Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

TR/ATRAPS.Gen2 problem.. Need help! :( [Solved]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well the reg file is the same as mine

Lets try a small utility that I have found

Download Complete Internet Repair to your desktop

Unzip all the files to their own folder on the desktop
Within the folder double click CIntRep
The programme will then run
Select the items I have highlighted
Press go
Let me know if it is able to conduct the repair, there is a log at the bottom

Posted Image
  • 0

Advertisements


#17
gabry0988

gabry0988

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
                                            ./
                                          (o o)
--------------------------------------oOOo-(_)-oOOo--------------------------------------
[17/06/2012 11:40:48] Resetting all TCP/IP Interfaces, Please wait.....
-----------------------------------------------------------------------------------------
[17/06/2012 11:40:51] TCP/IP interfaces reset successful.
[17/06/2012 11:40:52] TCP/IP v6 interfaces reset successful.
[17/06/2012 11:40:52] You may need to restart your computer for the settings to take effect.
[17/06/2012 11:40:52] Finished resetting the Internet Protocol (TCP/IP).

-----------------------------------------------------------------------------------------
[17/06/2012 11:40:52] Attempting to reset Winsock catalog, Please wait.....
-----------------------------------------------------------------------------------------
[17/06/2012 11:40:52] Could not reset the Winsock Catalog.
[17/06/2012 11:40:52] Finished repairing Winsock

-----------------------------------------------------------------------------------------
[17/06/2012 11:40:52] Configuring the Windows Event Log Service, Please wait.....
-----------------------------------------------------------------------------------------
[17/06/2012 11:40:56] Windows Event Log Service Configured.
[17/06/2012 11:40:56] Starting the Windows Event Log Service.....
[17/06/2012 11:40:56] Windows Event Log Service Started Successfully.

-----------------------------------------------------------------------------------------
[17/06/2012 11:40:56] Flushing DNS Resolver Cache, Please wait.....
-----------------------------------------------------------------------------------------
[17/06/2012 11:40:56] Successfully flushed DNS Resolver Cache.
[17/06/2012 11:40:56] Refreshing all DHCP leases and re-registering DNS names, Please wait.....
[17/06/2012 11:40:59] Registration of the DNS resource records has been initiated.
[17/06/2012 11:40:59] Note: Any errors will be reported in the 'Event Viewer' in about 15 minutes.
[17/06/2012 11:40:59] Note: Click on 'File' and then 'Event Viewer...' to open the Event Viewer.

-----------------------------------------------------------------------------------------
[17/06/2012 11:40:59] You will need to reboot your computer before the settings will take effect.
-----------------------------------------------------------------------------------------
[17/06/2012 11:41:45] Your computer is restarting now.....

It does make nothing :(
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Apart from this how is the computer behaving ?

The winsock error is not a major problem at the moment but it is something that needs to be resolved at some stage
  • 0

#19
gabry0988

gabry0988

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
The PC does not have any problem... only with antivir, it says that I have the trojan in that 2 files. but the performance and the behavour of the pc isn't affected
  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets take those two out once and for all, I will continue researching the problem and will let you know as soon as I get a resolution

