Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

aiuto per piacere come elimino Trojan.Fakealert.Ro Opzioni
andemaldom
Inviato: Thursday, July 26, 2012 1:52:39 PM
Rank: Member

Iscritto dal : 4/15/2011
Posts: 17
da un po' di giorni si apre pop up mentre navigo ...........
Ho provato a passare malware e ho cambiato antivirus da essential ho messo avast posto i 2 log di malware il primo mi ha beccato il trojan nel secondo mi dice che non c'è più niente....

qualcuno mi sa dare una mano a debellarlo???


grazie

1° Log
Malwarebytes Anti-Malware (Prova) 1.62.0.1300
www.malwarebytes.org

Versione database: v2012.07.25.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9
M :: M-PC [amministratore]

Protezione: Disattivata

25/07/2012 18:15:45
mbam-log-2012-07-25 (19-12-04).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 321921
Tempo impiegato: 44 minuti, 41 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 1
C:\Users\Maury\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\4468401c-584792d7 (Trojan.FakeAlert.RO) -> Nessuna azione intrapresa.


2° Log
alwarebytes Anti-Malware (Prova) 1.62.0.1300
www.malwarebytes.org

Versione database: v2012.07.25.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer
M :: M-PC [amministratore]

Protezione: Attivata

25/07/2012 23:51:32
mbam-log-2012-07-25 (23-51-32).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 315567
Tempo impiegato: 38 minuti, 24 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)


il problema persiste.....................

Ho già svuotato anche la cache di Java

Dimenticavo............ non mi fa fare HiJack scansiona il pc ma non mi fa fare il file Log...............


Sponsor
Inviato: Thursday, July 26, 2012 1:52:39 PM

 
shapiro
Inviato: Thursday, July 26, 2012 3:58:38 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
se nella seconda scansione non ce' piu' e' ovvio che e' stato eliminato, ora bisogna vedere se c'e' anche qualche processo nascosto

fai queste due scansioni

scarica TDSSKiller sul desktop

Estrai il contenuto sul desktop.
Assicurati che TDSSKiller.exe sia sul desktop.

Start > Esegui > copia/incolla il seguente comando e dai OK.

"%userprofile%\Desktop\TDSSKiller.exe"


Clicca su Start Scan.
Se c’è un’infezione, l'azione di default sarà cure. Clicca su continua.
Se c’è il sospetto di un’infezione, l'azione di default sarà skip. Clicca su continua.
Se viene richiesto il riavvio, accetta.
Il rapporto si troverà in C:, sotto queste sembianze: TDSSKiller.[Version]_[Date]_[Time]_log.txt
Se non è stato richiesto il riavvio, chiudi e clicca su report. Salva il contenuto in un file di testo


Fammi anche questo passaggio

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non usare il pc durante la scansione, nemmeno il mouse!
andemaldom
Inviato: Thursday, July 26, 2012 9:28:03 PM
Rank: Member

Iscritto dal : 4/15/2011
Posts: 17
eccomi fatto tutto il lo karspersky è questo:

