esploratore
2011-04-09, 14:48
Hi, this is my first post in this forum, hello everybody!
I am trying to clean up my friend's computer: I installed Avira Antivir, but everytime I scan, it detects Trojan and does not remove it properly.
Here is DDS output, according to instructions, and zip file attached.
thanks for your help!!!
_________________________________________________
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by carelli at 13.26.20.21 on 09/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1535.1073 [GMT 2:00]
.
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
.
============== Running Processes ===============
.
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Programmi\TOSHIBA\TOSHIBA Applet\tme3srv.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\carelli\Documenti\Download\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?o=101810&l=dis
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Internet Explorer - Options locked by Spybot S&D
mWindow Title = Internet Explorer - Options locked by Spybot S&D
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uWinlogon: Shell=,explorer.exe,c:\documents and settings\carelli\fxmdk.exe
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmi\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmi\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programmi\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmi\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Picasa Media Detector] c:\programmi\picasa2\PicasaMediaDetector.exe
uRun: [swg] "c:\programmi\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Local Security Authentication Server] c:\documents and settings\carelli\dati applicazioni\lsass.exe
mRun: [SoundMAXPnP] c:\programmi\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\programmi\analog devices\soundmax\Smax4.exe /tray
mRun: [THotkey] c:\programmi\toshiba\toshiba applet\thotkey.exe
mRun: [PadTouch] c:\programmi\toshiba\touch and launch\PadExe.exe
mRun: [avgnt] "c:\programmi\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Point&&Go - c:\programmi\file comuni\expert system\pgplatform\PGPlatform.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\programmi\java\jre1.5.0\bin\npjpi150.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmi\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\carelli\datiap~1\mozilla\firefox\profiles\8bs66afh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2056116&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - prefs.js: keyword.URL - hxxp://it.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_it&p=
FF - component: c:\documents and settings\carelli\dati applicazioni\mozilla\firefox\profiles\8bs66afh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\carelli\dati applicazioni\mozilla\firefox\profiles\8bs66afh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\programmi\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\programmi\google\picasa3\npPicasa2.dll
FF - plugin: c:\programmi\google\picasa3\npPicasa3.dll
FF - plugin: c:\programmi\java\jre1.5.0\bin\NPJPI150.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\programmi\mcafee\SiteAdvisor
.
============= SERVICES / DRIVERS ===============
.
R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [2005-12-26 18110]
R1 avgio;avgio;c:\programmi\avira\antivir desktop\avgio.sys [2011-4-2 11608]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [2005-12-26 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [2005-12-26 423454]
R2 AntiVirScheduler;Avira AntiVir Scheduler;c:\programmi\avira\antivir desktop\sched.exe [2011-4-2 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\programmi\avira\antivir desktop\avguard.exe [2011-4-2 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-2 61960]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmi\mcafee\siteadvisor\McSACore.exe [2009-2-21 88176]
S2 irafhkwop;Task Time;c:\windows\system32\svchost.exe -k netsvcs [2005-1-25 14336]
S2 klnetbfn;klnetbfn;c:\windows\system32\drivers\klnetbfn.sys [2011-1-30 82944]
S2 nulcertmc;Universal Windows;c:\windows\system32\svchost.exe -k netsvcs [2005-1-25 14336]
S2 xzuvl;Boot Support;c:\windows\system32\svchost.exe -k netsvcs [2005-1-25 14336]
.
=============== Created Last 30 ================
.
2011-04-08 20:29:23 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-04-02 21:44:38 -------- d-----w- c:\windows\system32\NtmsData
2011-04-02 21:43:14 -------- d-----w- c:\docume~1\carelli\datiap~1\Avira
2011-04-02 21:40:09 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-02 21:40:08 -------- d-----w- c:\programmi\Avira
2011-04-02 14:26:42 -------- d-sh--w- c:\documents and settings\carelli\IECompatCache
.
==================== Find3M ====================
.
2001-05-24 10:59:30 162304 ----a-w- c:\programmi\UNWISE.EXE
.
============= FINISH: 13.27.11.61 ===============
hi again,
Malwarebytes' Antimalware has detected and removed Worm PALEVO. However, I am not sure if the system is really clean now (apparently it is). Can somebody check the DDS output please and advise?
thanks a million!
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by carelli at 11.27.48.04 on 10/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1535.1073 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5C49-7C92-0300-000000000000}
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
.
============== Running Processes ===============
.
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Programmi\TOSHIBA\TOSHIBA Applet\tme3srv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\carelli\Documenti\Download\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Internet Explorer - Options locked by Spybot S&D
mWindow Title = Internet Explorer - Options locked by Spybot S&D
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmi\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmi\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programmi\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmi\google\google toolbar\GoogleToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Picasa Media Detector] c:\programmi\picasa2\PicasaMediaDetector.exe
uRun: [swg] "c:\programmi\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SoundMAXPnP] c:\programmi\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\programmi\analog devices\soundmax\Smax4.exe /tray
mRun: [THotkey] c:\programmi\toshiba\toshiba applet\thotkey.exe
mRun: [PadTouch] c:\programmi\toshiba\touch and launch\PadExe.exe
mRun: [avgnt] "c:\programmi\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\programmi\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programmi\file comuni\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Point&&Go - c:\programmi\file comuni\expert system\pgplatform\PGPlatform.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\programmi\java\jre1.5.0\bin\npjpi150.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmi\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\carelli\datiap~1\mozilla\firefox\profiles\jth097lb.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (it)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=it&q=
FF - plugin: c:\programmi\google\picasa3\npPicasa2.dll
FF - plugin: c:\programmi\google\picasa3\npPicasa3.dll
FF - plugin: c:\programmi\microsoft silverlight\4.0.60129.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [2005-12-26 18110]
R1 avgio;avgio;c:\programmi\avira\antivir desktop\avgio.sys [2011-4-2 11608]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [2005-12-26 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [2005-12-26 423454]
R2 AntiVirScheduler;Avira AntiVir Scheduler;c:\programmi\avira\antivir desktop\sched.exe [2011-4-2 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\programmi\avira\antivir desktop\avguard.exe [2011-4-2 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-2 61960]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-4-10 88176]
S2 0247051302427442mcinstcleanup;McAfee Application Installer Cleanup (0247051302427442);c:\docume~1\carelli\impost~1\temp\024705~1.exe c:\progra~1\fileco~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\carelli\impost~1\temp\024705~1.exe c:\progra~1\fileco~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 irafhkwop;Task Time;c:\windows\system32\svchost.exe -k netsvcs [2005-1-25 14336]
S2 klnetbfn;klnetbfn;c:\windows\system32\drivers\klnetbfn.sys [2011-1-30 82944]
S2 nulcertmc;Universal Windows;c:\windows\system32\svchost.exe -k netsvcs [2005-1-25 14336]
S2 xzuvl;Boot Support;c:\windows\system32\svchost.exe -k netsvcs [2005-1-25 14336]
.
=============== Created Last 30 ================
.
2011-04-10 09:24:02 -------- d-----w- c:\programmi\file comuni\McAfee
2011-04-10 09:23:51 -------- d-----w- c:\programmi\McAfee
2011-04-09 21:23:24 -------- d-----w- c:\docume~1\carelli\impost~1\datiap~1\Temp
2011-04-09 18:00:31 -------- d-----w- c:\docume~1\carelli\datiap~1\Malwarebytes
2011-04-09 17:59:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-09 17:59:35 -------- d-----w- c:\docume~1\alluse~1\datiap~1\Malwarebytes
2011-04-09 17:59:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 17:59:32 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-04-09 16:42:07 -------- d-----w- c:\windows\system32\MpEngineStore
2011-04-09 15:26:30 -------- d-----w- c:\docume~1\carelli\datiap~1\QuickScan
2011-04-08 20:29:23 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-04-02 21:44:38 -------- d-----w- c:\windows\system32\NtmsData
2011-04-02 21:43:14 -------- d-----w- c:\docume~1\carelli\datiap~1\Avira
2011-04-02 21:40:09 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-02 21:40:08 -------- d-----w- c:\programmi\Avira
2011-04-02 14:26:42 -------- d-sh--w- c:\documents and settings\carelli\IECompatCache
.
==================== Find3M ====================
.
2011-02-09 13:54:04 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:54:04 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:58 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:08 440832 ----a-w- c:\windows\system32\shimgvw.dll
2001-05-24 10:59:30 162304 ----a-w- c:\programmi\UNWISE.EXE
.
============= FINISH: 11.28.36.64 ===============
I am trying to clean up my friend's computer: I installed Avira Antivir, but everytime I scan, it detects Trojan and does not remove it properly.
Here is DDS output, according to instructions, and zip file attached.
thanks for your help!!!
_________________________________________________
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by carelli at 13.26.20.21 on 09/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1535.1073 [GMT 2:00]
.
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
.
============== Running Processes ===============
.
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Programmi\TOSHIBA\TOSHIBA Applet\tme3srv.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\carelli\Documenti\Download\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?o=101810&l=dis
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Internet Explorer - Options locked by Spybot S&D
mWindow Title = Internet Explorer - Options locked by Spybot S&D
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uWinlogon: Shell=,explorer.exe,c:\documents and settings\carelli\fxmdk.exe
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmi\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmi\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programmi\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmi\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Picasa Media Detector] c:\programmi\picasa2\PicasaMediaDetector.exe
uRun: [swg] "c:\programmi\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Local Security Authentication Server] c:\documents and settings\carelli\dati applicazioni\lsass.exe
mRun: [SoundMAXPnP] c:\programmi\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\programmi\analog devices\soundmax\Smax4.exe /tray
mRun: [THotkey] c:\programmi\toshiba\toshiba applet\thotkey.exe
mRun: [PadTouch] c:\programmi\toshiba\touch and launch\PadExe.exe
mRun: [avgnt] "c:\programmi\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Point&&Go - c:\programmi\file comuni\expert system\pgplatform\PGPlatform.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\programmi\java\jre1.5.0\bin\npjpi150.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmi\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\carelli\datiap~1\mozilla\firefox\profiles\8bs66afh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2056116&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - prefs.js: keyword.URL - hxxp://it.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_it&p=
FF - component: c:\documents and settings\carelli\dati applicazioni\mozilla\firefox\profiles\8bs66afh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\carelli\dati applicazioni\mozilla\firefox\profiles\8bs66afh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\programmi\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\programmi\google\picasa3\npPicasa2.dll
FF - plugin: c:\programmi\google\picasa3\npPicasa3.dll
FF - plugin: c:\programmi\java\jre1.5.0\bin\NPJPI150.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\programmi\mcafee\SiteAdvisor
.
============= SERVICES / DRIVERS ===============
.
R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [2005-12-26 18110]
R1 avgio;avgio;c:\programmi\avira\antivir desktop\avgio.sys [2011-4-2 11608]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [2005-12-26 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [2005-12-26 423454]
R2 AntiVirScheduler;Avira AntiVir Scheduler;c:\programmi\avira\antivir desktop\sched.exe [2011-4-2 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\programmi\avira\antivir desktop\avguard.exe [2011-4-2 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-2 61960]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmi\mcafee\siteadvisor\McSACore.exe [2009-2-21 88176]
S2 irafhkwop;Task Time;c:\windows\system32\svchost.exe -k netsvcs [2005-1-25 14336]
S2 klnetbfn;klnetbfn;c:\windows\system32\drivers\klnetbfn.sys [2011-1-30 82944]
S2 nulcertmc;Universal Windows;c:\windows\system32\svchost.exe -k netsvcs [2005-1-25 14336]
S2 xzuvl;Boot Support;c:\windows\system32\svchost.exe -k netsvcs [2005-1-25 14336]
.
=============== Created Last 30 ================
.
2011-04-08 20:29:23 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-04-02 21:44:38 -------- d-----w- c:\windows\system32\NtmsData
2011-04-02 21:43:14 -------- d-----w- c:\docume~1\carelli\datiap~1\Avira
2011-04-02 21:40:09 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-02 21:40:08 -------- d-----w- c:\programmi\Avira
2011-04-02 14:26:42 -------- d-sh--w- c:\documents and settings\carelli\IECompatCache
.
==================== Find3M ====================
.
2001-05-24 10:59:30 162304 ----a-w- c:\programmi\UNWISE.EXE
.
============= FINISH: 13.27.11.61 ===============
hi again,
Malwarebytes' Antimalware has detected and removed Worm PALEVO. However, I am not sure if the system is really clean now (apparently it is). Can somebody check the DDS output please and advise?
thanks a million!
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by carelli at 11.27.48.04 on 10/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1535.1073 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5C49-7C92-0300-000000000000}
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
.
============== Running Processes ===============
.
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Programmi\TOSHIBA\TOSHIBA Applet\tme3srv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\carelli\Documenti\Download\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Internet Explorer - Options locked by Spybot S&D
mWindow Title = Internet Explorer - Options locked by Spybot S&D
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmi\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmi\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programmi\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmi\google\google toolbar\GoogleToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Picasa Media Detector] c:\programmi\picasa2\PicasaMediaDetector.exe
uRun: [swg] "c:\programmi\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SoundMAXPnP] c:\programmi\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\programmi\analog devices\soundmax\Smax4.exe /tray
mRun: [THotkey] c:\programmi\toshiba\toshiba applet\thotkey.exe
mRun: [PadTouch] c:\programmi\toshiba\touch and launch\PadExe.exe
mRun: [avgnt] "c:\programmi\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\programmi\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programmi\file comuni\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Point&&Go - c:\programmi\file comuni\expert system\pgplatform\PGPlatform.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\programmi\java\jre1.5.0\bin\npjpi150.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmi\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\carelli\datiap~1\mozilla\firefox\profiles\jth097lb.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (it)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=it&q=
FF - plugin: c:\programmi\google\picasa3\npPicasa2.dll
FF - plugin: c:\programmi\google\picasa3\npPicasa3.dll
FF - plugin: c:\programmi\microsoft silverlight\4.0.60129.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [2005-12-26 18110]
R1 avgio;avgio;c:\programmi\avira\antivir desktop\avgio.sys [2011-4-2 11608]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [2005-12-26 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [2005-12-26 423454]
R2 AntiVirScheduler;Avira AntiVir Scheduler;c:\programmi\avira\antivir desktop\sched.exe [2011-4-2 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\programmi\avira\antivir desktop\avguard.exe [2011-4-2 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-2 61960]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-4-10 88176]
S2 0247051302427442mcinstcleanup;McAfee Application Installer Cleanup (0247051302427442);c:\docume~1\carelli\impost~1\temp\024705~1.exe c:\progra~1\fileco~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\carelli\impost~1\temp\024705~1.exe c:\progra~1\fileco~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 irafhkwop;Task Time;c:\windows\system32\svchost.exe -k netsvcs [2005-1-25 14336]
S2 klnetbfn;klnetbfn;c:\windows\system32\drivers\klnetbfn.sys [2011-1-30 82944]
S2 nulcertmc;Universal Windows;c:\windows\system32\svchost.exe -k netsvcs [2005-1-25 14336]
S2 xzuvl;Boot Support;c:\windows\system32\svchost.exe -k netsvcs [2005-1-25 14336]
.
=============== Created Last 30 ================
.
2011-04-10 09:24:02 -------- d-----w- c:\programmi\file comuni\McAfee
2011-04-10 09:23:51 -------- d-----w- c:\programmi\McAfee
2011-04-09 21:23:24 -------- d-----w- c:\docume~1\carelli\impost~1\datiap~1\Temp
2011-04-09 18:00:31 -------- d-----w- c:\docume~1\carelli\datiap~1\Malwarebytes
2011-04-09 17:59:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-09 17:59:35 -------- d-----w- c:\docume~1\alluse~1\datiap~1\Malwarebytes
2011-04-09 17:59:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 17:59:32 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-04-09 16:42:07 -------- d-----w- c:\windows\system32\MpEngineStore
2011-04-09 15:26:30 -------- d-----w- c:\docume~1\carelli\datiap~1\QuickScan
2011-04-08 20:29:23 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-04-02 21:44:38 -------- d-----w- c:\windows\system32\NtmsData
2011-04-02 21:43:14 -------- d-----w- c:\docume~1\carelli\datiap~1\Avira
2011-04-02 21:40:09 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-02 21:40:08 -------- d-----w- c:\programmi\Avira
2011-04-02 14:26:42 -------- d-sh--w- c:\documents and settings\carelli\IECompatCache
.
==================== Find3M ====================
.
2011-02-09 13:54:04 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:54:04 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:58 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:08 440832 ----a-w- c:\windows\system32\shimgvw.dll
2001-05-24 10:59:30 162304 ----a-w- c:\programmi\UNWISE.EXE
.
============= FINISH: 11.28.36.64 ===============