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#21
gabry0988

gabry0988

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ComboFix 12-06-16.02 - Giara 17/06/2012  13:44:57.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.4095.2912 [GMT 2:00]
Eseguito da: c:\users\Giara\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
La copia infetta di c:\windows\system32\Services.exe  stata trovata e disinfettata 
ipristinata copia da - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe 
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-05-17 al 2012-06-17  )))))))))))))))))))))))))))))))))))
.
.
2012-06-16 11:33 . 2012-06-16 11:33	--------	d-----w-	C:\_OTL
2012-06-15 14:09 . 2012-06-15 14:09	--------	d-----w-	c:\users\Giara\AppData\Roaming\Malwarebytes
2012-06-15 14:09 . 2012-06-15 14:09	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-15 12:54 . 2012-06-15 13:05	--------	d-----w-	c:\program files (x86)\PC Tools
2012-06-15 12:46 . 2012-06-15 13:05	--------	d-----w-	c:\program files (x86)\Common Files\PC Tools
2012-06-15 12:46 . 2012-05-11 09:14	251528	----a-w-	c:\windows\system32\drivers\PCTSD64.sys
2012-06-15 12:46 . 2012-06-15 13:04	--------	d-----w-	c:\programdata\PC Tools
2012-06-15 12:46 . 2012-06-15 12:46	--------	d-----w-	c:\users\Giara\AppData\Roaming\TestApp
2012-06-15 11:41 . 2012-06-15 11:41	--------	d-----w-	C:\m-r-software
2012-06-14 20:44 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-14 20:44 . 2012-04-26 05:41	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-14 20:44 . 2012-04-26 05:34	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-14 20:44 . 2012-05-01 05:40	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-06-14 20:44 . 2012-05-04 11:06	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-06-14 20:44 . 2012-05-04 10:03	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 20:44 . 2012-05-04 10:03	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 20:44 . 2012-05-15 01:32	3146752	----a-w-	c:\windows\system32\win32k.sys
2012-06-14 20:44 . 2012-04-28 03:55	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-14 20:44 . 2012-04-07 12:31	3216384	----a-w-	c:\windows\system32\msi.dll
2012-06-14 20:44 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\SysWow64\msi.dll
2012-06-14 20:43 . 2012-04-24 05:37	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-14 20:43 . 2012-04-24 05:37	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-14 20:43 . 2012-04-24 05:37	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-06-14 20:43 . 2012-04-24 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-06-14 20:43 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-06-14 20:43 . 2012-04-24 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-06-02 13:48 . 2012-06-02 13:48	--------	d-----w-	c:\users\Giara\AppData\Local\European Bus Simulator 2012
2012-06-02 13:37 . 2012-06-02 13:37	--------	d-----w-	c:\program files (x86)\astragon
2012-05-27 10:44 . 2012-05-27 10:44	--------	d-----w-	c:\users\Giara\AppData\Local\Street Cleaning
2012-05-27 09:45 . 2012-05-27 09:45	--------	d-----w-	c:\program files (x86)\UK Truck Simulator
2012-05-27 09:27 . 2012-05-27 09:29	--------	d-----w-	c:\program files (x86)\Street Cleaning Simulator
2012-05-27 09:18 . 2012-05-27 09:19	--------	d-----w-	c:\program files (x86)\Trucks & Trailers
2012-05-25 20:08 . 2012-05-25 20:14	--------	d-----w-	c:\users\Giara\AppData\Roaming\Skype
2012-05-25 20:08 . 2012-05-25 20:14	--------	d-----r-	c:\program files (x86)\Skype
2012-05-25 20:08 . 2012-05-25 20:08	--------	d-----w-	c:\programdata\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 17:40 . 2012-04-28 14:59	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 17:40 . 2011-12-02 09:54	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 17:40 . 2012-04-29 16:40	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-27 13:18 . 2011-12-03 11:11	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-04-27 13:17 . 2011-12-03 17:59	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-04-27 13:17 . 2011-12-03 11:11	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-04-06 05:22 . 2012-04-06 05:22	11174400	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21	909312	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2011-10-26 02:04	1067520	----a-w-	c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-03-09 05:11	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16	503808	----a-w-	c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16	236544	----a-w-	c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13	6800896	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10	26181632	----a-w-	c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-10-26 01:29	64000	----a-w-	c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2011-10-26 01:46	7479296	----a-w-	c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50	19753984	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35	1120768	----a-w-	c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34	1831424	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-03-09 04:35	4731904	----a-w-	c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34	6203392	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29	16090624	----a-w-	c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25	13764096	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-03-09 04:11	7431680	----a-w-	c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22	4795904	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-03-09 03:58	514560	----a-w-	c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	360448	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11	17408	----a-w-	c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10	343040	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-10-26 01:21	54784	----a-w-	c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09	41984	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-03-09 03:56	44544	----a-w-	c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09	32256	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34	74752	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34	64512	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33	16457216	----a-w-	c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32	13007872	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-03-30 11:35 . 2012-05-11 09:13	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-04-05 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-01 258512]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-01 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\SITECOM\150N USB Wireless LAN Utility\RtlService.exe [2010-04-17 36864]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 17:40]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1638966946-435723054-3953494969-1000Core.job
- c:\users\Giara\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 15:45]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1638966946-435723054-3953494969-1000UA.job
- c:\users\Giara\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 15:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7E276097-2E3C-4901-BF39-9D43FBC1EA6A}: NameServer = 192.168.0.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
AddRemove-2359397154.paperlit.com - c:\program files (x86)\Microsoft Silverlight\5.0.61118.0\Silverlight.Configuration.exe
AddRemove-2532843192.paperlit.com - c:\program files (x86)\Microsoft Silverlight\5.0.61118.0\Silverlight.Configuration.exe
AddRemove-2828562773.paperlit.com - c:\program files (x86)\Microsoft Silverlight\5.0.61118.0\Silverlight.Configuration.exe
AddRemove-318841518.paperlit.com - c:\program files (x86)\Microsoft Silverlight\5.0.61118.0\Silverlight.Configuration.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1638966946-435723054-3953494969-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:ba,b2,a6,de,a5,7e,6d,4e,80,5d,e1,01,eb,41,37,5c,3c,02,9b,fa,9d,9a,8b,
   45,37,ec,63,28,20,ee,d2,81,5e,78,cc,23,20,c5,21,07,87,ff,d5,ca,0a,5f,43,0d,\
"??"=hex:86,45,5f,7f,85,2e,32,9b,b6,53,e1,7b,8d,a6,a1,52
.
[HKEY_USERS\S-1-5-21-1638966946-435723054-3953494969-1000\Software\SecuROM\License information*]
"datasecu"=hex:eb,0e,6e,ae,89,ff,e6,5d,f9,6a,32,dc,b6,ea,95,12,ee,bf,c4,4a,1f,
   ba,08,89,ae,21,d3,63,e5,0e,b0,a8,d4,2a,79,5c,0c,2e,ee,bd,ab,c3,3c,83,d3,00,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\SITECOM\150N USB Wireless LAN Utility\RtWlan.exe
.
**************************************************************************
.
Ora fine scansione: 2012-06-17  14:00:29 - Il pc  stato riavviato
ComboFix-quarantined-files.txt  2012-06-17 12:00
.
Pre-Run: 273.436.848.128 byte disponibili
Post-Run: 273.263.087.616 byte disponibili
.
- - End Of File - - 0ED1370696EF755D46D03BF764B8D3CA

finally... It works! now Antivir doesn't found anything! Now... How can I remove all this stuff?

Avira Free Antivirus
Data del file di report: domenica 17 giugno 2012  14:06

Ricerca di 3843347 virus e programmi indesiderati.

Il programma funziona come versione completa e illimitata.
I servizi online sono disponibili.

Concesso in licenza a : Avira AntiVir Personal - Free Antivirus
Numero di serie       : 0000149996-ADJIE-0000001
Piattaforma           : Windows 7 x64
Versione di Windows   : (Service Pack 1)  [6.1.7601]
Modalit di avvio     : Booting eseguito regolarmente
Nome utente           : Giara
Nome computer         : GIARA-PC

Informazioni sulla versione:
BUILD.DAT             : 12.0.0.157           Bytes  03/02/2012 18:36:00
AVSCAN.EXE            : 12.1.0.20     492496 Bytes  16/02/2012 12:04:28
AVSCAN.DLL            : 12.1.0.18      63440 Bytes  16/02/2012 12:04:27
LUKE.DLL              : 12.1.0.19      68304 Bytes  16/02/2012 12:04:28
AVSCPLR.DLL           : 12.3.0.14      97032 Bytes  09/05/2012 08:25:04
AVREG.DLL             : 12.3.0.17     232200 Bytes  11/05/2012 09:55:01
VBASE000.VDF          : 7.10.0.0    19875328 Bytes  06/11/2009 18:18:34
VBASE001.VDF          : 7.11.0.0    13342208 Bytes  14/12/2010 09:07:39
VBASE002.VDF          : 7.11.19.170 14374912 Bytes  20/12/2011 15:50:01
VBASE003.VDF          : 7.11.21.238  4472832 Bytes  01/02/2012 12:38:41
VBASE004.VDF          : 7.11.26.44   4329472 Bytes  28/03/2012 12:18:13
VBASE005.VDF          : 7.11.29.136  2166272 Bytes  10/05/2012 09:55:05
VBASE006.VDF          : 7.11.29.137     2048 Bytes  10/05/2012 09:55:05
VBASE007.VDF          : 7.11.29.138     2048 Bytes  10/05/2012 09:55:05
VBASE008.VDF          : 7.11.29.139     2048 Bytes  10/05/2012 09:55:05
VBASE009.VDF          : 7.11.29.140     2048 Bytes  10/05/2012 09:55:05
VBASE010.VDF          : 7.11.29.141     2048 Bytes  10/05/2012 09:55:05
VBASE011.VDF          : 7.11.29.142     2048 Bytes  10/05/2012 09:55:05
VBASE012.VDF          : 7.11.29.143     2048 Bytes  10/05/2012 09:55:05
VBASE013.VDF          : 7.11.29.144     2048 Bytes  10/05/2012 09:55:05
VBASE014.VDF          : 7.11.30.3     198144 Bytes  14/05/2012 17:45:47
VBASE015.VDF          : 7.11.30.69    186368 Bytes  17/05/2012 17:53:43
VBASE016.VDF          : 7.11.30.143   223744 Bytes  21/05/2012 14:17:18
VBASE017.VDF          : 7.11.30.207   287744 Bytes  23/05/2012 11:18:18
VBASE018.VDF          : 7.11.31.57    188416 Bytes  28/05/2012 09:12:03
VBASE019.VDF          : 7.11.31.111   214528 Bytes  30/05/2012 13:33:41
VBASE020.VDF          : 7.11.31.151   116736 Bytes  31/05/2012 13:33:44
VBASE021.VDF          : 7.11.31.205   134144 Bytes  03/06/2012 13:32:59
VBASE022.VDF          : 7.11.32.9     169472 Bytes  05/06/2012 19:57:43
VBASE023.VDF          : 7.11.32.85    155648 Bytes  08/06/2012 17:57:05
VBASE024.VDF          : 7.11.32.133   127488 Bytes  11/06/2012 11:12:49
VBASE025.VDF          : 7.11.32.171   182784 Bytes  12/06/2012 11:12:53
VBASE026.VDF          : 7.11.32.251   119296 Bytes  14/06/2012 11:12:54
VBASE027.VDF          : 7.11.32.252     2048 Bytes  14/06/2012 11:12:54
VBASE028.VDF          : 7.11.32.253     2048 Bytes  14/06/2012 11:12:54
VBASE029.VDF          : 7.11.32.254     2048 Bytes  14/06/2012 11:12:54
VBASE030.VDF          : 7.11.32.255     2048 Bytes  14/06/2012 11:12:55
VBASE031.VDF          : 7.11.33.50     88064 Bytes  17/06/2012 09:38:43
Motore                : 8.2.10.92 
AEVDF.DLL             : 8.1.2.8       106867 Bytes  02/06/2012 13:33:13
AESCRIPT.DLL          : 8.1.4.26      450939 Bytes  15/06/2012 11:13:45
AESCN.DLL             : 8.1.8.2       131444 Bytes  27/01/2012 15:55:33
AESBX.DLL             : 8.2.5.12      606578 Bytes  15/06/2012 11:13:49
AERDL.DLL             : 8.1.9.15      639348 Bytes  08/09/2011 21:16:06
AEPACK.DLL            : 8.2.16.18     807287 Bytes  15/06/2012 11:13:43
AEOFFICE.DLL          : 8.1.2.36      201082 Bytes  15/06/2012 11:13:36
AEHEUR.DLL            : 8.1.4.46     4923767 Bytes  15/06/2012 11:13:33
AEHELP.DLL            : 8.1.21.0      254326 Bytes  11/05/2012 09:54:56
AEGEN.DLL             : 8.1.5.30      422261 Bytes  15/06/2012 11:12:58
AEEXP.DLL             : 8.1.0.52       82293 Bytes  15/06/2012 11:13:49
AEEMU.DLL             : 8.1.3.0       393589 Bytes  01/09/2011 21:46:01
AECORE.DLL            : 8.1.25.10     201080 Bytes  01/06/2012 13:33:52
AEBB.DLL              : 8.1.1.0        53618 Bytes  01/09/2011 21:46:01
AVWINLL.DLL           : 12.1.0.17      27344 Bytes  01/12/2011 16:55:41
AVPREF.DLL            : 12.1.0.17      51920 Bytes  01/12/2011 16:55:38
AVREP.DLL             : 12.3.0.15     179208 Bytes  09/05/2012 08:25:04
AVARKT.DLL            : 12.1.0.23     209360 Bytes  16/02/2012 12:04:27
AVEVTLOG.DLL          : 12.1.0.17     169168 Bytes  01/12/2011 16:55:37
SQLITE3.DLL           : 3.7.0.0       398288 Bytes  01/12/2011 16:55:49
AVSMTP.DLL            : 12.1.0.17      62928 Bytes  01/12/2011 16:55:40
NETNT.DLL             : 12.1.0.17      17104 Bytes  01/12/2011 16:55:47
RCIMAGE.DLL           : 12.1.0.13    4449488 Bytes  20/09/2011 00:36:04
RCTEXT.DLL            : 12.1.1.16      98768 Bytes  01/12/2011 16:55:58

Impostazioni di configurazione per la scansione attuale:
Nome del job................................: ShlExt
File di configurazione......................: C:\Users\Giara\AppData\Local\Temp\98c4e1a7.avp
Report......................................: standard
Azione primaria.............................: interattivo
Azione secondaria...........................: ignora
Scansione dei record master di avvio........: Attivo
Scansiona record di avvio...................: Attivo
Record di avvio.............................: C:, 
Scansione dei programmi attivi..............: Non attivo
Scansiona la registrazione..................: Non attivo
Cerca Rootkits..............................: Non attivo
Controllo di integrit dei file di sistema..: Non attivo
Modalit di scansione file..................: Selezione intelligente dei file
Scansione degli archivi.....................: Attivo
Limita la profondit di ricorsione..........: 20
Archivio estensioni Smart...................: Attivo
Macro euristico.............................: Attivo
File euristico..............................: avanzato

Avvio della scansione: domenica 17 giugno 2012  14:06

Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\Windows\assembly'


Fine della scansione: domenica 17 giugno 2012  14:07
Tempo impiegato: 01:02 Minuto(i)

La scansione  stata completamente eseguita.

   2024 Directory scansionate
   1211 I file sono stati scansionati
      0 Rilevati virus e/o programmi indesiderati
      0 I file sono stati classificati come sospetti
      0 I file sono stati eliminati
      0 I virus o i programmi indesiderati sono stati riparati
      0 File spostati in quarantena
      0 File rinominati
      0 Impossibile scansionare i file
   1211 File non infetti
      0 Archivi scansionati
      0 Avvisi
      0 Note


  • 0

#22
gabry0988

gabry0988

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I only have this error with antivir, indicates hidden files...

Avira Free Antivirus
Data del file di report: domenica 17 giugno 2012  14:09

Ricerca di 3843347 virus e programmi indesiderati.

Il programma funziona come versione completa e illimitata.
I servizi online sono disponibili.

Concesso in licenza a : Avira AntiVir Personal - Free Antivirus
Numero di serie       : 0000149996-ADJIE-0000001
Piattaforma           : Windows 7 x64
Versione di Windows   : (Service Pack 1)  [6.1.7601]
Modalit di avvio     : Booting eseguito regolarmente
Nome utente           : SYSTEM
Nome computer         : GIARA-PC

Informazioni sulla versione:
BUILD.DAT             : 12.0.0.157     41963 Bytes  03/02/2012 18:36:00
AVSCAN.EXE            : 12.1.0.20     492496 Bytes  16/02/2012 12:04:28
AVSCAN.DLL            : 12.1.0.18      63440 Bytes  16/02/2012 12:04:27
LUKE.DLL              : 12.1.0.19      68304 Bytes  16/02/2012 12:04:28
AVSCPLR.DLL           : 12.3.0.14      97032 Bytes  09/05/2012 08:25:04
AVREG.DLL             : 12.3.0.17     232200 Bytes  11/05/2012 09:55:01
VBASE000.VDF          : 7.10.0.0    19875328 Bytes  06/11/2009 18:18:34
VBASE001.VDF          : 7.11.0.0    13342208 Bytes  14/12/2010 09:07:39
VBASE002.VDF          : 7.11.19.170 14374912 Bytes  20/12/2011 15:50:01
VBASE003.VDF          : 7.11.21.238  4472832 Bytes  01/02/2012 12:38:41
VBASE004.VDF          : 7.11.26.44   4329472 Bytes  28/03/2012 12:18:13
VBASE005.VDF          : 7.11.29.136  2166272 Bytes  10/05/2012 09:55:05
VBASE006.VDF          : 7.11.29.137     2048 Bytes  10/05/2012 09:55:05
VBASE007.VDF          : 7.11.29.138     2048 Bytes  10/05/2012 09:55:05
VBASE008.VDF          : 7.11.29.139     2048 Bytes  10/05/2012 09:55:05
VBASE009.VDF          : 7.11.29.140     2048 Bytes  10/05/2012 09:55:05
VBASE010.VDF          : 7.11.29.141     2048 Bytes  10/05/2012 09:55:05
VBASE011.VDF          : 7.11.29.142     2048 Bytes  10/05/2012 09:55:05
VBASE012.VDF          : 7.11.29.143     2048 Bytes  10/05/2012 09:55:05
VBASE013.VDF          : 7.11.29.144     2048 Bytes  10/05/2012 09:55:05
VBASE014.VDF          : 7.11.30.3     198144 Bytes  14/05/2012 17:45:47
VBASE015.VDF          : 7.11.30.69    186368 Bytes  17/05/2012 17:53:43
VBASE016.VDF          : 7.11.30.143   223744 Bytes  21/05/2012 14:17:18
VBASE017.VDF          : 7.11.30.207   287744 Bytes  23/05/2012 11:18:18
VBASE018.VDF          : 7.11.31.57    188416 Bytes  28/05/2012 09:12:03
VBASE019.VDF          : 7.11.31.111   214528 Bytes  30/05/2012 13:33:41
VBASE020.VDF          : 7.11.31.151   116736 Bytes  31/05/2012 13:33:44
VBASE021.VDF          : 7.11.31.205   134144 Bytes  03/06/2012 13:32:59
VBASE022.VDF          : 7.11.32.9     169472 Bytes  05/06/2012 19:57:43
VBASE023.VDF          : 7.11.32.85    155648 Bytes  08/06/2012 17:57:05
VBASE024.VDF          : 7.11.32.133   127488 Bytes  11/06/2012 11:12:49
VBASE025.VDF          : 7.11.32.171   182784 Bytes  12/06/2012 11:12:53
VBASE026.VDF          : 7.11.32.251   119296 Bytes  14/06/2012 11:12:54
VBASE027.VDF          : 7.11.32.252     2048 Bytes  14/06/2012 11:12:54
VBASE028.VDF          : 7.11.32.253     2048 Bytes  14/06/2012 11:12:54
VBASE029.VDF          : 7.11.32.254     2048 Bytes  14/06/2012 11:12:54
VBASE030.VDF          : 7.11.32.255     2048 Bytes  14/06/2012 11:12:55
VBASE031.VDF          : 7.11.33.50     88064 Bytes  17/06/2012 09:38:43
Motore                : 8.2.10.92 
AEVDF.DLL             : 8.1.2.8       106867 Bytes  02/06/2012 13:33:13
AESCRIPT.DLL          : 8.1.4.26      450939 Bytes  15/06/2012 11:13:45
AESCN.DLL             : 8.1.8.2       131444 Bytes  27/01/2012 15:55:33
AESBX.DLL             : 8.2.5.12      606578 Bytes  15/06/2012 11:13:49
AERDL.DLL             : 8.1.9.15      639348 Bytes  08/09/2011 21:16:06
AEPACK.DLL            : 8.2.16.18     807287 Bytes  15/06/2012 11:13:43
AEOFFICE.DLL          : 8.1.2.36      201082 Bytes  15/06/2012 11:13:36
AEHEUR.DLL            : 8.1.4.46     4923767 Bytes  15/06/2012 11:13:33
AEHELP.DLL            : 8.1.21.0      254326 Bytes  11/05/2012 09:54:56
AEGEN.DLL             : 8.1.5.30      422261 Bytes  15/06/2012 11:12:58
AEEXP.DLL             : 8.1.0.52       82293 Bytes  15/06/2012 11:13:49
AEEMU.DLL             : 8.1.3.0       393589 Bytes  01/09/2011 21:46:01
AECORE.DLL            : 8.1.25.10     201080 Bytes  01/06/2012 13:33:52
AEBB.DLL              : 8.1.1.0        53618 Bytes  01/09/2011 21:46:01
AVWINLL.DLL           : 12.1.0.17      27344 Bytes  01/12/2011 16:55:41
AVPREF.DLL            : 12.1.0.17      51920 Bytes  01/12/2011 16:55:38
AVREP.DLL             : 12.3.0.15     179208 Bytes  09/05/2012 08:25:04
AVARKT.DLL            : 12.1.0.23     209360 Bytes  16/02/2012 12:04:27
AVEVTLOG.DLL          : 12.1.0.17     169168 Bytes  01/12/2011 16:55:37
SQLITE3.DLL           : 3.7.0.0       398288 Bytes  01/12/2011 16:55:49
AVSMTP.DLL            : 12.1.0.17      62928 Bytes  01/12/2011 16:55:40
NETNT.DLL             : 12.1.0.17      17104 Bytes  01/12/2011 16:55:47
RCIMAGE.DLL           : 12.1.0.13    4449488 Bytes  20/09/2011 00:36:04
RCTEXT.DLL            : 12.1.1.16      98768 Bytes  01/12/2011 16:55:58

Impostazioni di configurazione per la scansione attuale:
Nome del job................................: Scansione completa del sistema
File di configurazione......................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Report......................................: standard
Azione primaria.............................: interattivo
Azione secondaria...........................: ignora
Scansione dei record master di avvio........: Attivo
Scansiona record di avvio...................: Attivo
Record di avvio.............................: C:, 
Scansione dei programmi attivi..............: Attivo
Processo esteso di scansione................: Attivo
Scansiona la registrazione..................: Attivo
Cerca Rootkits..............................: Attivo
Controllo di integrit dei file di sistema..: Non attivo
Modalit di scansione file..................: Tutti i file
Scansione degli archivi.....................: Attivo
Limita la profondit di ricorsione..........: 20
Archivio estensioni Smart...................: Attivo
Macro euristico.............................: Attivo
File euristico..............................: avanzato

Avvio della scansione: domenica 17 giugno 2012  14:09

Avvio della scansione dei record master di avvio:
Record master di avvio dell'Hard Disk 0
    [INFO]      Nessun virus  stato trovato!

Avvio della scansione dei record di avvio:
Record di avvio 'C:\'
    [INFO]      Nessun virus  stato trovato!

 stata avviata la scansione per accertare la presenza di oggetti nascosti.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.
Thread nascosto
  [NOTA]      Il System Thread non  visibile.

La scansione dei processi in esecuzione verr avviata:
Scansione processo 'chrome.exe' - '57' modulo(i) scansionato(i)
Scansione processo 'rundll32.exe' - '49' modulo(i) scansionato(i)
Scansione processo 'chrome.exe' - '47' modulo(i) scansionato(i)
Scansione processo 'chrome.exe' - '66' modulo(i) scansionato(i)
Scansione processo 'chrome.exe' - '47' modulo(i) scansionato(i)
Scansione processo 'chrome.exe' - '79' modulo(i) scansionato(i)
Scansione processo 'avscan.exe' - '83' modulo(i) scansionato(i)
Scansione processo 'hpqgpc01.exe' - '47' modulo(i) scansionato(i)
Scansione processo 'hpqbam08.exe' - '30' modulo(i) scansionato(i)
Scansione processo 'hpqSTE08.exe' - '58' modulo(i) scansionato(i)
Scansione processo 'jusched.exe' - '26' modulo(i) scansionato(i)
Scansione processo 'DivXUpdate.exe' - '62' modulo(i) scansionato(i)
Scansione processo 'hpwuschd2.exe' - '20' modulo(i) scansionato(i)
Scansione processo 'avgnt.exe' - '75' modulo(i) scansionato(i)
Scansione processo 'RtWlan.exe' - '71' modulo(i) scansionato(i)
Scansione processo 'hpqtra08.exe' - '69' modulo(i) scansionato(i)
Scansione processo 'RtlService.exe' - '26' modulo(i) scansionato(i)
Scansione processo 'PnkBstrA.exe' - '27' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '46' modulo(i) scansionato(i)
Scansione processo 'avguard.exe' - '69' modulo(i) scansionato(i)
Scansione processo 'armsvc.exe' - '24' modulo(i) scansionato(i)
Scansione processo 'sched.exe' - '42' modulo(i) scansionato(i)

  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Unfortunately Avira does not tell me what file is associated with it

Does it give an indication on the scan ?

Please do not uninstall Combofix, I will need to do that seperately
  • 0

#24
gabry0988

gabry0988

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I try to delete this error with avira CD rescue... I let it know
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Does it give a file name though, as some system files are hidden
  • 0

Advertisements


#26
gabry0988

gabry0988

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
no name... tomorrow I'll use Avira Rescue CD
  • 0

#27
gabry0988

gabry0988

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I've tried with Avira CD Rescue but it doesn't do nothing. the problem still remains. The Behaviour of the pc isn't affected

Avira CD Rescue Log

Spoiler


Antivir Log after Avira CD Rescue
Spoiler

Edited by gabry0988, 18 June 2012 - 05:20 AM.

  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets have a look with a dedicated rootkit scanner

Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
[I]**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

[i]-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning

  • 0

#29
gabry0988

gabry0988

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
My gmer have all the options in grey! Even if I run it in safe mode... Obviously I run it in administrator mode

Spoiler


What can I do?

Edited by gabry0988, 19 June 2012 - 06:08 AM.

  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Run it like that - it will give me enough data
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP