Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Boot.tidserv e MBR - che incubo !

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Boot.tidserv e MBR - che incubo !

Messaggioda ferrux » lun gen 02, 2012 11:47 am

Ciao
a tutti, ho un problema con questo rootkit malefico, il pc è un HP desktop Pavilion A1209.IT con Windows XP Home ita e Norton 360.

Ad ogni boot del pc, Norton mi che c'e' in memoria boot.tidserv e se voglio provvedere a rimuoverlo nella tendina delle azioni,
il virus sembra stordito fino al prossimo boot dove si ripresenta di nuovo con il solito messaggio Norton.

Ho già provato Combofix che ha fatto tutte i suoi passaggi, compreso il reset del pc, la procedura è andata a buon fine ma non ha risolto nulla,
ho provato anche altri tool tipo Gmer, Tddsfix, TDSSKiller ma al momento non è ancora risolto.

Con una live distro e gparted ho rimosso la partizione hidden creata dal virus ma al momento al boot l'incubo continua.

Qui ci sono alcune schermate del virus e della precedente partizione nascosta:
https://picasaweb.google.com/1091751262 ... BOOTVIRUS#

Prima ancora che rimuovessi la partizione nascosta con gparted, questo era il log:

aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-26 15:33:08
-----------------------------
15:33:08.109 OS Version: Windows 5.1.2600 Service Pack 3
15:33:08.109 Number of processors: 1 586 0x2F02
15:33:08.109 ComputerName: NOME-80B5784770 UserName: HP_Proprietario
15:33:11.843 Initialize success
15:33:39.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:33:39.484 Disk 0 Vendor: ST3200826AS 3.03 Size: 190782MB BusType: 3
15:33:41.500 Disk 0 MBR read successfully
15:33:41.500 Disk 0 MBR scan
15:33:41.500 Disk 0 unknown MBR code
15:33:41.500 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 6142 MB offset 63
15:33:41.515 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 184629 MB offset 12579840
15:33:41.531 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10 MB offset 390700800
15:33:41.546 Disk 0 malicious Win32:MBRoot code @ sector 61 !
15:33:42.015 Disk 0 scanning C:\WINDOWS\system32\drivers
15:33:51.468 Service scanning
15:33:52.968 Modules scanning
15:34:07.046 Scan finished successfully
15:35:39.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Proprietario\Desktop\MBR.dat"
15:35:39.812 The log file has been saved successfully to "C:\Documents and Settings\HP_Proprietario\Desktop\aswMBR.txt"

--- questa è la situazione dopo la rimozione della partizione nascosta

aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-28 18:25:43
-----------------------------
18:25:43.921 OS Version: Windows 5.1.2600 Service Pack 3
18:25:43.921 Number of processors: 1 586 0x2F02
18:25:43.921 ComputerName: NOME-80B5784770 UserName: HP_Proprietario
18:25:45.859 Initialize success
18:26:03.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:26:03.843 Disk 0 Vendor: ST3200826AS 3.03 Size: 190782MB BusType: 3
18:26:05.890 Disk 0 MBR read successfully
18:26:05.890 Disk 0 MBR scan
18:26:05.890 Disk 0 unknown MBR code
18:26:05.937 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 6142 MB offset 63
18:26:05.968 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 184629 MB offset 12579840
18:26:06.000 Disk 0 scanning sectors +390700800
18:26:06.109 Disk 0 scanning C:\WINDOWS\system32\drivers
18:26:27.515 Service scanning
18:26:28.765 Modules scanning
18:26:46.093 Scan finished successfully
18:26:54.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Proprietario\Desktop\MBR.dat"
18:26:54.406 The log file has been saved successfully to "C:\Documents and Settings\HP_Proprietario\Desktop\aswMBR.txt"
---


EDIT by developerwinme: Inserito tag MEMO

Sul pc infetto per una serie di motivi, non è più disponibile il software per creare i dischi di ripristino xp, tuttavia in ufficio mi sono fatto prestare un cd genuino con Windows XP Pro ita, secondo voi ...se faccio il boot da questo cd e dalla rcovery console faccio fixboot e fixmbr potrebbe risolvere ? Oppure trattandosi di due versioni differenti ( XP Home nel pc ,XP Pro nel cd) le operazioni fixboot e fixmbr potrebbero non funzionare e crearmi ulteriori problemi ? Fino ad ora la procedura fixboot e fixmbr l'ho solo testata nella recovery console al boot del pc e quindi da hard disk, e quindi immagino che il boot sia infetto in questa sessione e infatti non hanno risolto.

Qui nel forum, leggendo un altro intervento dove si parlata di 'MBR messo male',
ho visto un'altra procedura con live distro di un BOOT con GRUB e fix del MBR, in questo caso viene sovrascritto il boot con quello dual di Linux ?

Secondo voi come dovrei procedere ? scusate ma sono alla frutta, non so più in quale muro sbattere la testa :-)
Grazie del vs. supporto e complimenti per il sito, davvero bello !

Ferrrux
Avatar utente
ferrux
Aficionado
Aficionado
 
Messaggi: 55
Iscritto il: gio dic 29, 2011 11:41 pm

Re: Boot.tidserv e MBR - che incubo !

Messaggioda VincenzoGTA » lun gen 02, 2012 12:28 pm

Come prima cosa fai un controllo con il rescue disk di GData: dopo averlo scaricato lo masterizzi ed esegui il boot da questo cd, aggiorni le definizioni e scansioni

Poi segui quest'articolo, e posta il settore 0 del disco fisico (hard disk 1) a tutto schermo di modo che si veda tutta la finestra del programma e l'intero settore

ho visto un'altra procedura con live distro di un BOOT con GRUB e fix del MBR, in questo caso viene sovrascritto il boot con quello dual di Linux ?


C' è la possibilità che il rootkit abbia modificato il settore zero del disco, una volta ripulito l' hard disk potrebbe essere necessario
il disco d' installazione di windows o altra utility esterna tipo il Super Grub Disk per poter fixare e ripristinare il MBR

ad ogni modo, attieniti ai suggerimenti che ti vengono dati di volta in volta ed evita iniziative tue se non sai cosa stai facendo [;)]
Avatar utente
VincenzoGTA
Bronze Member
Bronze Member
 
Messaggi: 673
Iscritto il: mar ott 25, 2011 11:17 am

Re: Boot.tidserv e MBR - che incubo !

Messaggioda ferrux » lun gen 02, 2012 12:36 pm

Grazie 1000 ! faro e seguirò tutto :-)
ciao
Avatar utente
ferrux
Aficionado
Aficionado
 
Messaggi: 55
Iscritto il: gio dic 29, 2011 11:41 pm


Re: Boot.tidserv e MBR - che incubo !

Messaggioda hashcat » lun gen 02, 2012 1:09 pm

Tidserv per funzionare utilizza:

  • MBR Modificato
  • Driver malevolo
  • Partizione nascosta
  • Memorizza nei settori finali in forma criptata una copia delle componenti backdoor e della propria configurazione

Per rimuoverlo completamente bisogna prima accertarsi che il driver sia stato rimosso, poi eliminare la partizione nascosta, pulire i settori incriminati ed infine impartire il comando fixmbr.

Potresti postare i log delle precedenti scansioni/pulizie?

[grazie]

P.S.: Puoi eseguire tranquillamente il fixmbr - fixboot da CD (Ma solo dopo aver terminato la pulizia)

P.S.2: Benvenuto su [MLI]
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: Boot.tidserv e MBR - che incubo !

Messaggioda developerwinme » lun gen 02, 2012 1:24 pm

hashcat ha scritto:Potresti postare i log delle precedenti scansioni/pulizie?

