Analisi

NextGen · 10 Marzo 2012

Ciao a tutti , leggo questa sezione da un pò di tempo , ed è davvero interessante , tanto che mi è venuta l'idea di analizzare
approfonditamente il mio sistema.
Premetto che scansiono ogni giorno il sistema con Avira Antivirus , costantemente aggiornato.
Ho scansionato con malwarebytes , ma non ha trovato nulla , idem per avira .
Usando spybot non rileva infezioni , ma mi da degli "errori" , ma bando alle ciancie , meglio postare il log :

Errore durante la scansione!: Win32.Bredolab.B [7 - $948A8D0A] (Access violation at address 00000024. Write of address 00000024) (Status)

Errore durante la scansione!: Win32.ZBot [74 - $C6F7C082] (Access violation at address 00000000. Write of address 00000000) (Status)

Errore durante la scansione!: Win32.ZBot.rtk [146 - $06460A5D] (Access violation at address 0300BCB0 in module 'Chai.dll'. Write of address 0000001C) (Status)

Errore durante la scansione!: Win32.TDSS.rtk [1043 - $4568377B] (Access violation at address 00000000. Write of address 00000000) (Status)

Complimenti!: Non sono state riscontrate minacce immediate. (Status)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-11-19 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-11-15 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-09-27 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-11-15 Includes\Malware.sbi (*)
2011-11-22 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-10-11 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-10-18 Includes\Spyware.sbi (*)
2011-10-18 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2011-11-22 Includes\TrojansC-02.sbi (*)
2011-11-22 Includes\TrojansC-03.sbi (*)
2011-11-14 Includes\TrojansC-04.sbi (*)
2011-11-21 Includes\TrojansC-05.sbi (*)
2011-11-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Qui quello di Hijackthis , fatto in modalità di windows " normale " :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13.53.38, on 10/03/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Documents and Settings\Donato\Desktop\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\dllhost.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Italia
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [sbzsa.exe] "C:\WINDOWS\sbzsa.exe" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [mamgj.exe] "C:\WINDOWS\mamgj.exe" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [luqcs.exe] "C:\WINDOWS\luqcs.exe" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [trlxz.exe] "C:\WINDOWS\trlxz.exe" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [flegs.exe] "C:\WINDOWS\flegs.exe" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [fhqas.exe] "C:\WINDOWS\fhqas.exe" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [tmpgz.exe] "C:\WINDOWS\tmpgz.exe" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [socoi.exe] "C:\WINDOWS\socoi.exe" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [ackbi.exe] "C:\WINDOWS\ackbi.exe" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [xnpvr.exe] "C:\WINDOWS\xnpvr.exe" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [wimtf.exe] "C:\WINDOWS\wimtf.exe" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [lptkg.exe] "C:\WINDOWS\lptkg.exe" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [kszno.exe] "C:\WINDOWS\kszno.exe" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [ckont.exe] "C:\WINDOWS\ckont.exe" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [yeonu.exe] "C:\WINDOWS\yeonu.exe" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [rkgjr.exe] "C:\WINDOWS\rkgjr.exe" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [pondb.exe] "C:\WINDOWS\pondb.exe" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [kwyqe.exe] "C:\WINDOWS\kwyqe.exe" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [dvcfs.exe] "C:\WINDOWS\dvcfs.exe" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-1659004503-2049760794-839522115-1022\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Salvatore')
O4 - HKUS\S-1-5-21-1659004503-2049760794-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-1659004503-2049760794-839522115-501\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Guest')
O4 - HKUS\S-1-5-21-1659004503-2049760794-839522115-501\..\RunOnce: [NeroHomeFirstStart] C:\Programmi\File comuni\Ahead\Lib\NeroScoutOptions.exe (User 'Guest')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Watch.lnk = ?
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?38db0a2755cd44a0bcb6f8ac0790fc86
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?38db0a2755cd44a0bcb6f8ac0790fc86
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Documents and Settings\Donato\Desktop\CyberLink\Shared files\RichVideo.exe

--
End of file - 9058 bytes

Ho anche autoanalizzato il log di hijack , su un sito che lo fa automaticamente e mi dice di prestare attenzione ad alcuni file.
Chiaramente sono attento alla sicurezza , eliminazione costante di cookie e cronologie di browser , inoltre utilizzo ccleaner per pulire file temporanei e tenere il registro di windows pulito , però non so analizzare da me il log di hijack :inchino:.
Spero che qualcuno possa prestarmi aiuto , grazie infinite. ;)

FDAC · 10 Marzo 2012

I worm hanno disabilitato Avira e MalwareBytes, il PC è infetto.

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
● disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
● disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un doppio click
● segui le istruzioni che verranno rilasciate per eseguire la scansione
● in caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare
● senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
● sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato da te dopo l'utilizzo del software stesso.
Lo stesso vale per me; questo tool non è un giocattolo e non è destinato all'utilizzo quotidiano. Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
● ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette, Hard Disk Esterni, Lettori MP3...) per prevenire future minacce: quando inserisci una Pendrive, sarai costretto ad avviarla dalle Risorse del computer. Una precauzione in più, una possibile minaccia in meno

NextGen · 10 Marzo 2012

Ho fatto da poco la scansione , avira e malwarbytes sono accessibili , sicuro che l'abbiano disattivati?
Poi devo avviare combo in modalità normal , o provvisoria?
Grazie per l'aiuto :ok:

tecnico24 · 10 Marzo 2012

Apri Hijackthis , spunta queste voci e clicca in basso su fix checked :

Codice:

[COLOR=#333333]O4 - HKUS\S-1-5-19\..\Run: [sbzsa.exe] "C:\WINDOWS\sbzsa.exe" (User 'SERVIZIO LOCALE')[/COLOR]
[COLOR=#333333]O4 - HKUS\S-1-5-19\..\Run: [mamgj.exe] "C:\WINDOWS\mamgj.exe" (User 'SERVIZIO LOCALE')[/COLOR]
[COLOR=#333333]O4 - HKUS\S-1-5-19\..\Run: [luqcs.exe] "C:\WINDOWS\luqcs.exe" (User 'SERVIZIO LOCALE')[/COLOR]
[COLOR=#333333]O4 - HKUS\S-1-5-19\..\Run: [trlxz.exe] "C:\WINDOWS\trlxz.exe" (User 'SERVIZIO LOCALE')[/COLOR]
[COLOR=#333333]O4 - HKUS\S-1-5-19\..\Run: [flegs.exe] "C:\WINDOWS\flegs.exe" (User 'SERVIZIO LOCALE')[/COLOR]
[COLOR=#333333]O4 - HKUS\S-1-5-19\..\Run: [fhqas.exe] "C:\WINDOWS\fhqas.exe" (User 'SERVIZIO LOCALE')[/COLOR]
[COLOR=#333333]O4 - HKUS\S-1-5-19\..\Run: [tmpgz.exe] "C:\WINDOWS\tmpgz.exe" (User 'SERVIZIO LOCALE')[/COLOR]
[COLOR=#333333]O4 - HKUS\S-1-5-19\..\Run: [socoi.exe] "C:\WINDOWS\socoi.exe" (User 'SERVIZIO LOCALE')[/COLOR]
[COLOR=#333333]O4 - HKUS\S-1-5-19\..\Run: [ackbi.exe] "C:\WINDOWS\ackbi.exe" (User 'SERVIZIO LOCALE')[/COLOR]
[COLOR=#333333]O4 - HKUS\S-1-5-19\..\Run: [xnpvr.exe] "C:\WINDOWS\xnpvr.exe" (User 'SERVIZIO LOCALE')[/COLOR]
[COLOR=#333333]O4 - HKUS\S-1-5-19\..\Run: [wimtf.exe] "C:\WINDOWS\wimtf.exe" (User 'SERVIZIO LOCALE')[/COLOR]
[COLOR=#333333]O4 - HKUS\S-1-5-19\..\Run: [lptkg.exe] "C:\WINDOWS\lptkg.exe" (User 'SERVIZIO LOCALE')[/COLOR]
[COLOR=#333333]O4 - HKUS\S-1-5-19\..\Run: [kszno.exe] "C:\WINDOWS\kszno.exe" (User 'SERVIZIO LOCALE')[/COLOR]
[COLOR=#333333]O4 - HKUS\S-1-5-19\..\Run: [ckont.exe] "C:\WINDOWS\ckont.exe" (User 'SERVIZIO LOCALE')[/COLOR]
[COLOR=#333333]O4 - HKUS\S-1-5-19\..\Run: [yeonu.exe] "C:\WINDOWS\yeonu.exe" (User 'SERVIZIO LOCALE')[/COLOR]
[COLOR=#333333]O4 - HKUS\S-1-5-19\..\Run: [rkgjr.exe] "C:\WINDOWS\rkgjr.exe" (User 'SERVIZIO LOCALE')[/COLOR]
[COLOR=#333333]O4 - HKUS\S-1-5-19\..\Run: [pondb.exe] "C:\WINDOWS\pondb.exe" (User 'SERVIZIO LOCALE')[/COLOR]
[COLOR=#333333]O4 - HKUS\S-1-5-19\..\Run: [kwyqe.exe] "C:\WINDOWS\kwyqe.exe" (User 'SERVIZIO LOCALE')[/COLOR]
[COLOR=#333333]O4 - HKUS\S-1-5-19\..\Run: [dvcfs.exe] "C:\WINDOWS\dvcfs.exe" (User 'SERVIZIO LOCALE')[/COLOR]

Esegui Combofix come da istruzioni in modalità normale , allegalo su Wikisend: free file sharing service e riportalo qui.

NextGen · 10 Marzo 2012

Ciao tecnico :) , gia da un pò ho pulito con combofix , ci ha messo 2 ore , però devo anche dire che ho l'hard disk che a momenti scoppia.
Comunque bando alle ciance eccoti il log , te lo metto sotto spoiler :

ComboFix 12-03-10.01 - Donato 10/03/2012 15.40.06.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1621 [GMT 1:00]
Eseguito da: c:\documents and settings\Donato\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {0012F2B4-5CC9-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {01BC0018-F200-0012-0EDC-FD7F60341600}
AV: AntiVir Desktop *Enabled/Updated* {03600018-F200-0012-0EEC-FD7F60341600}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\~SETUP.T
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\Donato\Dati applicazioni\app
c:\documents and settings\Donato\Dati applicazioni\app\Jerakine_lang.dat
c:\documents and settings\Donato\Dati applicazioni\app\Jerakine_lang_vesrion.dat
c:\documents and settings\Donato\Impostazioni locali\Dati applicazioni\uayac_nav.dat
c:\documents and settings\Donato\Impostazioni locali\Dati applicazioni\uayac_navps.dat
c:\documents and settings\Donato\ntuser.tmp
c:\documents and settings\Donato\WINDOWS
c:\programmi\MSNCS
c:\programmi\MSNCS\data\emxfile001.dat
c:\programmi\MSNCS\data\msnusr.ini
c:\programmi\MSNCS\data\ps_demo_report.html
c:\programmi\MSNCS\data\testftpok.html
c:\programmi\MSNCS\help.chm
c:\programmi\MSNCS\License.txt
c:\programmi\MSNCS\readme.txt
c:\programmi\MSNCS\unins000.dat
c:\programmi\MSNCS\unins000.exe
c:\windows\~GLC0000.TMP
c:\windows\~GLC0001.TMP
c:\windows\~GLC0002.TMP
c:\windows\IsUn0410.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\mxpvct22.dat
c:\windows\system32\mxpvct25.dat
.
.
((((((((((((((((((((((((( Files Creati Da 2012-02-10 al 2012-03-10 )))))))))))))))))))))))))))))))))))
.
.
2074-05-18 15:44 . 2008-03-21 12:46 607296 ----a-w- c:\programmi\Microsoft Games\Age of Empires III\deformerdllyD.dll
2012-03-10 12:52 . 2012-03-10 12:52 388096 ----a-r- c:\documents and settings\Donato\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-10 12:42 . 2012-03-10 12:42 -------- d-----w- c:\programmi\Trend Micro
2012-03-04 10:49 . 2012-03-04 10:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-25 09:21 . 2010-05-22 16:04 17488 ----a-w- c:\windows\gdrv.sys
2012-02-16 15:07 . 2012-03-03 22:43 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-08 18789920]
"NeroFilterCheck"="c:\windows\System32\NeroCheck.exe" [2001-07-09 155648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Watch.lnk - c:\progra~1\Trust\DIRECT~1\Driver\Watch.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lxquhejh]
2011-03-03 17:59 46592 ----a-w- c:\windows\system32\lxquhejh32.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Reader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^LG SyncManager.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\LG SyncManager.lnk
backup=c:\windows\pss\LG SyncManager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Metin2.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Metin2.lnk
backup=c:\windows\pss\Metin2.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-09-16 00:37 57344 ----a-w- c:\programmi\Adobe\Photoshop Elements 4.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-03 14:18 94208 ----a-w- c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- c:\programmi\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E08IXLRD_2370625]
2007-06-12 21:09 351000 ----a-w- c:\programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E08IXLRD_28396515]
2007-06-12 21:09 351000 ----a-w- c:\programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E08IXLRD_8107875]
2007-06-12 21:09 351000 ----a-w- c:\programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2006-10-17 01:20 398944 ----a-w- c:\programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPeerNexonEU]
2011-11-03 16:05 438272 ----a-w- c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:11 3872080 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AdobeActiveFileMonitor4.0"=2 (0x2)
"Akamai"=2 (0x2)
"YahooAUService"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Nexon\\Combat Arms EU\\Engine.exe"=
"c:\\Nexon\\Combat Arms EU\\NMService.exe"=
"c:\\Programmi\\Eidos\\Batman Arkham Asylum2\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=
"c:\\Programmi\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"c:\\Documents and Settings\\Donato\\Desktop\\Giochi\\OnlineGames\\InfinityMetin\\IM.exe"=
"c:\\Documents and Settings\\Donato\\Desktop\\Giochi\\PcGames\\Killing Floor\\Killing Floor\\System\\KillingFloor.exe"=
"c:\\Documents and Settings\\Donato\\Desktop\\Giochi\\PcGames\\Call Of Duty Modern Warfare 2\\Call Of Duty Modern Warfare 2\\iw4sp.exe"=
"c:\\Programmi\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Programmi\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Programmi\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Documents and Settings\\Donato\\Desktop\\Giochi\\OnlineGames\\Hearts_-_Client_v5_0.1.7\\Hearts_2011.bin"=
"c:\\Documents and Settings\\Donato\\Desktop\\Giochi\\OnlineGames\\Hearts_-_Client_v5_0.1.7\\metin2client_daemon.bin"=
"c:\\Documents and Settings\\Donato\\Desktop\\Giochi\\OnlineGames\\Bamboomt2 Client 3.8.5\\Bamboomt2.bin"=
"c:\\Programmi\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Documents and Settings\\Donato\\Desktop\\Giochi\\OnlineGames\\ErotikaMt2\\Erotika Public\\metin2.bin"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Donato\\Desktop\\Giochi\\OnlineGames\\OldLongju2\\Client OldLongju2 v1\\OldLongju2.exe"=
"c:\\Programmi\\Activision\\Call of Duty(R) - Black Ops(TM)\\BlackOps.exe"=
"c:\\Programmi\\Metin2\\metin2.bin"=
"c:\\Programmi\\Metin2\\metin2.exe"=
"c:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp2.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\NexonEU\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Programmi\\Metin2\\metin2client.bin"=
"c:\\Programmi\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1032:TCP"= 1032:TCP:*:Disabled:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:*:Disabled:Akamai NetSession Interface
"58998:TCP"= 58998:TCP:Pando Media Booster
"58998:UDP"= 58998:UDP:Pando Media Booster
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [09/05/2011 13.04.14 21992]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [19/11/2011 15.09.04 239168]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [18/09/2011 17.30.29 33792]
S1 oreans32;oreans32;c:\windows\system32\drivers\OREANS32.SYS [26/08/2010 15.39.26 33824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12.16.28 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/05/2010 15.27.49 1691480]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12.16.28 753504]
S3 ZD1211BU(TP-LINK);TL-WN422G Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\drivers\ZD1211BU.sys [25/02/2009 20.08.41 500736]
S4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [31/08/2001 13.00.00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://it.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Apri in nuova scheda in primo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?38db0a2755cd44a0bcb6f8ac0790fc86
IE: Apri in nuova scheda in secondo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?38db0a2755cd44a0bcb6f8ac0790fc86
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Donato\Dati applicazioni\Mozilla\Firefox\Profiles\ezit9wz4.default\
FF - prefs.js: browser.startup.homepage - google
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-NWEReboot - (no file)
HKU-Default-Run-sbzsa.exe - c:\windows\sbzsa.exe
HKU-Default-Run-mamgj.exe - c:\windows\mamgj.exe
HKU-Default-Run-luqcs.exe - c:\windows\luqcs.exe
HKU-Default-Run-trlxz.exe - c:\windows\trlxz.exe
HKU-Default-Run-flegs.exe - c:\windows\flegs.exe
HKU-Default-Run-fhqas.exe - c:\windows\fhqas.exe
HKU-Default-Run-chrwg.exe - c:\windows\chrwg.exe
HKU-Default-Run-ehuee.exe - c:\windows\ehuee.exe
HKU-Default-Run-tmpgz.exe - c:\windows\tmpgz.exe
HKU-Default-Run-socoi.exe - c:\windows\socoi.exe
HKU-Default-Run-ackbi.exe - c:\windows\ackbi.exe
HKU-Default-Run-xnpvr.exe - c:\windows\xnpvr.exe
HKU-Default-Run-wimtf.exe - c:\windows\wimtf.exe
HKU-Default-Run-lptkg.exe - c:\windows\lptkg.exe
HKU-Default-Run-kszno.exe - c:\windows\kszno.exe
HKU-Default-Run-ckont.exe - c:\windows\ckont.exe
HKU-Default-Run-yeonu.exe - c:\windows\yeonu.exe
HKU-Default-Run-rkgjr.exe - c:\windows\rkgjr.exe
HKU-Default-Run-pondb.exe - c:\windows\pondb.exe
HKU-Default-Run-kwyqe.exe - c:\windows\kwyqe.exe
HKU-Default-Run-dvcfs.exe - c:\windows\dvcfs.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-avgnt - c:\programmi\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-CloneCDTray - c:\programmi\SlySoft\CloneCD\CloneCDTray.exe
AddRemove-Easy-WebPrint - c:\windows\IsUn0410.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-10 18:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Akamai]
"ServiceDll"="C:/Programmi/File comuni/Akamai/netsession_win_8832f4b.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Akamai]
"ServiceDll"="C:/Programmi/File comuni/Akamai/netsession_win_8832f4b.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\lxquhejh32.dll
.
Ora fine scansione: 2012-03-10 18:17:58
ComboFix-quarantined-files.txt 2012-03-10 17:17
.
Pre-Run: 57.447.555.072 byte disponibili
Post-Run: 59.091.849.216 byte disponibili
.
- - End Of File - - 31F3BECB59E98658DD14B412D1BE9A1C

Quei file di hijack , li ha eliminati direttamente combofix , ma poi non ho capito cos'altro ha eliminato ,
per chiavi orfane intende chiavi di registro a cui ormai non è collegata piu alcuna applicazione ?

Grazie per esserti interessato ;)

tecnico24 · 10 Marzo 2012

Ciao , scarica il file CFScript.txt che ti ho allegato qui in basso.
Adesso trascina il file CFScript.txt nell'icona di combofix a forma di leone posizionata sul desktop.

Al termine il pc si riavvierà , al ritorno inviaci il nuovo report delle operazioni effettuate.

Scarica Kaspersky TDSS Killer:
http://support.kaspersky.com/downloa...tdsskiller.exe
● Chiudi tutti i programmi aperti
● Clicca su Start Scan per avviare la scansione
● Se trova file infetti l'azione da intrapendere sarà Cure , invece se trova quello sospetto su Skip
● Al termine inviaci il report

NextGen · 10 Marzo 2012

CFScript a cosa serve?
Ora ho scaricato in versione di prova di kapersky internet security ed ho lanciato una scansione completa , aspetto un responso da questa scansione ,
mal che vada scarico TDSS , che sarebbe un antirootkit vero?

Grazie ancora :ok:

tecnico24 · 10 Marzo 2012

E' uno script da dare a Combofix per rimuovere ciò che non ha rimosso in automatico.

Scarica TDSS killer come richiesto , lascia perdere internet security.

NextGen · 10 Marzo 2012

D'accordo , quindi devo eseguire queste due utility una alla volta senza alcun programma aperto?
Ma sono ancora infetto o è per prevenzione?

tecnico24 · 10 Marzo 2012

NextGen ha detto:
D'accordo , quindi devo eseguire queste due utility una alla volta senza alcun programma aperto?
Ma sono ancora infetto o è per prevenzione?

Il pc è stato ripulito , ma non del tutto :esegui il tutto da istruzioni.

NextGen · 11 Marzo 2012

Ok , ecco il report di TDSS :

00:20:54.0671 1760 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
00:20:54.0921 1760 ============================================================
00:20:54.0921 1760 Current date / time: 2012/03/11 00:20:54.0921
00:20:54.0921 1760 SystemInfo:
00:20:54.0921 1760
00:20:54.0921 1760 OS Version: 5.1.2600 ServicePack: 3.0
00:20:54.0921 1760 Product type: Workstation
00:20:54.0921 1760 ComputerName: Matteo
00:20:54.0921 1760 UserName: Matteo
00:20:54.0921 1760 Windows directory: C:\WINDOWS
00:20:54.0921 1760 System windows directory: C:\WINDOWS
00:20:54.0921 1760 Processor architecture: Intel x86
00:20:54.0921 1760 Number of processors: 2
00:20:54.0921 1760 Page size: 0x1000
00:20:54.0921 1760 Boot type: Normal boot
00:20:54.0921 1760 ============================================================
00:20:56.0265 1760 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
00:20:56.0265 1760 \Device\Harddisk0\DR0:
00:20:56.0265 1760 MBR used
00:20:56.0265 1760 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384000
00:20:56.0468 1760 Initialize success
00:20:56.0468 1760 ============================================================
00:21:47.0187 2880 ============================================================
00:21:47.0187 2880 Scan started
00:21:47.0187 2880 Mode: Manual;
00:21:47.0187 2880 ============================================================
00:21:47.0437 2880 Abiosdsk - ok
00:21:47.0453 2880 abp480n5 - ok
00:21:47.0515 2880 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:21:47.0515 2880 ACPI - ok
00:21:47.0562 2880 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:21:47.0562 2880 ACPIEC - ok
00:21:47.0578 2880 adpu160m - ok
00:21:47.0593 2880 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:21:47.0609 2880 aec - ok
00:21:47.0625 2880 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
00:21:47.0625 2880 AFD - ok
00:21:47.0625 2880 Aha154x - ok
00:21:47.0640 2880 aic78u2 - ok
00:21:47.0640 2880 aic78xx - ok
00:21:47.0656 2880 AliIde - ok
00:21:47.0718 2880 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
00:21:47.0718 2880 Ambfilt - ok
00:21:47.0734 2880 amsint - ok
00:21:47.0734 2880 asc - ok
00:21:47.0750 2880 asc3350p - ok
00:21:47.0750 2880 asc3550 - ok
00:21:47.0781 2880 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:21:47.0781 2880 AsyncMac - ok
00:21:47.0781 2880 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:21:47.0781 2880 atapi - ok
00:21:47.0796 2880 Atdisk - ok
00:21:47.0828 2880 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:21:47.0828 2880 Atmarpc - ok
00:21:47.0875 2880 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:21:47.0875 2880 audstub - ok
00:21:47.0921 2880 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:21:47.0921 2880 Beep - ok
00:21:47.0984 2880 catchme - ok
00:21:48.0015 2880 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:21:48.0015 2880 cbidf2k - ok
00:21:48.0031 2880 cd20xrnt - ok
00:21:48.0046 2880 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:21:48.0046 2880 Cdaudio - ok
00:21:48.0078 2880 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:21:48.0078 2880 Cdfs - ok
00:21:48.0093 2880 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:21:48.0093 2880 Cdrom - ok
00:21:48.0093 2880 Changer - ok
00:21:48.0109 2880 CmdIde - ok
00:21:48.0125 2880 Cpqarray - ok
00:21:48.0156 2880 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
00:21:48.0156 2880 cpuz135 - ok
00:21:48.0156 2880 dac2w2k - ok
00:21:48.0171 2880 dac960nt - ok
00:21:48.0203 2880 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:21:48.0203 2880 Disk - ok
00:21:48.0265 2880 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
00:21:48.0265 2880 dmboot - ok
00:21:48.0281 2880 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
00:21:48.0281 2880 dmio - ok
00:21:48.0281 2880 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:21:48.0281 2880 dmload - ok
00:21:48.0296 2880 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:21:48.0296 2880 DMusic - ok
00:21:48.0296 2880 dpti2o - ok
00:21:48.0328 2880 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:21:48.0328 2880 drmkaud - ok
00:21:48.0375 2880 dtsoftbus01 (fb38473835476a6fb272215a1d972af9) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
00:21:48.0375 2880 dtsoftbus01 - ok
00:21:48.0375 2880 EagleNT - ok
00:21:48.0390 2880 EagleXNt - ok
00:21:48.0406 2880 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:21:48.0406 2880 Fastfat - ok
00:21:48.0421 2880 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:21:48.0421 2880 Fdc - ok
00:21:48.0437 2880 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
00:21:48.0437 2880 Fips - ok
00:21:48.0453 2880 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:21:48.0453 2880 Flpydisk - ok
00:21:48.0484 2880 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:21:48.0484 2880 FltMgr - ok
00:21:48.0500 2880 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:21:48.0500 2880 Fs_Rec - ok
00:21:48.0515 2880 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:21:48.0515 2880 Ftdisk - ok
00:21:48.0562 2880 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\WINDOWS\gdrv.sys
00:21:48.0562 2880 gdrv - ok
00:21:48.0593 2880 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
00:21:48.0593 2880 giveio - ok
00:21:48.0593 2880 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:21:48.0593 2880 Gpc - ok
00:21:48.0640 2880 GT680x (7b90be6811334caa9243b89f3d3fee1a) C:\WINDOWS\system32\Drivers\gt680x.sys
00:21:48.0640 2880 GT680x - ok
00:21:48.0656 2880 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:21:48.0656 2880 HDAudBus - ok
00:21:48.0703 2880 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:21:48.0703 2880 HidUsb - ok
00:21:48.0703 2880 hpn - ok
00:21:48.0750 2880 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
00:21:48.0750 2880 HTTP - ok
00:21:48.0765 2880 i2omgmt - ok
00:21:48.0765 2880 i2omp - ok
00:21:48.0781 2880 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:21:48.0781 2880 i8042prt - ok
00:21:48.0796 2880 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:21:48.0796 2880 Imapi - ok
00:21:48.0796 2880 InCDFs - ok
00:21:48.0812 2880 InCDPass - ok
00:21:48.0812 2880 InCDRm - ok
00:21:48.0828 2880 ini910u - ok
00:21:48.0968 2880 IntcAzAudAddService (1511286a30ac4f74f5e9aac182bbefbc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:21:49.0000 2880 IntcAzAudAddService - ok
00:21:49.0000 2880 IntelIde - ok
00:21:49.0031 2880 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:21:49.0031 2880 intelppm - ok
00:21:49.0062 2880 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:21:49.0062 2880 ip6fw - ok
00:21:49.0093 2880 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:21:49.0093 2880 IpFilterDriver - ok
00:21:49.0093 2880 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:21:49.0093 2880 IpInIp - ok
00:21:49.0125 2880 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:21:49.0125 2880 IpNat - ok
00:21:49.0140 2880 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:21:49.0140 2880 IPSec - ok
00:21:49.0156 2880 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:21:49.0156 2880 IRENUM - ok
00:21:49.0171 2880 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:21:49.0187 2880 isapnp - ok
00:21:49.0187 2880 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:21:49.0187 2880 Kbdclass - ok
00:21:49.0218 2880 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\kl1.sys
00:21:49.0218 2880 KL1 - ok
00:21:49.0250 2880 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\WINDOWS\system32\DRIVERS\kl2.sys
00:21:49.0250 2880 kl2 - ok
00:21:49.0296 2880 KLIF (5d92a03045a6a98708975b3d77b39a36) C:\WINDOWS\system32\DRIVERS\klif.sys
00:21:49.0296 2880 KLIF - ok
00:21:49.0328 2880 klim5 (96a7ec308a93da26dfe481308baac2a2) C:\WINDOWS\system32\DRIVERS\klim5.sys
00:21:49.0328 2880 klim5 - ok
00:21:49.0343 2880 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
00:21:49.0343 2880 klmouflt - ok
00:21:49.0343 2880 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:21:49.0359 2880 kmixer - ok
00:21:49.0359 2880 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
00:21:49.0359 2880 KSecDD - ok
00:21:49.0375 2880 lbrtfdc - ok
00:21:49.0390 2880 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\WINDOWS\system32\drivers\libusb0.sys
00:21:49.0390 2880 libusb0 - ok
00:21:49.0406 2880 MagicTune - ok
00:21:49.0421 2880 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:21:49.0421 2880 mnmdd - ok
00:21:49.0453 2880 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
00:21:49.0453 2880 Modem - ok
00:21:49.0484 2880 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
00:21:49.0484 2880 Monfilt - ok
00:21:49.0500 2880 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:21:49.0500 2880 Mouclass - ok
00:21:49.0515 2880 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:21:49.0515 2880 mouhid - ok
00:21:49.0531 2880 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:21:49.0531 2880 MountMgr - ok
00:21:49.0531 2880 mraid35x - ok
00:21:49.0546 2880 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:21:49.0546 2880 MRxDAV - ok
00:21:49.0578 2880 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:21:49.0593 2880 MRxSmb - ok
00:21:49.0593 2880 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:21:49.0593 2880 Msfs - ok
00:21:49.0625 2880 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:21:49.0625 2880 MSKSSRV - ok
00:21:49.0640 2880 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:21:49.0640 2880 MSPCLOCK - ok
00:21:49.0656 2880 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:21:49.0656 2880 MSPQM - ok
00:21:49.0703 2880 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:21:49.0703 2880 mssmbios - ok
00:21:49.0703 2880 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
00:21:49.0703 2880 Mup - ok
00:21:49.0734 2880 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:21:49.0734 2880 NDIS - ok
00:21:49.0734 2880 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:21:49.0734 2880 NdisTapi - ok
00:21:49.0750 2880 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:21:49.0750 2880 Ndisuio - ok
00:21:49.0765 2880 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:21:49.0765 2880 NdisWan - ok
00:21:49.0765 2880 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
00:21:49.0765 2880 NDProxy - ok
00:21:49.0781 2880 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:21:49.0781 2880 NetBIOS - ok
00:21:49.0796 2880 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:21:49.0796 2880 NetBT - ok
00:21:49.0812 2880 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:21:49.0812 2880 Npfs - ok
00:21:49.0843 2880 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:21:49.0843 2880 Ntfs - ok
00:21:49.0859 2880 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:21:49.0859 2880 Null - ok
00:21:50.0046 2880 nv (bf506d232c5e6f2dae80f5c11b45c60e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:21:50.0078 2880 nv - ok
00:21:50.0109 2880 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:21:50.0109 2880 NwlnkFlt - ok
00:21:50.0140 2880 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:21:50.0140 2880 NwlnkFwd - ok
00:21:50.0156 2880 oreans32 (b99575d16f887883b821d372ff292c20) C:\WINDOWS\system32\drivers\oreans32.sys
00:21:50.0156 2880 oreans32 - ok
00:21:50.0171 2880 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\DRIVERS\parport.sys
00:21:50.0171 2880 Parport - ok
00:21:50.0187 2880 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:21:50.0187 2880 PartMgr - ok
00:21:50.0218 2880 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
00:21:50.0218 2880 ParVdm - ok
00:21:50.0234 2880 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
00:21:50.0234 2880 PCI - ok
00:21:50.0250 2880 PCIDump - ok
00:21:50.0265 2880 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:21:50.0265 2880 PCIIde - ok
00:21:50.0296 2880 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:21:50.0296 2880 Pcmcia - ok
00:21:50.0296 2880 PDCOMP - ok
00:21:50.0312 2880 PDFRAME - ok
00:21:50.0312 2880 PDRELI - ok
00:21:50.0328 2880 PDRFRAME - ok
00:21:50.0328 2880 perc2 - ok
00:21:50.0343 2880 perc2hib - ok
00:21:50.0375 2880 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:21:50.0375 2880 PptpMiniport - ok
00:21:50.0390 2880 Processor (b479f50e883b2297a5f7f212aaee6f6c) C:\WINDOWS\system32\DRIVERS\processr.sys
00:21:50.0390 2880 Processor - ok
00:21:50.0390 2880 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:21:50.0406 2880 PSched - ok
00:21:50.0421 2880 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:21:50.0421 2880 Ptilink - ok
00:21:50.0437 2880 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:21:50.0437 2880 PxHelp20 - ok
00:21:50.0437 2880 ql1080 - ok
00:21:50.0453 2880 Ql10wnt - ok
00:21:50.0453 2880 ql12160 - ok
00:21:50.0468 2880 ql1240 - ok
00:21:50.0468 2880 ql1280 - ok
00:21:50.0484 2880 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:21:50.0500 2880 RasAcd - ok
00:21:50.0500 2880 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:21:50.0500 2880 Rasl2tp - ok
00:21:50.0515 2880 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:21:50.0515 2880 RasPppoe - ok
00:21:50.0531 2880 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:21:50.0531 2880 Raspti - ok
00:21:50.0546 2880 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:21:50.0546 2880 Rdbss - ok
00:21:50.0562 2880 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:21:50.0562 2880 RDPCDD - ok
00:21:50.0578 2880 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:21:50.0578 2880 rdpdr - ok
00:21:50.0593 2880 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
00:21:50.0593 2880 RDPWD - ok
00:21:50.0609 2880 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:21:50.0609 2880 redbook - ok
00:21:50.0671 2880 RTL8023xp (1e11171c0b9989e1bdaa59e96b2e81c4) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
00:21:50.0671 2880 RTL8023xp - ok
00:21:50.0703 2880 RTLE8023xp (6fc7ddf3b8d94fba7ac664452d6478d4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
00:21:50.0703 2880 RTLE8023xp - ok
00:21:50.0734 2880 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:21:50.0734 2880 Secdrv - ok
00:21:50.0750 2880 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:21:50.0750 2880 serenum - ok
00:21:50.0750 2880 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\DRIVERS\serial.sys
00:21:50.0750 2880 Serial - ok
00:21:50.0781 2880 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:21:50.0781 2880 Sfloppy - ok
00:21:50.0796 2880 Simbad - ok
00:21:50.0812 2880 Sparrow - ok
00:21:50.0828 2880 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\WINDOWS\system32\speedfan.sys
00:21:50.0843 2880 speedfan - ok
00:21:50.0875 2880 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:21:50.0875 2880 splitter - ok
00:21:50.0906 2880 sptd (f42efefb765235f24b24e1d2b6f99f46) C:\WINDOWS\System32\Drivers\sptd.sys
00:21:50.0906 2880 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: f42efefb765235f24b24e1d2b6f99f46
00:21:50.0921 2880 sptd ( LockedFile.Multi.Generic ) - warning
00:21:50.0921 2880 sptd - detected LockedFile.Multi.Generic (1)
00:21:50.0937 2880 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
00:21:50.0937 2880 sr - ok
00:21:50.0984 2880 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
00:21:50.0984 2880 Srv - ok
00:21:51.0000 2880 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:21:51.0000 2880 swenum - ok
00:21:51.0015 2880 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:21:51.0015 2880 swmidi - ok
00:21:51.0031 2880 symc810 - ok
00:21:51.0031 2880 symc8xx - ok
00:21:51.0093 2880 SYMIDSCO - ok
00:21:51.0125 2880 sym_hi - ok
00:21:51.0140 2880 sym_u3 - ok
00:21:51.0187 2880 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:21:51.0187 2880 sysaudio - ok
00:21:51.0218 2880 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:21:51.0218 2880 Tcpip - ok
00:21:51.0265 2880 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:21:51.0265 2880 TDPIPE - ok
00:21:51.0312 2880 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:21:51.0312 2880 TDTCP - ok
00:21:51.0312 2880 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:21:51.0312 2880 TermDD - ok
00:21:51.0328 2880 TosIde - ok
00:21:51.0390 2880 U81xbus (8452977e2331af70652c3a4c28d2706d) C:\WINDOWS\system32\DRIVERS\U81xbus.sys
00:21:51.0390 2880 U81xbus - ok
00:21:51.0421 2880 U81xmdfl (e39c410fcd87570e36dcc34f6d2502b7) C:\WINDOWS\system32\DRIVERS\U81xmdfl.sys
00:21:51.0421 2880 U81xmdfl - ok
00:21:51.0453 2880 U81xmdm (eb0bbf5d8c53f1abe7911907b276a0b6) C:\WINDOWS\system32\DRIVERS\U81xmdm.sys
00:21:51.0453 2880 U81xmdm - ok
00:21:51.0500 2880 U81xmgmt (f0eea020cc5986260b87cb92050af160) C:\WINDOWS\system32\DRIVERS\U81xmgmt.sys
00:21:51.0500 2880 U81xmgmt - ok
00:21:51.0515 2880 U81xobex (aa1eb6bfd8176c25c04b803542bcd7ac) C:\WINDOWS\system32\DRIVERS\U81xobex.sys
00:21:51.0515 2880 U81xobex - ok
00:21:51.0531 2880 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:21:51.0531 2880 Udfs - ok
00:21:51.0546 2880 ultra - ok
00:21:51.0593 2880 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:21:51.0593 2880 Update - ok
00:21:51.0625 2880 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:21:51.0625 2880 usbehci - ok
00:21:51.0640 2880 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:21:51.0640 2880 usbhub - ok
00:21:51.0671 2880 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:21:51.0671 2880 usbprint - ok
00:21:51.0687 2880 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:21:51.0687 2880 usbscan - ok
00:21:51.0718 2880 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:21:51.0718 2880 USBSTOR - ok
00:21:51.0734 2880 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:21:51.0734 2880 usbuhci - ok
00:21:51.0765 2880 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:21:51.0765 2880 VgaSave - ok
00:21:51.0765 2880 ViaIde - ok
00:21:51.0781 2880 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
00:21:51.0796 2880 VolSnap - ok
00:21:51.0812 2880 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:21:51.0812 2880 Wanarp - ok
00:21:51.0828 2880 WDICA - ok
00:21:51.0859 2880 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:21:51.0859 2880 wdmaud - ok
00:21:51.0921 2880 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:21:51.0937 2880 WS2IFSL - ok
00:21:52.0000 2880 ZD1211BU(TP-LINK) (d125e1445bb9dc951c250d4192e70841) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
00:21:52.0000 2880 ZD1211BU(TP-LINK) - ok
00:21:52.0031 2880 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
00:21:52.0031 2880 ZDPSp50 - ok
00:21:52.0046 2880 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
00:21:52.0250 2880 \Device\Harddisk0\DR0 - ok
00:21:52.0250 2880 Boot (0x1200) (fa4b92243d74d042f39e307c3f172ecc) \Device\Harddisk0\DR0\Partition0
00:21:52.0265 2880 \Device\Harddisk0\DR0\Partition0 - ok
00:21:52.0265 2880 ============================================================
00:21:52.0265 2880 Scan finished
00:21:52.0265 2880 ============================================================
00:21:52.0265 1536 Detected object count: 1
00:21:52.0265 1536 Actual detected object count: 1
00:21:53.0937 1536 sptd ( LockedFile.Multi.Generic ) - skipped by user
00:21:53.0937 1536 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Spero di essere pulito :D , ho anche usato quello script , ed ho skippato il suspicious che ha trovato TDSS.

Grazie ancora ;)

tecnico24 · 11 Marzo 2012

Dovresti esserlo , il log di combofix inviacelo sempre.

NextGen · 15 Marzo 2012

Credo che sia tornato tutto apposto , mi piacerebbe sapere solo FDAC da cosa ha dedotto che Avira e Malwarbytes erano disattivati , premetto che potevo lanciare entrambi gli applicativi e scansionare il sistema.
Per i dati "sensibili" nell hard disk posso stare al sicuro?
Fra una settimana eseguirò un bel formattone. :asd:

NextGen · 17 Marzo 2012

NextGen · 18 Marzo 2012

Uppete c'è nessuno? :)

Cerca

Analisi

NextGen

Utente Attivo

FDAC

Utente Attivo

NextGen

Utente Attivo

tecnico24

NextGen

Utente Attivo

tecnico24

Allegati

NextGen

Utente Attivo

tecnico24

NextGen

Utente Attivo

tecnico24

NextGen

Utente Attivo

tecnico24

NextGen

Utente Attivo

NextGen

Utente Attivo

NextGen

Utente Attivo

Ci sono discussioni simili a riguardo, dai un'occhiata!

Entra

Discussioni Simili