F:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe

F:\WINDOWS\system32\DVDRAMSV.exe

F:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE

F:\WINDOWS\system32\nvsvc32.exe

F:\WINDOWS\system32\svchost.exe -k imgsvc

F:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

F:\WINDOWS\system32\wuauclt.exe

F:\Documents and Settings\Gabri\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.it/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

BHO: Supporto di collegamento per Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - f:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - f:\programmi\java\jre1.6.0_05\bin\ssv.dll

BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - f:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - f:\programmi\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - f:\programmi\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - f:\programmi\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - f:\programmi\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - f:\programmi\google\google toolbar\GoogleToolbar_32.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

uRun: [TOSCDSPD] f:\programmi\toshiba\toscdspd\toscdspd.exe

uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe

uRun: [MsnMsgr] "f:\programmi\windows live\messenger\MsnMsgr.Exe" /background

uRun: [setDefaultMIDI] MIDIDef.exe

uRun: [swg] "f:\programmi\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [R8388QA8U8] f:\docume~1\gabri\impost~1\temp\Qn0.exe

mRun: [synTPEnh] f:\programmi\synaptics\syntp\SynTPEnh.exe

mRun: [NvCplDaemon] RUNDLL32.EXE f:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE f:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [THotkey] f:\programmi\toshiba\toshiba applet\thotkey.exe

mRun: [NDSTray.exe] NDSTray.exe

mRun: [TFncKy] TFncKy.exe

mRun: [TDispVol] TDispVol.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [NeroFilterCheck] f:\windows\system32\NeroCheck.exe

mRun: [sunJavaUpdateSched] "f:\programmi\java\jre1.6.0_05\bin\jusched.exe"

mRun: [CTHelper] CTHELPER.EXE

mRun: [Adobe Reader Speed Launcher] "f:\programmi\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [avgnt] "f:\programmi\avira\antivir desktop\avgnt.exe" /min

mRun: [QuickTime Task] "f:\programmi\quicktime\qttask.exe" -atboottime

StartupFolder: f:\docume~1\gabri\menuav~1\progra~1\esecuz~1\zooskm~1.lnk - f:\programmi\zooskmessenger\ZooskMessenger.exe

StartupFolder: f:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\blueto~1.lnk - f:\programmi\toshiba\bluetooth monitor\BtMon2.exe

StartupFolder: f:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\ramasst.lnk - f:\windows\system32\RAMASST.exe

IE: E&sporta in Microsoft Excel - f:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\programmi\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - f:\programmi\java\jre1.6.0_05\bin\ssv.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - f:\programmi\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.3.0_02/jinstall-130_02-win.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E19F9331-3110-11d4-991C-005004D3B3DB} - hxxp://java.sun.com/products/plugin/1.3.0_02/jinstall-130_02-win.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - f:\programmi\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - f:\progra~1\fileco~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - f:\docume~1\gabri\datiap~1\mozilla\firefox\profiles\9wrigs7v.default\

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;f:\programmi\avira\antivir desktop\avgio.sys [2010-3-16 11608]

R2 AntiVirScheduler;Avira AntiVir Scheduler;f:\programmi\avira\antivir desktop\sched.exe [2010-3-16 136360]

R2 AntiVirService;Avira AntiVir Guard;f:\programmi\avira\antivir desktop\avguard.exe [2010-3-16 269480]

R2 avgntflt;avgntflt;f:\windows\system32\drivers\avgntflt.sys [2010-3-16 61960]

S1 PDIDRV;PDIDRV; [x]

.

=============== Created Last 30 ================

.

2011-05-02 23:55:41 -------- d-----w- f:\docume~1\gabri\datiap~1\Malwarebytes

2011-05-02 23:55:33 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys

2011-05-02 23:55:31 -------- dc----w- f:\docume~1\alluse~1\datiap~1\Malwarebytes

2011-05-02 23:55:28 20952 ----a-w- f:\windows\system32\drivers\mbam.sys

2011-05-02 23:55:28 -------- d-----w- f:\programmi\Malwarebytes' Anti-Malware

2011-05-02 22:53:15 -------- d-----w- f:\docume~1\gabri\datiap~1\Avira

2011-05-02 22:51:53 162304 ----a-w- f:\windows\Qqozoa.exe

.

==================== Find3M ====================

.

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: TOSHIBA_MK1237GSX rev.DL130M -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4F6730]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a4fca10]; MOV EAX, [0x8a4fca8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A567AB8]

3 CLASSPNP[0xF765805B] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000085[0x8A599268]

5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8A56A940]

\Driver\atapi[0x8A59AAB8] -> IRP_MJ_CREATE -> 0x8A4F6730

error: Read Una periferica collegata al sistema non

Attach.txt

Link to post
Share on other sites

Hello again,

Unfortunately you have a nasty rootkit on your computer. Please read the following information first.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Thanx again for all these precious information. Actually I shutted down my pc 30-40 mins later I was infected (I was trying to look immediately for a cure) and from that moment I never connected again that pc to the web (I'm using another one to write here).

I will go on on (but I think I will back up my data and reformat as soon as I will have time), but first I have 2 questions:

- also that part of my disk which runs Vista (and not XP) is now no more secure? do I have to reformat both OS?

- if I reformat my pc then will be 100% safe?

and a last, very stupid one:

- I don't think I have any doc with my financial data on, but I used that pc to make some transactions online (before being infected). So am I in a big danger? Am I in danger only when online?

Sorry for all these questions but I'm in panic...

TDSS found that Rootkit and I cured and rebooted. Here's what TDSS says:

2011/05/12 19:24:08.0140 1240 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16

2011/05/12 19:24:08.0203 1240 ================================================================================

2011/05/12 19:24:08.0203 1240 SystemInfo:

2011/05/12 19:24:08.0203 1240

2011/05/12 19:24:08.0203 1240 OS Version: 5.1.2600 ServicePack: 2.0

2011/05/12 19:24:08.0203 1240 Product type: Workstation

2011/05/12 19:24:08.0203 1240 ComputerName: 6C9B5A0E6E374E5

2011/05/12 19:24:08.0203 1240 UserName: Gabri

2011/05/12 19:24:08.0203 1240 Windows directory: F:\WINDOWS

2011/05/12 19:24:08.0203 1240 System windows directory: F:\WINDOWS

2011/05/12 19:24:08.0203 1240 Processor architecture: Intel x86

2011/05/12 19:24:08.0203 1240 Number of processors: 2

2011/05/12 19:24:08.0203 1240 Page size: 0x1000

2011/05/12 19:24:08.0203 1240 Boot type: Normal boot

2011/05/12 19:24:08.0203 1240 ================================================================================

2011/05/12 19:24:08.0562 1240 Initialize success

2011/05/12 19:25:18.0281 0572 ================================================================================

2011/05/12 19:25:18.0281 0572 Scan started

2011/05/12 19:25:18.0281 0572 Mode: Manual;

2011/05/12 19:25:18.0281 0572 ================================================================================

2011/05/12 19:25:18.0578 0572 61883 (86d7b1e70661d754685b9ac6d749aae5) F:\WINDOWS\system32\DRIVERS\61883.sys

2011/05/12 19:25:18.0687 0572 ACPI (ad825cb3397c837d1fb91d566d78de04) F:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/05/12 19:25:18.0734 0572 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) F:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/05/12 19:25:18.0812 0572 aec (1ee7b434ba961ef845de136224c30fec) F:\WINDOWS\system32\drivers\aec.sys

2011/05/12 19:25:18.0890 0572 AFD (55e6e1c51b6d30e54335750955453702) F:\WINDOWS\System32\drivers\afd.sys

2011/05/12 19:25:19.0109 0572 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) F:\WINDOWS\system32\DRIVERS\AGRSM.sys

2011/05/12 19:25:19.0328 0572 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) F:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/05/12 19:25:19.0421 0572 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) F:\WINDOWS\system32\drivers\Aspi32.sys

2011/05/12 19:25:19.0468 0572 AsyncMac (02000abf34af4c218c35d257024807d6) F:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/05/12 19:25:19.0562 0572 atapi (cdfe4411a69c224bd1d11b2da92dac51) F:\WINDOWS\system32\DRIVERS\atapi.sys

2011/05/12 19:25:19.0609 0572 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) F:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/05/12 19:25:19.0687 0572 audstub (d9f724aa26c010a217c97606b160ed68) F:\WINDOWS\system32\DRIVERS\audstub.sys

2011/05/12 19:25:19.0750 0572 Avc (87c223adb8f7596b31caae3c67b16ddd) F:\WINDOWS\system32\DRIVERS\avc.sys

2011/05/12 19:25:19.0859 0572 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) F:\Programmi\Avira\AntiVir Desktop\avgio.sys

2011/05/12 19:25:20.0000 0572 avgntflt (47b879406246ffdced59e18d331a0e7d) F:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/05/12 19:25:20.0093 0572 avipbb (5fedef54757b34fb611b9ec8fb399364) F:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/05/12 19:25:20.0187 0572 Beep (da1f27d85e0d1525f6621372e7b685e9) F:\WINDOWS\system32\drivers\Beep.sys

2011/05/12 19:25:20.0234 0572 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) F:\WINDOWS\system32\drivers\cbidf2k.sys

2011/05/12 19:25:20.0281 0572 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) F:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/05/12 19:25:20.0343 0572 Cdaudio (c1b486a7658353d33a10cc15211a873b) F:\WINDOWS\system32\drivers\Cdaudio.sys

2011/05/12 19:25:20.0484 0572 Cdfs (cd7d5152df32b47f4e36f710b35aae02) F:\WINDOWS\system32\drivers\Cdfs.sys

2011/05/12 19:25:20.0531 0572 Cdrom (af9c19b3100fe010496b1a27181fbf72) F:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/05/12 19:25:20.0625 0572 CmBatt (4266be808f85826aedf3c64c1e240203) F:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/05/12 19:25:20.0671 0572 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) F:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/05/12 19:25:20.0765 0572 ctac32k (3cfb715f2e3b0e475e984f78cdfada57) F:\WINDOWS\system32\drivers\ctac32k.sys

2011/05/12 19:25:20.0906 0572 ctaud2k (b640816f7d3ffeaaefea831242fe5e8c) F:\WINDOWS\system32\drivers\ctaud2k.sys

2011/05/12 19:25:20.0984 0572 ctdvda2k (c4333325d325efa668888d0d3177c6ff) F:\WINDOWS\system32\drivers\ctdvda2k.sys

2011/05/12 19:25:21.0125 0572 ctmmfilt (c3ddb8bae53a63d54a93df7a371ac808) F:\WINDOWS\system32\drivers\ctmmfilt.sys

2011/05/12 19:25:21.0281 0572 ctprxy2k (a9f9a48406e99134cd3879b410e9139d) F:\WINDOWS\system32\drivers\ctprxy2k.sys

2011/05/12 19:25:21.0343 0572 ctsfm2k (fcbb8ea6fe935d2c531d3a4dee9f985b) F:\WINDOWS\system32\drivers\ctsfm2k.sys

2011/05/12 19:25:21.0437 0572 Disk (00ca44e4534865f8a3b64f7c0984bff0) F:\WINDOWS\system32\DRIVERS\disk.sys

2011/05/12 19:25:21.0546 0572 dmboot (6570b4c952f0d8fee4c6ef2ff5e10c08) F:\WINDOWS\system32\drivers\dmboot.sys

2011/05/12 19:25:21.0656 0572 dmio (c57d35621782c7f40770f3e5ca20a182) F:\WINDOWS\system32\drivers\dmio.sys

2011/05/12 19:25:21.0718 0572 dmload (e9317282a63ca4d188c0df5e09c6ac5f) F:\WINDOWS\system32\drivers\dmload.sys

2011/05/12 19:25:21.0765 0572 DMusic (a6f881284ac1150e37d9ae47ff601267) F:\WINDOWS\system32\drivers\DMusic.sys

2011/05/12 19:25:21.0812 0572 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) F:\WINDOWS\system32\drivers\drmkaud.sys

2011/05/12 19:25:21.0875 0572 E100B (ac9cf17ee2ae003c98eb4f5336c38058) F:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/05/12 19:25:21.0937 0572 emupia (05377ddedf219d9bd3102bd9fbdc3eae) F:\WINDOWS\system32\drivers\emupia2k.sys

2011/05/12 19:25:22.0156 0572 Fastfat (3117f595e9615e04f05a54fc15a03b20) F:\WINDOWS\system32\drivers\Fastfat.sys

2011/05/12 19:25:22.0187 0572 Fdc (ced2e8396a8838e59d8fd529c680e02c) F:\WINDOWS\system32\drivers\Fdc.sys

2011/05/12 19:25:22.0234 0572 Fips (333fbbc71bdcbb46c58a3b51b3d51184) F:\WINDOWS\system32\drivers\Fips.sys

2011/05/12 19:25:22.0281 0572 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) F:\WINDOWS\system32\drivers\Flpydisk.sys

2011/05/12 19:25:22.0343 0572 FltMgr (3d234fb6d6ee875eb009864a299bea29) F:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/05/12 19:25:22.0453 0572 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) F:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/05/12 19:25:22.0484 0572 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) F:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/05/12 19:25:22.0531 0572 Gpc (c0f1d4a21de5a415df8170616703debf) F:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/05/12 19:25:22.0625 0572 ha10kx2k (5da1af9485b591e4406924803969ccf0) F:\WINDOWS\system32\drivers\ha10kx2k.sys

2011/05/12 19:25:22.0703 0572 hap16v2k (9f7eec8d49279052e4d70971246ac7cd) F:\WINDOWS\system32\drivers\hap16v2k.sys

2011/05/12 19:25:22.0812 0572 hap17v2k (c34fbfcf18332927c9d7dfb44f1cc84f) F:\WINDOWS\system32\drivers\hap17v2k.sys

2011/05/12 19:25:22.0875 0572 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) F:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/05/12 19:25:22.0937 0572 HidUsb (1de6783b918f540149aa69943bdfeba8) F:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/05/12 19:25:23.0062 0572 HTTP (9f8b0f4276f618964fd118be4289b7cd) F:\WINDOWS\system32\Drivers\HTTP.sys

2011/05/12 19:25:23.0265 0572 i8042prt (30e64dfa4efaacc8142ea07766181fb4) F:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/05/12 19:25:23.0328 0572 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) F:\WINDOWS\system32\DRIVERS\imapi.sys

2011/05/12 19:25:23.0671 0572 IntcAzAudAddService (001aaca6ed0e6b00fc5b8faf74977e81) F:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/05/12 19:25:23.0859 0572 intelppm (ebc07787034bbe312020d30198a9f362) F:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/05/12 19:25:23.0890 0572 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) F:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/05/12 19:25:23.0921 0572 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) F:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/05/12 19:25:23.0953 0572 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) F:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/05/12 19:25:23.0984 0572 IpNat (e2168cbc7098ffe963c6f23f472a3593) F:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/05/12 19:25:24.0078 0572 IPSec (64537aa5c003a6afeee1df819062d0d1) F:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/05/12 19:25:24.0218 0572 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) F:\WINDOWS\system32\DRIVERS\irenum.sys

2011/05/12 19:25:24.0250 0572 isapnp (ea3245a8e8758d6b84de189a5caaa75e) F:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/05/12 19:25:24.0312 0572 Kbdclass (e883ae6ea0b313e659225aa32e449ce9) F:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/05/12 19:25:24.0375 0572 kmixer (ba5deda4d934e6288c2f66caf58d2562) F:\WINDOWS\system32\drivers\kmixer.sys

2011/05/12 19:25:24.0437 0572 KSecDD (674d3e5a593475915dc6643317192403) F:\WINDOWS\system32\drivers\KSecDD.sys

2011/05/12 19:25:24.0625 0572 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) F:\WINDOWS\system32\Drivers\meiudf.sys

2011/05/12 19:25:24.0687 0572 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) F:\WINDOWS\system32\drivers\mnmdd.sys

2011/05/12 19:25:24.0750 0572 Modem (b30d2db351e3191bd71232036cfe711a) F:\WINDOWS\system32\drivers\Modem.sys

2011/05/12 19:25:24.0781 0572 Mouclass (c458e314b8722253897c94a714c2e0c0) F:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/05/12 19:25:24.0812 0572 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) F:\WINDOWS\system32\drivers\MountMgr.sys

2011/05/12 19:25:24.0875 0572 MRxDAV (29414447eb5bde2f8397dc965dbb3156) F:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/05/12 19:25:25.0093 0572 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) F:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/05/12 19:25:25.0156 0572 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) F:\WINDOWS\system32\DRIVERS\msdv.sys

2011/05/12 19:25:25.0218 0572 Msfs (561b3a4333ca2dbdba28b5b956822519) F:\WINDOWS\system32\drivers\Msfs.sys

2011/05/12 19:25:25.0265 0572 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) F:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/05/12 19:25:25.0375 0572 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) F:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/05/12 19:25:25.0406 0572 MSPQM (1988a33ff19242576c3d0ef9ce785da7) F:\WINDOWS\system32\drivers\MSPQM.sys

2011/05/12 19:25:25.0468 0572 mssmbios (469541f8bfd2b32659d5d463a6714bce) F:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/05/12 19:25:25.0500 0572 MSTEE (bf13612142995096ab084f2db7f40f77) F:\WINDOWS\system32\drivers\MSTEE.sys

2011/05/12 19:25:25.0562 0572 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) F:\WINDOWS\system32\drivers\Mup.sys

2011/05/12 19:25:25.0609 0572 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) F:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/05/12 19:25:25.0734 0572 NDIS (558635d3af1c7546d26067d5d9b6959e) F:\WINDOWS\system32\drivers\NDIS.sys

2011/05/12 19:25:25.0781 0572 NdisIP (520ce427a8b298f54112857bcf6bde15) F:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/05/12 19:25:25.0828 0572 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) F:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/05/12 19:25:25.0875 0572 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) F:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/05/12 19:25:25.0937 0572 NdisWan (0b90e255a9490166ab368cd55a529893) F:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/05/12 19:25:26.0109 0572 NDProxy (59fc3fb44d2669bc144fd87826bb571f) F:\WINDOWS\system32\drivers\NDProxy.sys

2011/05/12 19:25:26.0156 0572 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) F:\WINDOWS\system32\DRIVERS\netbios.sys

2011/05/12 19:25:26.0187 0572 NetBT (0c80e410cd2f47134407ee7dd19cc86b) F:\WINDOWS\system32\DRIVERS\netbt.sys

2011/05/12 19:25:26.0265 0572 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) F:\WINDOWS\system32\DRIVERS\netdevio.sys

2011/05/12 19:25:26.0437 0572 NETw4x32 (88100ebdd10309fbd445ef8e42452eae) F:\WINDOWS\system32\DRIVERS\NETw4x32.sys

2011/05/12 19:25:26.0625 0572 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) F:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/05/12 19:25:26.0687 0572 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) F:\WINDOWS\system32\drivers\Npfs.sys

2011/05/12 19:25:26.0765 0572 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) F:\WINDOWS\system32\drivers\Ntfs.sys

2011/05/12 19:25:26.0843 0572 Null (73c1e1f395918bc2c6dd67af7591a3ad) F:\WINDOWS\system32\drivers\Null.sys

2011/05/12 19:25:27.0343 0572 nv (93a94824a89f02db52bf851377683524) F:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/05/12 19:25:27.0875 0572 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) F:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/05/12 19:25:27.0906 0572 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) F:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/05/12 19:25:27.0953 0572 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) F:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/05/12 19:25:28.0000 0572 ossrv (3649eefa90990249267dd6c7808cbc86) F:\WINDOWS\system32\drivers\ctoss2k.sys

2011/05/12 19:25:28.0093 0572 Parport (3490ead0612bfd0e7c1b864ee24e6a4a) F:\WINDOWS\system32\drivers\Parport.sys

2011/05/12 19:25:28.0156 0572 PartMgr (3334430c29dc338092f79c38ef7b4cd0) F:\WINDOWS\system32\drivers\PartMgr.sys

2011/05/12 19:25:28.0281 0572 ParVdm (0dabef655a444cb1e193626fb1d24b9f) F:\WINDOWS\system32\drivers\ParVdm.sys

2011/05/12 19:25:28.0328 0572 PCI (91fc1d483d900b1c0600a08b871c39d5) F:\WINDOWS\system32\DRIVERS\pci.sys

2011/05/12 19:25:28.0390 0572 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) F:\WINDOWS\system32\DRIVERS\pciide.sys

2011/05/12 19:25:28.0453 0572 Pcmcia (28f3538a2091993a03506311a05053e8) F:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/05/12 19:25:28.0625 0572 PfModNT (db64e50cfea80077e47c282bce2c1813) F:\WINDOWS\system32\drivers\PfModNT.sys

2011/05/12 19:25:28.0703 0572 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) F:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/05/12 19:25:28.0812 0572 PSched (48671f327553dcf1d27f6197f622a668) F:\WINDOWS\system32\DRIVERS\psched.sys

2011/05/12 19:25:28.0875 0572 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) F:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/05/12 19:25:28.0984 0572 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) F:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/05/12 19:25:29.0062 0572 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) F:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/05/12 19:25:29.0109 0572 RasPppoe (7306eeed8895454cbed4669be9f79faa) F:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/05/12 19:25:29.0125 0572 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) F:\WINDOWS\system32\DRIVERS\raspti.sys

2011/05/12 19:25:29.0187 0572 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) F:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/05/12 19:25:29.0343 0572 RDPCDD (4912d5b403614ce99c28420f75353332) F:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/05/12 19:25:29.0406 0572 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) F:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/05/12 19:25:29.0484 0572 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) F:\WINDOWS\system32\drivers\RDPWD.sys

2011/05/12 19:25:29.0531 0572 redbook (a8eee004a16af1d583d9de9f6de250e0) F:\WINDOWS\system32\DRIVERS\redbook.sys

2011/05/12 19:25:29.0718 0572 sdbus (02fc71b020ec8700ee8a46c58bc6f276) F:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/05/12 19:25:29.0765 0572 Secdrv (90a3935d05b494a5a39d37e71f09a677) F:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/05/12 19:25:29.0828 0572 Sentinel (aebba7428a6c40cce3c5abde45190b24) F:\WINDOWS\System32\Drivers\SENTINEL.SYS

2011/05/12 19:25:29.0890 0572 Serial (d7eb220ca486a597d16aa28c71f05b09) F:\WINDOWS\system32\DRIVERS\avidXPserial.sys

2011/05/12 19:25:30.0046 0572 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) F:\WINDOWS\system32\drivers\Sfloppy.sys

2011/05/12 19:25:30.0187 0572 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) F:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/05/12 19:25:30.0250 0572 splitter (0ce218578fff5f4f7e4201539c45c78f) F:\WINDOWS\system32\drivers\splitter.sys

2011/05/12 19:25:30.0328 0572 sr (896f566afc498077172eae8a50e8baf8) F:\WINDOWS\system32\DRIVERS\sr.sys

2011/05/12 19:25:30.0406 0572 Srv (7a4f147cc6b133f905f6e65e2f8669fb) F:\WINDOWS\system32\DRIVERS\srv.sys

2011/05/12 19:25:30.0546 0572 ssmdrv (a36ee93698802cd899f98bfd553d8185) F:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/05/12 19:25:30.0609 0572 streamip (284c57df5dc7abca656bc2b96a667afb) F:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/05/12 19:25:30.0656 0572 swenum (03c1bae4766e2450219d20b993d6e046) F:\WINDOWS\system32\DRIVERS\swenum.sys

2011/05/12 19:25:30.0718 0572 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) F:\WINDOWS\system32\drivers\swmidi.sys

2011/05/12 19:25:30.0843 0572 SynTP (d7b9ad3abd0f7f9f694d71f38b5c7b72) F:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/05/12 19:25:30.0953 0572 sysaudio (650ad082d46bac0e64c9c0e0928492fd) F:\WINDOWS\system32\drivers\sysaudio.sys

2011/05/12 19:25:31.0062 0572 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) F:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/05/12 19:25:31.0140 0572 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) F:\WINDOWS\system32\drivers\TDPIPE.sys

2011/05/12 19:25:31.0156 0572 TDTCP (ed0580af02502d00ad8c4c066b156be9) F:\WINDOWS\system32\drivers\TDTCP.sys

2011/05/12 19:25:31.0203 0572 TermDD (a540a99c281d933f3d69d55e48727f47) F:\WINDOWS\system32\DRIVERS\termdd.sys

2011/05/12 19:25:31.0343 0572 tifm21 (244cfbffdefb77f3df571a8cd108fc06) F:\WINDOWS\system32\drivers\tifm21.sys

2011/05/12 19:25:31.0468 0572 TVALD (676db15ddf2e0ff6ec03068dea428b8b) F:\WINDOWS\system32\DRIVERS\NBSMI.sys

2011/05/12 19:25:31.0531 0572 Udfs (12f70256f140cd7d52c58c7048fde657) F:\WINDOWS\system32\drivers\Udfs.sys

2011/05/12 19:25:31.0609 0572 Update (ced744117e91bdc0beb810f7d8608183) F:\WINDOWS\system32\DRIVERS\update.sys

2011/05/12 19:25:31.0750 0572 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) F:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/05/12 19:25:31.0812 0572 usbehci (15e993ba2f6946b2bfbbfcd30398621e) F:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/05/12 19:25:31.0843 0572 usbhub (c72f40947f92cea56a8fb532edf025f1) F:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/05/12 19:25:31.0906 0572 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) F:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/05/12 19:25:31.0953 0572 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/05/12 19:25:31.0984 0572 usbuhci (f8fd1400092e23c8f2f31406ef06167b) F:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/05/12 19:25:32.0140 0572 VgaSave (8a60edd72b4ea5aea8202daf0e427925) F:\WINDOWS\System32\drivers\vga.sys

2011/05/12 19:25:32.0218 0572 VolSnap (698869e82c57169f2140c04a272bf12b) F:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/12 19:25:32.0265 0572 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) F:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/05/12 19:25:32.0343 0572 Wdf01000 (60d2787958b46595d62237ed15b91e94) F:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/05/12 19:25:32.0421 0572 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) F:\WINDOWS\system32\drivers\wdmaud.sys

2011/05/12 19:25:32.0578 0572 WSTCODEC (d5842484f05e12121c511aa93f6439ec) F:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/05/12 19:25:32.0671 0572 WudfPf (f15feafffbb3644ccc80c5da584e6311) F:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/05/12 19:25:32.0718 0572 WudfRd (28b524262bce6de1f7ef9f510ba3985b) F:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/05/12 19:25:32.0812 0572 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/05/12 19:25:32.0984 0572 ================================================================================

2011/05/12 19:25:32.0984 0572 Scan finished

2011/05/12 19:25:32.0984 0572 ================================================================================

2011/05/12 19:25:33.0000 0512 Detected object count: 1

2011/05/12 19:26:36.0437 0512 \HardDisk1 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/05/12 19:26:36.0437 0512 \HardDisk1 - ok

2011/05/12 19:26:36.0437 0512 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure

2011/05/12 19:26:46.0156 1116 Deinitialize success

Link to post
Share on other sites

I will go on on (but I think I will back up my data and reformat as soon as I will have time), but first I have 2 questions:

- also that part of my disk which runs Vista (and not XP) is now no more secure? do I have to reformat both OS?

- if I reformat my pc then will be 100% safe?

This infection would have been active both on Vista and XP, because it hooked up the Master Boot Record of the harddisk. So, no matter if you'd have used XP or Vista, the MBR owuld have loaded the infection in both instances.

After a reformat and reinstall you'll be safe, given of course that you take adequate security measures (more information on that once you are cleaned up).

and a last, very stupid one:

- I don't think I have any doc with my financial data on, but I used that pc to make some transactions online (before being infected). So am I in a big danger? Am I in danger only when online?

No, if you made these transactions before being infections, no data is stored and you didn't use it when infected, you should be okay.

Please let me know how things are running after the following fix.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Ok, just one question before proceeding.

So far I've done all the cleaning steps running my XP part of the disk. It would be the same if now I take these other steps running the Vista part of the disk (since you said they're equally infected)?

I would prefer it just in order to avoid the connection to internet when downloading Microsoft Windows Recovery Console (I suppose this connection wouldn't be safe). In this way Microsoft Windows Recovery Console would be active also on the XP disk?

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.