@ferrux: Ti chiedo di utilizzare il tag MEMO per postare altri log o stralci di testo particolarmente lunghi. Grazie. [;)]

Buon proseguimento. [ciao]
PC: ASUS X53S (Intel Core i7-2670QM 2.20 Ghz, RAM 8 GB, NVIDIA GeForce GT520MX, Windows 8 Pro)
Mobile: Nokia Lumia 710 (CPU 1,4 Ghz, RAM 512 MB, Windows Phone 7.8)
--
developerwinme.wordpress.com
Avatar utente
developerwinme
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5014
Iscritto il: mar dic 30, 2008 7:00 pm
Località: Como

Re: Boot.tidserv e MBR - che incubo !

Messaggioda Uomo_Senza_Sonno » lun gen 02, 2012 1:25 pm

Ciao e benvenuto su MegaLab.it, veniamo subito al tuo problema:

ferrux ha scritto:Ad ogni boot del pc, Norton mi che c'e' in memoria boot.tidserv e se voglio provvedere a rimuoverlo nella tendina delle azioni,
il virus sembra stordito fino al prossimo boot dove si ripresenta di nuovo con il solito messaggio Norton.

Questo è del tutto normale in quanto l'antivirus non riesce ad eliminare il rootkit, ma lo segnala semplicemente ad ogni avvio. Qualsiasi antivirus è operativo solo all'interno del filesystem, mentre all'esterno può solo segnalare qualcosa che non va. I rootkit, poichè cercano di rendersi invisibili ai tools di sicurezza, rimangono fuori dal filesystem, e questo rende più complicato eliminarli, ma anche per questo c'è sempre una soluzione (quella dell'articolo precedentemente segnalato)

ferrux ha scritto:Con una live distro e gparted ho rimosso la partizione hidden creata dal virus ma al momento al boot l'incubo continua.

Questa mi è davvero nuova, quella piccola partizione di circa 10 mega dovrebbe essere una parte di settori che normalmente non sono partizionati, esterni al filesystem, e di conseguenza dove dovrebbe insediarsi l'infezione. Mai vista prima d'ora.

ferrux ha scritto: secondo voi ...se faccio il boot da questo cd e dalla rcovery console faccio fixboot e fixmbr potrebbe risolvere ?

Qualsiasi cd di windows utilizzi, se avvi la console di ripristino e dai i comandi fixboot e fixmbr ripristini solo il settore 0, ma la situazione degli altri settori non cambierà di una virgola, per eliminare tutto dobbiamo utilizzare un editor esadecimale per dischi.

ferrux ha scritto:ho visto un'altra procedura con live distro di un BOOT con GRUB e fix del MBR, in questo caso viene sovrascritto il boot con quello dual di Linux ?

Per ripristinare il MBR ci sono tanti metodi, ma se hai da parte un cd di windows meglio utilizzarlo [^]

Dopo aver fatto un controllo con il rescue disk di Gdata (per aggiornare le definizioni devi utilizzare una connessione diretta con il cavo), posta il settore 0 come già detto (posta un'immagine della finestra del programma a tutto schermo, di modo che si possano vedere bene gli estremi del settore)
Grazie per tutto Zane

conosciamo l'1% delle leggi che governano l'universo, le altre non le abbiamo ancora comprese a fondo o addirittura nemmeno intuite
Avatar utente
Uomo_Senza_Sonno
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3255
Iscritto il: gio feb 07, 2008 9:00 am
Località: http://turbolab.it

Re: Boot.tidserv e MBR - che incubo !

Messaggioda ferrux » lun gen 02, 2012 6:59 pm

developerwinme ha scritto:
hashcat ha scritto:Potresti postare i log delle precedenti scansioni/pulizie?

@ferrux: Ti chiedo di utilizzare il tag MEMO per postare altri log o stralci di testo particolarmente lunghi. Grazie. [;)]

Buon proseguimento. [ciao]



Grazie stasera posto gli ultimi log che ho a disposizione :-) e domani appeno posso andare sul pc infetto mando il resto,
devo trovare il programmino per salvare la traccia 0 e vedere come usarlo ma penso sarò facile :-)

Ciao !
Avatar utente
ferrux
Aficionado
Aficionado
 
Messaggi: 55
Iscritto il: gio dic 29, 2011 11:41 pm

Re: Boot.tidserv e MBR - che incubo !

Messaggioda ferrux » lun gen 02, 2012 7:13 pm

Uomo_Senza_Sonno ha scritto:Ciao e benvenuto su MegaLab.it, veniamo subito al tuo problema:

ferrux ha scritto:Ad ogni boot del pc, Norton mi che c'e' in memoria boot.tidserv e se voglio provvedere a rimuoverlo nella tendina delle azioni,
il virus sembra stordito fino al prossimo boot dove si ripresenta di nuovo con il solito messaggio Norton.

Questo è del tutto normale in quanto l'antivirus non riesce ad eliminare il rootkit, ma lo segnala semplicemente ad ogni avvio. Qualsiasi antivirus è operativo solo all'interno del filesystem, mentre all'esterno può solo segnalare qualcosa che non va. I rootkit, poichè cercano di rendersi invisibili ai tools di sicurezza, rimangono fuori dal filesystem, e questo rende più complicato eliminarli, ma anche per questo c'è sempre una soluzione (quella dell'articolo precedentemente segnalato)

ferrux ha scritto:Con una live distro e gparted ho rimosso la partizione hidden creata dal virus ma al momento al boot l'incubo continua.

Questa mi è davvero nuova, quella piccola partizione di circa 10 mega dovrebbe essere una parte di settori che normalmente non sono partizionati, esterni al filesystem, e di conseguenza dove dovrebbe insediarsi l'infezione. Mai vista prima d'ora.

ferrux ha scritto: secondo voi ...se faccio il boot da questo cd e dalla rcovery console faccio fixboot e fixmbr potrebbe risolvere ?

Qualsiasi cd di windows utilizzi, se avvi la console di ripristino e dai i comandi fixboot e fixmbr ripristini solo il settore 0, ma la situazione degli altri settori non cambierà di una virgola, per eliminare tutto dobbiamo utilizzare un editor esadecimale per dischi.

ferrux ha scritto:ho visto un'altra procedura con live distro di un BOOT con GRUB e fix del MBR, in questo caso viene sovrascritto il boot con quello dual di Linux ?

Per ripristinare il MBR ci sono tanti metodi, ma se hai da parte un cd di windows meglio utilizzarlo [^]

Dopo aver fatto un controllo con il rescue disk di Gdata (per aggiornare le definizioni devi utilizzare una connessione diretta con il cavo), posta il settore 0 come già detto (posta un'immagine della finestra del programma a tutto schermo, di modo che si possano vedere bene gli estremi del settore)


---

Per la partizione rimossa, non erano megabyte non allocati, e quindi partizionabili ma era proprio con flag hidde, non so cosa ci fosse scritto dentro
ma immagino poco di buono :-)

---

Ho creato il cd G-DATA ed eseguito il boot e sono arrivato senza problemi al menu principale, sono connesso al router Cisco Lynksys via cavo ethernet ma poi mi chiede dati proxy e non so andare avanti, e non aggiorna le firme virus, è successo anche a voi ?

Ciao
a
Avatar utente
ferrux
Aficionado
Aficionado
 
Messaggi: 55
Iscritto il: gio dic 29, 2011 11:41 pm

Re: Boot.tidserv e MBR - che incubo !

Messaggioda ferrux » lun gen 02, 2012 8:14 pm

Ecco l'ultimo GMER prodotto, l'ho inserito all'interno dei campi memo, spero vada bene:

---- System - GMER 1.0.15 ----

SSDT 86B13610 ZwAlertResumeThread
SSDT 86B14DF0 ZwAlertThread
SSDT 86B16380 ZwAllocateVirtualMemory
SSDT 86BB45D8 ZwAssignProcessToJobObject
SSDT 86BD9218 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF3DDB710]
SSDT 86681748 ZwCreateMutant
SSDT 86A10D30 ZwCreateSymbolicLinkObject
SSDT 86B1D2F8 ZwCreateThread
SSDT 86C8F278 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF3DDB990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF3DDBEF0]
SSDT 86B2CD68 ZwDuplicateObject
SSDT 86B435E0 ZwFreeVirtualMemory
SSDT 86B115D0 ZwImpersonateAnonymousToken
SSDT 86B13478 ZwImpersonateThread
SSDT 86E94158 ZwLoadDriver
SSDT 86B1CD08 ZwMapViewOfSection
SSDT 86B10FD0 ZwOpenEvent
SSDT 869FB248 ZwOpenProcess
SSDT 86B365F8 ZwOpenProcessToken
SSDT 86CBD498 ZwOpenSection
SSDT 86B277D0 ZwOpenThread
SSDT 86BDD990 ZwProtectVirtualMemory
SSDT 8667C140 ZwResumeThread
SSDT 8667B4A8 ZwSetContextThread
SSDT 86B02780 ZwSetInformationProcess
SSDT 86CBD460 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF3DDC140]
SSDT 86B0ECD0 ZwSuspendProcess
SSDT 8667BC40 ZwSuspendThread
SSDT 86B43590 ZwTerminateProcess
SSDT 86A13468 ZwTerminateThread
SSDT 86B2F110 ZwUnmapViewOfSection
SSDT 86B5B148 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS Impossibile trovare il file specificato. !
? SYMEFA.SYS Impossibile trovare il file specificato. !

---- User code sections -
Avatar utente
ferrux
Aficionado
Aficionado
 
Messaggi: 55
Iscritto il: gio dic 29, 2011 11:41 pm

Re: Boot.tidserv e MBR - che incubo !

Messaggioda ferrux » lun gen 02, 2012 8:17 pm

ecco l'ultimo Old timer log, OTL:

here is the OTL
---
OTL logfile created on: 28/12/2011 20.27.47 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Proprietario\Desktop\VIRUS\PROGRAMMI
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1022,48 Mb Total Physical Memory | 309,20 Mb Available Physical Memory | 30,24% Memory free
2,40 Gb Paging File | 1,52 Gb Available in Paging File | 63,15% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 180,30 Gb Total Space | 90,61 Gb Free Space | 50,26% Space Free | Partition Type: NTFS
Drive D: | 5,99 Gb Total Space | 2,35 Gb Free Space | 39,17% Space Free | Partition Type: FAT32

Computer Name: NOME-80B5784770 | User Name: HP_Proprietario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/26 15.26.57 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programmi\Mozilla Firefox\firefox.exe
PRC - [2011/12/25 00.37.54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Proprietario\Desktop\VIRUS\PROGRAMMI\OTL.exe
PRC - [2011/12/24 17.50.18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/10/14 07.01.48 | 000,399,416 | ---- | M] (Secunia) -- C:\Programmi\Secunia\PSI\sua.exe
PRC - [2011/08/12 00.38.07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programmi\SUPERAntiSpyware\SASCore.exe
PRC - [2011/04/17 01.45.11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Programmi\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2010/01/19 14.24.08 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008/04/14 03.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/26 15.26.57 | 002,124,760 | ---- | M] () -- C:\Programmi\Mozilla Firefox\mozjs.dll
MOD - [2011/12/05 21.06.32 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/12 17.23.40 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/12 17.23.30 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011/10/12 17.16.48 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
MOD - [2011/10/12 17.16.43 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/12 04.33.28 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/12 04.30.12 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/12 04.29.57 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2004/09/08 13.45.58 | 000,368,128 | ---- | M] () -- C:\Programmi\Filzip\fzshext.dll
MOD - [2002/04/11 04.19.46 | 000,081,920 | ---- | M] () -- C:\Programmi\HP\HP Share-to-Web\hpgs2wdh.dll
MOD - [2002/04/11 04.19.42 | 000,024,576 | ---- | M] () -- C:\Programmi\HP\HP Share-to-Web\hpgs2wnfps.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- -- (AntiVirScheduler)
SRV - [2011/12/24 17.50.18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/14 07.01.50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Programmi\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 07.01.48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programmi\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/12 00.38.07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programmi\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/17 01.45.11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Programmi\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/01/19 14.24.08 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2005/04/04 00.41.10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 19.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011/12/17 18.31.53 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111228.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/17 18.31.53 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/17 18.31.53 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/17 18.31.53 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111228.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/17 16.56.10 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/16 16.20.22 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111226.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/12/10 15.24.06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/10 02.24.18 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/07/22 17.27.02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programmi\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22.55.22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programmi\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/31 04.00.09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/31 04.00.09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/22 01.39.49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/15 03.31.23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 07.47.10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/06 20.06.29 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2010/11/16 02.45.33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/09/01 09.30.58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/09/17 08.44.29 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/08/18 12.06.56 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009/08/18 12.06.56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009/08/18 12.06.56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/08/18 12.06.56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/08/18 12.06.56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/08/18 12.06.56 | 000,009,728 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/04/13 19.46.22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/07/03 15.58.20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 15.57.24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 15.54.24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2006/11/10 14.05.00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/07/20 19.46.18 | 002,786,176 | -H-- | M] (ASUSTek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2005/07/04 08.30.34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 21.16.26 | 001,094,848 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/05/27 14.13.12 | 000,128,295 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2005/05/27 14.13.12 | 000,011,001 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2005/05/27 14.13.12 | 000,007,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2005/04/20 19.00.56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/15 03.14.00 | 001,130,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/09 22.53.00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/04 19.10.26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/10/05 17.41.52 | 000,052,864 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxTrUsb.sys -- (CnxTrUsb)
DRV - [2004/10/05 17.41.52 | 000,025,984 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxTrLan.sys -- (CnxTrLan)
DRV - [2004/08/19 22.31.46 | 000,607,292 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/08/04 05.31.34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A 93 C1 1B 62 C2 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.it/|http://www.airliners.net/|http://mail.tiscali.it/cp/sso/Login.jsp?d=tiscali.it&l=it&service=null&errorCode=null&isReAuthenticate=true|https://www.google.com/calendar/render?tab=mc&pli=1"
FF - prefs.js..network.proxy.backup.ftp: "192.104.67.250"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "192.104.67.250"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "192.104.67.250"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "192.104.67.250"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "12.180.54.219"
FF - prefs.js..network.proxy.ftp_port: 1080
FF - prefs.js..network.proxy.gopher: "12.180.54.219"
FF - prefs.js..network.proxy.gopher_port: 1080
FF - prefs.js..network.proxy.http: "12.180.54.219"
FF - prefs.js..network.proxy.http_port: 1080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "12.180.54.219"
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.ssl: "12.180.54.219"
FF - prefs.js..network.proxy.ssl_port: 1080


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programmi\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Programmi\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2303: C:\Programmi\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2361: C:\Programmi\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1465: C:\Programmi\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/12/18 19.45.06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2011/12/28 18.38.02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2011/12/26 15.26.58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2011/09/18 09.39.16 | 000,000,000 | ---D | M]

[2008/08/27 18.34.04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Proprietario\Dati applicazioni\Mozilla\Extensions
[2011/05/29 21.12.13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\zz1604ly.default\extensions
[2009/09/02 20.05.06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\zz1604ly.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/10/22 21.26.22 | 000,000,000 | ---D | M] ("Romanian Dictionary") -- C:\Documents and Settings\HP_Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\zz1604ly.default\extensions\ro@dictionaries.addons.mozilla.org
[2011/12/28 20.25.49 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2011/12/28 20.25.49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/26 15.26.58 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
[2011/12/28 20.25.30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\mozilla firefox\plugins\npdeployJava1.dll
[2008/10/11 19.32.46 | 000,155,648 | ---- | M] (PopCap Games) -- C:\Programmi\mozilla firefox\plugins\nppopcaploader.dll
[2011/12/26 15.26.58 | 000,001,393 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\amazon-it.xml
[2011/10/01 19.22.16 | 000,002,252 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml
[2011/10/01 19.22.16 | 000,000,744 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2011/10/01 19.22.16 | 000,000,825 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\hoepli.xml
[2011/10/01 19.22.16 | 000,001,182 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2011/10/01 19.22.16 | 000,000,953 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml

========== Chrome ==========


O1 HOSTS File: ([2011/12/28 16.27.21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmi\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programmi\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2E6F36CE-1217-4BA1-982F-24560C0EB677} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\con=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\con=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.216.112.112 212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E0F218E-C1AC-4DBC-81F9-003B5B644B8C}: DhcpNameServer = 212.216.112.112 212.216.172.62
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programmi\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/10 22.18.10 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07.07.38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/28 20.24.24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Proprietario\Desktop\4 ron
[2011/12/28 16.35.56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/28 16.29.18 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/28 14.56.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\Secunia PSI
[2011/12/28 14.53.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Proprietario\Dati applicazioni\SUPERAntiSpyware.com
[2011/12/28 14.52.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes' Anti-Malware
[2011/12/28 14.52.02 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/28 14.52.01 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2011/12/28 14.50.55 | 000,000,000 | ---D | C] -- C:\Programmi\Secunia
[2011/12/28 14.50.38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
[2011/12/28 14.50.38 | 000,000,000 | ---D | C] -- C:\Programmi\SUPERAntiSpyware
[2011/12/28 14.48.33 | 000,000,000 | ---D | C] -- C:\Programmi\VS Revo Group
[2011/12/28 14.41.43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Proprietario\Desktop\VIRUS
[2011/12/26 18.13.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Avira
[2011/12/26 15.43.59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/26 15.43.59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/26 15.43.59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/26 15.43.59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/26 15.43.31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/26 15.41.37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/26 15.41.31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Proprietario\Menu Avvio\Programmi\Strumenti di amministrazione
[2011/12/22 04.47.55 | 000,000,000 | ---D | C] -- C:\NBRT
[2011/12/17 18.00.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\NPE
[2011/12/17 16.56.04 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.sys
[2011/12/17 16.56.04 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/12/17 16.56.04 | 000,369,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdi.sys
[2011/12/17 16.56.04 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.sys
[2011/12/17 16.56.04 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/12/17 16.56.04 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnets.sys
[2011/12/17 16.56.04 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\ironx86.sys
[2011/12/17 16.56.04 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/12/17 16.55.40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0501000.01D
[2011/12/17 15.47.39 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/17 15.47.39 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/17 15.46.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2011/12/17 15.46.01 | 000,000,000 | ---D | C] -- C:\Programmi\Windows Sidebar
[2011/12/17 15.46.01 | 000,000,000 | ---D | C] -- C:\Programmi\Norton 360
[2011/12/17 15.46.01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Norton 360
[2011/12/17 15.44.37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Norton
[2011/12/17 15.43.08 | 000,000,000 | ---D | C] -- C:\Programmi\NortonInstaller
[2011/12/17 15.43.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\NortonInstaller
[2011/12/09 18.01.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
[2011/12/04 09.07.53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Microsoft Silverlight
[2011/12/03 19.25.18 | 000,000,000 | ---D | C] -- C:\Programmi\Microsoft CAPICOM 2.1.0.2
[2011/11/30 12.38.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Proprietario\Desktop\rubrica
[2011/11/28 22.37.11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\SkyTeam TravelDesk
[2011/11/28 22.37.05 | 000,000,000 | ---D | C] -- C:\Programmi\SkyTeam TravelDesk
[2011/11/28 22.06.56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Proprietario\Desktop\back up
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/28 20.39.01 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini
[2011/12/28 20.27.15 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/28 18.51.54 | 000,000,305 | RHS- | M] () -- C:\boot.ini
[2011/12/28 18.39.56 | 000,000,189 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/12/28 18.39.11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/28 18.38.40 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/28 18.37.39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/28 18.37.31 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/28 18.32.18 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\HP_Proprietario\Desktop\Collegamento a mbam.exe.lnk
[2011/12/28 16.27.21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/28 14.55.39 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\HP_Proprietario\Desktop\Secunia PSI.lnk
[2011/12/28 14.51.48 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/26 18.13.56 | 000,757,166 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/12/26 15.31.28 | 000,235,520 | ---- | M] () -- C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/22 04.47.54 | 069,206,016 | -HS- | M] () -- C:\NBRTPage.sys
[2011/12/17 16.56.10 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/17 16.56.10 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/17 16.56.10 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/17 16.56.10 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/17 15.42.13 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/17 08.17.07 | 000,175,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/17 07.57.24 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/17 07.55.55 | 000,000,129 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/12/10 15.24.06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/09 21.52.43 | 000,441,023 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111210-153006.backup
[2011/12/07 06.57.39 | 984,525,414 | ---- | M] () -- C:\Documents and Settings\HP_Proprietario\Desktop\Lezioni.Di.Cioccolato.2.2011.iTALiAN.MD.CAM.XviD-MiO.avi
[2011/11/30 15.37.04 | 000,000,158 | ---- | M] () -- C:\Documents and Settings\HP_Proprietario\default.pls
[2011/11/30 15.37.04 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/28 18.32.18 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\HP_Proprietario\Desktop\Collegamento a mbam.exe.lnk
[2011/12/28 16.36.21 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\HP_Proprietario\Desktop\Secunia PSI.lnk
[2011/12/28 16.31.30 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/28 14.55.37 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Secunia PSI.lnk
[2011/12/28 14.51.47 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/26 15.43.59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/26 15.43.59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/26 15.43.59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/26 15.43.59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/26 15.43.59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/22 04.47.54 | 069,206,016 | -HS- | C] () -- C:\NBRTPage.sys
[2011/12/17 18.05.59 | 000,757,166 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/12/17 16.56.04 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/12/17 16.56.04 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.cat
[2011/12/17 16.56.04 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.cat
[2011/12/17 16.56.04 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.cat
[2011/12/17 16.56.04 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/12/17 16.56.04 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/12/17 16.56.04 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.inf
[2011/12/17 16.56.04 | 000,002,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.inf
[2011/12/17 16.56.04 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.inf
[2011/12/17 16.56.04 | 000,001,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.inf
[2011/12/17 16.56.04 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/12/17 16.56.04 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/12/17 16.56.04 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.inf
[2011/12/17 16.55.42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.cat
[2011/12/17 16.55.40 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\isolate.ini
[2011/12/17 15.47.39 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/17 15.47.39 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/17 07.55.55 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/12/07 06.34.59 | 984,525,414 | ---- | C] () -- C:\Documents and Settings\HP_Proprietario\Desktop\Lezioni.Di.Cioccolato.2.2011.iTALiAN.MD.CAM.XviD-MiO.avi
[2011/12/03 09.38.24 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/11/01 15.57.45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/26 08.06.54 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2010/01/10 23.28.36 | 000,154,248 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\DeviceManager.xml.rc4
[2009/09/17 08.45.20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\LauncherAccess.dt
[2009/09/17 08.32.14 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/10/12 16.34.26 | 000,000,081 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/01/05 15.50.42 | 000,000,149 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2008/01/05 15.50.39 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe
[2008/01/05 15.14.22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007/11/04 15.49.34 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/02/19 22.06.49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/02/12 20.57.57 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\Filzip.ini
[2006/12/31 19.19.08 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/31 19.19.08 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/12/24 08.41.39 | 003,907,640 | ---- | C] () -- C:\WINDOWS\System32\gsdll32.dll
[2006/11/15 22.01.37 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2006/11/15 22.01.35 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/11/15 21.36.58 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/08/18 09.16.50 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2006/01/07 12.23.16 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\QTSBandwidthCache
[2006/01/05 17.52.11 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/02 16.56.30 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI
[2006/01/02 16.23.22 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Filzip.ini
[2006/01/01 10.09.13 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/12/31 18.35.38 | 000,080,744 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2005/12/31 18.35.38 | 000,001,350 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2005/12/31 18.35.27 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/12/31 16.57.55 | 000,235,520 | ---- | C] () -- C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/31 16.07.07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/31 16.07.02 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/12/31 16.06.53 | 000,003,320 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/12/31 16.02.14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Proprietario\Dati applicazioni\wklnhst.dat
[2005/12/31 15.57.29 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2005/08/21 17.47.36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/02 14.50.50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/02 14.31.43 | 000,016,358 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/01/02 14.31.36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/01/02 14.24.22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/01/02 14.24.22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/01/02 14.24.22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/01/02 14.24.22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/01/02 14.24.22 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/01/02 14.24.22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/01/02 14.22.35 | 000,000,352 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/01/02 14.17.52 | 000,113,137 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2005/01/02 14.17.52 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2005/01/02 14.13.23 | 000,080,685 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2005/01/02 14.13.23 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2005/01/02 14.11.24 | 000,073,152 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2005/01/02 14.11.24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2005/01/02 14.10.27 | 000,003,476 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/01/02 14.07.41 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/02 14.07.39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2005/01/02 14.06.31 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/01/02 14.05.33 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/01/02 13.56.38 | 000,000,825 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/01/02 13.52.38 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/12/10 22.26.58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/12/10 22.24.02 | 000,491,460 | ---- | C] () -- C:\WINDOWS\System32\perfh010.dat
[2004/12/10 22.24.02 | 000,443,352 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/12/10 22.24.02 | 000,085,428 | ---- | C] () -- C:\WINDOWS\System32\perfc010.dat
[2004/12/10 22.24.02 | 000,072,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/12/10 22.22.02 | 000,175,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/12/10 22.17.44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/10 22.14.54 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 19.00.00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/19 13.00.00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/19 13.00.00 | 000,300,212 | ---- | C] () -- C:\WINDOWS\System32\perfi010.dat
[2004/08/19 13.00.00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/19 13.00.00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/19 13.00.00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/19 13.00.00 | 000,034,004 | ---- | C] () -- C:\WINDOWS\System32\perfd010.dat
[2004/08/19 13.00.00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/19 13.00.00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/19 13.00.00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/25 23.42.04 | 000,000,523 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/05/03 15.25.32 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hpgt23.dll
[2001/08/24 00.12.28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/24 00.11.02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 22.30.02 | 000,003,267 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

========== LOP Check ==========

[2006/02/05 09.39.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\innovata
[2005/01/02 14.25.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\InterVideo
[2008/10/11 19.33.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PopCap
[2011/03/05 19.43.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Vodafone

========== Purity Check ==========



< End of report >
Avatar utente
ferrux
Aficionado
Aficionado
 
Messaggi: 55
Iscritto il: gio dic 29, 2011 11:41 pm

Re: Boot.tidserv e MBR - che incubo !

Messaggioda ferrux » lun gen 02, 2012 8:22 pm

TDSSKiller LOG
-----------------------------------
18:43:21.0343 2680 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
18:43:21.0593 2680 ============================================================
18:43:21.0593 2680 Current date / time: 2011/12/26 18:43:21.0593
18:43:21.0609 2680 SystemInfo:
18:43:21.0609 2680
18:43:21.0609 2680 OS Version: 5.1.2600 ServicePack: 3.0
18:43:21.0609 2680 Product type: Workstation
18:43:21.0609 2680 ComputerName: NOME-80B5784770
18:43:21.0609 2680 UserName: HP_Proprietario
18:43:21.0609 2680 Windows directory: C:\WINDOWS
18:43:21.0609 2680 System windows directory: C:\WINDOWS
18:43:21.0609 2680 Processor architecture: Intel x86
18:43:21.0609 2680 Number of processors: 1
18:43:21.0609 2680 Page size: 0x1000
18:43:21.0609 2680 Boot type: Normal boot
18:43:21.0609 2680 ============================================================
18:43:22.0671 2680 Initialize success
18:43:27.0953 2764 ============================================================
18:43:27.0953 2764 Scan started
18:43:27.0953 2764 Mode: Manual; SigCheck; TDLFS;
18:43:27.0953 2764 ============================================================
18:43:28.0437 2764 3xHybrid (e093e7c346313a14fd53b2681b2930cb) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
18:43:28.0718 2764 3xHybrid - ok
18:43:28.0828 2764 Abiosdsk - ok
18:43:28.0843 2764 abp480n5 - ok
18:43:28.0921 2764 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:43:29.0062 2764 ACPI - ok
18:43:29.0093 2764 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:43:29.0250 2764 ACPIEC - ok
18:43:29.0265 2764 adpu160m - ok
18:43:29.0328 2764 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:43:29.0484 2764 aec - ok
18:43:29.0515 2764 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
18:43:29.0546 2764 Afc - ok
18:43:29.0609 2764 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:43:29.0640 2764 AFD - ok
18:43:29.0703 2764 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
18:43:29.0718 2764 AFS2K ( UnsignedFile.Multi.Generic ) - warning
18:43:29.0718 2764 AFS2K - detected UnsignedFile.Multi.Generic (1)
18:43:29.0781 2764 AgereSoftModem (34f27c7d71f1c49c7d3857f28b42f544) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
18:43:29.0812 2764 AgereSoftModem - ok
18:43:29.0843 2764 Aha154x - ok
18:43:29.0859 2764 aic78u2 - ok
18:43:29.0875 2764 aic78xx - ok
18:43:30.0000 2764 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
18:43:30.0125 2764 ALCXWDM - ok
18:43:30.0156 2764 AliIde - ok
18:43:30.0187 2764 AmdK8 (899f7c468b2bfd1561765c413d40a8bd) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
18:43:30.0203 2764 AmdK8 - ok
18:43:30.0218 2764 amsint - ok
18:43:30.0234 2764 APL531 - ok
18:43:30.0328 2764 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:43:30.0468 2764 Arp1394 - ok
18:43:30.0484 2764 asc - ok
18:43:30.0500 2764 asc3350p - ok
18:43:30.0515 2764 asc3550 - ok
18:43:30.0562 2764 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:43:30.0734 2764 AsyncMac - ok
18:43:30.0765 2764 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:43:30.0921 2764 atapi - ok
18:43:30.0937 2764 Atdisk - ok
18:43:31.0000 2764 ati2mtag (b8142104502f794689c1c0bcbfb53b98) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:43:31.0046 2764 ati2mtag - ok
18:43:31.0093 2764 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:43:31.0250 2764 Atmarpc - ok
18:43:31.0281 2764 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:43:31.0437 2764 audstub - ok
18:43:31.0500 2764 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:43:31.0671 2764 Beep - ok
18:43:31.0921 2764 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys
18:43:31.0953 2764 BHDrvx86 - ok
18:43:32.0171 2764 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:43:32.0406 2764 cbidf2k - ok
18:43:32.0468 2764 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:43:32.0609 2764 CCDECODE - ok
18:43:32.0656 2764 cd20xrnt - ok
18:43:32.0734 2764 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:43:32.0906 2764 Cdaudio - ok
18:43:32.0937 2764 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:43:33.0078 2764 Cdfs - ok
18:43:33.0093 2764 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:43:33.0234 2764 Cdrom - ok
18:43:33.0265 2764 Changer - ok
18:43:33.0281 2764 CmdIde - ok
18:43:33.0328 2764 CnxTrLan (3d57d2bb7e5a5bdf15117f6e07230c0b) C:\WINDOWS\system32\DRIVERS\CnxTrLan.sys
18:43:33.0359 2764 CnxTrLan - ok
18:43:33.0406 2764 CnxTrUsb (4750258ec7fda6518bc53c0598aece7a) C:\WINDOWS\system32\DRIVERS\CnxTrUsb.sys
18:43:33.0453 2764 CnxTrUsb - ok
18:43:33.0468 2764 Cpqarray - ok
18:43:33.0500 2764 dac2w2k - ok
18:43:33.0515 2764 dac960nt - ok
18:43:33.0593 2764 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:43:33.0750 2764 Disk - ok
18:43:33.0796 2764 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
18:43:33.0953 2764 dmboot - ok
18:43:34.0000 2764 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
18:43:34.0187 2764 dmio - ok
18:43:34.0234 2764 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:43:34.0406 2764 dmload - ok
18:43:34.0468 2764 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:43:34.0593 2764 DMusic - ok
18:43:34.0625 2764 dpti2o - ok
18:43:34.0656 2764 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:43:34.0781 2764 drmkaud - ok
18:43:34.0953 2764 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys
18:43:34.0968 2764 eeCtrl - ok
18:43:35.0015 2764 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:43:35.0031 2764 EraserUtilRebootDrv - ok
18:43:35.0281 2764 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:43:35.0421 2764 Fastfat - ok
18:43:35.0484 2764 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:43:35.0609 2764 Fdc - ok
18:43:35.0640 2764 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
18:43:35.0796 2764 Fips - ok
18:43:35.0828 2764 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:43:35.0968 2764 Flpydisk - ok
18:43:36.0000 2764 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:43:36.0187 2764 FltMgr - ok
18:43:36.0250 2764 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:43:36.0390 2764 Fs_Rec - ok
18:43:36.0406 2764 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:43:36.0578 2764 Ftdisk - ok
18:43:36.0625 2764 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:43:36.0640 2764 GEARAspiWDM - ok
18:43:36.0703 2764 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:43:36.0828 2764 Gpc - ok
18:43:36.0875 2764 hpn - ok
18:43:36.0906 2764 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:43:36.0953 2764 HPZid412 - ok
18:43:37.0000 2764 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:43:37.0031 2764 HPZipr12 - ok
18:43:37.0093 2764 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:43:37.0140 2764 HPZius12 - ok
18:43:37.0203 2764 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:43:37.0234 2764 HTTP - ok
18:43:37.0250 2764 i2omgmt - ok
18:43:37.0265 2764 i2omp - ok
18:43:37.0328 2764 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:43:37.0468 2764 i8042prt - ok
18:43:37.0703 2764 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111223.001\IDSxpx86.sys
18:43:37.0718 2764 IDSxpx86 - ok
18:43:37.0937 2764 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:43:38.0125 2764 Imapi - ok
18:43:38.0171 2764 InCDFs - ok
18:43:38.0203 2764 InCDPass - ok
18:43:38.0218 2764 InCDRm - ok
18:43:38.0250 2764 ini910u - ok
18:43:38.0265 2764 IntelIde (027fe9b28fb0f861c181d25923b31e78) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:43:38.0390 2764 IntelIde - ok
18:43:38.0421 2764 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:43:38.0578 2764 intelppm - ok
18:43:38.0609 2764 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:43:38.0750 2764 Ip6Fw - ok
18:43:38.0796 2764 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:43:38.0968 2764 IpFilterDriver - ok
18:43:39.0031 2764 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:43:39.0140 2764 IpInIp - ok
18:43:39.0187 2764 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:43:39.0328 2764 IpNat - ok
18:43:39.0375 2764 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:43:39.0500 2764 IPSec - ok
18:43:39.0531 2764 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:43:39.0671 2764 IRENUM - ok
18:43:39.0718 2764 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:43:39.0890 2764 isapnp - ok
18:43:39.0906 2764 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:43:40.0046 2764 Kbdclass - ok
18:43:40.0062 2764 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:43:40.0187 2764 kmixer - ok
18:43:40.0250 2764 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:43:40.0296 2764 KSecDD - ok
18:43:40.0312 2764 lbrtfdc - ok
18:43:40.0390 2764 ltmodem5 (e767a3a04088c9172b6355b14496dcd0) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
18:43:40.0531 2764 ltmodem5 - ok
18:43:40.0593 2764 massfilter (112db6314bb175ba5f27a66e11c01d77) C:\WINDOWS\system32\DRIVERS\massfilter.sys
18:43:40.0625 2764 massfilter - ok
18:43:40.0640 2764 MBAMSwissArmy - ok
18:43:40.0703 2764 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:43:40.0859 2764 mnmdd - ok
18:43:40.0906 2764 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
18:43:41.0031 2764 Modem - ok
18:43:41.0062 2764 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:43:41.0203 2764 Mouclass - ok
18:43:41.0218 2764 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:43:41.0343 2764 MountMgr - ok
18:43:41.0390 2764 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
18:43:41.0531 2764 MPE - ok
18:43:41.0546 2764 mraid35x - ok
18:43:41.0609 2764 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:43:41.0781 2764 MRxDAV - ok
18:43:41.0859 2764 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:43:41.0890 2764 MRxSmb - ok
18:43:41.0953 2764 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:43:42.0078 2764 Msfs - ok
18:43:42.0187 2764 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:43:42.0328 2764 MSKSSRV - ok
18:43:42.0359 2764 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:43:42.0515 2764 MSPCLOCK - ok
18:43:42.0562 2764 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:43:42.0703 2764 MSPQM - ok
18:43:42.0750 2764 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:43:42.0875 2764 mssmbios - ok
18:43:42.0921 2764 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:43:43.0062 2764 MSTEE - ok
18:43:43.0125 2764 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:43:43.0140 2764 Mup - ok
18:43:43.0203 2764 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:43:43.0343 2764 NABTSFEC - ok
18:43:43.0546 2764 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111225.024\NAVENG.SYS
18:43:43.0562 2764 NAVENG - ok
18:43:43.0640 2764 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111225.024\NAVEX15.SYS
18:43:43.0734 2764 NAVEX15 - ok
18:43:43.0937 2764 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:43:44.0078 2764 NDIS - ok
18:43:44.0140 2764 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:43:44.0281 2764 NdisIP - ok
18:43:44.0328 2764 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:43:44.0359 2764 NdisTapi - ok
18:43:44.0406 2764 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:43:44.0546 2764 Ndisuio - ok
18:43:44.0578 2764 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:43:44.0718 2764 NdisWan - ok
18:43:44.0765 2764 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:43:44.0796 2764 NDProxy - ok
18:43:44.0859 2764 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:43:44.0984 2764 NetBIOS - ok
18:43:45.0015 2764 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:43:45.0140 2764 NetBT - ok
18:43:45.0171 2764 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:43:45.0296 2764 NIC1394 - ok
18:43:45.0359 2764 Nokia USB Generic (503dec557e6ebf889268715e04752b53) C:\WINDOWS\system32\drivers\nmwcdc.sys
18:43:45.0390 2764 Nokia USB Generic - ok
18:43:45.0437 2764 Nokia USB Modem (b322b22f4e34342ed173212e918ce4a3) C:\WINDOWS\system32\drivers\nmwcdcm.sys
18:43:45.0468 2764 Nokia USB Modem - ok
18:43:45.0515 2764 Nokia USB Phone Parent (77e0a732a47926a223704ef1fe322a42) C:\WINDOWS\system32\drivers\nmwcd.sys
18:43:45.0546 2764 Nokia USB Phone Parent - ok
18:43:45.0640 2764 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:43:45.0765 2764 Npfs - ok
18:43:45.0828 2764 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:43:45.0953 2764 Ntfs - ok
18:43:46.0000 2764 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:43:46.0140 2764 Null - ok
18:43:46.0187 2764 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:43:46.0359 2764 NwlnkFlt - ok
18:43:46.0390 2764 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:43:46.0546 2764 NwlnkFwd - ok
18:43:46.0609 2764 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:43:46.0734 2764 ohci1394 - ok
18:43:46.0781 2764 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\DRIVERS\parport.sys
18:43:46.0921 2764 Parport - ok
18:43:46.0937 2764 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:43:47.0062 2764 PartMgr - ok
18:43:47.0109 2764 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
18:43:47.0281 2764 ParVdm - ok
18:43:47.0343 2764 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
18:43:47.0468 2764 PCI - ok
18:43:47.0515 2764 PCIDump - ok
18:43:47.0546 2764 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:43:47.0703 2764 PCIIde - ok
18:43:47.0750 2764 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:43:47.0890 2764 Pcmcia - ok
18:43:47.0906 2764 PDCOMP - ok
18:43:47.0921 2764 PDFRAME - ok
18:43:47.0937 2764 PDRELI - ok
18:43:47.0953 2764 PDRFRAME - ok
18:43:47.0984 2764 perc2 - ok
18:43:48.0000 2764 perc2hib - ok
18:43:48.0031 2764 pfc - ok
18:43:48.0078 2764 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:43:48.0187 2764 PptpMiniport - ok
18:43:48.0218 2764 Processor (b479f50e883b2297a5f7f212aaee6f6c) C:\WINDOWS\system32\DRIVERS\processr.sys
18:43:48.0343 2764 Processor - ok
18:43:48.0421 2764 Ps2 (0e2eb30605ca6ed2509d59af6a7362b4) C:\WINDOWS\system32\DRIVERS\PS2.sys
18:43:48.0437 2764 Ps2 - ok
18:43:48.0500 2764 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:43:48.0640 2764 PSched - ok
18:43:48.0656 2764 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:43:48.0843 2764 Ptilink - ok
18:43:48.0906 2764 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:43:48.0906 2764 PxHelp20 - ok
18:43:48.0921 2764 ql1080 - ok
18:43:48.0953 2764 Ql10wnt - ok
18:43:48.0968 2764 ql12160 - ok
18:43:48.0984 2764 ql1240 - ok
18:43:49.0000 2764 ql1280 - ok
18:43:49.0015 2764 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:43:49.0187 2764 RasAcd - ok
18:43:49.0250 2764 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:43:49.0375 2764 Rasl2tp - ok
18:43:49.0437 2764 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:43:49.0562 2764 RasPppoe - ok
18:43:49.0609 2764 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:43:49.0765 2764 Raspti - ok
18:43:49.0812 2764 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:43:49.0937 2764 Rdbss - ok
18:43:49.0953 2764 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:43:50.0109 2764 RDPCDD - ok
18:43:50.0171 2764 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:43:50.0203 2764 RDPWD - ok
18:43:50.0265 2764 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:43:50.0390 2764 redbook - ok
18:43:50.0484 2764 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
18:43:50.0515 2764 RTL8023xp - ok
18:43:50.0546 2764 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:43:50.0671 2764 rtl8139 - ok
18:43:50.0734 2764 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:43:50.0859 2764 Secdrv - ok
18:43:50.0937 2764 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\drivers\Serial.sys
18:43:51.0062 2764 Serial - ok
18:43:51.0093 2764 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:43:51.0218 2764 Sfloppy - ok
18:43:51.0250 2764 Simbad - ok
18:43:51.0281 2764 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:43:51.0437 2764 SLIP - ok
18:43:51.0453 2764 Sparrow - ok
18:43:51.0484 2764 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:43:51.0609 2764 splitter - ok
18:43:51.0656 2764 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
18:43:51.0781 2764 sr - ok
18:43:51.0875 2764 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
18:43:51.0890 2764 SRTSP - ok
18:43:51.0937 2764 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
18:43:51.0953 2764 SRTSPX - ok
18:43:52.0015 2764 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:43:52.0046 2764 Srv - ok
18:43:52.0093 2764 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
18:43:52.0140 2764 sscdbus - ok
18:43:52.0187 2764 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
18:43:52.0234 2764 sscdmdfl - ok
18:43:52.0421 2764 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
18:43:52.0453 2764 sscdmdm - ok
18:43:52.0546 2764 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
18:43:52.0546 2764 StarOpen ( UnsignedFile.Multi.Generic ) - warning
18:43:52.0546 2764 StarOpen - detected UnsignedFile.Multi.Generic (1)
18:43:52.0593 2764 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:43:52.0734 2764 streamip - ok
18:43:52.0781 2764 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:43:52.0906 2764 swenum - ok
18:43:52.0937 2764 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:43:53.0062 2764 swmidi - ok
18:43:53.0093 2764 symc810 - ok
18:43:53.0109 2764 symc8xx - ok
18:43:53.0234 2764 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
18:43:53.0250 2764 SymDS - ok
18:43:53.0343 2764 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
18:43:53.0375 2764 SymEFA - ok
18:43:53.0484 2764 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:43:53.0500 2764 SymEvent - ok
18:43:53.0562 2764 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
18:43:53.0578 2764 SymIRON - ok
18:43:53.0656 2764 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
18:43:53.0671 2764 SYMTDI - ok
18:43:53.0687 2764 sym_hi - ok
18:43:53.0718 2764 sym_u3 - ok
18:43:53.0765 2764 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:43:53.0890 2764 sysaudio - ok
18:43:53.0953 2764 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:43:53.0968 2764 Tcpip - ok
18:43:54.0015 2764 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:43:54.0171 2764 TDPIPE - ok
18:43:54.0203 2764 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:43:54.0343 2764 TDTCP - ok
18:43:54.0375 2764 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:43:54.0500 2764 TermDD - ok
18:43:54.0546 2764 TosIde - ok
18:43:54.0578 2764 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:43:54.0718 2764 Udfs - ok
18:43:54.0734 2764 ultra - ok
18:43:54.0765 2764 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:43:54.0906 2764 Update - ok
18:43:54.0968 2764 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:43:55.0093 2764 usbccgp - ok
18:43:55.0203 2764 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:43:55.0328 2764 usbehci - ok
18:43:55.0390 2764 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:43:55.0515 2764 usbhub - ok
18:43:55.0531 2764 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:43:55.0656 2764 usbohci - ok
18:43:55.0687 2764 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:43:55.0812 2764 usbprint - ok
18:43:55.0875 2764 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:43:56.0000 2764 usbscan - ok
18:43:56.0015 2764 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:43:56.0140 2764 USBSTOR - ok
18:43:56.0187 2764 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:43:56.0312 2764 usbuhci - ok
18:43:56.0343 2764 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:43:56.0453 2764 VgaSave - ok
18:43:56.0484 2764 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:43:56.0609 2764 ViaIde - ok
18:43:56.0625 2764 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
18:43:56.0765 2764 VolSnap - ok
18:43:56.0796 2764 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:43:56.0921 2764 Wanarp - ok
18:43:56.0937 2764 WDICA - ok
18:43:56.0968 2764 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:43:57.0140 2764 wdmaud - ok
18:43:57.0234 2764 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:43:57.0390 2764 WS2IFSL - ok
18:43:57.0421 2764 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:43:57.0546 2764 WSTCODEC - ok
18:43:57.0593 2764 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:43:57.0625 2764 WudfPf - ok
18:43:57.0656 2764 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:43:57.0671 2764 WudfRd - ok
18:43:57.0718 2764 ZTEusbmdm6k (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
18:43:57.0765 2764 ZTEusbmdm6k - ok
18:43:57.0796 2764 ZTEusbnet (d788e7d89cc491644d7a45b227f9b25e) C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
18:43:57.0843 2764 ZTEusbnet - ok
18:43:57.0875 2764 ZTEusbnmea (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
18:43:57.0890 2764 ZTEusbnmea - ok
18:43:57.0921 2764 ZTEusbser6k (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
18:43:57.0937 2764 ZTEusbser6k - ok
18:43:57.0953 2764 ZTEusbvoice (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
18:43:57.0968 2764 ZTEusbvoice - ok
18:43:58.0015 2764 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
18:43:58.0125 2764 \Device\Harddisk0\DR0 - ok
18:43:58.0125 2764 Boot (0x1200) (2ace0eb7c5ee6f61602982a06317d927) \Device\Harddisk0\DR0\Partition0
18:43:58.0125 2764 \Device\Harddisk0\DR0\Partition0 - ok
18:43:58.0140 2764 Boot (0x1200) (3a30bf24a3e1dfa74627ead26b95acb9) \Device\Harddisk0\DR0\Partition1
18:43:58.0140 2764 \Device\Harddisk0\DR0\Partition1 - ok
18:43:58.0140 2764 ============================================================
18:43:58.0140 2764 Scan finished
18:43:58.0140 2764 ============================================================
18:43:58.0250 3676 Detected object count: 2
18:43:58.0250 3676 Actual detected object count: 2
18:44:01.0218 3676 AFS2K ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:01.0218 3676 AFS2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:44:01.0218 3676 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:01.0218 3676 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:44:03.0171 0340 Deinitialize success
Avatar utente
ferrux
Aficionado
Aficionado
 
Messaggi: 55
Iscritto il: gio dic 29, 2011 11:41 pm

Re: Boot.tidserv e MBR - che incubo !

Messaggioda hashcat » lun gen 02, 2012 10:09 pm

Visti i problemi con Gdata utilizza il rescue disk di Avira (già aggiornato):

http://professional.avira-update.com/package/rescue_system/common/en/rescue_system-common-en.iso


E quello di Kaspersky:

http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable

[^]
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: Boot.tidserv e MBR - che incubo !

Messaggioda ferrux » mar gen 03, 2012 12:23 am

OK, peccato per G-DATA lo provavo volentieri, per gli altri due che mi hai segnalato sopra sto già... scaldando il masterizzatore :-)

Ma questi dovrebbero rimuovere l'infezione in teoria ?

Grazie :-)
Avatar utente
ferrux
Aficionado
Aficionado
 
Messaggi: 55
Iscritto il: gio dic 29, 2011 11:41 pm

Re: Boot.tidserv e MBR - che incubo !

Messaggioda Uomo_Senza_Sonno » mar gen 03, 2012 12:28 am

ferrux ha scritto:Ma questi dovrebbero rimuovere l'infezione in teoria ?

In parte.
Nel senso che sicuramente tolgono il driver presente all'interno del SO, ma non il codice che ne rimane all'esterno, il quale rimane in stato latente e pronto a far infettare nuovamente il pc. Per questo motivo è necessario azzerare i settori dove il codice rootkit è installato, di modo che l'infezione rimaga solo un brutto ricordo e nulla più.
Grazie per tutto Zane

conosciamo l'1% delle leggi che governano l'universo, le altre non le abbiamo ancora comprese a fondo o addirittura nemmeno intuite
Avatar utente
Uomo_Senza_Sonno
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3255
Iscritto il: gio feb 07, 2008 9:00 am
Località: http://turbolab.it

Re: Boot.tidserv e MBR - che incubo !

Messaggioda ferrux » mar gen 03, 2012 10:05 am

Ok, got it :-)

Oggi pomeriggio sarò sul pc infetto ed invierò il settore zero, come posso vedere da li se vi devo mandare anche altri settori dove si è duplicato ?
Ho letto in altri posto , forse il 21 e il 22 ?

Ciao :-)
Avatar utente
ferrux
Aficionado
Aficionado
 
Messaggi: 55
Iscritto il: gio dic 29, 2011 11:41 pm

Re: Boot.tidserv e MBR - che incubo !

Messaggioda Uomo_Senza_Sonno » mar gen 03, 2012 12:04 pm

ferrux ha scritto:Ho letto in altri posto , forse il 21 e il 22 ?

Non è detto sia necessario postarli, per il momento solo il settore 0. Al massimo, giusto per vedere di cosa si tratta nello specifico, il settore 61 come riportato nel primo log.

ferrux ha scritto:15:33:41.546 Disk 0 malicious Win32:MBRoot code @ sector 61 !
Grazie per tutto Zane

conosciamo l'1% delle leggi che governano l'universo, le altre non le abbiamo ancora comprese a fondo o addirittura nemmeno intuite
Avatar utente
Uomo_Senza_Sonno
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3255
Iscritto il: gio feb 07, 2008 9:00 am
Località: http://turbolab.it

Re: Boot.tidserv e MBR - che incubo !

Messaggioda ferrux » mar gen 03, 2012 5:54 pm

Ciao :-)
ho appena caricato il settore zero e 61, speriamo che sia utile e che la bestiaccia sia li dentro, è in questo album:
https://picasaweb.google.com/1091751262 ... BOOTVIRUS#

Adesso intanto faccio una scansione con il live cd G-DATA e AVIRA e vediamo che salta fuori, a dopo, bye!!!!

Ferrux
Avatar utente
ferrux
Aficionado
Aficionado
 
Messaggi: 55
Iscritto il: gio dic 29, 2011 11:41 pm

Re: Boot.tidserv e MBR - che incubo !

Messaggioda ferrux » mar gen 03, 2012 6:07 pm

forse ho incollato male il link, questo dovrebbe essere ok:
https://picasaweb.google.com/1091751262 ... BOOTVIRUS#
Avatar utente
ferrux
Aficionado
Aficionado
 
Messaggi: 55
Iscritto il: gio dic 29, 2011 11:41 pm

Re: Boot.tidserv e MBR - che incubo !

Messaggioda VincenzoGTA » mar gen 03, 2012 7:18 pm

Posta le schermate dei settori:
62
63

390700799
390700800

390721967
390721968
Avatar utente
VincenzoGTA
Bronze Member
Bronze Member
 
Messaggi: 673
Iscritto il: mar ott 25, 2011 11:17 am

Re: Boot.tidserv e MBR - che incubo !

Messaggioda Uomo_Senza_Sonno » mar gen 03, 2012 8:44 pm

Posta i settori che ha elencato Vincenzo, così ti scrivo gli offset da inserire nella pulizia [^]
Grazie per tutto Zane

conosciamo l'1% delle leggi che governano l'universo, le altre non le abbiamo ancora comprese a fondo o addirittura nemmeno intuite
Avatar utente
Uomo_Senza_Sonno
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3255
Iscritto il: gio feb 07, 2008 9:00 am
Località: http://turbolab.it

Prossimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 27 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising