Condividi:        

Grave infezione da trojan Sirefef.BP... Aiuto!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Grave infezione da trojan Sirefef.BP... Aiuto!

Postdi bob20 » 05/03/12 17:33

Ho preso questo trojan oggi. :aaah
In pratica mi impedisce di aprire i risultati delle ricerche con Google (mi manda a link strani), mentre riesco ad accedere ai siti scrivendo l'indirizzo nella barra...
Avira Antivir mi rileva in continuazione TR/Sirefef.BP.1 (appena lo cancello, un secondo dopo lo rileva nuovamente).

Ho fatto una scansione e mi ha rilevato 12 virus (che ho eliminato).
Questo il report.
Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17.33.00, on 05/03/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Norton Ghost\Agent\VProTray.exe
C:\Programmi\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Norton Ghost\Agent\VProSvc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Avira\AntiVir Desktop\avcenter.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Programmi\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 6582 bytes


Qui invece il log di Hijackthis:

Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17.33.00, on 05/03/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Norton Ghost\Agent\VProTray.exe
C:\Programmi\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Norton Ghost\Agent\VProSvc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Avira\AntiVir Desktop\avcenter.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Programmi\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 6582 bytes


Non ho ancora provato a riavviare perché non vorrei peggiorare la situazione. Vi prego aiutatemi
bob20
Utente Senior
 
Post: 214
Iscritto il: 31/03/05 21:06

Sponsor
 

Re: Grave infezione da trojan Sirefef.BP... Aiuto!

Postdi Luke57 » 05/03/12 18:56

Ciao, prova ad avviare in modalità provvisoria (accendi il computer, premi ripetutamente il tasto f8; se ti appare una schermata nera, spostandoti con le freccette scegli l'opzione modalità provvisoria con rete; dalla modalità provvisoria scarica, installa ed aggiorna
http://www.malwarebytes.org/mbam-download.php

Qui una guida all'uso del programma:
http://www.ilsoftware.it/articoli.asp?id=5277

- Esegui una scansione completa del pc, elimina tutti i valori infetti. Riavvia.
Posta il report della scansione
Luke57
Moderatore
 
Post: 6175
Iscritto il: 11/08/05 19:10

Re: Grave infezione da trojan Sirefef.BP... Aiuto!

Postdi bob20 » 05/03/12 23:27

Grazie mille per la risposta.
Purtroppo dopo il riavvio non mi è stato più possibile navigare in internet (nè con Explorer, nè con Firefox, ma dal Pannello di controllo risulto ancora connesso internet...). :cry: :cry:
Ora ho caricato Ubuntu dal cd, così almeno riesco a scrivere qui sul forum... Come posso fare?

Cosa posso fare?
Immagino che senza poter navigare sia molto difficile riuscire a rimuovere i virus...
Eventualmente potrei provare un ripristino di XP? Ho un punto di ripristino proprio della settimana scorsa... In alternativa, ho anche una iso fatta con Norton Ghost, ma è di molti mesi fa.
bob20
Utente Senior
 
Post: 214
Iscritto il: 31/03/05 21:06

Re: Grave infezione da trojan Sirefef.BP... Aiuto!

Postdi Luke57 » 06/03/12 13:35

Ciao, scarica combofix da un altro computer :
Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Con una chiavetta lo metti sul desktop del computer infetto

Avvialo

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO .

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali .

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.
Luke57
Moderatore
 
Post: 6175
Iscritto il: 11/08/05 19:10

Re: Grave infezione da trojan Sirefef.BP... Aiuto!

Postdi bob20 » 07/03/12 13:21

Grazie Luke!
Ecco il log:
Codice: Seleziona tutto
ComboFix 12-03-04.02 - Roberto 06/03/2012  18.22.49.1.1 - x86
Eseguito da: c:\documents and settings\Roberto\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CC9-7C92-0300-000000000000}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\6057cb59
c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\6057cb59\@
c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\6057cb59\X
c:\windows\$NtUninstallKB21745$
c:\windows\$NtUninstallKB21745$\1616366425\@
c:\windows\$NtUninstallKB21745$\1616366425\L\evgoihjk
c:\windows\$NtUninstallKB21745$\1616366425\loader.tlb
c:\windows\$NtUninstallKB21745$\1616366425\U\@00000001
c:\windows\$NtUninstallKB21745$\1616366425\U\@000000c0
c:\windows\$NtUninstallKB21745$\1616366425\U\@000000cb
c:\windows\$NtUninstallKB21745$\1616366425\U\@000000cf
c:\windows\$NtUninstallKB21745$\1616366425\U\@80000000
c:\windows\$NtUninstallKB21745$\1616366425\U\@800000c0
c:\windows\$NtUninstallKB21745$\1616366425\U\@800000cb
c:\windows\$NtUninstallKB21745$\1616366425\U\@800000cf
c:\windows\$NtUninstallKB21745$\3874917971
c:\windows\system32\{6080a529-897e-4629-a488-aba0c29b635e}.dll
c:\windows\system32\acedrv05.dll
c:\windows\system32\AClient.dll
c:\windows\system32\ADIDTSFiltService.dll
c:\windows\system32\AFGSp50.dll
c:\windows\system32\ageresoftmodem.dll
c:\windows\system32\alertmanager.dll
c:\windows\system32\ANC.dll
c:\windows\system32\aolavupd.dll
c:\windows\system32\Appn.dll
c:\windows\system32\AR5523.dll
c:\windows\system32\asapiw2k.dll
c:\windows\system32\avc.dll
c:\windows\system32\AYDrvNT_ALYAC.dll
c:\windows\system32\battc.dll
c:\windows\system32\BCM43XV.dll
c:\windows\system32\blueletscoaudio.dll
c:\windows\system32\BUFADPT.dll
c:\windows\system32\bwcsrv.dll
c:\windows\system32\CADlink.dll
c:\windows\system32\carboncopyscheduler.dll
c:\windows\system32\CDRPDACC.dll
c:\windows\system32\Cinemsup.dll
c:\windows\system32\client32.dll
c:\windows\system32\cmdmon.dll
c:\windows\system32\contentfilter.dll
c:\windows\system32\cs429x.dll
c:\windows\system32\dds_log_trash.cmd
c:\windows\system32\DELL_A02.dll
c:\windows\system32\DfwWebAgent.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\DN2AKNET.dll
c:\windows\system32\drvmcdb.dll
c:\windows\system32\dwmrcs.dll
c:\windows\system32\elbydelay.dll
c:\windows\system32\elnkfwppservice.dll
c:\windows\system32\enethusb.dll
c:\windows\system32\EpmShd.dll
c:\windows\system32\F700ius.dll
c:\windows\system32\fltmgr.dll
c:\windows\system32\fontcache3.0.0.0.dll
c:\windows\system32\grmnusb.dll
c:\windows\system32\GT890x.dll
c:\windows\system32\ha10kx2k.dll
c:\windows\system32\HBtnKey.dll
c:\windows\system32\Hotkey.dll
c:\windows\system32\HPFECP20.dll
c:\windows\system32\https-admserv61.dll
c:\windows\system32\ICAM3NT5.dll
c:\windows\system32\iirsp.dll
c:\windows\system32\iksysflt.dll
c:\windows\system32\irsir.dll
c:\windows\system32\L6POD.dll
c:\windows\system32\lexbces.dll
c:\windows\system32\LRMINIPORT.dll
c:\windows\system32\lxcd_device.dll
c:\windows\system32\macformatservice.dll
c:\windows\system32\mcvsrte.dll
c:\windows\system32\mediaviewer.dll
c:\windows\system32\meiudf.dll
c:\windows\system32\mf.dll
c:\windows\system32\mmc_2K.dll
c:\windows\system32\modem.dll
c:\windows\system32\moufiltr.dll
c:\windows\system32\mrvw245.dll
c:\windows\system32\mspqm.dll
c:\windows\system32\mssqlserveradhelper.dll
c:\windows\system32\mvwebserver.dll
c:\windows\system32\mwlsvc.dll
c:\windows\system32\mxssvr.dll
c:\windows\system32\mysql.dll
c:\windows\system32\NETw4v32.dll
c:\windows\system32\NICM.dll
c:\windows\system32\nidomainservice.dll
c:\windows\system32\nimxdfk.dll
c:\windows\system32\nipsvc.dll
c:\windows\system32\nmwcdcj.dll
c:\windows\system32\nv.dll
c:\windows\system32\nvsmu.dll
c:\windows\system32\ood2000.dll
c:\windows\system32\oracle_load_balancer_60_server-forms6ip9.dll
c:\windows\system32\oracledbconsoleorcl.dll
c:\windows\system32\oraclemtsrecoveryservice.dll
c:\windows\system32\ovmsmaccessmanager.dll
c:\windows\system32\P16X.dll
c:\windows\system32\p2pimsvc.dll
c:\windows\system32\pca.dll
c:\windows\system32\pccsmcfd.dll
c:\windows\system32\pivot.dll
c:\windows\system32\plscsi.dll
c:\windows\system32\ppmoucls.dll
c:\windows\system32\psasrv.dll
c:\windows\system32\pshost.dll
c:\windows\system32\ptserial.dll
c:\windows\system32\pvservice.dll
c:\windows\system32\QPCapSvc.dll
c:\windows\system32\qserver.dll
c:\windows\system32\raidmsvr.dll
c:\windows\system32\rdnaoflsvc.dll
c:\windows\system32\rkhdrv31.dll
c:\windows\system32\rnadiagnosticsservice.dll
c:\windows\system32\rollbackclientservice.dll
c:\windows\system32\rt2500usb.dll
c:\windows\system32\RT25USBAP.dll
c:\windows\system32\RTSTOR.dll
c:\windows\system32\s3twistr.dll
c:\windows\system32\SaiU040B.dll
c:\windows\system32\sdbus.dll
c:\windows\system32\SE27obex.dll
c:\windows\system32\SE2Dmdfl.dll
c:\windows\system32\SE2Dmgmt.dll
c:\windows\system32\SE2Eobex.dll
c:\windows\system32\se45bus.dll
c:\windows\system32\SecureStorageService.dll
c:\windows\system32\sermouse.dll
c:\windows\system32\server.dll
c:\windows\system32\SetupNT.dll
c:\windows\system32\sharedaccess.dll
c:\windows\system32\slip.dll
c:\windows\system32\SNMP.dll
c:\windows\system32\softfax.dll
c:\windows\system32\SPLITCAM.dll
c:\windows\system32\spmd.dll
c:\windows\system32\SrvcEPECioctl.dll
c:\windows\system32\srvdpi.dll
c:\windows\system32\ssoftservice.dll
c:\windows\system32\sthda.dll
c:\windows\system32\StillCam.dll
c:\windows\system32\StkASSrv.dll
c:\windows\system32\StkScan.dll
c:\windows\system32\stllssvr.dll
c:\windows\system32\SWUMX51.dll
c:\windows\system32\sysmonlog.dll
c:\windows\system32\T6963C.dll
c:\windows\system32\tdpipe.dll
c:\windows\system32\tfsncofs.dll
c:\windows\system32\thotkey.dll
c:\windows\system32\tifm21.dll
c:\windows\system32\tos_sps32.dll
c:\windows\system32\toshidpt.dll
c:\windows\system32\transcode360.dll
c:\windows\system32\truecrypt.dll
c:\windows\system32\tsscoreservice.dll
c:\windows\system32\uagp35.dll
c:\windows\system32\UpdateCenterService.dll
c:\windows\system32\usbio.dll
c:\windows\system32\vaiomediaplatform-integratedserver-appserver.dll
c:\windows\system32\vcommmgr.dll
c:\windows\system32\viaagp.dll
c:\windows\system32\videX32.dll
c:\windows\system32\VRADFIL.dll
c:\windows\system32\vwlogger.dll
c:\windows\system32\w300bus.dll
c:\windows\system32\w550bus.dll
c:\windows\system32\wacomvhid.dll
c:\windows\system32\wdmaud.dll
c:\windows\system32\webrootcommagentservice.dll
c:\windows\system32\websensecamreportserver.dll
c:\windows\system32\winlogon.bak
c:\windows\system32\WNCPKT.dll
c:\windows\system32\wusb54gv2svc.dll
c:\windows\system32\wwnetdde.dll
c:\windows\system32\x10nets.dll
c:\windows\system32\ypcservice.dll
c:\windows\system32\zebrceb.dll
c:\windows\XSxS
.
.
(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ADFS
-------\Legacy_AFS2K
-------\Legacy_AMDLLD
-------\Legacy_AMOAGENT
-------\Legacy_ARCLTSRV
-------\Legacy_ARHIDFLTR
-------\Legacy_ASLDRSERVICE
-------\Legacy_ASWLSVC
-------\Legacy_ATALK
-------\Legacy_ATIVRAXX
-------\Legacy_AVC
-------\Legacy_AVHOOK
-------\Legacy_BACKUPCLIENTSVC
-------\Legacy_BCM42RLY
-------\Legacy_BCMSQLSTARTUPSVC
-------\Legacy_BC_PRT_F
-------\Legacy_BDFSFLTR
-------\Legacy_BRIDGE
-------\Legacy_BT3CSER
-------\Legacy_BTHENUM
-------\Legacy_BTHIDMGR
-------\Legacy_CA-MESSAGEQUEUING
-------\Legacy_CACCPROVSP
-------\Legacy_CBN
-------\Legacy_CDRPDACC
-------\Legacy_CMIGAMEPORT
-------\Legacy_COACHUSB
-------\Legacy_COSTE
-------\Legacy_CQCPU
-------\Legacy_CTAUDFX.DLL
-------\Legacy_CTMMFILT
-------\Legacy_CWAFNOTESSERVICE
-------\Legacy_DCFSSVC
-------\Legacy_DEVENTAGENT
-------\Legacy_DIGISPTISERVICE
-------\Legacy_DLBT_DEVICE
-------\Legacy_DLBU_DEVICE
-------\Legacy_DNSEXIT
-------\Legacy_DTSCSI
-------\Legacy_EABUSB
-------\Legacy_EHSTART
-------\Legacy_ELBYDELAY
-------\Legacy_ELISERVICE
-------\Legacy_ELMON
-------\Legacy_EMCFILT
-------\Legacy_EMITRAY
-------\Legacy_ENETHUSB
-------\Legacy_EPSON_EB_RPCV4_01
-------\Legacy_FILEDISK
-------\Legacy_FSAUA
-------\Legacy_FSSFLTR
-------\Legacy_GEMSERV
-------\Legacy_GERNUWA
-------\Legacy_GUARDIAN2
-------\Legacy_HAMACHI
-------\Legacy_HECI
-------\Legacy_HOUDINISERVER
-------\Legacy_HPZIUS12
-------\Legacy_I81X
-------\Legacy_IAM
-------\Legacy_IBMPMDRV
-------\Legacy_IKHFILE
-------\Legacy_IMONITOR
-------\Legacy_INOTASK
-------\Legacy_IPSECMON
-------\Legacy_IPSRAIDN
-------\Legacy_IRSIR
-------\Legacy_ISODRIVE
-------\Legacy_KLBLMAIN
-------\Legacy_LD51OCNUCSNP
-------\Legacy_LEX_AS_NIC_SERVICE_YNOS
-------\Legacy_LILSGT
-------\Legacy_LKBDFLT2
-------\Legacy_LOGMEIN
-------\Legacy_LPX
-------\Legacy_LTCK000C
-------\Legacy_LTXRED
-------\Legacy_LVCAP138
-------\Legacy_LVCOMSER
-------\Legacy_LVHIDSVC
-------\Legacy_LVPOPFLT
-------\Legacy_LVPRCSRV
-------\Legacy_LVRS
-------\Legacy_LXBX_DEVICE
-------\Legacy_LXRSII1S
-------\Legacy_MARVINBUS
-------\Legacy_MASPINT
-------\Legacy_MAXBACKSERVICEINT
-------\Legacy_MCLSERVICEATL
-------\Legacy_MCUSRMGR
-------\Legacy_MFEAVFK
-------\Legacy_MRVW245
-------\Legacy_MSGSRVSERVICE
-------\Legacy_MSIRCOMM
-------\Legacy_MSSQL$AUTODESKVAULT
-------\Legacy_MSSQLSERVERADHELPER
-------\Legacy_MSSQLSERVEROLAPSERVICE
-------\Legacy_MTLSTRM
-------\Legacy_MTSENSOR
-------\Legacy_N3900
-------\Legacy_NCRC710
-------\Legacy_NDASBUS
-------\Legacy_NDISIP
-------\Legacy_NETW3V32
-------\Legacy_NHANCER
-------\Legacy_NIPSVC
-------\Legacy_NISUM
-------\Legacy_NMSACCESS
-------\Legacy_NMWCDC
-------\Legacy_NPAPIMON
-------\Legacy_NUIDFLTR
-------\Legacy_NVEDAVT
-------\Legacy_NVRD32
-------\Legacy_NVRD64
-------\Legacy_NVSTOR64
-------\Legacy_NWFILTER
-------\Legacy_NWLNKNB
-------\Legacy_NXSYSMON
-------\Legacy_OEM02DEV
-------\Legacy_OM518P
-------\Legacy_OMCI
-------\Legacy_OMSAD
-------\Legacy_ONECAREMP
-------\Legacy_OOD2000
-------\Legacy_ORACLE_LOAD_BALANCER_60_SERVER-FORMS6I
-------\Legacy_OSAIO
-------\Legacy_PAVREPORT
-------\Legacy_PCA
-------\Legacy_PCAMPR5
-------\Legacy_PCISD
-------\Legacy_PDEXCHANGE
-------\Legacy_PGFILTER
-------\Legacy_PICTURETAKER
-------\Legacy_PIMSGSS
-------\Legacy_PINGER
-------\Legacy_PMOUNTER
-------\Legacy_PNMSRV
-------\Legacy_PNROUTER
-------\Legacy_PORTIO
-------\Legacy_PPA3
-------\Legacy_PROCEXP100
-------\Legacy_PROTEXISLICENSING
-------\Legacy_PSDNSERV
-------\Legacy_PWKNTMON
-------\Legacy_PXFHBUS
-------\Legacy_QBPOSDBEXTSERVICES
-------\Legacy_RAPIMGR
-------\Legacy_RAYSAT3_4_6_18SERVER
-------\Legacy_RICHVIDEO
-------\Legacy_RISDPTSK
-------\Legacy_ROXLIVESHARE
-------\Legacy_RP32SERVICE
-------\Legacy_RSAFAL
-------\Legacy_RT2500
-------\Legacy_RT73
-------\Legacy_RTL8023
-------\Legacy_RTM
-------\Legacy_RTSTOR
-------\Legacy_S117OBEX
-------\Legacy_S217MGMT
-------\Legacy_S716MDM
-------\Legacy_SAIH040B
-------\Legacy_SERVICE
-------\Service_adfs
-------\Service_afs2k
-------\Service_AmdLLD
-------\Service_amoagent
-------\Service_arcltsrv
-------\Service_arhidfltr
-------\Service_ASLDRService
-------\Service_aswlsvc
-------\Service_atalk
-------\Service_ativraxx
-------\Service_avc
-------\Service_avhook
-------\Service_backupclientsvc
-------\Service_bc_prt_f
-------\Service_BCM42RLY
-------\Service_BcmSqlStartupSvc
-------\Service_bdfsfltr
-------\Service_bridge
-------\Service_bt3cser
-------\Service_bthenum
-------\Service_bthidmgr
-------\Service_ca-messagequeuing
-------\Service_caccprovsp
-------\Service_CBN
-------\Service_CDRPDACC
-------\Service_cmigameport
-------\Service_CoachUsb
-------\Service_coste
-------\Service_cqcpu
-------\Service_CTAUDFX.DLL
-------\Service_ctmmfilt
-------\Service_cwafnotesservice
-------\Service_dcfssvc
-------\Service_deventagent
-------\Service_digisptiservice
-------\Service_dlbt_device
-------\Service_dlbu_device
-------\Service_dnsexit
-------\Service_dtscsi
-------\Service_eabusb
-------\Service_ehstart
-------\Service_elbydelay
-------\Service_eliservice
-------\Service_ELmon
-------\Service_EMCFILT
-------\Service_emitray
-------\Service_enethusb
-------\Service_EPSON_EB_RPCV4_01
-------\Service_FileDisk
-------\Service_fsaua
-------\Service_fssfltr
-------\Service_gemserv
-------\Service_Gernuwa
-------\Service_guardian2
-------\Service_hamachi
-------\Service_HECI
-------\Service_houdiniserver
-------\Service_hpzius12
-------\Service_i81x
-------\Service_iam
-------\Service_ibmpmdrv
-------\Service_ikhfile
-------\Service_imonitor
-------\Service_inotask
-------\Service_ipsecmon
-------\Service_ipsraidn
-------\Service_irsir
-------\Service_ISODrive
-------\Service_klblmain
-------\Service_Ld51ocnucsnp
-------\Service_LEX_AS_NIC_SERVICE_YNOS
-------\Service_lilsgt
-------\Service_LKbdFlt2
-------\Service_logmein
-------\Service_lpx
-------\Service_ltck000c
-------\Service_ltxred
-------\Service_LVCap138
-------\Service_lvcomser
-------\Service_lvhidsvc
-------\Service_lvpopflt
-------\Service_lvprcsrv
-------\Service_LVRS
-------\Service_lxbx_device
-------\Service_lxrsii1s
-------\Service_marvinbus
-------\Service_MASPINT
-------\Service_maxbackserviceint
-------\Service_mclserviceatl
-------\Service_mcusrmgr
-------\Service_mfeavfk
-------\Service_mrvw245
-------\Service_msgsrvservice
-------\Service_MSIRCOMM
-------\Service_MSSQL$AUTODESKVAULT
-------\Service_mssqlserveradhelper
-------\Service_mssqlserverolapservice
-------\Service_Mtlstrm
-------\Service_MTsensor
-------\Service_n3900
-------\Service_Ncrc710
-------\Service_ndasbus
-------\Service_ndisip
-------\Service_NETw3v32
-------\Service_nHancer
-------\Service_nipsvc
-------\Service_nisum
-------\Service_nmsaccess
-------\Service_nmwcdc
-------\Service_npapimon
-------\Service_NuidFltr
-------\Service_nvedavt
-------\Service_nvrd32
-------\Service_nvrd64
-------\Service_nvstor64
-------\Service_NWFILTER
-------\Service_nwlnknb
-------\Service_NxSysMon
-------\Service_OEM02Dev
-------\Service_om518p
-------\Service_omci
-------\Service_omsad
-------\Service_OneCareMP
-------\Service_ood2000
-------\Service_oracle_load_balancer_60_server-forms6i
-------\Service_osaio
-------\Service_pavreport
-------\Service_pca
-------\Service_pcampr5
-------\Service_pciSd
-------\Service_PDExchange
-------\Service_pgfilter
-------\Service_picturetaker
-------\Service_pimsgss
-------\Service_pinger
-------\Service_pmounter
-------\Service_pnmsrv
-------\Service_pnrouter
-------\Service_portio
-------\Service_ppa3
-------\Service_procexp100
-------\Service_protexislicensing
-------\Service_PSDNServ
-------\Service_pwkntmon
-------\Service_pxfhbus
-------\Service_qbposdbextservices
-------\Service_RapiMgr
-------\Service_raysat3_4_6_18server
-------\Service_richvideo
-------\Service_risdptsk
-------\Service_roxliveshare
-------\Service_rp32service
-------\Service_RSAFAL
-------\Service_rt2500
-------\Service_rt73
-------\Service_rtl8023
-------\Service_rtm
-------\Service_RTSTOR
-------\Service_s117obex
-------\Service_s217mgmt
-------\Service_s716mdm
-------\Service_SaiH040B
-------\Service_service
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-02-06 al 2012-03-06  )))))))))))))))))))))))))))))))))))
.
.
2012-03-05 14:43 . 2012-03-05 14:43   --------   d-----r-   c:\documents and settings\NetworkService\Preferiti
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-01 08:27 . 2011-09-29 17:21   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-19 21:03 . 2011-10-01 17:24   134104   ----a-w-   c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-19 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[7] 2004-08-19 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[7] 2004-08-19 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[7] 2004-08-19 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[7] 2008-04-13 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-13 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[7] 2004-08-19 . E883AE6EA0B313E659225AA32E449CE9 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[7] 2004-08-19 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[7] 2004-08-19 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[7] 2004-08-19 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[7] 2004-08-19 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[7] 2004-08-19 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
[7] 2008-04-13 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[7] 2008-04-13 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[7] 2004-08-19 . 72FBF0322BE8A0F25AE722FDE36AB1E6 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[7] 2008-04-13 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-13 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[7] 2004-08-19 . 0815E8DA286775FA432C7C9EE5E10BA1 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[7] 2008-04-13 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[7] 2008-04-13 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[7] 2004-08-19 . 4AD6F202266A25BC0CC1DCE2A3D91563 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
.
[7] 2008-04-13 17:13 . C43124F63818E65CAFA49D3957C3CA67 . 845824 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[7] 2008-04-13 17:13 . C43124F63818E65CAFA49D3957C3CA67 . 845824 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[7] 2004-08-19 12:00 . B979BBBA74F4F5DB69C3A5DFDC52828C . 845824 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[7] 2008-04-13 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[7] 2008-04-13 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[7] 2008-04-13 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[7] 2004-08-19 . 04E8321935AD5643FF59901F3EF5F4F3 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[7] 2008-04-13 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[7] 2008-04-13 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\rpcss.dll
[7] 2004-08-19 . 0C015AB735A4624C44CB5696E9208C4C . 395776 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
.
[7] 2008-04-13 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[7] 2008-04-13 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\system32\services.exe
[7] 2004-08-19 . E77F6FA2A15390F1727F4C1C55B69DA6 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[7] 2008-04-13 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2008-04-13 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[7] 2004-08-19 . 216F8454A9415DD3E451B169DC3121C4 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2011-09-30 . 90F406811EE1EEE294792D00E21CA16C . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-13 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2004-08-19 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[7] 2008-04-13 . E8B6AF451AE34742DA3D9623F7E94EFD . 111616 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[7] 2008-04-13 . E8B6AF451AE34742DA3D9623F7E94EFD . 111616 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe
[7] 2004-08-19 . 197FB5735293C1DE647B02BBD8121A9F . 111616 . . [5.4.3790.2180] . . c:\windows\$NtServicePackUninstall$\wuauclt.exe
.
[7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[7] 2004-08-19 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[7] 2008-04-13 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[7] 2008-04-13 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-13 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2004-08-19 . 0FE5F5912C30795C455A9645970E6C7C . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2004-08-19 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-19 . D81759006D620D41F7FD1D2A4A10C7F3 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[7] 2008-04-13 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[7] 2008-04-13 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[7] 2004-08-19 . E0CC838265401128097D182FB583889A . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[7] 2008-04-13 17:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[7] 2008-04-13 17:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\system32\es.dll
[7] 2004-08-19 12:00 . 16A4DE76313DD3ABF7635565BAAF1512 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\es.dll
.
[7] 2008-04-13 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-13 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[7] 2004-08-19 . CA38A6091ECAC2668EC99AFD4B6C0615 . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[7] 2008-04-13 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[7] 2008-04-13 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\system32\kernel32.dll
[7] 2004-08-19 . FEB3CC200749FF119BB8B08224A1A594 . 1027584 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
.
[7] 2008-04-13 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[7] 2008-04-13 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[7] 2004-08-19 . AED27A44228C3B2D24406A2755133922 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[7] 2008-04-13 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[7] 2008-04-13 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[7] 2004-08-19 . 54260506F6A2589DCF5722E32BDC7CB6 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2008-04-13 . F543C74EB47E1C1DB9362BDFE06433EE . 3066880 . . [6.00.2900.5512] . . c:\windows\ie8\mshtml.dll
[7] 2008-04-13 . F543C74EB47E1C1DB9362BDFE06433EE . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2004-08-19 . B0D7B00D4FDC5BB8203E0A38D15CBAA2 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
.
[7] 2008-04-13 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[7] 2008-04-13 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[7] 2008-04-13 . 94B53C04B242E8D5E7F07B37619F6636 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[7] 2004-08-19 . 9E6CB81BE111B9935F6A97C367CABD4E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[7] 2004-08-19 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[7] 2004-08-19 . F1B3C3DE9374C4A7B29A92BD749404B5 . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[7] 2008-04-13 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[7] 2008-04-13 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\system32\mswsock.dll
[7] 2004-08-19 . 337CB52AF1F7CF6C0F57EC8BD14DC6D1 . 247296 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
.
[7] 2008-04-13 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[7] 2008-04-13 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[7] 2004-08-19 . 926BB51BB6DE79DEDB93E9C2B0811CCF . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[7] 2008-04-13 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-13 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[7] 2004-08-19 . 41FF9D663219A1DD0397FE2C5B09436C . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[7] 2008-04-13 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[7] 2008-04-13 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[7] 2004-08-19 . 1446EB71ADF0F54980CDD7E5A812E102 . 186880 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[7] 2008-04-13 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[7] 2008-04-13 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[7] 2004-08-19 . E6F026DBC75B6EED7331EBF581AFD4D8 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[7] 2008-04-13 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-13 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[7] 2004-08-19 . 73955B04F209D8A1C633867841267A96 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[7] 2008-04-13 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[7] 2008-04-13 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[7] 2004-08-19 . 2F8CBA2D2A332EB5D2A7DC084E3B30B3 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[7] 2008-04-13 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-13 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2004-08-19 . 08447BDFCE5D1B1956F962602381F5C1 . 578048 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
[7] 2008-04-13 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-13 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[7] 2004-08-19 . C1E7FE19F98A877BF8F941BF48148695 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\wininet.dll
[7] 2008-04-13 . 663E74D98D2E67C1343D367388EDD711 . 668672 . . [6.00.2900.5512] . . c:\windows\ie8\wininet.dll
[7] 2008-04-13 . 663E74D98D2E67C1343D367388EDD711 . 668672 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2004-08-19 . 27966534A0820CD3BD988BD1517C8FF2 . 658944 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll
.
[7] 2008-04-13 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-13 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[7] 2004-08-19 . 12EAD983C875ED9BCC8B90E3F77F2E4A . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[7] 2008-04-13 . D041DBDB9192A8B6EA7C6EA379F11255 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[7] 2008-04-13 . D041DBDB9192A8B6EA7C6EA379F11255 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[7] 2004-08-19 . 0C1F495C1761C126BC820F4DE4C8B967 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[7] 2008-04-13 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-13 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-19 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[7] 2008-04-13 . 15AE38B9AEED84C02EA0A3A9C76FEA02 . 151552 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-13 . 15AE38B9AEED84C02EA0A3A9C76FEA02 . 151552 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2004-08-19 . 2452458A26C4DD00E68F060870317675 . 151552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[7] 2008-04-13 . DA5AB646CDA75F2801660F5754990D2F . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[7] 2008-04-13 . DA5AB646CDA75F2801660F5754990D2F . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[7] 2004-08-19 . 66364440C71911D07468F3791206FB87 . 1281024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll
.
[7] 2008-04-13 . 2123D430FD85EFB80F1F139431A3A6F0 . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[7] 2008-04-13 . 2123D430FD85EFB80F1F139431A3A6F0 . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\usp10.dll
[7] 2004-08-19 . D80FEA125DC5860E4BC786AE07DE6DB8 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[7] 2008-04-13 . 0AB23B85BF9E4EFFDB203199BC907552 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[7] 2008-04-13 . 0AB23B85BF9E4EFFDB203199BC907552 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[7] 2004-08-19 . FBBB356A996903FFB831BF72FD2A3E85 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[7] 2008-04-13 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-13 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-19 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[7] 2008-04-13 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[7] 2008-04-13 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[7] 2004-08-19 . 500E8EF27757B1C463A4A263ED2C95D2 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
.
[7] 2008-04-13 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-13 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[7] 2004-08-19 . BA4E8AC9A60C4527C969D08F3ABE9D36 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[7] 2008-04-13 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[7] 2008-04-13 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[7] 2004-08-19 . A49C11376727F7ADC7E206E4C89B24E1 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[7] 2008-04-13 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[7] 2008-04-13 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[7] 2004-08-19 . 3208BAD59EFA3F4FCCCFBF1317F2A1C1 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[7] 2008-04-13 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-13 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[7] 2004-08-19 . D1CAA255F33C06C8302769A86FFB905E . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[7] 2008-04-13 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-13 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[7] 2004-08-19 . 0F9AAB130D89786A59F8F93A9E23C658 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[7] 2004-08-19 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[7] 2008-04-13 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[7] 2008-04-13 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[7] 2004-08-19 . 78FBE7DA29307EDE7ED0E33F1C4969BC . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[7] 2008-04-13 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[7] 2008-04-13 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[7] 2004-08-19 . 546254D4769E165CDC3388D74B201FCB . 193024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[7] 2008-04-13 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[7] 2008-04-13 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[7] 2004-08-19 . 1FBF38A525EEDD7402BFA7E27236A64F . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[7] 2008-04-13 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-13 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[7] 2004-08-19 . C06CD1890279603E15020757E02DE56B . 296960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[7] 2008-04-13 . 705B64A073DFF1AF96F49B00B9D297A3 . 346624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[7] 2008-04-13 . 705B64A073DFF1AF96F49B00B9D297A3 . 346624 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[7] 2004-08-19 . 250D4F4E1E27543C121378268FE07208 . 346624 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[7] 2004-08-19 . 49AC5CD87FBDDA62F3E25190019E7627 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[7] 2008-04-13 07:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[7] 2008-04-13 07:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[7] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[7] 2004-08-19 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[7] 2008-04-13 17:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[7] 2008-04-13 17:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2004-08-19 12:00 . 907601D4078A5526CDA46536A4288E44 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[7] 2008-04-13 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[7] 2008-04-13 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[7] 2004-08-19 . 3777AB9537D05BFD404B0FBC13A140A6 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[7] 2008-04-13 17:13 . C5B8FF892ECDBE965E1E3F47013E7917 . 52736 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll
[7] 2008-04-13 17:13 . C5B8FF892ECDBE965E1E3F47013E7917 . 52736 . . [9.0.1.56] . . c:\windows\system32\dllcache\mspmsnsv.dll
[7] 2004-08-19 12:00 . 68B975F737FA8F063F4036F9F8432F0A . 52736 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll
.
[7] 2008-04-13 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
[7] 2004-08-19 . 4DC3A3626B02C39AA69AAE6F64BFBC2D . 2060544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
[7] 2008-04-13 17:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[7] 2008-04-13 17:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[7] 2004-08-19 12:00 . 6D96A941EED90224486F9AF30B9666E1 . 437248 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[7] 2008-04-13 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[7] 2008-04-13 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[7] 2004-08-19 . 55D9782BFE8C70B70E892E51566BF7D4 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[7] 2008-04-13 . D1308031093AE0FBCB903422E8E6C55E . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[7] 2008-04-13 . D1308031093AE0FBCB903422E8E6C55E . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[7] 2004-08-19 . E99A5DF2A937580361D6C698E4620DBA . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[7] 2008-04-13 . B595EA5D8E446E38AC7F3A0E65E33AA0 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[7] 2008-04-13 . B595EA5D8E446E38AC7F3A0E65E33AA0 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[7] 2004-08-19 . CC954D05B696D408EA1A962651FC6F83 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[7] 2008-04-13 . 26F279B39B127844B266B201F6DEF9C0 . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[7] 2008-04-13 . 26F279B39B127844B266B201F6DEF9C0 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[7] 2004-08-19 . 613E66ACE3FAE6523E6F1A0183AF7F2D . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[7] 2008-04-13 17:13 . EEA7DDED2F11300B4B00C81D93A14898 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[7] 2008-04-13 17:13 . EEA7DDED2F11300B4B00C81D93A14898 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[7] 2004-08-19 12:00 . CB6B225CC6C85CDA0430EF12441EA5B6 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[7] 2008-04-13 . 3B90A7B999B837AB74C1669CE94F11E3 . 40960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[7] 2008-04-13 . 3B90A7B999B837AB74C1669CE94F11E3 . 40960 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[7] 2004-08-19 . 8058A9383E61C45D25B93B26605F2A80 . 40960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[7] 2008-04-13 . DF664CCE822387D0CB6A35787B6DF6CD . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[7] 2008-04-13 . DF664CCE822387D0CB6A35787B6DF6CD . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[7] 2004-08-19 . 9B5A59851D9A237C86210E07E2195A12 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-04-13 . 173E49AEBB665C0577D751BA55F84B6C . 93184 . . [6.00.2900.5512] . . c:\windows\ie8\iexplore.exe
[7] 2008-04-13 . 173E49AEBB665C0577D751BA55F84B6C . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2004-08-19 . C49ED6E4358FFAECFE70FC8F3C67D224 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
.
[7] 2008-04-13 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
[7] 2004-08-19 . 4591CF1F202181113DE2996E79A2905A . 2184704 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
.
[7] 2008-04-13 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-13 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[7] 2004-08-19 . BA4E8AC9A60C4527C969D08F3ABE9D36 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[7] 2008-04-13 . 2969DD84B584A6BB541A5273103957A3 . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[7] 2008-04-13 . 2969DD84B584A6BB541A5273103957A3 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[7] 2004-08-19 . 8B97D00E5C6A593EBB605CE4B8A5CAA5 . 176640 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[7] 2008-04-13 . 3B9263E137896E4D303494F116E00608 . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[7] 2008-04-13 . 3B9263E137896E4D303494F116E00608 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[7] 2004-08-19 . 2BB718BB4252909C389B3966492B0F30 . 333824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[7] 2008-04-13 . 900D7BBEFCCC50A73B38E342B68D346A . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[7] 2008-04-13 . 900D7BBEFCCC50A73B38E342B68D346A . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[7] 2004-08-19 . EAAA11BE5C162266E698F7658BD8A1DA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[7] 2008-04-13 . 4E31240C4C96ADD76F6C5C63461156EE . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[7] 2008-04-13 . 4E31240C4C96ADD76F6C5C63461156EE . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[7] 2004-08-19 . 057393DFF71E294EDF6DB3AD2A0CD0DE . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2011-09-28 55296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-28 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-28 114688]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Norton Ghost 12.0"="c:\programmi\Norton Ghost\Agent\VProTray.exe" [2007-03-28 2037352]
"TkBellExe"="c:\programmi\Real\RealPlayer\update\realsched.exe" [2011-11-06 273528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
"c:\\Programmi\\Real\\RealUpgrade\\realupgrade.exe"=
.
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;c:\programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe [25/10/2011 16.20.24 554352]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [29/09/2011 15.24.56 136176]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [29/09/2011 15.24.56 136176]
.
[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown[/COLOR]
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
cimnotify
queuemgr
cachemanxp
oracleorahome92tnslistener
SaiClass
usb_rndisx
cvspydr2
tversitymediaserver
U2SP
AsuhfivrO
prtg4service
rtl8029
nimdbgk
vzfw
mvserver
STV672
s116obex
sifilter
nvsmu
snoopfree
cpuidlep
aracpi
RR2IOMod
tifm21
MRENDIS5
vpcbus
rootmodem
oraclesnmppeerencapsulator
plsremotesvc
se44mdfl
tm_cfw
WmaCVideo32
odclientservice
PEVSystemStart
zdeviceservice
WISTechVIDCAP
nv
AsIO
StarOpen
USB_NDIS_51
WmUsbHid
zBackupAssistService
ZSMC301b
STV680m
stirusb
SetupNT
stllssvr
svcwmu
w810mgmt
srvdpi
sonypvs1
sysaidagent
ypcservice
tb2launch
sbcssvc
stac97
WINIO
se58nd5
se45mdfl
SfCtlCom
websensedcagent
3compxe
vaiomediaplatform-mobile-gateway
sp_clamsrv
uagp35
se45unic
trioservice
XilinxPC4Driver
VNUSB
sbpci
sonytvc
TeamViewer
smapint
SPCtl
SQTECH9080
ventrilo
vaiomediaplatform-integratedserver-upnp
se58mgmt
SMCB000
umpusbxp
usb20l
TPwSav
slabbus
tavsvc
WMIService
V0070VID
tng-doba
vsmon
ShockMgr
syslogd
wtwservice
sfsync04
evteng
regsrvc
se58obex
tmesrv3
w810obex
tosrfsnd
symredrv
symids
SGIR
w550bus
ZDPSp50
wlsetupsvc
vmount2
tfsnudf
UCTblHid
UNDPX2A
sfhlp01
wanatw
VC4CB104
PD0620VID
nvport
UsbserFilt
uphclean
pavsrv
digictrl
iap
icraplus
pdscheduler
pdlnepkt
tfsncofs
vwkernel
Eplpdx02
wampmysqld
siswlsvc
U81xmgmt
cxpt_service
3comtftp
emupia
pdlnatcm
ccispwdsvc
epsonbidirectionalagent
tunmp
db2remotecmd
elbycdio
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-09-29 14:24]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-09-29 14:24]
.
2012-03-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-606747145-1606980848-854245398-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 12:40]
.
2012-03-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-1606980848-854245398-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 12:40]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
TCP: DhcpNameServer = 83.103.25.250 62.101.93.101
FF - ProfilePath - c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\5t1ozb7i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-06 18:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(1984)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\windows\SOUNDMAN.EXE
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2012-03-06  18:40:28 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2012-03-06 17:40
.
Pre-Run: 63.044.034.560 byte disponibili
Post-Run: 63.049.506.816 byte disponibili
.
- - End Of File - - BB3422A25AD188159B47C97C00B1C169
bob20
Utente Senior
 
Post: 214
Iscritto il: 31/03/05 21:06

Re: Grave infezione da trojan Sirefef.BP... Aiuto!

Postdi bob20 » 13/03/12 17:21

Non mi piace sollecitare una risposta in questo forum, in cui fornite gentilmente assistenza gratuita, senza essere certo tenuti a farlo.
Quindi spero di non risultare antipatico e impaziente scrivendo questo messaggio... è solo che è passata quasi una settimana da quando ho postato il log, e non ho ancora ricevuto risposta, quindi non so proprio che fare...
Nel caso in cui Luke57, che molto gentilmente mi stava aiutando, in questi giorni non abbia il tempo di seguire il mio problema, potrei chiedere a qualcun altro degli utenti esperti di dare per favore un'occhiata al log e farmi sapere se c'è qualcosa che posso provare a fare per rimuovere questo fastidiosissimo virus?

Grazie a chiunque rispondesse
bob20
Utente Senior
 
Post: 214
Iscritto il: 31/03/05 21:06

Re: Grave infezione da trojan Sirefef.BP... Aiuto!

Postdi FrancescoFDAC » 13/03/12 17:32

Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● clicca due volte sul file TDSSKiller.exe per avviare l'applicazione
● successivamente premi il pulsante Start scan

Nota - riguardo al programma:
● non cliccare sul pulsante Stop scan per nessun motivo, la scansione si interromperebbe

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure: clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip: clicca quindi su Continua
● se non viene rilevato nulla, chiudi semplicemente il programma al termine della scansione

Una volta terminata la scansione, si presenterà una di queste due opzioni:
non è necessario il riavvio del sistema: allega il Report situato nel Disco Locale C:\, di nome TDSSKiller.[Version]_[Date]_[Time]_log.txt
● è necessario riavviare il sistema: clicca su Riavvia ora, infine allega il risultato della scansione (si trova nello stesso percorso menzionato poco fa')
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Grave infezione da trojan Sirefef.BP... Aiuto!

Postdi bob20 » 13/03/12 19:16

Grazie mille per avermi subito risposto!
Ho fatto quello che mi hai detto. Durante la scansione non ha segnalato nessun file (nè infetto, nè sospetto) e alla fine non mi ha chiesto di riavviare.
Un'informazione, non so se può essere utile: ora (dalla prima volta che sono entrato in provvisoria la settimana scorsa) l'avvio di XP è stranamente più veloce e soprattutto entra direttamente in modalità provvisoria (non so dire se con o senza rete, perché questo virus disabilita la possibilità di navigare...).

Comunque, questo è il risultato della scansione:
Codice: Seleziona tutto
18:03:13.0533 3156   TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
18:03:13.0583 3156   ============================================================
18:03:13.0583 3156   Current date / time: 2012/03/13 18:03:13.0583
18:03:13.0583 3156   SystemInfo:
18:03:13.0583 3156   
18:03:13.0583 3156   OS Version: 5.1.2600 ServicePack: 3.0
18:03:13.0583 3156   Product type: Workstation
18:03:13.0583 3156   ComputerName: ESSEDI-0EC7476F
18:03:13.0583 3156   UserName: Roberto
18:03:13.0583 3156   Windows directory: C:\WINDOWS
18:03:13.0583 3156   System windows directory: C:\WINDOWS
18:03:13.0583 3156   Processor architecture: Intel x86
18:03:13.0583 3156   Number of processors: 1
18:03:13.0583 3156   Page size: 0x1000
18:03:13.0583 3156   Boot type: Normal boot
18:03:13.0583 3156   ============================================================
18:03:15.0185 3156   Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:03:15.0185 3156   \Device\Harddisk0\DR0:
18:03:15.0185 3156   MBR used
18:03:15.0185 3156   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
18:03:15.0185 3156   \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C41B17, BlocksNum 0x8DD6FAA
18:03:15.0276 3156   Initialize success
18:03:15.0276 3156   ============================================================
18:03:31.0088 3192   ============================================================
18:03:31.0088 3192   Scan started
18:03:31.0088 3192   Mode: Manual;
18:03:31.0088 3192   ============================================================
18:03:31.0409 3192   Abiosdsk - ok
18:03:31.0439 3192   abp480n5 - ok
18:03:31.0519 3192   ACPI            (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:03:31.0519 3192   ACPI - ok
18:03:31.0579 3192   ACPIEC          (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:03:31.0579 3192   ACPIEC - ok
18:03:31.0619 3192   adpu160m - ok
18:03:31.0699 3192   aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:03:31.0699 3192   aec - ok
18:03:31.0749 3192   AFD             (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
18:03:31.0749 3192   AFD - ok
18:03:31.0809 3192   AgereSoftModem - ok
18:03:31.0859 3192   Aha154x - ok
18:03:31.0899 3192   aic78u2 - ok
18:03:31.0940 3192   aic78xx - ok
18:03:31.0980 3192   ALCXWDM - ok
18:03:32.0050 3192   AliIde - ok
18:03:32.0080 3192   amsint - ok
18:03:32.0180 3192   ApfiltrService - ok
18:03:32.0250 3192   Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:03:32.0250 3192   Arp1394 - ok
18:03:32.0290 3192   asc - ok
18:03:32.0330 3192   asc3350p - ok
18:03:32.0380 3192   asc3550 - ok
18:03:32.0480 3192   AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:03:32.0480 3192   AsyncMac - ok
18:03:32.0520 3192   atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:03:32.0530 3192   atapi - ok
18:03:32.0560 3192   Atdisk - ok
18:03:32.0601 3192   Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:03:32.0611 3192   Atmarpc - ok
18:03:32.0691 3192   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:03:32.0691 3192   audstub - ok
18:03:32.0821 3192   avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programmi\Avira\AntiVir Desktop\avgio.sys
18:03:32.0821 3192   avgio - ok
18:03:32.0871 3192   avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:03:32.0871 3192   avgntflt - ok
18:03:32.0901 3192   avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:03:32.0911 3192   avipbb - ok
18:03:33.0001 3192   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:03:33.0001 3192   Beep - ok
18:03:33.0071 3192   BrPar - ok
18:03:33.0121 3192   catchme - ok
18:03:33.0191 3192   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:03:33.0211 3192   cbidf2k - ok
18:03:33.0241 3192   cd20xrnt - ok
18:03:33.0281 3192   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:03:33.0281 3192   Cdaudio - ok
18:03:33.0322 3192   Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:03:33.0332 3192   Cdfs - ok
18:03:33.0362 3192   Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:03:33.0372 3192   Cdrom - ok
18:03:33.0392 3192   Changer - ok
18:03:33.0452 3192   CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:03:33.0452 3192   CmBatt - ok
18:03:33.0482 3192   CmdIde - ok
18:03:33.0522 3192   Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:03:33.0542 3192   Compbatt - ok
18:03:33.0602 3192   Cpqarray - ok
18:03:33.0702 3192   dac2w2k - ok
18:03:33.0742 3192   dac960nt - ok
18:03:33.0812 3192   Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:03:33.0812 3192   Disk - ok
18:03:33.0912 3192   dmboot          (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
18:03:33.0942 3192   dmboot - ok
18:03:33.0982 3192   dmio            (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
18:03:33.0993 3192   dmio - ok
18:03:34.0053 3192   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:03:34.0053 3192   dmload - ok
18:03:34.0133 3192   DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:03:34.0143 3192   DMusic - ok
18:03:34.0203 3192   dpti2o - ok
18:03:34.0243 3192   drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:03:34.0243 3192   drmkaud - ok
18:03:34.0353 3192   ENECBPTH        (1fec25c49afbc34accbf3dc53031affe) C:\WINDOWS\system32\drivers\ENECBPTH.sys
18:03:34.0353 3192   ENECBPTH - ok
18:03:34.0493 3192   Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:03:34.0493 3192   Fastfat - ok
18:03:34.0563 3192   Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:03:34.0563 3192   Fdc - ok
18:03:34.0613 3192   Fips            (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
18:03:34.0613 3192   Fips - ok
18:03:34.0653 3192   Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:03:34.0653 3192   Flpydisk - ok
18:03:34.0714 3192   FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:03:34.0724 3192   FltMgr - ok
18:03:34.0744 3192   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:03:34.0764 3192   Fs_Rec - ok
18:03:34.0804 3192   Ftdisk          (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:03:34.0804 3192   Ftdisk - ok
18:03:34.0874 3192   GEARAspiWDM     (f877c945233039914dbe63b76f9a1065) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:03:34.0874 3192   GEARAspiWDM - ok
18:03:34.0954 3192   Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:03:34.0954 3192   Gpc - ok
18:03:35.0084 3192   hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:03:35.0084 3192   hidusb - ok
18:03:35.0134 3192   hpn - ok
18:03:35.0194 3192   HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
18:03:35.0194 3192   HTTP - ok
18:03:35.0264 3192   i2omgmt - ok
18:03:35.0304 3192   i2omp - ok
18:03:35.0354 3192   i8042prt        (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:03:35.0354 3192   i8042prt - ok
18:03:35.0405 3192   ialm - ok
18:03:35.0475 3192   Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:03:35.0475 3192   Imapi - ok
18:03:35.0525 3192   ini910u - ok
18:03:35.0575 3192   IntelIde        (027fe9b28fb0f861c181d25923b31e78) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:03:35.0575 3192   IntelIde - ok
18:03:35.0635 3192   intelppm        (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:03:35.0635 3192   intelppm - ok
18:03:35.0695 3192   Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:03:35.0695 3192   Ip6Fw - ok
18:03:35.0755 3192   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:03:35.0755 3192   IpFilterDriver - ok
18:03:35.0795 3192   IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:03:35.0795 3192   IpInIp - ok
18:03:35.0845 3192   IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:03:35.0845 3192   IpNat - ok
18:03:35.0905 3192   IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:03:35.0905 3192   IPSec - ok
18:03:35.0965 3192   irda            (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
18:03:35.0975 3192   irda - ok
18:03:36.0015 3192   IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:03:36.0015 3192   IRENUM - ok
18:03:36.0086 3192   isapnp          (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:03:36.0096 3192   isapnp - ok
18:03:36.0126 3192   Kbdclass        (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:03:36.0146 3192   Kbdclass - ok
18:03:36.0196 3192   kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:03:36.0206 3192   kmixer - ok
18:03:36.0256 3192   KSecDD          (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
18:03:36.0266 3192   KSecDD - ok
18:03:36.0326 3192   lbrtfdc - ok
18:03:36.0486 3192   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:03:36.0486 3192   mnmdd - ok
18:03:36.0546 3192   Modem           (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
18:03:36.0546 3192   Modem - ok
18:03:36.0586 3192   Mouclass        (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:03:36.0586 3192   Mouclass - ok
18:03:36.0656 3192   mouhid          (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:03:36.0656 3192   mouhid - ok
18:03:36.0726 3192   MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:03:36.0726 3192   MountMgr - ok
18:03:36.0777 3192   mraid35x - ok
18:03:36.0797 3192   MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:03:36.0807 3192   MRxDAV - ok
18:03:36.0867 3192   MRxSmb          (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:03:36.0877 3192   MRxSmb - ok
18:03:36.0937 3192   Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:03:36.0937 3192   Msfs - ok
18:03:37.0017 3192   MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:03:37.0027 3192   MSKSSRV - ok
18:03:37.0067 3192   MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:03:37.0067 3192   MSPCLOCK - ok
18:03:37.0107 3192   MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:03:37.0117 3192   MSPQM - ok
18:03:37.0177 3192   mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:03:37.0177 3192   mssmbios - ok
18:03:37.0237 3192   Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
18:03:37.0237 3192   Mup - ok
18:03:37.0307 3192   NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:03:37.0317 3192   NDIS - ok
18:03:37.0367 3192   NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:03:37.0367 3192   NdisTapi - ok
18:03:37.0417 3192   Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:03:37.0417 3192   Ndisuio - ok
18:03:37.0467 3192   NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:03:37.0467 3192   NdisWan - ok
18:03:37.0508 3192   NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
18:03:37.0508 3192   NDProxy - ok
18:03:37.0558 3192   NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:03:37.0558 3192   NetBIOS - ok
18:03:37.0598 3192   NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:03:37.0608 3192   NetBT - ok
18:03:37.0728 3192   NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:03:37.0728 3192   NIC1394 - ok
18:03:37.0818 3192   Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:03:37.0818 3192   Npfs - ok
18:03:37.0888 3192   Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:03:37.0898 3192   Ntfs - ok
18:03:37.0988 3192   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:03:37.0988 3192   Null - ok
18:03:38.0038 3192   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:03:38.0038 3192   NwlnkFlt - ok
18:03:38.0108 3192   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:03:38.0108 3192   NwlnkFwd - ok
18:03:38.0169 3192   ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:03:38.0169 3192   ohci1394 - ok
18:03:38.0219 3192   Parport         (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\DRIVERS\parport.sys
18:03:38.0219 3192   Parport - ok
18:03:38.0259 3192   PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:03:38.0259 3192   PartMgr - ok
18:03:38.0319 3192   ParVdm          (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
18:03:38.0319 3192   ParVdm - ok
18:03:38.0349 3192   PCI             (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
18:03:38.0359 3192   PCI - ok
18:03:38.0389 3192   PCIDump - ok
18:03:38.0459 3192   PCIIde          (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:03:38.0459 3192   PCIIde - ok
18:03:38.0499 3192   Pcmcia          (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:03:38.0499 3192   Pcmcia - ok
18:03:38.0559 3192   PDCOMP - ok
18:03:38.0589 3192   PDFRAME - ok
18:03:38.0619 3192   PDRELI - ok
18:03:38.0659 3192   PDRFRAME - ok
18:03:38.0689 3192   perc2 - ok
18:03:38.0719 3192   perc2hib - ok
18:03:38.0860 3192   PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:03:38.0860 3192   PptpMiniport - ok
18:03:38.0930 3192   PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:03:38.0930 3192   PSched - ok
18:03:38.0980 3192   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:03:38.0980 3192   Ptilink - ok
18:03:39.0020 3192   ql1080 - ok
18:03:39.0060 3192   Ql10wnt - ok
18:03:39.0090 3192   ql12160 - ok
18:03:39.0150 3192   ql1240 - ok
18:03:39.0180 3192   ql1280 - ok
18:03:39.0210 3192   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:03:39.0210 3192   RasAcd - ok
18:03:39.0300 3192   Rasirda         (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
18:03:39.0300 3192   Rasirda - ok
18:03:39.0320 3192   Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:03:39.0320 3192   Rasl2tp - ok
18:03:39.0370 3192   RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:03:39.0370 3192   RasPppoe - ok
18:03:39.0410 3192   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:03:39.0410 3192   Raspti - ok
18:03:39.0480 3192   Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:03:39.0480 3192   Rdbss - ok
18:03:39.0520 3192   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:03:39.0520 3192   RDPCDD - ok
18:03:39.0641 3192   RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
18:03:39.0651 3192   RDPWD - ok
18:03:39.0701 3192   redbook         (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:03:39.0701 3192   redbook - ok
18:03:39.0831 3192   rtl8139         (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
18:03:39.0831 3192   rtl8139 - ok
18:03:39.0961 3192   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:03:39.0961 3192   Secdrv - ok
18:03:40.0071 3192   Serial          (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\drivers\Serial.sys
18:03:40.0071 3192   Serial - ok
18:03:40.0131 3192   Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:03:40.0131 3192   Sfloppy - ok
18:03:40.0191 3192   Simbad - ok
18:03:40.0282 3192   SMCIRDA         (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
18:03:40.0302 3192   SMCIRDA - ok
18:03:40.0332 3192   Sparrow - ok
18:03:40.0412 3192   splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:03:40.0412 3192   splitter - ok
18:03:40.0472 3192   sr              (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
18:03:40.0472 3192   sr - ok
18:03:40.0542 3192   Srv             (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
18:03:40.0552 3192   Srv - ok
18:03:40.0632 3192   ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:03:40.0632 3192   ssmdrv - ok
18:03:40.0712 3192   swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:03:40.0712 3192   swenum - ok
18:03:40.0772 3192   swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:03:40.0772 3192   swmidi - ok
18:03:40.0852 3192   symc810 - ok
18:03:40.0892 3192   symc8xx - ok
18:03:40.0973 3192   symsnap         (5c66e6aa29dad1875cc74662dd13c87e) C:\WINDOWS\system32\DRIVERS\symsnap.sys
18:03:40.0973 3192   symsnap - ok
18:03:41.0013 3192   sym_hi - ok
18:03:41.0053 3192   sym_u3 - ok
18:03:41.0093 3192   sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:03:41.0093 3192   sysaudio - ok
18:03:41.0203 3192   Tcpip           (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:03:41.0213 3192   Tcpip - ok
18:03:41.0253 3192   TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:03:41.0253 3192   TDPIPE - ok
18:03:41.0313 3192   TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:03:41.0313 3192   TDTCP - ok
18:03:41.0373 3192   TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:03:41.0373 3192   TermDD - ok
18:03:41.0453 3192   TosIde - ok
18:03:41.0563 3192   Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:03:41.0563 3192   Udfs - ok
18:03:41.0603 3192   ultra - ok
18:03:41.0664 3192   Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:03:41.0694 3192   Update - ok
18:03:41.0764 3192   usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:03:41.0764 3192   usbehci - ok
18:03:41.0784 3192   usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:03:41.0794 3192   usbhub - ok
18:03:41.0874 3192   usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:03:41.0874 3192   usbprint - ok
18:03:41.0924 3192   USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:03:41.0944 3192   USBSTOR - ok
18:03:41.0984 3192   usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:03:41.0984 3192   usbuhci - ok
18:03:42.0024 3192   MBR (0x1B8)     (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
18:03:42.0254 3192   \Device\Harddisk0\DR0 - ok
18:03:42.0284 3192   Boot (0x1200)   (f7d8917ae703b2d5aadbfacf5ff5720a) \Device\Harddisk0\DR0\Partition0
18:03:42.0284 3192   \Device\Harddisk0\DR0\Partition0 - ok
18:03:42.0334 3192   Boot (0x1200)   (3f4d65e76242d6d886b99e1a52bcfd8d) \Device\Harddisk0\DR0\Partition1
18:03:42.0334 3192   \Device\Harddisk0\DR0\Partition1 - ok
18:03:42.0355 3192   ============================================================
18:03:42.0355 3192   Scan finished
18:03:42.0355 3192   ============================================================
18:03:42.0405 3196   Detected object count: 0
18:03:42.0405 3196   Actual detected object count: 0
18:09:08.0584 3164   Deinitialize success
bob20
Utente Senior
 
Post: 214
Iscritto il: 31/03/05 21:06

Re: Grave infezione da trojan Sirefef.BP... Aiuto!

Postdi FrancescoFDAC » 13/03/12 20:34

Avira rileva sempre la stessa infezione?

Allega un log aggiornato di Hijackthis, insieme a quello di malwarebytes (scansione completa, prima aggiornalo).


Francesco
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Grave infezione da trojan Sirefef.BP... Aiuto!

Postdi bob20 » 14/03/12 21:44

Ciao. Purtroppo non riesco ad aggiornare Malwarebytes (errore: PROGRAM_ERROR_UPDATING (11004, 0, No address found) ), comunque ho fatto lo stesso la scansione. Questa è la prima parte del log:
Codice: Seleziona tutto
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Versione database: v2012.01.13.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Roberto :: ESSEDI-0EC7476F [amministratore]

14/03/2012 19.46.50
mbam-log-2012-03-14 (19-46-50).txt

Tipo di scansione: Scansione completa
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 176413
Tempo impiegato: 12 minuti, 42 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 1
C:\WINDOWS\system32\FTDIBUS.dll (Rootkit.0Access) -> Verrà eliminato al riavvio.

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 417
C:\WINDOWS\system32\FTDIBUS.dll (Rootkit.0Access) -> Verrà eliminato al riavvio.
C:\Documents and Settings\Roberto\Documenti\Go-OO-Plus-321\Settings\Native\STUBEXE\8.0.1112\@SYSTEM@\verclsid.exe (Trojan.Agent) -> Spostato in quarantena ed eliminato con successo.
C:\Documents and Settings\Roberto\Documenti\Go-OO-Plus-321\Settings\Virtual\STUBEXE\8.0.1112\@APPDATA@\OpenOffice.org\3\user\uno_packages\cache\uno_packages\2A.tmp_\sun-pdfimport.oxt\xpdfimport.exe (Trojan.Agent) -> Spostato in quarantena ed eliminato con successo.
C:\Documents and Settings\Roberto\Documenti\Go-OO-Plus-321\Settings\Virtual\STUBEXE\8.0.1112\@PROGRAMFILES@\OpenOffice.org 3\program\soffice.bin (Trojan.Agent) -> Spostato in quarantena ed eliminato con successo.
C:\Documents and Settings\Roberto\Documenti\Go-OO-Plus-321\Settings\Virtual\STUBEXE\8.0.1112\@PROGRAMFILES@\OpenOffice.org 3\program\soffice.exe (Trojan.Agent) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\acedrv05.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\AClient.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ADIDTSFiltService.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\AFGSp50.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ageresoftmodem.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\alertmanager.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ANC.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\aolavupd.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\Appn.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\AR5523.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\asapiw2k.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\avc.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\AYDrvNT_ALYAC.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\battc.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\BCM43XV.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\blueletscoaudio.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\BUFADPT.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bwcsrv.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\CADlink.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\carboncopyscheduler.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\CDRPDACC.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\Cinemsup.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\client32.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cmdmon.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\contentfilter.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cs429x.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\DELL_A02.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\DfwWebAgent.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\DN2AKNET.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drvmcdb.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dwmrcs.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\elbydelay.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\elnkfwppservice.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\enethusb.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\F700ius.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fltmgr.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fontcache3.0.0.0.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\grmnusb.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\GT890x.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ha10kx2k.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\HBtnKey.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\Hotkey.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\https-admserv61.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ICAM3NT5.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\iirsp.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\iksysflt.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\irsir.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\L6POD.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lexbces.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\LRMINIPORT.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\EpmShd.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\HPFECP20.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lxcd_device.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mrvw245.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nidomainservice.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SE27obex.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sharedaccess.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sthda.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tfsncofs.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UpdateCenterService.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\macformatservice.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mcvsrte.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mediaviewer.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\meiudf.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mf.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mmc_2K.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\modem.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\moufiltr.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mspqm.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mssqlserveradhelper.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mvwebserver.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mwlsvc.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mxssvr.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mysql.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\NETw4v32.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\NICM.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nimxdfk.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nipsvc.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nmwcdcj.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nv.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nvsmu.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ood2000.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\oracledbconsoleorcl.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\oraclemtsrecoveryservice.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\oracle_load_balancer_60_server-forms6ip9.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovmsmaccessmanager.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\P16X.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\p2pimsvc.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pca.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pccsmcfd.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pivot.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\plscsi.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ppmoucls.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\psasrv.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pshost.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ptserial.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pvservice.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\QPCapSvc.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qserver.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\raidmsvr.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rdnaoflsvc.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rkhdrv31.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rnadiagnosticsservice.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rollbackclientservice.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rt2500usb.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\RT25USBAP.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\RTSTOR.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\s3twistr.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SaiU040B.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sdbus.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SE2Dmdfl.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SE2Dmgmt.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SE2Eobex.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\se45bus.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SecureStorageService.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sermouse.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\server.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SetupNT.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\slip.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SNMP.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\softfax.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SPLITCAM.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\spmd.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SrvcEPECioctl.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\srvdpi.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ssoftservice.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\StillCam.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\StkASSrv.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\StkScan.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\stllssvr.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SWUMX51.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sysmonlog.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\T6963C.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tdpipe.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\thotkey.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tifm21.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\toshidpt.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tos_sps32.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\transcode360.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\truecrypt.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tsscoreservice.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\uagp35.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\usbio.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vaiomediaplatform-integratedserver-appserver.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vcommmgr.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\viaagp.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\videX32.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\VRADFIL.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vwlogger.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\w300bus.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\w550bus.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wacomvhid.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wdmaud.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\webrootcommagentservice.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\websensecamreportserver.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\WNCPKT.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wusb54gv2svc.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wwnetdde.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\x10nets.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ypcservice.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zebrceb.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\WINDOWS\system32\{6080a529-897e-4629-a488-aba0c29b635e}.dll.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.


(continua...)
bob20
Utente Senior
 
Post: 214
Iscritto il: 31/03/05 21:06

Re: Grave infezione da trojan Sirefef.BP... Aiuto!

Postdi bob20 » 14/03/12 21:45

ecco il resto del log (nel messaggio precedente non ci stava):

Codice: Seleziona tutto
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0008952.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0008953.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0008954.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0008955.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0008956.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0008957.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0008958.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0008959.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0008960.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0008961.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0008966.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0008967.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0008969.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0008970.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0008971.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0008972.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009002.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009003.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009004.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009005.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009007.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009008.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009009.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009010.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009011.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009012.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009014.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009015.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009016.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009017.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009018.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009019.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009020.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009021.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009022.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009023.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009025.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009026.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009027.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009028.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009029.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009030.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009031.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009032.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009033.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009034.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009035.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009036.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009037.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009038.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009039.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009040.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009041.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009043.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009044.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009045.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009046.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009047.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009048.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009049.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009050.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009051.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009052.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009053.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009054.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009055.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009056.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009057.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009058.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009059.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0008968.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009006.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009024.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009042.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009060.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009207.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009225.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009243.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009261.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009279.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009297.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009315.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009333.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009351.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009061.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009062.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009063.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009064.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009065.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009066.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009067.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009068.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009069.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009070.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009071.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009204.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009205.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009206.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009208.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009209.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009210.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009211.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009212.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009213.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009214.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009215.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009216.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009217.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009218.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009219.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009220.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009221.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009222.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009223.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009224.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009226.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009227.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009228.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009229.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009230.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009232.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009233.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009235.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009236.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009237.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009238.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009239.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009240.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009241.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009242.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009244.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009245.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009246.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009247.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009248.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009249.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009250.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009251.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009252.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009253.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009254.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009255.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009256.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009257.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009258.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009259.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009260.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009262.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009263.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009264.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009265.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009266.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009267.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009268.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009269.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009270.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009271.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009272.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009273.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009274.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009275.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009276.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009277.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009278.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009280.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009281.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009282.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009283.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009284.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009285.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009286.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009287.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009288.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009289.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009290.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009291.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009292.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009293.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009294.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009295.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009296.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009298.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009299.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009300.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009301.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009302.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009303.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009304.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009305.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009306.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009307.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009308.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009309.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009310.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009311.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009312.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009313.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009314.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009316.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009317.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009318.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009319.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009320.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009321.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009322.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009323.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009324.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009325.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009326.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009327.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009328.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009329.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009330.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009331.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009332.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009334.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009335.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009336.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009337.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009338.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009339.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009340.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009341.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009342.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009343.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009344.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009345.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009346.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009347.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009348.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009349.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009350.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009352.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009353.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009354.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009355.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009356.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009357.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009358.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009359.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009360.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009361.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009362.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009363.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009364.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009365.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009366.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\System Volume Information\_restore{CC28BE79-7EAA-4888-8AFA-24F951B1705B}\RP42\A0009367.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\WINDOWS\system32\themes.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
C:\WINDOWS\system32\cdrbsvsd.dll (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.

(fine)


Nel prossimo messaggio metto quello di Hijackthis
bob20
Utente Senior
 
Post: 214
Iscritto il: 31/03/05 21:06

Re: Grave infezione da trojan Sirefef.BP... Aiuto!

Postdi bob20 » 14/03/12 21:47

Il nuovo log di Hijackthis:
Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20.10.22, on 14/03/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Norton Ghost\Agent\VProTray.exe
C:\Programmi\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Norton Ghost\Agent\VProSvc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Programmi\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 5907 bytes


Dopo la scansione (e il riavvio) Avira non mi rileva più il virus, però il sistema continua a entrare automaticamente in una specie di Mod. Provvisoria (forse sbaglio a chiamarla così, non c'è scritto Modalità provvisoria, c'è lo sfondo del desktop, ma le icone e il cursore sono grandi, la grafica peggiore) e comunque internet ancora non funziona, nè con Explorer nè con Firefox, e come già detto non mi ha permesso gli aggiornamenti di Malwarebytes, benchè dal Pannello di controllo risulti ancora connesso.

Attendo nuove indicazioni, intanto ti ringrazio ancora per l'aiuto.
bob20
Utente Senior
 
Post: 214
Iscritto il: 31/03/05 21:06

Re: Grave infezione da trojan Sirefef.BP... Aiuto!

Postdi Luke57 » 15/03/12 00:18

Ciao, elimina la copia di combofix che hai sul desktop; reinserisci una nuova copia tramite il dispositivo Usb; riavvia in modalità provvisoria, lancia combofix. Dopo la scansione se ti chiede il riavvio, riavvia nuovamente in modalità provvisoria. Posta al termine il report di combofix.
Luke57
Moderatore
 
Post: 6175
Iscritto il: 11/08/05 19:10

Re: Grave infezione da trojan Sirefef.BP... Aiuto!

Postdi bob20 » 15/03/12 20:59

Ciao Luke, ho fatto come mi hai detto (non mi ha chiesto il riavvio). Questo è il log:
Codice: Seleziona tutto
ComboFix 12-03-15.03 - Roberto 15/03/2012  19.44.45.2.1 - x86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.3.1252.39.1040.18.495.203 [GMT 1:00]
Eseguito da: c:\documents and settings\Roberto\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {0012F2B4-5CC9-7C92-0300-000000000000}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-02-15 al 2012-03-15  )))))))))))))))))))))))))))))))))))
.
.
2012-03-15 18:21 . 2012-03-15 18:21   --------   d---a-w-   C:\.Trash-999
2012-03-14 18:42 . 2012-03-14 18:42   --------   d-----w-   c:\documents and settings\Roberto\Dati applicazioni\Malwarebytes
2012-03-14 18:42 . 2012-03-14 18:42   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2012-03-14 18:42 . 2012-03-14 18:42   --------   d-----w-   c:\programmi\Malwarebytes' Anti-Malware
2012-03-14 18:42 . 2011-12-10 14:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-05 14:43 . 2012-03-05 14:43   --------   d-----r-   c:\documents and settings\NetworkService\Preferiti
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-01 08:27 . 2011-09-29 17:21   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-19 21:03 . 2011-10-01 17:24   134104   ----a-w-   c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2011-09-28 55296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-28 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-28 114688]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Norton Ghost 12.0"="c:\programmi\Norton Ghost\Agent\VProTray.exe" [2007-03-28 2037352]
"TkBellExe"="c:\programmi\Real\RealPlayer\update\realsched.exe" [2011-11-06 273528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
"c:\\Programmi\\Real\\RealUpgrade\\realupgrade.exe"=
.
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [29/09/2011 15.24.56 136176]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;c:\programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe [25/10/2011 16.20.24 554352]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [29/09/2011 15.24.56 136176]
.
[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown[/COLOR]
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
cimnotify
queuemgr
cachemanxp
oracleorahome92tnslistener
SaiClass
usb_rndisx
cvspydr2
tversitymediaserver
U2SP
AsuhfivrO
prtg4service
rtl8029
nimdbgk
vzfw
mvserver
STV672
s116obex
sifilter
nvsmu
snoopfree
cpuidlep
aracpi
RR2IOMod
tifm21
MRENDIS5
vpcbus
rootmodem
oraclesnmppeerencapsulator
plsremotesvc
se44mdfl
tm_cfw
WmaCVideo32
odclientservice
PEVSystemStart
zdeviceservice
WISTechVIDCAP
nv
AsIO
StarOpen
USB_NDIS_51
WmUsbHid
zBackupAssistService
ZSMC301b
STV680m
stirusb
SetupNT
stllssvr
svcwmu
w810mgmt
srvdpi
sonypvs1
sysaidagent
ypcservice
tb2launch
sbcssvc
stac97
WINIO
se58nd5
se45mdfl
SfCtlCom
websensedcagent
3compxe
vaiomediaplatform-mobile-gateway
sp_clamsrv
uagp35
se45unic
trioservice
XilinxPC4Driver
VNUSB
sbpci
sonytvc
TeamViewer
smapint
SPCtl
SQTECH9080
ventrilo
vaiomediaplatform-integratedserver-upnp
se58mgmt
SMCB000
umpusbxp
usb20l
TPwSav
slabbus
tavsvc
WMIService
V0070VID
tng-doba
vsmon
ShockMgr
syslogd
wtwservice
sfsync04
evteng
regsrvc
se58obex
tmesrv3
w810obex
tosrfsnd
symredrv
symids
SGIR
w550bus
ZDPSp50
wlsetupsvc
vmount2
tfsnudf
UCTblHid
UNDPX2A
sfhlp01
wanatw
VC4CB104
PD0620VID
nvport
UsbserFilt
uphclean
pavsrv
digictrl
iap
icraplus
pdscheduler
pdlnepkt
tfsncofs
vwkernel
Eplpdx02
wampmysqld
siswlsvc
U81xmgmt
cxpt_service
3comtftp
emupia
pdlnatcm
ccispwdsvc
epsonbidirectionalagent
tunmp
db2remotecmd
elbycdio
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-09-29 14:24]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-09-29 14:24]
.
2012-03-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-606747145-1606980848-854245398-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 12:40]
.
2012-03-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-1606980848-854245398-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 12:40]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
TCP: DhcpNameServer = 83.103.25.250 62.101.93.101
FF - ProfilePath - c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\5t1ozb7i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-15 19:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
Ora fine scansione: 2012-03-15  19:51:39
ComboFix-quarantined-files.txt  2012-03-15 18:51
.
Pre-Run: 63.122.276.352 byte disponibili
Post-Run: 63.112.847.360 byte disponibili
.
- - End Of File - - 9A40A48CD5B13E9397797956548A6668
bob20
Utente Senior
 
Post: 214
Iscritto il: 31/03/05 21:06

Re: Grave infezione da trojan Sirefef.BP... Aiuto!

Postdi Luke57 » 16/03/12 08:12

Ciao, collegati qui
http://oldtimer.geekstogo.com/OTL.exe
Scarica OTL,salvalo sul desktop,doppio click sulla sua icona.
Metti la spunta su SCAN ALL USERS.
Sotto output spunta minimal output
Sotto Extra Registry , seleziona Use SafeList.
services settato a all
Sotto Standard Registry metti All.
Clicca sulla freccettina di File Age e seleziona 60 Days
Metti la spunta a LOP Check and Purity Check.

Clicca su RUN SCAN
A fine scansione OTL produrrà due file di log (OTL.txt ed Extras.txt),
allegali.
Se sono troppo grandi allegali su http://wikisend.com/
Luke57
Moderatore
 
Post: 6175
Iscritto il: 11/08/05 19:10

Re: Grave infezione da trojan Sirefef.BP... Aiuto!

Postdi bob20 » 16/03/12 19:35

Grazie Luke!
Ecco i log:
OTL.Txt

Extras.Txt
bob20
Utente Senior
 
Post: 214
Iscritto il: 31/03/05 21:06

Re: Grave infezione da trojan Sirefef.BP... Aiuto!

Postdi Luke57 » 16/03/12 21:23

Ciao, il rootkit zeroaccess ha creato danni alla connessione.
Prova a utilizzare questa procedura che ti linko:
http://forum.swzone.it/sicurezza/135051 ... ss-20.html

post n.300 di vicky67, segui alla lettera i punti da 1 a 5 indicati nel post.
Luke57
Moderatore
 
Post: 6175
Iscritto il: 11/08/05 19:10

Re: Grave infezione da trojan Sirefef.BP... Aiuto!

Postdi bob20 » 17/03/12 18:14

Ciao Luke e grazie ancora.
Ho eseguito la procedura, ma purtroppo non ha dato risultati.
Credo di aver fatto tutto correttamente, ma ho alcuni dubbi...
Innanzitutto, nel post 300, prima del punto 1, vicky67 dice di scaricare ed eseguire un tool, io ho saltato questo passaggio perchè mi hai detto di fare i punti da 1 a 5. Spero di aver fatto bene
In "Connessioni di rete" ho agito sulla rete locale LAN, sia perchè io sono connesso tramite scheda di rete, sia perchè essa è la sola che compare in "Mod. provvisoria con rete". Ho forse sbagliato?
Poi, nel quarto passaggio dice
4)Rifai la stessa procedur del punto 1,solo che adesso rimpiazza 0x80 con 0xA0.Salva e chiudi.

non è molto chiaro, perchè cita il punto 1 ma il passaggio cui si riferisce è nel punto 2. Io nel dubbio ho ripetuto anche il punto 1, cioè ho nuovamente rimosso quelle due voci nel registro del sistema, e poi sono tornato nel file di testo del punto 2 rimpiazzando 0x80 con 0xA0.
Ho fatto bene?

A parte questi dubbi ho fatto tutto, ho riavviato tutte le volte che me lo ha chiesto, ma continuo a non poter navigare.

Ho provato a fare una ricerca in internet e ho trovato questo articolo, http://www.navigaweb.net/2007/09/se-il- ... ernet.html
io sono ignorante in materia e non so dire se nel mio caso possa essere utile tentare le procedure descritte o no... Tu che ne dici?
bob20
Utente Senior
 
Post: 214
Iscritto il: 31/03/05 21:06

Re: Grave infezione da trojan Sirefef.BP... Aiuto!

Postdi Luke57 » 17/03/12 21:06

Ciao, prova questo tool:
http://www.xp-smoker.com/downloads/xptcprep.exe

leggi qui per l'uso
Luke57
Moderatore
 
Post: 6175
Iscritto il: 11/08/05 19:10

Re: Grave infezione da trojan Sirefef.BP... Aiuto!

Postdi bob20 » 18/03/12 00:13

Manca il link alle istruzioni per l'uso :undecided: :)
bob20
Utente Senior
 
Post: 214
Iscritto il: 31/03/05 21:06

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "Grave infezione da trojan Sirefef.BP... Aiuto!":

Aiuto
Autore: Tequi
Forum: Software Windows
Risposte: 1
aiuto molti virus
Autore: mecoevale
Forum: Sicurezza e Privacy
Risposte: 2

Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti