Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » datemi un aiuto per favore...!!!

2 pages: [1] 2
datemi un aiuto per favore...!!! Opzioni
Topic Precedente · Topic Sucessivo
sfigato
Inviato: Thursday, October 13, 2011 6:47:01 PM
Rank: AiutAmico

Iscritto dal : 2/16/2005
Posts: 79
Oggi avrò beccato un trojan,
ho fatto delle scansioni con il norman e il tss killer,
non mi parte hijack e nemmeno combofix....
mi dite che cappero può essere successo....???
ecco i log.

17:39:50.0703 0456 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
17:39:50.0718 0456 ============================================================
17:39:50.0718 0456 Current date / time: 2011/10/13 17:39:50.0718
17:39:50.0718 0456 SystemInfo:
17:39:50.0718 0456
17:39:50.0718 0456 OS Version: 5.1.2600 ServicePack: 3.0
17:39:50.0718 0456 Product type: Workstation
17:39:50.0718 0456 ComputerName: SERGIO
17:39:50.0718 0456 UserName: sergio
17:39:50.0718 0456 Windows directory: C:\WINDOWS
17:39:50.0718 0456 System windows directory: C:\WINDOWS
17:39:50.0718 0456 Processor architecture: Intel x86
17:39:50.0718 0456 Number of processors: 2
17:39:50.0718 0456 Page size: 0x1000
17:39:50.0718 0456 Boot type: Normal boot
17:39:50.0718 0456 ============================================================
17:39:52.0875 0456 Initialize success
17:39:55.0703 0180 ============================================================
17:39:55.0703 0180 Scan started
17:39:55.0703 0180 Mode: Manual;
17:39:55.0703 0180 ============================================================
17:39:57.0781 0180 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
17:39:57.0796 0180 61883 - ok
17:39:58.0031 0180 Abiosdsk - ok
17:39:58.0171 0180 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
17:39:58.0171 0180 abp480n5 - ok
17:39:58.0296 0180 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
17:39:58.0296 0180 ac97intc - ok
17:39:58.0406 0180 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:39:58.0421 0180 ACPI - ok
17:39:58.0500 0180 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:39:58.0515 0180 ACPIEC - ok
17:39:58.0625 0180 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
17:39:58.0625 0180 adpu160m - ok
17:39:58.0718 0180 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:39:58.0718 0180 aec - ok
17:39:58.0828 0180 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:39:58.0828 0180 AegisP - ok
17:39:58.0937 0180 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
17:39:58.0937 0180 AFD - ok
17:39:59.0062 0180 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
17:39:59.0078 0180 agp440 - ok
17:39:59.0156 0180 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
17:39:59.0156 0180 agpCPQ - ok
17:39:59.0250 0180 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
17:39:59.0250 0180 Aha154x - ok
17:39:59.0343 0180 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
17:39:59.0359 0180 aic78u2 - ok
17:39:59.0437 0180 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
17:39:59.0437 0180 aic78xx - ok
17:39:59.0578 0180 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
17:39:59.0609 0180 ALCXSENS - ok
17:39:59.0796 0180 ALCXWDM (5ff6f7e58c798f1474c0bbffc23cb78d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:39:59.0843 0180 ALCXWDM - ok
17:39:59.0921 0180 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
17:39:59.0937 0180 AliIde - ok
17:40:00.0046 0180 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
17:40:00.0046 0180 alim1541 - ok
17:40:00.0125 0180 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
17:40:00.0125 0180 amdagp - ok
17:40:00.0203 0180 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
17:40:00.0218 0180 amsint - ok
17:40:00.0328 0180 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:40:00.0328 0180 Arp1394 - ok
17:40:00.0406 0180 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
17:40:00.0406 0180 asc - ok
17:40:00.0500 0180 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
17:40:00.0500 0180 asc3350p - ok
17:40:00.0625 0180 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
17:40:00.0625 0180 asc3550 - ok
17:40:00.0750 0180 Aspi32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\Aspi32.sys
17:40:00.0750 0180 Aspi32 - ok
17:40:00.0843 0180 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:40:00.0843 0180 AsyncMac - ok
17:40:00.0984 0180 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:40:00.0984 0180 atapi - ok
17:40:01.0046 0180 Atdisk - ok
17:40:01.0187 0180 ati2mtag (2f25457fec1404470843d8b930ea00b9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:40:01.0250 0180 ati2mtag - ok
17:40:01.0359 0180 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:40:01.0359 0180 Atmarpc - ok
17:40:01.0484 0180 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:40:01.0484 0180 audstub - ok
17:40:01.0625 0180 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
17:40:01.0625 0180 Avc - ok
17:40:01.0718 0180 avgio (594d25ef73f381fd508b8ee04883f90f) C:\Programmi\Avira\AntiVir Desktop\avgio.sys
17:40:01.0718 0180 avgio - ok
17:40:01.0781 0180 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:40:01.0796 0180 avgntflt - ok
17:40:01.0859 0180 b3d51c09 (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\152884659:1277879286.exe
17:40:01.0984 0180 Suspicious file (Hidden): C:\WINDOWS\152884659:1277879286.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
17:40:01.0984 0180 b3d51c09 ( HiddenFile.Multi.Generic ) - warning
17:40:01.0984 0180 b3d51c09 - detected HiddenFile.Multi.Generic (1)
17:40:02.0125 0180 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:40:02.0125 0180 Beep - ok
17:40:02.0218 0180 C-Dilla (b77634d2a76e8851ddfd883d096106c7) C:\WINDOWS\System32\drivers\CDANT.SYS
17:40:02.0218 0180 C-Dilla - ok
17:40:02.0234 0180 catchme - ok
17:40:02.0343 0180 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
17:40:02.0343 0180 cbidf - ok
17:40:02.0375 0180 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:40:02.0375 0180 cbidf2k - ok
17:40:02.0468 0180 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:40:02.0468 0180 CCDECODE - ok
17:40:02.0609 0180 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
17:40:02.0609 0180 cd20xrnt - ok
17:40:02.0734 0180 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:40:02.0734 0180 Cdaudio - ok
17:40:02.0828 0180 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:40:02.0828 0180 Cdfs - ok
17:40:02.0921 0180 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:40:02.0921 0180 Cdrom - ok
17:40:02.0984 0180 Changer - ok
17:40:03.0078 0180 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:40:03.0078 0180 CmBatt - ok
17:40:03.0203 0180 CmdIde (03a71b880380d15a0f951612b0f52be8) C:\WINDOWS\System32\DRIVERS\cmdide.sys
17:40:03.0203 0180 CmdIde - ok
17:40:03.0281 0180 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:40:03.0281 0180 Compbatt - ok
17:40:03.0406 0180 CONAN (f9ba9dd6dad716758a51ef40b011e71c) C:\WINDOWS\system32\drivers\o2mmb.sys
17:40:03.0421 0180 CONAN - ok
17:40:03.0562 0180 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
17:40:03.0562 0180 Cpqarray - ok
17:40:03.0687 0180 cpwnt (c7c5faa55681d8bd9cdefb888a6b0640) C:\WINDOWS\system32\drivers\cpwnt.sys
17:40:03.0687 0180 cpwnt - ok
17:40:03.0796 0180 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
17:40:03.0796 0180 dac2w2k - ok
17:40:03.0890 0180 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
17:40:03.0890 0180 dac960nt - ok
17:40:03.0984 0180 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:40:03.0984 0180 Disk - ok
17:40:04.0140 0180 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
17:40:04.0203 0180 dmboot - ok
17:40:04.0328 0180 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
17:40:04.0328 0180 dmio - ok
17:40:04.0453 0180 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:40:04.0453 0180 dmload - ok
17:40:04.0609 0180 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:40:04.0609 0180 DMusic - ok
17:40:04.0718 0180 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
17:40:04.0718 0180 dpti2o - ok
17:40:04.0781 0180 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:40:04.0781 0180 drmkaud - ok
17:40:04.0875 0180 EAPPkt (c47e7c5e7410c7de98f7219e3008c23d) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
17:40:04.0875 0180 EAPPkt - ok
17:40:04.0937 0180 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:40:04.0953 0180 Fastfat - ok
17:40:05.0000 0180 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:40:05.0000 0180 Fdc - ok
17:40:05.0062 0180 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
17:40:05.0062 0180 Fips - ok
17:40:05.0109 0180 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:40:05.0109 0180 Flpydisk - ok
17:40:05.0187 0180 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:40:05.0187 0180 FltMgr - ok
17:40:05.0265 0180 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:40:05.0265 0180 Fs_Rec - ok
17:40:05.0437 0180 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:40:05.0437 0180 Ftdisk - ok
17:40:05.0562 0180 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:40:05.0562 0180 Gpc - ok
17:40:05.0656 0180 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:40:05.0656 0180 HidUsb - ok
17:40:05.0750 0180 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
17:40:05.0750 0180 hpn - ok
17:40:05.0875 0180 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:40:05.0890 0180 HTTP - ok
17:40:05.0937 0180 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:40:05.0937 0180 i2omgmt - ok
17:40:06.0015 0180 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
17:40:06.0015 0180 i2omp - ok
17:40:06.0093 0180 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:40:06.0093 0180 i8042prt - ok
17:40:06.0187 0180 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:40:06.0187 0180 Imapi - ok
17:40:06.0328 0180 incdrm (c46e8cf2bf9688d5332dd14cf42acd61) C:\WINDOWS\system32\drivers\incdrm.sys
17:40:06.0328 0180 incdrm - ok
17:40:06.0437 0180 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
17:40:06.0437 0180 ini910u - ok
17:40:06.0562 0180 IntelIde (027fe9b28fb0f861c181d25923b31e78) C:\WINDOWS\System32\DRIVERS\intelide.sys
17:40:06.0562 0180 IntelIde - ok
17:40:06.0734 0180 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:40:06.0734 0180 intelppm - ok
17:40:06.0796 0180 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:40:06.0796 0180 ip6fw - ok
17:40:06.0890 0180 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:40:06.0890 0180 IpFilterDriver - ok
17:40:07.0000 0180 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:40:07.0000 0180 IpInIp - ok
17:40:07.0062 0180 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:40:07.0062 0180 IpNat - ok
17:40:07.0140 0180 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:40:07.0140 0180 IPSec - ok
17:40:07.0218 0180 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
17:40:07.0218 0180 irda - ok
17:40:07.0296 0180 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:40:07.0296 0180 IRENUM - ok
17:40:07.0375 0180 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:40:07.0375 0180 isapnp - ok
17:40:07.0515 0180 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:40:07.0531 0180 Kbdclass - ok
17:40:07.0593 0180 KeyP - ok
17:40:07.0671 0180 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:40:07.0687 0180 kmixer - ok
17:40:07.0765 0180 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:40:07.0781 0180 KSecDD - ok
17:40:07.0859 0180 lbrtfdc - ok
17:40:07.0984 0180 MbxStby (27ff21e081ad85d8b29811f66dd002e5) C:\WINDOWS\system32\drivers\MbxStby.sys
17:40:07.0984 0180 MbxStby - ok
17:40:08.0093 0180 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:40:08.0093 0180 mnmdd - ok
17:40:08.0171 0180 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
17:40:08.0171 0180 Modem - ok
17:40:08.0281 0180 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:40:08.0281 0180 MODEMCSA - ok
17:40:08.0437 0180 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:40:08.0437 0180 Mouclass - ok
17:40:08.0546 0180 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:40:08.0546 0180 mouhid - ok
17:40:08.0609 0180 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:40:08.0609 0180 MountMgr - ok
17:40:08.0687 0180 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
17:40:08.0687 0180 mraid35x - ok
17:40:08.0750 0180 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:40:08.0765 0180 MRxDAV - ok
17:40:08.0890 0180 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:40:08.0921 0180 MRxSmb - ok
17:40:09.0000 0180 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
17:40:09.0015 0180 MSDV - ok
17:40:09.0156 0180 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:40:09.0156 0180 Msfs - ok
17:40:09.0234 0180 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:40:09.0234 0180 MSKSSRV - ok
17:40:09.0312 0180 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:40:09.0312 0180 MSPCLOCK - ok
17:40:09.0406 0180 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:40:09.0406 0180 MSPQM - ok
17:40:09.0515 0180 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:40:09.0515 0180 mssmbios - ok
17:40:09.0609 0180 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:40:09.0609 0180 MSTEE - ok
17:40:09.0734 0180 Mtlmnt5 (2bd5e41dbc10335da517c63126edd9f0) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
17:40:09.0734 0180 Mtlmnt5 - ok
17:40:09.0875 0180 Mtlstrm (cd8cd38eb0089825daba33b78c4bca0a) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
17:40:09.0968 0180 Mtlstrm - ok
17:40:10.0062 0180 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:40:10.0062 0180 Mup - ok
17:40:10.0093 0180 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:40:10.0109 0180 NABTSFEC - ok
17:40:10.0171 0180 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:40:10.0171 0180 NDIS - ok
17:40:10.0265 0180 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:40:10.0265 0180 NdisIP - ok
17:40:10.0328 0180 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:40:10.0328 0180 NdisTapi - ok
17:40:10.0406 0180 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:40:10.0406 0180 Ndisuio - ok
17:40:10.0468 0180 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:40:10.0484 0180 NdisWan - ok
17:40:10.0578 0180 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:40:10.0578 0180 NDProxy - ok
17:40:10.0625 0180 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:40:10.0625 0180 NetBIOS - ok
17:40:10.0671 0180 NetBT (7a67b8de16c350a782e2dd2b036c542b) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:40:10.0671 0180 NetBT - ok
17:40:10.0734 0180 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:40:10.0750 0180 NIC1394 - ok
17:40:10.0859 0180 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
17:40:10.0859 0180 nmwcd - ok
17:40:10.0921 0180 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
17:40:10.0921 0180 nmwcdc - ok
17:40:11.0015 0180 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
17:40:11.0015 0180 nmwcdnsu - ok
17:40:11.0140 0180 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
17:40:11.0140 0180 nmwcdnsuc - ok
17:40:11.0250 0180 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:40:11.0250 0180 Npfs - ok
17:40:11.0484 0180 nsak_FE7E8E11 (c9787937e249295b6ecdfb67a482a567) C:\DOCUME~1\sergio\IMPOST~1\Temp\nmc\0001\nse\bin\nsak.sys
17:40:11.0484 0180 nsak_FE7E8E11 - ok
17:40:11.0578 0180 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
17:40:11.0578 0180 NSCIRDA - ok
17:40:11.0687 0180 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:40:11.0718 0180 Ntfs - ok
17:40:11.0859 0180 NtMtlFax (993e68224c0f871015e06039f3a92167) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
17:40:11.0859 0180 NtMtlFax - ok
17:40:12.0000 0180 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:40:12.0000 0180 Null - ok
17:40:12.0125 0180 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:40:12.0125 0180 NwlnkFlt - ok
17:40:12.0234 0180 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:40:12.0234 0180 NwlnkFwd - ok
17:40:12.0328 0180 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:40:12.0328 0180 ohci1394 - ok
17:40:12.0421 0180 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\DRIVERS\parport.sys
17:40:12.0421 0180 Parport - ok
17:40:12.0484 0180 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:40:12.0484 0180 PartMgr - ok
17:40:12.0593 0180 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
17:40:12.0593 0180 ParVdm - ok
17:40:12.0703 0180 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
17:40:12.0703 0180 pccsmcfd - ok
17:40:12.0734 0180 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
17:40:12.0734 0180 PCI - ok
17:40:12.0750 0180 PCIDump - ok
17:40:12.0828 0180 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:40:12.0828 0180 PCIIde - ok
17:40:12.0890 0180 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:40:12.0890 0180 Pcmcia - ok
17:40:12.0953 0180 PDCOMP - ok
17:40:13.0015 0180 PDFRAME - ok
17:40:13.0093 0180 PDRELI - ok
17:40:13.0140 0180 PDRFRAME - ok
17:40:13.0218 0180 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
17:40:13.0218 0180 perc2 - ok
17:40:13.0312 0180 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
17:40:13.0312 0180 perc2hib - ok
17:40:13.0406 0180 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:40:13.0406 0180 PptpMiniport - ok
17:40:13.0546 0180 PRISM_A00 (4d391c5a92921eb14e566591d8a9329f) C:\WINDOWS\system32\DRIVERS\PRISMA00.sys
17:40:13.0578 0180 PRISM_A00 - ok
17:40:13.0703 0180 Processor (b479f50e883b2297a5f7f212aaee6f6c) C:\WINDOWS\system32\DRIVERS\processr.sys
17:40:13.0703 0180 Processor - ok
17:40:13.0812 0180 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:40:13.0812 0180 PSched - ok
17:40:13.0937 0180 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:40:13.0937 0180 Ptilink - ok
17:40:14.0062 0180 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
17:40:14.0062 0180 PxHelp20 - ok
17:40:14.0156 0180 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
17:40:14.0171 0180 QCDonner - ok
17:40:14.0265 0180 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
17:40:14.0281 0180 ql1080 - ok
17:40:14.0390 0180 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
17:40:14.0390 0180 Ql10wnt - ok
17:40:14.0484 0180 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
17:40:14.0484 0180 ql12160 - ok
17:40:14.0593 0180 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
17:40:14.0593 0180 ql1240 - ok
17:40:14.0687 0180 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
17:40:14.0687 0180 ql1280 - ok
17:40:14.0734 0180 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:40:14.0734 0180 RasAcd - ok
17:40:14.0796 0180 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
17:40:14.0796 0180 Rasirda - ok
17:40:14.0828 0180 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:40:14.0828 0180 Rasl2tp - ok
17:40:14.0890 0180 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:40:14.0890 0180 RasPppoe - ok
17:40:14.0937 0180 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:40:14.0937 0180 Raspti - ok
17:40:15.0000 0180 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:40:15.0000 0180 Rdbss - ok
17:40:15.0046 0180 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:40:15.0046 0180 RDPCDD - ok
17:40:15.0093 0180 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:40:15.0093 0180 rdpdr - ok
17:40:15.0171 0180 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:40:15.0171 0180 RDPWD - ok
17:40:15.0250 0180 RecAgent (4695397ac20c467a1ced29c37fdba0b1) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
17:40:15.0250 0180 RecAgent - ok
17:40:15.0312 0180 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:40:15.0312 0180 redbook - ok
17:40:15.0406 0180 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:40:15.0421 0180 rtl8139 - ok
17:40:15.0546 0180 RTL8187B (60aecd4284317784111716bb88342f46) C:\WINDOWS\system32\DRIVERS\wg111v3.sys
17:40:15.0546 0180 RTL8187B - ok
17:40:15.0640 0180 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:40:15.0640 0180 Secdrv - ok
17:40:15.0718 0180 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:40:15.0718 0180 serenum - ok
17:40:15.0781 0180 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\DRIVERS\serial.sys
17:40:15.0781 0180 Serial - ok
17:40:15.0890 0180 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:40:15.0890 0180 Sfloppy - ok
17:40:15.0921 0180 Simbad - ok
17:40:16.0000 0180 sisagp (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
17:40:16.0000 0180 sisagp - ok
17:40:16.0062 0180 SISNIC (8204c49cde112f7b9c2f15707fe2cc5a) C:\WINDOWS\system32\DRIVERS\sisnic.sys
17:40:16.0062 0180 SISNIC - ok
17:40:16.0125 0180 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:40:16.0125 0180 SLIP - ok
17:40:16.0218 0180 Slntamr (5f24500f53f8cc9182755b3fd4d49384) C:\WINDOWS\system32\DRIVERS\slntamr.sys
17:40:16.0265 0180 Slntamr - ok
17:40:16.0296 0180 SlNtHal (97005b600fbc6d73269e1261a9f7f36a) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
17:40:16.0312 0180 SlNtHal - ok
17:40:16.0343 0180 SlWdmSup (aef19da29cd4265fcae8e3ddbf5d8aba) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
17:40:16.0343 0180 SlWdmSup - ok
17:40:16.0406 0180 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
17:40:16.0406 0180 SONYPVU1 - ok
17:40:16.0500 0180 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
17:40:16.0500 0180 Sparrow - ok
17:40:16.0562 0180 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:40:16.0562 0180 splitter - ok
17:40:16.0640 0180 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
17:40:16.0640 0180 sr - ok
17:40:16.0734 0180 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:40:16.0765 0180 Srv - ok
17:40:16.0812 0180 ssmdrv (7b69466075b4da427c5ecd10e1eab72a) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:40:16.0812 0180 ssmdrv - ok
17:40:16.0890 0180 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:40:16.0906 0180 streamip - ok
17:40:16.0937 0180 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:40:16.0953 0180 swenum - ok
17:40:16.0984 0180 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:40:17.0000 0180 swmidi - ok
17:40:17.0062 0180 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
17:40:17.0062 0180 symc810 - ok
17:40:17.0156 0180 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
17:40:17.0171 0180 symc8xx - ok
17:40:17.0234 0180 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
17:40:17.0234 0180 sym_hi - ok
17:40:17.0328 0180 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
17:40:17.0328 0180 sym_u3 - ok
17:40:17.0437 0180 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:40:17.0437 0180 sysaudio - ok
17:40:17.0562 0180 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:40:17.0593 0180 Tcpip - ok
17:40:17.0718 0180 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:40:17.0718 0180 TDPIPE - ok
17:40:17.0812 0180 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:40:17.0812 0180 TDTCP - ok
17:40:17.0906 0180 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:40:17.0921 0180 TermDD - ok
17:40:18.0015 0180 TosIde (b5cee774da04340c6f4c0fd14286a50e) C:\WINDOWS\System32\DRIVERS\toside.sys
17:40:18.0031 0180 TosIde - ok
17:40:18.0171 0180 U81xbus (8452977e2331af70652c3a4c28d2706d) C:\WINDOWS\system32\DRIVERS\U81xbus.sys
17:40:18.0171 0180 U81xbus - ok
17:40:18.0312 0180 U81xmdfl (e39c410fcd87570e36dcc34f6d2502b7) C:\WINDOWS\system32\DRIVERS\U81xmdfl.sys
17:40:18.0312 0180 U81xmdfl - ok
17:40:18.0437 0180 U81xmdm (eb0bbf5d8c53f1abe7911907b276a0b6) C:\WINDOWS\system32\DRIVERS\U81xmdm.sys
17:40:18.0437 0180 U81xmdm - ok
17:40:18.0546 0180 U81xmgmt (f0eea020cc5986260b87cb92050af160) C:\WINDOWS\system32\DRIVERS\U81xmgmt.sys
17:40:18.0546 0180 U81xmgmt - ok
17:40:18.0687 0180 U81xobex (aa1eb6bfd8176c25c04b803542bcd7ac) C:\WINDOWS\system32\DRIVERS\U81xobex.sys
17:40:18.0687 0180 U81xobex - ok
17:40:18.0796 0180 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:40:18.0812 0180 Udfs - ok
17:40:18.0906 0180 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
17:40:18.0906 0180 ultra - ok
17:40:19.0031 0180 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:40:19.0062 0180 Update - ok
17:40:19.0234 0180 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
17:40:19.0234 0180 upperdev - ok
17:40:19.0312 0180 USBAAPL - ok
17:40:19.0437 0180 usbbus (5353218b3265e3b8190335059f697a11) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
17:40:19.0437 0180 usbbus - ok
17:40:19.0546 0180 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:40:19.0546 0180 usbccgp - ok
17:40:19.0656 0180 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
17:40:19.0656 0180 UsbDiag - ok
17:40:19.0781 0180 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:40:19.0781 0180 usbehci - ok
17:40:19.0843 0180 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:40:19.0843 0180 usbhub - ok
17:40:19.0984 0180 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
17:40:19.0984 0180 USBModem - ok
17:40:20.0062 0180 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:40:20.0062 0180 usbohci - ok
17:40:20.0171 0180 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:40:20.0171 0180 usbprint - ok
17:40:20.0312 0180 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:40:20.0312 0180 usbscan - ok
17:40:20.0437 0180 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
17:40:20.0437 0180 usbser - ok
17:40:20.0546 0180 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
17:40:20.0546 0180 UsbserFilt - ok
17:40:20.0640 0180 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
17:40:20.0640 0180 usbsermpt - ok
17:40:20.0781 0180 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:40:20.0781 0180 USBSTOR - ok
17:40:20.0859 0180 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:40:20.0859 0180 usbuhci - ok
17:40:20.0937 0180 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:40:20.0937 0180 VgaSave - ok
17:40:21.0031 0180 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
17:40:21.0031 0180 viaagp - ok
17:40:21.0171 0180 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
17:40:21.0171 0180 ViaIde - ok
17:40:21.0234 0180 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
17:40:21.0250 0180 VolSnap - ok
17:40:21.0312 0180 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:40:21.0312 0180 Wanarp - ok
17:40:21.0421 0180 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
17:40:21.0421 0180 wceusbsh - ok
17:40:21.0593 0180 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:40:21.0640 0180 Wdf01000 - ok
17:40:21.0703 0180 WDICA - ok
17:40:21.0828 0180 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:40:21.0828 0180 wdmaud - ok
17:40:22.0015 0180 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:40:22.0015 0180 WpdUsb - ok
17:40:22.0140 0180 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:40:22.0140 0180 WS2IFSL - ok
17:40:22.0234 0180 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:40:22.0234 0180 WSTCODEC - ok
17:40:22.0406 0180 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:40:22.0406 0180 WudfPf - ok
17:40:22.0484 0180 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:40:22.0484 0180 WudfRd - ok
17:40:22.0562 0180 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:40:22.0765 0180 \Device\Harddisk0\DR0 - ok
17:40:22.0781 0180 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
17:40:23.0609 0180 \Device\Harddisk1\DR2 - ok
17:40:23.0625 0180 Boot (0x1200) (df17f2540f69d8d2155530097d699563) \Device\Harddisk0\DR0\Partition0
17:40:23.0625 0180 \Device\Harddisk0\DR0\Partition0 - ok
17:40:23.0625 0180 Boot (0x1200) (b057164b77d15c682eb6315e37f248a4) \Device\Harddisk1\DR2\Partition0
17:40:23.0625 0180 \Device\Harddisk1\DR2\Partition0 - ok
17:40:23.0640 0180 ============================================================
17:40:23.0640 0180 Scan finished
17:40:23.0640 0180 ============================================================
17:40:23.0656 4080 Detected object count: 1
17:40:23.0656 4080 Actual detected object count: 1
17:40:38.0953 4080 HKLM\SYSTEM\ControlSet001\services\b3d51c09 - will be deleted on reboot
17:40:38.0953 4080 HKLM\SYSTEM\ControlSet003\services\b3d51c09 - will be deleted on reboot
17:40:38.0984 4080 C:\WINDOWS\152884659:1277879286.exe - will be deleted on reboot
17:40:38.0984 4080 b3d51c09 ( HiddenFile.Multi.Generic ) - User select action: Delete
17:41:01.0484 0576 Deinitialize success


Norman Malware Cleaner v2.03.02
Copyright © 1990 - 2011, Norman ASA.

Norman Scanner Engine Version: 6.07.11
nvcbin.def: Version: 6.07.00, Date: 2011/10/13 03:17:31, Variants: 12194131
nvcmacro.def: Version: 6.07.00, Date: 2011/02/01 15:21:31, Variants: 20465

Operating System: Windows XP Service Pack 3

Switches: /iagree /nosb

Scan started: 2011/10/13 17:36:57

Running pre-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Scanning system for active rootkit activity...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Scanning running processes and process memory...
C:\WINDOWS\152884659:1277879286.exe: Process infected with W32/ZAccess.R
C:\WINDOWS\152884659:1277879286.exe: Process infected with W32/ZAccess.R
Terminate thread (in process: C:\WINDOWS\152884659:1277879286.exe (1208:1212))
Cleaning successful
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE: Process infected with W32/ZAccess.R
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE: Process infected with W32/ZAccess.R
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE: Process infected with W32/ZAccess.R
Terminate thread (in process: C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE (1976:1980))
Cleaning successful
: Process infected with W32/ZAccess.R
Terminate thread (in process: (2040:2044))
Cleaning successful

Number of objects found: 1269
Number of objects scanned: 1269
Number of objects not scanned: 0
Number of malicious memory objects found: 9
Number of malicious objects cleaned: 3
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 1m 57s

Scanning system for FakeAV...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Running quick scan...
C:\Programmi\Java\jre6\bin\jqs.exe: File infected with W32/Patched.BH
C:\Programmi\Java\jre6\bin\jqs.exe: Error opening file for write: 0x00000020


Norman Malware Cleaner v2.03.02
Copyright © 1990 - 2011, Norman ASA.

Norman Scanner Engine Version: 6.07.11
nvcbin.def: Version: 6.07.00, Date: 2011/10/13 03:17:31, Variants: 12194131
nvcmacro.def: Version: 6.07.00, Date: 2011/02/01 15:21:31, Variants: 20465

Operating System: Windows XP Service Pack 3

Switches: /iagree /nosb

Scan started: 2011/10/13 17:23:52

Running pre-scan cleanup routine...
Potentially unwanted registry value: 'HKCR\.scr --> (null) = AutoCADScriptFile'
Modify registry value: HKCR\.scr --> (Default) from 'AutoCADScriptFile' to 'scrfile'
Cleaning successful
Potentially unwanted registry value: 'HKU\S-1-5-21-3116029348-4207113801-411729504-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System --> DisableRegistryTools = 0x00000000'
Delete registry value: HKU\S-1-5-21-3116029348-4207113801-411729504-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System --> DisableRegistryTools = 0x00000000
Cleaning successful
Potentially unwanted registry value: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System --> DisableRegistryTools = 0x00000000'
Delete registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System --> DisableRegistryTools = 0x00000000
Cleaning successful
Potentially unwanted registry value: 'HKU\S-1-5-21-3116029348-4207113801-411729504-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer --> NoDrives = 0x00000000'
Delete registry value: HKU\S-1-5-21-3116029348-4207113801-411729504-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer --> NoDrives = 0x00000000
Cleaning successful
Potentially unwanted registry value: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer --> NoDrives = 0x00000000'
Delete registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer --> NoDrives = 0x00000000
Cleaning successful

Number of malicious objects found: 5
Number of malicious objects cleaned: 5
Scanning time: 1s

Scanning system for active rootkit activity...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Scanning running processes and process memory...
C:\WINDOWS\System32\Ati2evxx.exe: Process infected with W32/Patched.BH
Terminate process: C:\WINDOWS\System32\Ati2evxx.exe (1048)
Cleaning successful
C:\WINDOWS\System32\Ati2evxx.exe: File infected with W32/Patched.BH
Remove service: 'C:\WINDOWS\System32\Ati2evxx.exe' (Ati HotKey Poller)
Cleaning successful
Delete file: C:\WINDOWS\System32\Ati2evxx.exe
Cleaning successful
C:\WINDOWS\152884659:1277879286.exe: Process infected with W32/ZAccess.R
C:\WINDOWS\152884659:1277879286.exe: Process infected with W32/ZAccess.R
Terminate thread (in process: C:\WINDOWS\152884659:1277879286.exe (1120:1124))
Cleaning successful
C:\Programmi\Avira\AntiVir Desktop\sched.exe: Process infected with W32/Patched.BH
Terminate process: C:\Programmi\Avira\AntiVir Desktop\sched.exe (1924)
Cleaning successful
C:\Programmi\Avira\AntiVir Desktop\sched.exe: File infected with W32/Patched.BH
Remove service: '"C:\Programmi\Avira\AntiVir Desktop\sched.exe"' (Avira AntiVir Scheduler)
Cleaning successful
Delete file: C:\Programmi\Avira\AntiVir Desktop\sched.exe
Cleaning operation failed (Error code: 0x00000005)
Delete file on reboot: C:\Programmi\Avira\AntiVir Desktop\sched.exe
Cleaning successful
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe: Process infected with W32/Patched.BH
Terminate process: C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe (2040)
Cleaning successful
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe: File infected with W32/Patched.BH
Remove service: '"C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe"' (Autodesk Licensing Service)
Cleaning successful
Delete file: C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
Cleaning successful
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE: Process infected with W32/ZAccess.R
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE: Process infected with W32/ZAccess.R
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE: Process infected with W32/ZAccess.R
Terminate thread (in process: C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE (188:184))
Cleaning successful
: Process infected with W32/ZAccess.R
Terminate thread (in process: (484:488))
Cleaning successful
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe: Process infected with W32/Patched.BH
Terminate process: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe (1248)
Cleaning successful
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe: File infected with W32/Patched.BH
Remove service: '"C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"' (Machine Debug Manager)
Cleaning successful
Delete file: C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
Cleaning successful
C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe: Process infected with W32/Patched.BH
Terminate process: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe (1336)
Cleaning successful
C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe: File infected with W32/Patched.BH
Remove service: 'C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe' (RaySat_3dsmax8 Server)
Cleaning successful
Delete file: C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
Cleaning successful
C:\WINDOWS\system32\HPZipm12.exe: Process infected with W32/Patched.BH
Terminate process: C:\WINDOWS\system32\HPZipm12.exe (1372)
Cleaning successful
C:\WINDOWS\system32\HPZipm12.exe: File infected with W32/Patched.BH
Delete file: C:\WINDOWS\system32\HPZipm12.exe
Cleaning successful

Number of objects found: 1268
Number of objects scanned: 1268
Number of objects not scanned: 0
Number of malicious memory objects found: 32
Number of malicious objects cleaned: 20
Number of malicious files found: 6
Number of malicious files cleaned: 6
Scanning time: 3m 43s

Scanning system for FakeAV...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 2s

Running quick scan...
C:\Programmi\Avira\AntiVir Desktop\avguard.exe: File infected with W32/Patched.BH
C:\Programmi\Avira\AntiVir Desktop\avguard.exe: Repaired
C:\Programmi\Java\jre6\bin\jqs.exe: File infected with W32/Patched.BH
C:\Programmi\Java\jre6\bin\jqs.exe: Error opening file for write: 0x00000020
Torna in alto
 
Sponsor
Inviato: Thursday, October 13, 2011 6:47:01 PM

 
Torna in alto
 
shapiro
Inviato: Thursday, October 13, 2011 7:48:44 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

hai il rootkit.zero access, sono dolori di pancia ......

leggi qui cosa e' capace di fare
Torna in alto
 
sfigato
Inviato: Friday, October 14, 2011 9:21:25 AM
Rank: AiutAmico

Iscritto dal : 2/16/2005
Posts: 79
ieri sono riuscito a eseguire il COMBOFIX
e mi è uscita questa schermata:
combofix ha rilevato Rootkit zero access. it has inserted itself into tje tcp/ip stack...

questo è il log di combofix:

ComboFix 11-10-13.03 - sergio 13/10/2011 19.01.40.11.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.285 [GMT 2:00]
Eseguito da: D:\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {00000000-0000-0015-0000-000000000000}
AV: AntiVir Desktop *Disabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))


C:\Programmi\msn\msncorefiles\custdial.dll
C:\Programmi\msn\msncorefiles\logonmgr.dll
C:\WINDOWS\$NtUninstallKB20515$\2286132957
C:\WINDOWS\$NtUninstallKB20515$\3017088009\@
C:\WINDOWS\$NtUninstallKB20515$\3017088009\click.tlb
C:\WINDOWS\$NtUninstallKB20515$\3017088009\L\uysvtdgj
C:\WINDOWS\$NtUninstallKB20515$\3017088009\loader.tlb
C:\WINDOWS\$NtUninstallKB20515$\3017088009\U\@00000001
C:\WINDOWS\$NtUninstallKB20515$\3017088009\U\@000000c0
C:\WINDOWS\$NtUninstallKB20515$\3017088009\U\@000000cb
C:\WINDOWS\$NtUninstallKB20515$\3017088009\U\@000000cf
C:\WINDOWS\$NtUninstallKB20515$\3017088009\U\@80000000
C:\WINDOWS\$NtUninstallKB20515$\3017088009\U\@800000c0
C:\WINDOWS\$NtUninstallKB20515$\3017088009\U\@800000cb
C:\WINDOWS\$NtUninstallKB20515$\3017088009\U\@800000cf
C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
C:\WINDOWS\assembly\GAC_MSIL\desktop.ini
C:\WINDOWS\system32\
C:\WINDOWS\system32\drivers\
C:\WINDOWS\$NtUninstallKB20515$ . . . . Eliminazione Fallita

La copia infetta di C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE è stata trovata e disinfettata
ipristinata copia da - C:\System Volume Information\_restore{65D6DC6B-F321-42AB-AB8D-C64BE3F0ECC7}\RP40\A0010314.EXE

La copia infetta di C:\Programmi\Java\jre6\bin\jqs.exe è stata trovata e disinfettata
ipristinata copia da - C:\System Volume Information\_restore{65D6DC6B-F321-42AB-AB8D-C64BE3F0ECC7}\RP40\A0010315.exe

La copia infetta di C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE è stata trovata e disinfettata
ipristinata copia da - C:\System Volume Information\_restore{65D6DC6B-F321-42AB-AB8D-C64BE3F0ECC7}\RP40\A0010314.EXE

((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_b3d51c09


((((((((((((((((((((((((( Files Creati Da 2011-09-13 al 2011-10-13 )))))))))))))))))))))))))))))))))))


2011-10-13 17:16:45 . 2002-09-10 16:23:44 46080 -c--a-w- C:\WINDOWS\system32\drivers\CDANTSRV.EXE
2011-10-13 15:20:53 . 2011-10-13 15:20:53 -------- d-----w- C:\Documents and Settings\sergio\Impostazioni locali\Dati applicazioni\Norman Malware Cleaner
2011-10-13 10:54:59 . 2011-10-13 10:54:59 41272 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-10-12 17:13:30 . 2011-10-12 17:13:30 -------- d-sh--w- C:\Documents and Settings\sergio\Impostazioni locali\Dati applicazioni\b3d51c09
2011-09-14 19:55:03 . 2007-04-09 11:23:54 28040 ----a-w- C:\WINDOWS\system32\mdimon.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

2011-09-09 09:12:01 . 2004-10-08 09:30:42 603136 ----a-w- C:\WINDOWS\system32\crypt32.dll
2011-08-31 15:00:50 . 2009-12-21 12:36:37 22216 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-08-10 12:37:09 . 2011-06-28 11:50:14 4660 ----a-w- C:\WINDOWS\system32\PerfStringBackup.TMP
2011-07-29 15:38:46 . 2011-05-27 15:36:02 441344 ----a-w- C:\Programmi\cleanup.exe
2011-04-14 10:16:22 . 2011-04-14 10:16:17 17748242 ----a-w- C:\Programmi\solarc-3-setup.exe
2010-09-16 17:07:23 . 2010-09-16 16:53:59 153061304 ----a-w- C:\Programmi\OOo_3.2.1_Win_x86_install-wJRE_it.exe
2009-04-15 09:25:05 . 2009-04-15 09:24:59 5801368 ----a-w- C:\Programmi\ps2pdf995.exe
2006-12-30 14:32:38 . 2006-12-30 14:32:30 3124686 -c--a-w- C:\Programmi\arrip20.exe
2006-03-12 15:03:59 . 2006-03-12 15:03:50 3957216 ----a-w- C:\Programmi\MSASYNC.EXE
2005-05-06 03:20:56 . 2006-10-13 19:47:14 6410240 ----a-w- C:\Programmi\virtualdj.exe
2004-11-30 20:28:22 . 2004-11-30 20:28:22 2423682 ----a-w- C:\Programmi\DivX_Total_Pack2.0.exe


((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 23:25:22 401491]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 16:17:47 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 19:10:00 339968]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 14:31:02 67584]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50:42 155648]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 15:10:28 35696]
"SunJavaUpdateSched"="C:\Programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 09:43:18 248040]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2010-11-29 15:38:18 421888]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2011-03-07 13:33:40 421160]
"avgnt"="C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 11:08:52 209153]
"TkBellExe"="C:\program files\real\realplayer\update\realsched.exe" [2011-09-06 15:26:55 273528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 02:14:03 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^sergio^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.2.lnk]
path=C:\Documents and Settings\sergio\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.2.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Autodesk\\3dsMax8\\3dsmax.exe"=
"C:\\Programmi\\Autodesk\\backburner\\monitor.exe"=
"C:\\Programmi\\Autodesk\\backburner\\manager.exe"=
"C:\\Programmi\\Autodesk\\backburner\\server.exe"=
"C:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programmi\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

R2 cpwnt;cpwnt;C:\WINDOWS\system32\drivers\Cpwnt.sys [17/11/2004 16.01.43 21824]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\drivers\EAPPkt.sys [09/10/2007 14.13.00 38144]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [08/10/2004 11.31.25 190465]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [08/10/2004 11.31.25 5817]
R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\drivers\PRISMA00.sys [08/10/2004 11.34.04 388448]
S2 gupdate;Servizio di Google Update (gupdate);C:\Programmi\Google\Update\GoogleUpdate.exe [03/02/2010 20.35.41 135664]
S2 KeyP;KeyP;C:\WINDOWS\system32\DRIVERS\KeyP.sys --> C:\WINDOWS\system32\DRIVERS\KeyP.sys [?]
S3 gupdatem;Servizio Google Update (gupdatem);C:\Programmi\Google\Update\GoogleUpdate.exe [03/02/2010 20.35.41 135664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [04/08/2010 12.42.47 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [04/08/2010 12.42.48 8320]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\drivers\wg111v3.sys [28/12/2007 16.02.12 287232]

Contenuto della cartella 'Scheduled Tasks'

2011-10-13 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Programmi\Google\Update\GoogleUpdate.exe [2010-02-03 18:35:41 . 2010-02-03 18:35:33]

2011-10-13 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Programmi\Google\Update\GoogleUpdate.exe [2010-02-03 18:35:41 . 2010-02-03 18:35:33]

2011-10-13 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3116029348-4207113801-411729504-1007.job
- C:\Programmi\Real\RealUpgrade\realupgrade.exe [2011-08-11 13:22:56 . 2011-08-11 13:22:56]

2011-10-13 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3116029348-4207113801-411729504-1007.job
- C:\Programmi\Real\RealUpgrade\realupgrade.exe [2011-08-11 13:22:56 . 2011-08-11 13:22:56]


------- Scansione supplementare -------

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search - C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward &Links - C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
TCP: Interfaces\{4132FEEA-2767-4033-B1F7-2FCB06C63BF0}: NameServer = 151.99.125.1

- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-28706508.sys
SafeBoot-64140333.sys


datemi una mano please.
grazie mille
Torna in alto
 
sfigato
Inviato: Friday, October 14, 2011 9:26:40 AM
Rank: AiutAmico

Iscritto dal : 2/16/2005
Posts: 79
ho visto che c'è un antizeroaccess.exe
cosa devo fare...???
Torna in alto
 
shapiro
Inviato: Friday, October 14, 2011 11:10:12 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

il fatto che sei riuscito ad eseguire combofix vuol dire molto solitamente zero access lo blocca

scarica antizeroaccess scegli Y e avvia la scansione

una volta terminata rieseguila e posta i due rapporti

scarica TDSSKiller sul desktop

Estrai i dati in una cartella e fai doppio clik su TDSSKiller.exe
clicca su "Start Scan"
Se trova qualche infezione di default avrai l'opzione "Cure" per cui, clicca su "Continue".
Per eliminare le infezioni trovate, si deve necessariamente riavviare il pc.
Posta il log che trovi in C:\

sono tre log, due di antizero access e uno di tds killer

cerca di allegarli qui non copiarli
Torna in alto
 
sfigato
Inviato: Friday, October 14, 2011 11:24:40 AM
Rank: AiutAmico

Iscritto dal : 2/16/2005
Posts: 79
nel frattempo ho disattivato il ripristino di sistema e ho riavviato in modalità provvisoria per fare un'altra scansione con Combofix.
ora procedo con quello che mi hai consigliato di fare e posto i log come allegati.
many thanks...!!!!
Torna in alto
 
shapiro
Inviato: Friday, October 14, 2011 11:44:34 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
a proposito, rimuovi avira oramai l'infezione lo ha messo fuori uso

Installa Ccleaner

ccleaner

durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia''


clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.

scarica ATF CLEANER

non ha bisogno di installazione

Avvia ATF Cleaner.exe con un doppio click
- clicca sul menu main
- seleziona la casella Select All
- clicca sul pulsante Empty selected
- aspetta l'avviso Done Cleaning.
(se non vuoi eliminare le password togli la spunta)
(se usi opera o firefox,spunta anche le loro sezioni)

reinstalla avira pulito scaricalo da qui
Torna in alto
 
sfigato
Inviato: Friday, October 14, 2011 11:47:04 AM
Rank: AiutAmico

Iscritto dal : 2/16/2005
Posts: 79
ecco i file

http://www.mediafire.com/?7u232q2u626xsmw

http://www.mediafire.com/?bj0a4oxt3wj3kbr

http://www.mediafire.com/?6ob3yyj9hiknnhf

fammi sapere...grazie mille per il momento.
ciao sergio.!!!
Torna in alto
 
shapiro
Inviato: Friday, October 14, 2011 11:54:41 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
una cortesia sfigato, segui le scansioni che ti propongo

ti avevo detto di eseguire un secondo passaggio con antizero access e tu mi riesegui combofix

riesegui antizero access se ti propone di eliminare qualche infezione , fallo

fammi anche questo controllo

riesegui Norman Malware Cleaner esegui una scansione del pc, alla fine allega i due log
Torna in alto
 
sfigato
Inviato: Friday, October 14, 2011 12:09:03 PM
Rank: AiutAmico

Iscritto dal : 2/16/2005
Posts: 79
ho fatto ben 3 scansione con antizero access, il programma le ha messe tutte e tre di seguito nello stesso log.
hai visto...???
il log di combofix che ho allegato è quello che avevo fatto subito prima di quelle che mi hai consigliato di fare !!!
il log di tdss killer va bene...???
adesso ho fatto il passaggio con cc cleaner... e devo fare quello con atf cleaner...
un momento non vado a velocità della luce anche perchè ho problemi a disinstallare AVIRA...
WAIT.... DOPO RIFACCIO ANTIZERO ACCESS E POI ESEGUO IL NORMAN..!!!
many thanks...un attimo!!!
Torna in alto
 
shapiro
Inviato: Friday, October 14, 2011 12:14:15 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
fai tutto con calma, ci troviamo alla fine della scansione con norman
Torna in alto
 
sfigato
Inviato: Friday, October 14, 2011 1:10:33 PM
Rank: AiutAmico

Iscritto dal : 2/16/2005
Posts: 79
ho fatto tutto:
tdss killer mi ha trovato qualcosa, ho pulito e riavviato:
ecco il log
http://www.mediafire.com/?ckpztawr2a8b0at

antiZero access ecco il log:
http://www.mediafire.com/?txv684dazawz4ji

e poi ho eseguito il norman... ecco il log:
http://www.mediafire.com/?d1bze658662r0wd

il norman mi ha trovato 3 malware che mi ha messo nella schermata quarantena...che devo fare?? spuntare e fare delete...???

sono riuscito a rimuovere avira e ho installato di nuovo la versione pulita e l'ho aggiornata.
fammi sapere, grazie mille...!!!
Torna in alto
 
shapiro
Inviato: Friday, October 14, 2011 2:24:17 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


hai cliccato ''cure'' su tds killer?

ora da start / esegui scrivi MRT e dai ok, scegli la scansione completa e rimuovi quello che trova
Torna in alto
 
sfigato
Inviato: Friday, October 14, 2011 5:09:44 PM
Rank: AiutAmico

Iscritto dal : 2/16/2005
Posts: 79
yes, con tdss killer avevo digitato cure e poi mi ha fatto riavviare.
dopo tutto ho fatto una scansione con avira , ecco il log.



Avira AntiVir Personal
Data del file di report: venerdì 14 ottobre 2011 13:48

Ricerca di 3392931 virus e programmi indesiderati.

Il programma funziona come versione completa e illimitata.
I servizi online sono disponibili.

Concesso in licenza a : Avira AntiVir Personal - Free Antivirus
Numero di serie : 0000149996-ADJIE-0000001
Piattaforma : Windows XP
Versione di Windows : (Service Pack 3) [5.1.2600]
Modalità di avvio : Booting eseguito regolarmente
Nome utente : SYSTEM
Nome computer : SERGIO

Informazioni sulla versione:
BUILD.DAT : 10.2.0.98 35933 Bytes 26/07/2011 11:55:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 21/07/2011 10:24:39
AVSCAN.DLL : 10.0.5.0 55144 Bytes 21/07/2011 10:26:15
LUKE.DLL : 10.3.0.5 45416 Bytes 21/07/2011 10:25:43
LUKERES.DLL : 10.0.0.0 13160 Bytes 16/02/2010 08:15:20
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 21/07/2011 10:24:39
AVREG.DLL : 10.3.0.9 90472 Bytes 21/07/2011 10:24:31
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 05:56:40
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 05:56:41
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07/04/2011 10:25:54
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31/05/2011 10:25:56
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07/07/2011 10:25:57
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16/08/2011 10:34:42
VBASE007.VDF : 7.11.15.106 2389504 Bytes 05/10/2011 10:34:50
VBASE008.VDF : 7.11.15.107 2048 Bytes 05/10/2011 10:34:50
VBASE009.VDF : 7.11.15.108 2048 Bytes 05/10/2011 10:34:50
VBASE010.VDF : 7.11.15.109 2048 Bytes 05/10/2011 10:34:50
VBASE011.VDF : 7.11.15.110 2048 Bytes 05/10/2011 10:34:50
VBASE012.VDF : 7.11.15.111 2048 Bytes 05/10/2011 10:34:50
VBASE013.VDF : 7.11.15.144 161792 Bytes 07/10/2011 10:34:51
VBASE014.VDF : 7.11.15.177 130048 Bytes 10/10/2011 10:34:51
VBASE015.VDF : 7.11.15.213 113664 Bytes 11/10/2011 10:34:51
VBASE016.VDF : 7.11.15.214 2048 Bytes 11/10/2011 10:34:51
VBASE017.VDF : 7.11.15.215 2048 Bytes 11/10/2011 10:34:52
VBASE018.VDF : 7.11.15.216 2048 Bytes 11/10/2011 10:34:52
VBASE019.VDF : 7.11.15.217 2048 Bytes 11/10/2011 10:34:52
VBASE020.VDF : 7.11.15.218 2048 Bytes 11/10/2011 10:34:52
VBASE021.VDF : 7.11.15.219 2048 Bytes 11/10/2011 10:34:52
VBASE022.VDF : 7.11.15.220 2048 Bytes 11/10/2011 10:34:52
VBASE023.VDF : 7.11.15.221 2048 Bytes 11/10/2011 10:34:52
VBASE024.VDF : 7.11.15.222 2048 Bytes 11/10/2011 10:34:52
VBASE025.VDF : 7.11.15.223 2048 Bytes 11/10/2011 10:34:52
VBASE026.VDF : 7.11.15.224 2048 Bytes 11/10/2011 10:34:53
VBASE027.VDF : 7.11.15.225 2048 Bytes 11/10/2011 10:34:53
VBASE028.VDF : 7.11.15.226 2048 Bytes 11/10/2011 10:34:53
VBASE029.VDF : 7.11.15.227 2048 Bytes 11/10/2011 10:34:53
VBASE030.VDF : 7.11.15.228 2048 Bytes 11/10/2011 10:34:53
VBASE031.VDF : 7.11.15.253 139264 Bytes 14/10/2011 10:34:53
Motore : 8.2.6.84
AEVDF.DLL : 8.1.2.1 106868 Bytes 21/04/2011 05:56:09
AESCRIPT.DLL : 8.1.3.81 467322 Bytes 14/10/2011 10:35:03
AESCN.DLL : 8.1.7.2 127349 Bytes 21/04/2011 05:56:08
AESBX.DLL : 8.2.1.34 323957 Bytes 21/07/2011 10:23:45
AERDL.DLL : 8.1.9.15 639348 Bytes 14/10/2011 10:35:02
AEPACK.DLL : 8.2.10.11 684408 Bytes 14/10/2011 10:35:02
AEOFFICE.DLL : 8.1.2.15 201083 Bytes 14/10/2011 10:35:00
AEHEUR.DLL : 8.1.2.180 3748217 Bytes 14/10/2011 10:34:59
AEHELP.DLL : 8.1.17.7 254327 Bytes 14/10/2011 10:34:55
AEGEN.DLL : 8.1.5.9 401780 Bytes 14/10/2011 10:34:55
AEEMU.DLL : 8.1.3.0 393589 Bytes 21/04/2011 05:55:57
AECORE.DLL : 8.1.23.0 196983 Bytes 14/10/2011 10:34:54
AEBB.DLL : 8.1.1.0 53618 Bytes 21/04/2011 05:55:57
AVWINLL.DLL : 10.0.0.0 19304 Bytes 21/04/2011 05:56:18
AVPREF.DLL : 10.0.3.2 44904 Bytes 21/07/2011 10:24:28
AVREP.DLL : 10.0.0.10 174120 Bytes 21/07/2011 10:24:31
AVARKT.DLL : 10.0.26.1 255336 Bytes 21/07/2011 10:24:06
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 21/07/2011 10:24:23
SQLITE3.DLL : 3.6.19.0 355688 Bytes 21/07/2011 13:12:33
AVSMTP.DLL : 10.0.0.17 63848 Bytes 21/04/2011 05:56:17
NETNT.DLL : 10.0.0.0 11624 Bytes 21/04/2011 05:56:31
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 21/07/2011 10:26:21
RCTEXT.DLL : 10.0.64.0 99176 Bytes 21/07/2011 10:26:21

Impostazioni di configurazione per la scansione attuale:
Nome del job................................: Scansione completa del sistema
File di configurazione......................: c:\programmi\avira\antivir desktop\sysscan.avp
Report......................................: standard
Azione primaria.............................: interattivo
Azione secondaria...........................: ignora
Scansione dei record master di avvio........: Attivo
Scansiona record di avvio...................: Attivo
Record di avvio.............................: C:,
Scansione dei programmi attivi..............: Attivo
Processo esteso di scansione................: Attivo
Scansiona la registrazione..................: Attivo
Cerca Rootkits..............................: Attivo
Controllo di integrità dei file di sistema..: Non attivo
Modalità di scansione file..................: Tutti i file
Scansione degli archivi.....................: Attivo
Limita la profondità di ricorsione..........: 20
Archivio estensioni Smart...................: Attivo
Macro euristico.............................: Attivo
File euristico..............................: avanzato

Avvio della scansione: venerdì 14 ottobre 2011 13:48

È stata avviata la scansione per accertare la presenza di oggetti nascosti.

La scansione dei processi in esecuzione verrà avviata:
Scansione processo 'rsmsink.exe' - '30' modulo(i) scansionato(i)
Scansione processo 'msdtc.exe' - '42' modulo(i) scansionato(i)
Scansione processo 'dllhost.exe' - '62' modulo(i) scansionato(i)
Scansione processo 'dllhost.exe' - '47' modulo(i) scansionato(i)
Scansione processo 'vssvc.exe' - '50' modulo(i) scansionato(i)
Scansione processo 'avscan.exe' - '69' modulo(i) scansionato(i)
Scansione processo 'avcenter.exe' - '63' modulo(i) scansionato(i)
Scansione processo 'wuauclt.exe' - '38' modulo(i) scansionato(i)
Scansione processo 'alg.exe' - '35' modulo(i) scansionato(i)
Scansione processo 'ctfmon.exe' - '27' modulo(i) scansionato(i)
Scansione processo 'WCESCOMM.EXE' - '37' modulo(i) scansionato(i)
Scansione processo 'avgnt.exe' - '55' modulo(i) scansionato(i)
Scansione processo 'realsched.exe' - '27' modulo(i) scansionato(i)
Scansione processo 'QTTask.exe' - '19' modulo(i) scansionato(i)
Scansione processo 'jusched.exe' - '21' modulo(i) scansionato(i)
Scansione processo 'SOUNDMAN.EXE' - '27' modulo(i) scansionato(i)
Scansione processo 'atiptaxx.exe' - '35' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '41' modulo(i) scansionato(i)
Scansione processo 'slserv.exe' - '7' modulo(i) scansionato(i)
Scansione processo 'avshadow.exe' - '26' modulo(i) scansionato(i)
Scansione processo 'jqs.exe' - '31' modulo(i) scansionato(i)
Scansione processo 'CDANTSRV.EXE' - '9' modulo(i) scansionato(i)
Scansione processo 'avguard.exe' - '54' modulo(i) scansionato(i)
Scansione processo 'Explorer.EXE' - '132' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '36' modulo(i) scansionato(i)
Scansione processo 'sched.exe' - '47' modulo(i) scansionato(i)
Scansione processo 'spoolsv.exe' - '76' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '39' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '34' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '32' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '169' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '40' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '55' modulo(i) scansionato(i)
Scansione processo 'lsass.exe' - '60' modulo(i) scansionato(i)
Scansione processo 'services.exe' - '36' modulo(i) scansionato(i)
Scansione processo 'winlogon.exe' - '70' modulo(i) scansionato(i)
Scansione processo 'csrss.exe' - '12' modulo(i) scansionato(i)
Scansione processo 'smss.exe' - '2' modulo(i) scansionato(i)

Avvio della scansione dei record master di avvio:
Record master di avvio dell'Hard Disk 0
[INFO] Nessun virus è stato trovato!

Avvio della scansione dei record di avvio:
Record di avvio 'C:\'
[INFO] Nessun virus è stato trovato!

Avvio della scansione dei file eseguibili (registro):
Il registro è stato scansionato ( 1245 file ).


Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\' <67_04_42>
C:\Documents and Settings\sergio\Impostazioni locali\Dati applicazioni\b3d51c09\U\80000000.@
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.ZAccess.A
C:\Qoobox\Quarantine\C\Programmi\Java\jre6\bin\jqs.exe.vir
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Kazy.25211.4
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\CDANTSRV.EXE.vir
[RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A

Avvio della disinfezione:
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\CDANTSRV.EXE.vir
[RILEVAMENTO] Contiene il modello di rilevamento del virus Windows W32/PatchLoad.A
[NOTA] Il file è stato spostato in quarantena con il nome '4449e8ab.qua'!
C:\Qoobox\Quarantine\C\Programmi\Java\jre6\bin\jqs.exe.vir
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Kazy.25211.4
[NOTA] Il file è stato spostato in quarantena con il nome '5d0cc759.qua'!
C:\Documents and Settings\sergio\Impostazioni locali\Dati applicazioni\b3d51c09\U\80000000.@
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.ZAccess.A
[NOTA] Il file è stato spostato in quarantena con il nome '0e909df1.qua'!


Fine della scansione: venerdì 14 ottobre 2011 16:49
Tempo impiegato: 2:03:09 Ora(e)

La scansione è stata completamente eseguita.

9094 Directory scansionate
651602 I file sono stati scansionati
3 Rilevati virus e/o programmi indesiderati
0 I file sono stati classificati come sospetti
0 I file sono stati eliminati
0 I virus o i programmi indesiderati sono stati riparati
3 File spostati in quarantena
0 File rinominati
0 Impossibile scansionare i file
651599 File non infetti
9395 Archivi scansionati
0 Avvisi
3 Note
687872 Oggetti scansionati durante la scansione dei rootkit
0 Sono stati rilevati oggetti nascosti

adesso ha 3 file in quarantena. li elimino..???
ora procedo con l'esecuzione di MRT.
thanks.
Torna in alto
 
shapiro
Inviato: Friday, October 14, 2011 9:29:29 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


si eliminali e fai la scansione come ti ho detto start/esegui -> mrt
Torna in alto
 
sfigato
Inviato: Monday, October 17, 2011 5:38:28 PM
Rank: AiutAmico

Iscritto dal : 2/16/2005
Posts: 79
ho fatto tutto quello che mi hai detto!!!
ho rifatto una scansione con la versione aggiornata di avira e mi avevo trovato un altro trojan,
adesso come problema ho che non mi si aprono dei programmi, non riesco ad installare hijack e nella lista dei programmi
che vedo dal menu di start mi mancano tutti i collegamenti affinchè possa aprire i programmi.
cosa posso fare per ripristinarli...????
Torna in alto
 
shapiro
Inviato: Monday, October 17, 2011 5:43:12 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
quali sono i programmi che non si aprono? potrebbero essere corrotti
Torna in alto
 
sfigato
Inviato: Monday, October 17, 2011 7:09:34 PM
Rank: AiutAmico

Iscritto dal : 2/16/2005
Posts: 79
oggi ad es. non mi si apre autocad 2008,
mentre nella lista programmi a cui si accede dallo start, c'è tutto l'elenco dei programmi
ma dopo il collegamento è vuoto.
devo rinstallare autocad...???
chi e cosa me lo avrebbe corrotto...????
Torna in alto
 
shapiro
Inviato: Monday, October 17, 2011 7:12:42 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


l'infezione del rootkit zero access infetta driver di sistema, ti conviene reinstallare tutto pulito
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » datemi un aiuto per favore...!!!


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.