il programma non ha rilevato virus

19:04:14.0503 1340 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:04:14.0706 1340 ============================================================
19:04:14.0706 1340 Current date / time: 2012/07/26 19:04:14.0706
19:04:14.0706 1340 SystemInfo:
19:04:14.0706 1340
19:04:14.0706 1340 OS Version: 6.1.7601 ServicePack: 1.0
19:04:14.0706 1340 Product type: Workstation
19:04:14.0706 1340 ComputerName: MAURY-PC
19:04:14.0706 1340 UserName: Maury
19:04:14.0706 1340 Windows directory: C:\Windows
19:04:14.0706 1340 System windows directory: C:\Windows
19:04:14.0706 1340 Running under WOW64
19:04:14.0706 1340 Processor architecture: Intel x64
19:04:14.0706 1340 Number of processors: 2
19:04:14.0706 1340 Page size: 0x1000
19:04:14.0706 1340 Boot type: Normal boot
19:04:14.0706 1340 ============================================================
19:04:15.0033 1340 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:04:15.0033 1340 ============================================================
19:04:15.0033 1340 \Device\Harddisk0\DR0:
19:04:15.0033 1340 MBR partitions:
19:04:15.0033 1340 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:04:15.0033 1340 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
19:04:15.0033 1340 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x2E034800
19:04:15.0033 1340 ============================================================
19:04:15.0065 1340 C: <-> \Device\Harddisk0\DR0\Partition1
19:04:15.0096 1340 D: <-> \Device\Harddisk0\DR0\Partition2
19:04:15.0096 1340 ============================================================
19:04:15.0096 1340 Initialize success
19:04:15.0096 1340 ============================================================
19:04:20.0447 2716 ============================================================
19:04:20.0447 2716 Scan started
19:04:20.0447 2716 Mode: Manual;
19:04:20.0447 2716 ============================================================
19:04:20.0837 2716 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:04:20.0837 2716 1394ohci - ok
19:04:20.0883 2716 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:04:20.0883 2716 ACPI - ok
19:04:20.0915 2716 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:04:20.0915 2716 AcpiPmi - ok
19:04:21.0071 2716 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:04:21.0071 2716 AdobeFlashPlayerUpdateSvc - ok
19:04:21.0133 2716 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:04:21.0133 2716 adp94xx - ok
19:04:21.0180 2716 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:04:21.0180 2716 adpahci - ok
19:04:21.0211 2716 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:04:21.0227 2716 adpu320 - ok
19:04:21.0273 2716 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:04:21.0273 2716 AeLookupSvc - ok
19:04:21.0320 2716 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:04:21.0336 2716 AFD - ok
19:04:21.0367 2716 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:04:21.0367 2716 agp440 - ok
19:04:21.0398 2716 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:04:21.0398 2716 ALG - ok
19:04:21.0429 2716 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:04:21.0429 2716 aliide - ok
19:04:21.0445 2716 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:04:21.0445 2716 amdide - ok
19:04:21.0476 2716 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:04:21.0476 2716 AmdK8 - ok
19:04:21.0476 2716 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:04:21.0492 2716 AmdPPM - ok
19:04:21.0523 2716 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:04:21.0539 2716 amdsata - ok
19:04:21.0554 2716 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:04:21.0554 2716 amdsbs - ok
19:04:21.0585 2716 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:04:21.0585 2716 amdxata - ok
19:04:21.0617 2716 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:04:21.0632 2716 AppID - ok
19:04:21.0648 2716 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:04:21.0648 2716 AppIDSvc - ok
19:04:21.0679 2716 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:04:21.0679 2716 Appinfo - ok
19:04:21.0710 2716 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
19:04:21.0726 2716 AppMgmt - ok
19:04:21.0741 2716 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:04:21.0741 2716 arc - ok
19:04:21.0773 2716 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:04:21.0773 2716 arcsas - ok
19:04:21.0804 2716 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
19:04:21.0804 2716 aswFsBlk - ok
19:04:21.0835 2716 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
19:04:21.0835 2716 aswMonFlt - ok
19:04:21.0851 2716 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
19:04:21.0851 2716 aswRdr - ok
19:04:21.0929 2716 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
19:04:21.0944 2716 aswSnx - ok
19:04:21.0960 2716 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
19:04:21.0960 2716 aswSP - ok
19:04:21.0991 2716 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
19:04:21.0991 2716 aswTdi - ok
19:04:22.0022 2716 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:04:22.0022 2716 AsyncMac - ok
19:04:22.0053 2716 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:04:22.0053 2716 atapi - ok
19:04:22.0131 2716 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:04:22.0131 2716 AudioEndpointBuilder - ok
19:04:22.0147 2716 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:04:22.0163 2716 AudioSrv - ok
19:04:22.0241 2716 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:04:22.0241 2716 avast! Antivirus - ok
19:04:22.0272 2716 AVFSFilter - ok
19:04:22.0319 2716 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:04:22.0319 2716 AxInstSV - ok
19:04:22.0381 2716 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:04:22.0381 2716 b06bdrv - ok
19:04:22.0428 2716 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:04:22.0428 2716 b57nd60a - ok
19:04:22.0459 2716 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:04:22.0459 2716 BDESVC - ok
19:04:22.0490 2716 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:04:22.0490 2716 Beep - ok
19:04:22.0584 2716 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:04:22.0599 2716 BFE - ok
19:04:22.0631 2716 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
19:04:22.0646 2716 BITS - ok
19:04:22.0693 2716 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:04:22.0693 2716 blbdrive - ok
19:04:22.0724 2716 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:04:22.0724 2716 bowser - ok
19:04:22.0740 2716 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:04:22.0740 2716 BrFiltLo - ok
19:04:22.0755 2716 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:04:22.0755 2716 BrFiltUp - ok
19:04:22.0802 2716 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:04:22.0802 2716 Browser - ok
19:04:22.0833 2716 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:04:22.0833 2716 Brserid - ok
19:04:22.0849 2716 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:04:22.0849 2716 BrSerWdm - ok
19:04:22.0849 2716 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:04:22.0849 2716 BrUsbMdm - ok
19:04:22.0865 2716 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:04:22.0865 2716 BrUsbSer - ok
19:04:22.0880 2716 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:04:22.0880 2716 BTHMODEM - ok
19:04:22.0911 2716 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:04:22.0911 2716 bthserv - ok
19:04:22.0943 2716 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:04:22.0943 2716 cdfs - ok
19:04:22.0974 2716 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:04:22.0974 2716 cdrom - ok
19:04:23.0021 2716 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:04:23.0021 2716 CertPropSvc - ok
19:04:23.0052 2716 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:04:23.0052 2716 circlass - ok
19:04:23.0114 2716 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:04:23.0114 2716 CLFS - ok
19:04:23.0177 2716 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:04:23.0192 2716 clr_optimization_v2.0.50727_32 - ok
19:04:23.0239 2716 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:04:23.0239 2716 clr_optimization_v2.0.50727_64 - ok
19:04:23.0301 2716 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:04:23.0301 2716 clr_optimization_v4.0.30319_32 - ok
19:04:23.0348 2716 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:04:23.0348 2716 clr_optimization_v4.0.30319_64 - ok
19:04:23.0379 2716 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:04:23.0379 2716 CmBatt - ok
19:04:23.0411 2716 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:04:23.0411 2716 cmdide - ok
19:04:23.0473 2716 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
19:04:23.0473 2716 CNG - ok
19:04:23.0504 2716 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:04:23.0504 2716 Compbatt - ok
19:04:23.0535 2716 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:04:23.0535 2716 CompositeBus - ok
19:04:23.0551 2716 COMSysApp - ok
19:04:23.0567 2716 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:04:23.0567 2716 crcdisk - ok
19:04:23.0629 2716 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:04:23.0629 2716 CryptSvc - ok
19:04:23.0691 2716 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:04:23.0707 2716 CSC - ok
19:04:23.0754 2716 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
19:04:23.0769 2716 CscService - ok
19:04:23.0832 2716 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:04:23.0847 2716 DcomLaunch - ok
19:04:23.0894 2716 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:04:23.0894 2716 defragsvc - ok
19:04:23.0957 2716 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:04:23.0957 2716 DfsC - ok
19:04:24.0019 2716 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:04:24.0035 2716 Dhcp - ok
19:04:24.0050 2716 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:04:24.0050 2716 discache - ok
19:04:24.0097 2716 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:04:24.0097 2716 Disk - ok
19:04:24.0159 2716 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:04:24.0159 2716 Dnscache - ok
19:04:24.0206 2716 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:04:24.0206 2716 dot3svc - ok
19:04:24.0253 2716 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:04:24.0253 2716 DPS - ok
19:04:24.0284 2716 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:04:24.0284 2716 drmkaud - ok
19:04:24.0456 2716 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:04:24.0471 2716 DXGKrnl - ok
19:04:24.0518 2716 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:04:24.0518 2716 EapHost - ok
19:04:24.0752 2716 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:04:24.0783 2716 ebdrv - ok
19:04:24.0908 2716 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:04:24.0908 2716 EFS - ok
19:04:25.0017 2716 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:04:25.0017 2716 ehRecvr - ok
19:04:25.0049 2716 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:04:25.0049 2716 ehSched - ok
19:04:25.0142 2716 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:04:25.0142 2716 elxstor - ok
19:04:25.0189 2716 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:04:25.0189 2716 ErrDev - ok
19:04:25.0251 2716 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:04:25.0251 2716 EventSystem - ok
19:04:25.0298 2716 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:04:25.0298 2716 exfat - ok
19:04:25.0329 2716 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:04:25.0329 2716 fastfat - ok
19:04:25.0407 2716 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:04:25.0423 2716 Fax - ok
19:04:25.0439 2716 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:04:25.0439 2716 fdc - ok
19:04:25.0470 2716 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:04:25.0470 2716 fdPHost - ok
19:04:25.0485 2716 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:04:25.0485 2716 FDResPub - ok
19:04:25.0501 2716 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:04:25.0517 2716 FileInfo - ok
19:04:25.0532 2716 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:04:25.0532 2716 Filetrace - ok
19:04:25.0532 2716 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:04:25.0532 2716 flpydisk - ok
19:04:25.0595 2716 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:04:25.0595 2716 FltMgr - ok
19:04:25.0704 2716 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:04:25.0719 2716 FontCache - ok
19:04:25.0797 2716 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:04:25.0797 2716 FontCache3.0.0.0 - ok
19:04:25.0860 2716 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:04:25.0860 2716 FsDepends - ok
19:04:25.0891 2716 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:04:25.0891 2716 Fs_Rec - ok
19:04:25.0938 2716 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:04:25.0938 2716 fvevol - ok
19:04:25.0953 2716 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:04:25.0953 2716 gagp30kx - ok
19:04:26.0047 2716 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:04:26.0047 2716 gpsvc - ok
19:04:26.0187 2716 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:04:26.0187 2716 gupdate - ok
19:04:26.0203 2716 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:04:26.0203 2716 gupdatem - ok
19:04:26.0234 2716 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:04:26.0234 2716 hcw85cir - ok
19:04:26.0281 2716 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:04:26.0281 2716 HdAudAddService - ok
19:04:26.0312 2716 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:04:26.0328 2716 HDAudBus - ok
19:04:26.0343 2716 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:04:26.0343 2716 HidBatt - ok
19:04:26.0343 2716 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:04:26.0359 2716 HidBth - ok
19:04:26.0375 2716 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:04:26.0375 2716 HidIr - ok
19:04:26.0406 2716 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:04:26.0421 2716 hidserv - ok
19:04:26.0453 2716 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:04:26.0453 2716 HidUsb - ok
19:04:26.0484 2716 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:04:26.0499 2716 hkmsvc - ok
19:04:26.0531 2716 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:04:26.0546 2716 HomeGroupListener - ok
19:04:26.0593 2716 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:04:26.0593 2716 HomeGroupProvider - ok
19:04:26.0640 2716 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:04:26.0640 2716 HpSAMD - ok
19:04:26.0718 2716 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:04:26.0718 2716 HTTP - ok
19:04:26.0765 2716 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:04:26.0765 2716 hwpolicy - ok
19:04:26.0811 2716 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:04:26.0811 2716 i8042prt - ok
19:04:26.0936 2716 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:04:26.0936 2716 IAANTMON - ok
19:04:26.0983 2716 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
19:04:26.0983 2716 iaStor - ok
19:04:27.0030 2716 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:04:27.0045 2716 iaStorV - ok
19:04:27.0201 2716 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:04:27.0201 2716 idsvc - ok
19:04:27.0233 2716 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:04:27.0233 2716 iirsp - ok
19:04:27.0326 2716 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:04:27.0326 2716 IKEEXT - ok
19:04:27.0357 2716 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:04:27.0357 2716 intelide - ok
19:04:27.0373 2716 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:04:27.0373 2716 intelppm - ok
19:04:27.0404 2716 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:04:27.0404 2716 IPBusEnum - ok
19:04:27.0451 2716 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:04:27.0451 2716 IpFilterDriver - ok
19:04:27.0513 2716 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:04:27.0529 2716 iphlpsvc - ok
19:04:27.0545 2716 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:04:27.0545 2716 IPMIDRV - ok
19:04:27.0591 2716 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:04:27.0591 2716 IPNAT - ok
19:04:27.0607 2716 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:04:27.0607 2716 IRENUM - ok
19:04:27.0638 2716 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:04:27.0638 2716 isapnp - ok
19:04:27.0669 2716 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:04:27.0669 2716 iScsiPrt - ok
19:04:27.0716 2716 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\Windows\system32\DRIVERS\k57nd60a.sys
19:04:27.0716 2716 k57nd60a - ok
19:04:27.0763 2716 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:04:27.0763 2716 kbdclass - ok
19:04:27.0810 2716 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:04:27.0810 2716 kbdhid - ok
19:04:27.0841 2716 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:04:27.0841 2716 KeyIso - ok
19:04:27.0888 2716 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
19:04:27.0888 2716 KSecDD - ok
19:04:27.0919 2716 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
19:04:27.0919 2716 KSecPkg - ok
19:04:27.0950 2716 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:04:27.0950 2716 ksthunk - ok
19:04:27.0981 2716 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:04:27.0997 2716 KtmRm - ok
19:04:28.0059 2716 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:04:28.0059 2716 LanmanServer - ok
19:04:28.0122 2716 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:04:28.0122 2716 LanmanWorkstation - ok
19:04:28.0169 2716 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:04:28.0169 2716 lltdio - ok
19:04:28.0215 2716 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:04:28.0231 2716 lltdsvc - ok
19:04:28.0247 2716 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:04:28.0247 2716 lmhosts - ok
19:04:28.0278 2716 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:04:28.0278 2716 LSI_FC - ok
19:04:28.0309 2716 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:04:28.0309 2716 LSI_SAS - ok
19:04:28.0340 2716 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:04:28.0340 2716 LSI_SAS2 - ok
19:04:28.0356 2716 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:04:28.0356 2716 LSI_SCSI - ok
19:04:28.0387 2716 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:04:28.0387 2716 luafv - ok
19:04:28.0434 2716 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
19:04:28.0434 2716 MBAMProtector - ok
19:04:28.0574 2716 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:04:28.0590 2716 MBAMService - ok
19:04:28.0621 2716 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:04:28.0621 2716 Mcx2Svc - ok
19:04:28.0668 2716 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:04:28.0668 2716 megasas - ok
19:04:28.0699 2716 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:04:28.0699 2716 MegaSR - ok
19:04:28.0730 2716 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:04:28.0746 2716 MMCSS - ok
19:04:28.0761 2716 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:04:28.0761 2716 Modem - ok
19:04:28.0777 2716 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:04:28.0777 2716 monitor - ok
19:04:28.0824 2716 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:04:28.0824 2716 mouclass - ok
19:04:28.0839 2716 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:04:28.0839 2716 mouhid - ok
19:04:28.0902 2716 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:04:28.0902 2716 mountmgr - ok
19:04:28.0933 2716 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:04:28.0933 2716 mpio - ok
19:04:28.0949 2716 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:04:28.0949 2716 mpsdrv - ok
19:04:29.0027 2716 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:04:29.0042 2716 MpsSvc - ok
19:04:29.0089 2716 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:04:29.0105 2716 MRxDAV - ok
19:04:29.0136 2716 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:04:29.0151 2716 mrxsmb - ok
19:04:29.0198 2716 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:04:29.0198 2716 mrxsmb10 - ok
19:04:29.0229 2716 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:04:29.0229 2716 mrxsmb20 - ok
19:04:29.0261 2716 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:04:29.0261 2716 msahci - ok
19:04:29.0292 2716 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:04:29.0292 2716 msdsm - ok
19:04:29.0339 2716 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:04:29.0354 2716 MSDTC - ok
19:04:29.0385 2716 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:04:29.0385 2716 Msfs - ok
19:04:29.0401 2716 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:04:29.0401 2716 mshidkmdf - ok
19:04:29.0448 2716 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:04:29.0448 2716 msisadrv - ok
19:04:29.0495 2716 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:04:29.0495 2716 MSiSCSI - ok
19:04:29.0495 2716 msiserver - ok
19:04:29.0510 2716 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:04:29.0510 2716 MSKSSRV - ok
19:04:29.0526 2716 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:04:29.0526 2716 MSPCLOCK - ok
19:04:29.0541 2716 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:04:29.0541 2716 MSPQM - ok
19:04:29.0588 2716 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:04:29.0604 2716 MsRPC - ok
19:04:29.0651 2716 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:04:29.0651 2716 mssmbios - ok
19:04:29.0666 2716 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:04:29.0666 2716 MSTEE - ok
19:04:29.0697 2716 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:04:29.0697 2716 MTConfig - ok
19:04:29.0713 2716 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:04:29.0713 2716 Mup - ok
19:04:29.0791 2716 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:04:29.0791 2716 napagent - ok
19:04:29.0838 2716 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:04:29.0853 2716 NativeWifiP - ok
19:04:29.0947 2716 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:04:29.0963 2716 NDIS - ok
19:04:29.0978 2716 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:04:29.0978 2716 NdisCap - ok
19:04:30.0009 2716 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:04:30.0009 2716 NdisTapi - ok
19:04:30.0041 2716 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:04:30.0041 2716 Ndisuio - ok
19:04:30.0087 2716 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:04:30.0087 2716 NdisWan - ok
19:04:30.0134 2716 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:04:30.0134 2716 NDProxy - ok
19:04:30.0165 2716 Nero BackItUp Scheduler 4.0 - ok
19:04:30.0197 2716 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:04:30.0197 2716 NetBIOS - ok
19:04:30.0243 2716 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:04:30.0243 2716 NetBT - ok
19:04:30.0275 2716 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:04:30.0275 2716 Netlogon - ok
19:04:30.0321 2716 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:04:30.0337 2716 Netman - ok
19:04:30.0368 2716 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:04:30.0368 2716 netprofm - ok
19:04:30.0477 2716 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:04:30.0477 2716 NetTcpPortSharing - ok
19:04:30.0852 2716 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
19:04:30.0883 2716 netw5v64 - ok
19:04:31.0008 2716 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:04:31.0008 2716 nfrd960 - ok
19:04:31.0055 2716 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:04:31.0070 2716 NlaSvc - ok
19:04:31.0117 2716 nmwcd (903681bab213d5f84717c0fc42afb28a) C:\Windows\system32\drivers\ccdcmbx64.sys
19:04:31.0117 2716 nmwcd - ok
19:04:31.0133 2716 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:04:31.0133 2716 Npfs - ok
19:04:31.0164 2716 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:04:31.0164 2716 nsi - ok
19:04:31.0195 2716 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:04:31.0211 2716 nsiproxy - ok
19:04:31.0335 2716 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:04:31.0351 2716 Ntfs - ok
19:04:31.0460 2716 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:04:31.0460 2716 Null - ok
19:04:31.0491 2716 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
19:04:31.0491 2716 NVHDA - ok
19:04:32.0349 2716 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:04:32.0443 2716 nvlddmkm - ok
19:04:32.0583 2716 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:04:32.0583 2716 nvraid - ok
19:04:32.0615 2716 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:04:32.0615 2716 nvstor - ok
19:04:32.0661 2716 nvsvc (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe
19:04:32.0661 2716 nvsvc - ok
19:04:32.0724 2716 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:04:32.0724 2716 nv_agp - ok
19:04:32.0833 2716 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:04:32.0849 2716 odserv - ok
19:04:32.0880 2716 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:04:32.0880 2716 ohci1394 - ok
19:04:32.0927 2716 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:04:32.0927 2716 ose - ok
19:04:32.0973 2716 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:04:32.0973 2716 p2pimsvc - ok
19:04:33.0020 2716 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:04:33.0036 2716 p2psvc - ok
19:04:33.0067 2716 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:04:33.0067 2716 Parport - ok
19:04:33.0098 2716 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:04:33.0098 2716 partmgr - ok
19:04:33.0145 2716 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:04:33.0145 2716 PcaSvc - ok
19:04:33.0192 2716 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:04:33.0192 2716 pci - ok
19:04:33.0223 2716 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:04:33.0223 2716 pciide - ok
19:04:33.0254 2716 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:04:33.0270 2716 pcmcia - ok
19:04:33.0285 2716 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:04:33.0285 2716 pcw - ok
19:04:33.0332 2716 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:04:33.0332 2716 PEAUTH - ok
19:04:33.0441 2716 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
19:04:33.0457 2716 PeerDistSvc - ok
19:04:33.0519 2716 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:04:33.0519 2716 PerfHost - ok
19:04:33.0722 2716 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:04:33.0738 2716 pla - ok
19:04:33.0800 2716 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:04:33.0816 2716 PlugPlay - ok
19:04:33.0847 2716 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:04:33.0847 2716 PNRPAutoReg - ok
19:04:33.0878 2716 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:04:33.0878 2716 PNRPsvc - ok
19:04:33.0956 2716 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:04:33.0956 2716 PolicyAgent - ok
19:04:34.0003 2716 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:04:34.0019 2716 Power - ok
19:04:34.0097 2716 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:04:34.0097 2716 PptpMiniport - ok
19:04:34.0128 2716 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:04:34.0128 2716 Processor - ok
19:04:34.0175 2716 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:04:34.0175 2716 ProfSvc - ok
19:04:34.0221 2716 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:04:34.0221 2716 ProtectedStorage - ok
19:04:34.0315 2716 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\SysWOW64\PSIService.exe
19:04:34.0315 2716 ProtexisLicensing - ok
19:04:34.0346 2716 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:04:34.0346 2716 Psched - ok
19:04:34.0455 2716 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:04:34.0471 2716 ql2300 - ok
19:04:34.0596 2716 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:04:34.0611 2716 ql40xx - ok
19:04:34.0658 2716 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:04:34.0658 2716 QWAVE - ok
19:04:34.0674 2716 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:04:34.0689 2716 QWAVEdrv - ok
19:04:34.0689 2716 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:04:34.0705 2716 RasAcd - ok
19:04:34.0736 2716 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:04:34.0752 2716 RasAgileVpn - ok
19:04:34.0783 2716 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:04:34.0783 2716 RasAuto - ok
19:04:34.0830 2716 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:04:34.0830 2716 Rasl2tp - ok
19:04:34.0892 2716 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:04:34.0892 2716 RasMan - ok
19:04:34.0939 2716 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:04:34.0939 2716 RasPppoe - ok
19:04:34.0955 2716 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:04:34.0955 2716 RasSstp - ok
19:04:35.0001 2716 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:04:35.0001 2716 rdbss - ok
19:04:35.0017 2716 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:04:35.0017 2716 rdpbus - ok
19:04:35.0033 2716 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:04:35.0033 2716 RDPCDD - ok
19:04:35.0095 2716 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:04:35.0095 2716 RDPDR - ok
19:04:35.0111 2716 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:04:35.0111 2716 RDPENCDD - ok
19:04:35.0126 2716 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:04:35.0126 2716 RDPREFMP - ok
19:04:35.0173 2716 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:04:35.0173 2716 RDPWD - ok
19:04:35.0235 2716 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:04:35.0235 2716 rdyboost - ok
19:04:35.0282 2716 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:04:35.0282 2716 RemoteAccess - ok
19:04:35.0313 2716 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:04:35.0329 2716 RemoteRegistry - ok
19:04:35.0345 2716 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:04:35.0360 2716 RpcEptMapper - ok
19:04:35.0376 2716 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:04:35.0376 2716 RpcLocator - ok
19:04:35.0438 2716 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:04:35.0454 2716 RpcSs - ok
19:04:35.0485 2716 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:04:35.0485 2716 rspndr - ok
19:04:35.0516 2716 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:04:35.0516 2716 s3cap - ok
19:04:35.0547 2716 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:04:35.0563 2716 SamSs - ok
19:04:35.0594 2716 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:04:35.0594 2716 sbp2port - ok
19:04:35.0625 2716 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:04:35.0641 2716 SCardSvr - ok
19:04:35.0672 2716 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:04:35.0672 2716 scfilter - ok
19:04:35.0781 2716 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:04:35.0797 2716 Schedule - ok
19:04:35.0828 2716 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:04:35.0844 2716 SCPolicySvc - ok
19:04:35.0875 2716 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:04:35.0891 2716 SDRSVC - ok
19:04:35.0937 2716 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:04:35.0937 2716 secdrv - ok
19:04:35.0969 2716 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:04:35.0984 2716 seclogon - ok
19:04:36.0015 2716 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:04:36.0015 2716 SENS - ok
19:04:36.0031 2716 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:04:36.0047 2716 SensrSvc - ok
19:04:36.0062 2716 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:04:36.0062 2716 Serenum - ok
19:04:36.0078 2716 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:04:36.0078 2716 Serial - ok
19:04:36.0109 2716 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:04:36.0109 2716 sermouse - ok
19:04:36.0171 2716 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:04:36.0171 2716 SessionEnv - ok
19:04:36.0203 2716 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:04:36.0203 2716 sffdisk - ok
19:04:36.0234 2716 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:04:36.0234 2716 sffp_mmc - ok
19:04:36.0249 2716 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:04:36.0249 2716 sffp_sd - ok
19:04:36.0281 2716 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:04:36.0281 2716 sfloppy - ok
19:04:36.0343 2716 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:04:36.0359 2716 SharedAccess - ok
19:04:36.0421 2716 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:04:36.0421 2716 ShellHWDetection - ok
19:04:36.0468 2716 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:04:36.0468 2716 SiSRaid2 - ok
19:04:36.0483 2716 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:04:36.0483 2716 SiSRaid4 - ok
19:04:36.0593 2716 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:04:36.0593 2716 SkypeUpdate - ok
19:04:36.0624 2716 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:04:36.0624 2716 Smb - ok
19:04:36.0671 2716 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:04:36.0686 2716 SNMPTRAP - ok
19:04:36.0686 2716 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:04:36.0686 2716 spldr - ok
19:04:36.0764 2716 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:04:36.0764 2716 Spooler - ok
19:04:37.0029 2716 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:04:37.0061 2716 sppsvc - ok
19:04:37.0185 2716 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:04:37.0185 2716 sppuinotify - ok
19:04:37.0279 2716 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:04:37.0279 2716 srv - ok
19:04:37.0310 2716 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:04:37.0310 2716 srv2 - ok
19:04:37.0341 2716 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:04:37.0341 2716 srvnet - ok
19:04:37.0388 2716 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:04:37.0404 2716 SSDPSRV - ok
19:04:37.0419 2716 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:04:37.0435 2716 SstpSvc - ok
19:04:37.0466 2716 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:04:37.0466 2716 stexstor - ok
19:04:37.0529 2716 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:04:37.0544 2716 stisvc - ok
19:04:37.0560 2716 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
19:04:37.0560 2716 storflt - ok
19:04:37.0591 2716 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
19:04:37.0607 2716 StorSvc - ok
19:04:37.0638 2716 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:04:37.0653 2716 storvsc - ok
19:04:37.0669 2716 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:04:37.0669 2716 swenum - ok
19:04:37.0731 2716 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:04:37.0747 2716 swprv - ok
19:04:37.0794 2716 SynTP (2f240094affc3d5aa8bf3060b22fe7ed) C:\Windows\system32\DRIVERS\SynTP.sys
19:04:37.0794 2716 SynTP - ok
19:04:37.0934 2716 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:04:37.0965 2716 SysMain - ok
19:04:38.0090 2716 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:04:38.0090 2716 TabletInputService - ok
19:04:38.0153 2716 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:04:38.0153 2716 TapiSrv - ok
19:04:38.0184 2716 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:04:38.0199 2716 TBS - ok
19:04:38.0387 2716 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:04:38.0402 2716 Tcpip - ok
19:04:38.0683 2716 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:04:38.0699 2716 TCPIP6 - ok
19:04:38.0855 2716 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:04:38.0855 2716 tcpipreg - ok
19:04:38.0886 2716 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:04:38.0886 2716 TDPIPE - ok
19:04:38.0933 2716 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:04:38.0933 2716 TDTCP - ok
19:04:38.0964 2716 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:04:38.0964 2716 tdx - ok
19:04:39.0011 2716 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:04:39.0011 2716 TermDD - ok
19:04:39.0073 2716 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:04:39.0089 2716 TermService - ok
19:04:39.0120 2716 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:04:39.0120 2716 Themes - ok
19:04:39.0151 2716 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:04:39.0167 2716 THREADORDER - ok
19:04:39.0198 2716 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:04:39.0198 2716 TrkWks - ok
19:04:39.0276 2716 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:04:39.0276 2716 TrustedInstaller - ok
19:04:39.0323 2716 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:04:39.0323 2716 tssecsrv - ok
19:04:39.0354 2716 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:04:39.0354 2716 TsUsbFlt - ok
19:04:39.0401 2716 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:04:39.0401 2716 tunnel - ok
19:04:39.0432 2716 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:04:39.0432 2716 uagp35 - ok
19:04:39.0479 2716 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:04:39.0494 2716 udfs - ok
19:04:39.0541 2716 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:04:39.0541 2716 UI0Detect - ok
19:04:39.0588 2716 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:04:39.0588 2716 uliagpkx - ok
19:04:39.0619 2716 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:04:39.0619 2716 umbus - ok
19:04:39.0666 2716 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:04:39.0666 2716 UmPass - ok
19:04:39.0697 2716 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
19:04:39.0713 2716 UmRdpService - ok
19:04:39.0744 2716 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:04:39.0759 2716 upnphost - ok
19:04:39.0775 2716 usbbus - ok
19:04:39.0806 2716 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:04:39.0822 2716 usbccgp - ok
19:04:39.0853 2716 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:04:39.0853 2716 usbcir - ok
19:04:39.0869 2716 UsbDiag - ok
19:04:39.0900 2716 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:04:39.0900 2716 usbehci - ok
19:04:39.0931 2716 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:04:39.0931 2716 usbhub - ok
19:04:39.0947 2716 USBModem - ok
19:04:39.0978 2716 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
19:04:39.0978 2716 usbohci - ok
19:04:39.0978 2716 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:04:39.0978 2716 usbprint - ok
19:04:40.0009 2716 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:04:40.0025 2716 USBSTOR - ok
19:04:40.0040 2716 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
19:04:40.0056 2716 usbuhci - ok
19:04:40.0087 2716 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
19:04:40.0087 2716 usbvideo - ok
19:04:40.0118 2716 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:04:40.0134 2716 UxSms - ok
19:04:40.0165 2716 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:04:40.0181 2716 VaultSvc - ok
19:04:40.0181 2716 VBoxDRV - ok
19:04:40.0196 2716 VBoxUSBMon - ok
19:04:40.0227 2716 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:04:40.0243 2716 vdrvroot - ok
19:04:40.0290 2716 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:04:40.0305 2716 vds - ok
19:04:40.0321 2716 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:04:40.0321 2716 vga - ok
19:04:40.0337 2716 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:04:40.0352 2716 VgaSave - ok
19:04:40.0383 2716 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:04:40.0399 2716 vhdmp - ok
19:04:40.0430 2716 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:04:40.0430 2716 viaide - ok
19:04:40.0524 2716 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
19:04:40.0524 2716 vmbus - ok
19:04:40.0555 2716 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:04:40.0555 2716 VMBusHID - ok
19:04:40.0602 2716 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:04:40.0617 2716 volmgr - ok
19:04:40.0664 2716 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:04:40.0680 2716 volmgrx - ok
19:04:40.0711 2716 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:04:40.0711 2716 volsnap - ok
19:04:40.0742 2716 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:04:40.0742 2716 vsmraid - ok
19:04:40.0883 2716 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:04:40.0914 2716 VSS - ok
19:04:41.0039 2716 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:04:41.0039 2716 vwifibus - ok
19:04:41.0101 2716 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:04:41.0101 2716 W32Time - ok
19:04:41.0132 2716 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:04:41.0132 2716 WacomPen - ok
19:04:41.0163 2716 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:04:41.0179 2716 WANARP - ok
19:04:41.0179 2716 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:04:41.0179 2716 Wanarpv6 - ok
19:04:41.0288 2716 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:04:41.0304 2716 WatAdminSvc - ok
19:04:41.0413 2716 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:04:41.0444 2716 wbengine - ok
19:04:41.0569 2716 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:04:41.0569 2716 WbioSrvc - ok
19:04:41.0631 2716 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:04:41.0647 2716 wcncsvc - ok
19:04:41.0694 2716 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:04:41.0694 2716 WcsPlugInService - ok
19:04:41.0756 2716 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:04:41.0772 2716 Wd - ok
19:04:41.0819 2716 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:04:41.0834 2716 Wdf01000 - ok
19:04:41.0850 2716 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:04:41.0865 2716 WdiServiceHost - ok
19:04:41.0881 2716 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:04:41.0897 2716 WdiSystemHost - ok
19:04:41.0943 2716 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:04:41.0959 2716 WebClient - ok
19:04:41.0975 2716 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:04:41.0990 2716 Wecsvc - ok
19:04:42.0021 2716 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:04:42.0021 2716 wercplsupport - ok
19:04:42.0053 2716 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:04:42.0053 2716 WerSvc - ok
19:04:42.0115 2716 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:04:42.0115 2716 WfpLwf - ok
19:04:42.0146 2716 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:04:42.0146 2716 WIMMount - ok
19:04:42.0177 2716 WinDefend - ok
19:04:42.0193 2716 WinHttpAutoProxySvc - ok
19:04:42.0271 2716 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:04:42.0287 2716 Winmgmt - ok
19:04:42.0443 2716 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:04:42.0458 2716 WinRM - ok
19:04:42.0630 2716 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:04:42.0645 2716 Wlansvc - ok
19:04:42.0723 2716 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:04:42.0723 2716 WmiAcpi - ok
19:04:42.0801 2716 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:04:42.0801 2716 wmiApSrv - ok
19:04:42.0848 2716 WMPNetworkSvc - ok
19:04:42.0864 2716 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:04:42.0864 2716 WPCSvc - ok
19:04:42.0911 2716 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:04:42.0926 2716 WPDBusEnum - ok
19:04:42.0942 2716 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:04:42.0942 2716 ws2ifsl - ok
19:04:42.0957 2716 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:04:42.0973 2716 wscsvc - ok
19:04:42.0973 2716 WSearch - ok
19:04:43.0160 2716 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:04:43.0191 2716 wuauserv - ok
19:04:43.0316 2716 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:04:43.0316 2716 WudfPf - ok
19:04:43.0347 2716 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:04:43.0347 2716 WUDFRd - ok
19:04:43.0394 2716 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:04:43.0394 2716 wudfsvc - ok
19:04:43.0441 2716 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:04:43.0441 2716 WwanSvc - ok
19:04:43.0488 2716 ZTEusbmdm6k (f98415e5b83742c901d0a336972509a0) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
19:04:43.0488 2716 ZTEusbmdm6k - ok
19:04:43.0519 2716 ZTEusbnmea (f98415e5b83742c901d0a336972509a0) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
19:04:43.0519 2716 ZTEusbnmea - ok
19:04:43.0550 2716 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:04:43.0971 2716 \Device\Harddisk0\DR0 - ok
19:04:43.0971 2716 Boot (0x1200) (fc20ce36c5a116470bfbe0d3060ec040) \Device\Harddisk0\DR0\Partition0
19:04:43.0971 2716 \Device\Harddisk0\DR0\Partition0 - ok
19:04:43.0987 2716 Boot (0x1200) (65b7dddb09fa6854b249fe949b767b73) \Device\Harddisk0\DR0\Partition1
19:04:43.0987 2716 \Device\Harddisk0\DR0\Partition1 - ok
19:04:44.0003 2716 Boot (0x1200) (ea6a2d3b8785ee6c81fc58247d0cf3cc) \Device\Harddisk0\DR0\Partition2
19:04:44.0003 2716 \Device\Harddisk0\DR0\Partition2 - ok
19:04:44.0003 2716 ============================================================
19:04:44.0003 2716 Scan finished
19:04:44.0003 2716 ============================================================
19:04:44.0018 3536 Detected object count: 0
19:04:44.0018 3536 Actual detected object count: 0


il combofix ha enerato il seguente log


ComboFix 12-07-27.02 - Maury 26/07/2012 19:15:04.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.4091.2755 [GMT 2:00]
Eseguito da: c:\users\Maury\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\listcmd.bin
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-26 al 2012-07-26 )))))))))))))))))))))))))))))))))))
.
.
2012-07-26 17:22 . 2012-07-26 17:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-25 22:37 . 2012-07-25 22:38 -------- d-----w- c:\users\Maury\AppData\Local\Adobe
2012-07-25 16:13 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-25 12:30 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45562316-DAA6-488D-A491-EA72E062933A}\mpengine.dll
2012-07-25 11:35 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-25 11:35 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-25 11:35 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-25 11:35 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-25 11:35 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-25 11:35 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-25 11:35 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-25 11:34 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-25 11:34 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-25 11:34 . 2012-07-25 11:34 -------- d-----w- c:\programdata\AVAST Software
2012-07-25 11:34 . 2012-07-25 11:34 -------- d-----w- c:\program files\AVAST Software
2012-07-25 10:32 . 2012-07-25 10:32 -------- d-----w- c:\users\Maury\AppData\Roaming\Malwarebytes
2012-07-25 10:32 . 2012-07-25 20:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-24 21:48 . 2012-07-25 11:22 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-24 21:48 . 2012-07-25 11:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-24 18:21 . 2012-07-24 18:51 -------- d-----w- c:\programdata\clp
2012-07-23 21:01 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-23 21:01 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-11 17:13 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:19 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-23 19:07 . 2011-04-09 09:46 82424 ----a-w- c:\windows\SysWow64\drivers\viragtlt.sys
2012-07-12 18:15 . 2012-04-15 20:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 18:15 . 2011-06-10 16:21 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 17:09 . 2010-10-05 09:13 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-23 16:54 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 16:54 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 16:54 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 16:54 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 16:54 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 16:54 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 16:54 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-23 16:54 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-23 16:54 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2010-10-05 10:04 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-14 06:08 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 06:08 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 06:08 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 06:08 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 06:08 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{90d46c30-9f25-4104-aea9-35c3f84477ff}"= "c:\program files (x86)\mipony-plugin\tbmipo.dll" [2010-02-22 2353176]
.
[HKEY_CLASSES_ROOT\clsid\{90d46c30-9f25-4104-aea9-35c3f84477ff}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{90d46c30-9f25-4104-aea9-35c3f84477ff}]
2010-02-22 11:05 2353176 ----a-w- c:\program files (x86)\mipony-plugin\tbmipo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{90d46c30-9f25-4104-aea9-35c3f84477ff}"= "c:\program files (x86)\mipony-plugin\tbmipo.dll" [2010-02-22 2353176]
.
[HKEY_CLASSES_ROOT\clsid\{90d46c30-9f25-4104-aea9-35c3f84477ff}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2009-08-11 1507410]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\users\Maury\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 VBoxDRV;PortableVBoxDRV;f:\virtualbox\Portable-VirtualBox\app64\drivers\VBoxDrv\VBoxDrv.sys [x]
R2 VBoxUSBMon;PortableVBoxUSBMon;f:\virtualbox\Portable-VirtualBox\app64\drivers\USB\filter\VBoxUSBMon.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-05 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S3 k57nd60a;Gigabit Ethernet Broadcom NetXtreme - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 netw5v64;Driver scheda Intel(R) Wireless WiFi Link serie 5000 per Windows Vista a 64 bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 18:15]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 12:00]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 12:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-05 1684264]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyServer = wsecmr.atm.root.local:8080
uInternet Settings,ProxyOverride = <local>
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Scarica con Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Maury\AppData\Roaming\Mozilla\Firefox\Profiles\twwqr4r2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - mipony-plugin Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2465030&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&q=
FF - prefs.js: network.proxy.ftp - wsecmr.atm.root.local
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - wsecmr.atm.root.local
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - wsecmr.atm.root.local
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - wsecmr.atm.root.local
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - wsecmr.atm.root.local
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{90D46C30-9F25-4104-AEA9-35C3F84477FF} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-26 19:35:36 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-07-26 17:35
ComboFix2.txt 2011-04-16 18:55
ComboFix3.txt 2011-04-16 18:41
.
Pre-Run: 30.782.218.240 byte disponibili
Post-Run: 30.503.645.184 byte disponibili
.
- - End Of File - - E14D2C47285D35250FF90F6D32474FCE


attendo lumi .....

grazie
shapiro
Inviato: Thursday, July 26, 2012 9:33:45 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

puoi postare anche un log di hjt?
andemaldom
Inviato: Thursday, July 26, 2012 11:19:37 PM
Rank: Member

Iscritto dal : 4/15/2011
Posts: 17
col pc in funzionamento normale mi da questo messaggio e non produce il file log


shapiro
Inviato: Thursday, July 26, 2012 11:23:07 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
apri firefox nella barra degli indirizzi scrivi about:config e dai ok

nella barra di ricerca scrivi search.conduit.com

vai sulle voci search.conduit >>> tasto destro sulla voce e poi modifica


per hjt aprilo col tasto destro e esegui come amministratore
andemaldom
Inviato: Friday, July 27, 2012 8:29:27 PM
Rank: Member

Iscritto dal : 4/15/2011
Posts: 17
fatto le modiche con firefox
in modalità normale col pulsante destro non c'è la voce esegui come amministratore

provo in modalità provvisoria????

fatto in modalità provvisoria posto file

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:34:38, on 27/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Safe mode

Running processes:
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wsecmr.atm.root.local:8080
R3 - URLSearchHook: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files (x86)\mipony-plugin\tbmipo.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files (x86)\mipony-plugin\tbmipo.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files (x86)\mipony-plugin\tbmipo.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7865 bytes
shapiro
Inviato: Friday, July 27, 2012 8:52:25 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

senti io questa la toglierei da pannello di controllo

mipony-plugin Toolbar

fixa a nche le voci

Code:
O3 - Toolbar: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files (x86)\mipony-plugin\tbmipo.dll

O2 - BHO: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files (x86)\mipony-plugin\tbmipo.dll

R3 - URLSearchHook: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files (x86)\mipony-plugin\tbmipo.dll
andemaldom
Inviato: Friday, July 27, 2012 10:58:47 PM
Rank: Member

Iscritto dal : 4/15/2011
Posts: 17
ok disistallando la tolbarr sono sparite dal log...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:55:55, on 27/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wsecmr.atm.root.local:8080
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8060 bytes


adesso va bene ?? c'è ancora qualcosa che non va???
jessy42
Inviato: Friday, July 27, 2012 11:07:09 PM

Rank: AiutAmico

Iscritto dal : 4/17/2010
Posts: 607
Ciao, per caso stai utilizzando dei server proxy?

Altrimenti, anche questa voce sarebbe da eliminare.

Code:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wsecmr.atm.root.local:8080
r16
Inviato: Friday, July 27, 2012 11:14:13 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
jessy42 ha scritto:
Ciao, per caso stai utilizzando dei server proxy?

Altrimenti, anche questa voce sarebbe da eliminare.

Code:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wsecmr.atm.root.local:8080

Sì, li stà utilizzando.
Con Firefox.
andemaldom
Inviato: Saturday, July 28, 2012 11:27:06 PM
Rank: Member

Iscritto dal : 4/15/2011
Posts: 17
quindi va tutto bene????

non devo fare più niente????

ogni tanto internet si blocca e la pagina non risponde...... poi si riprende e recupera tutto.....

cos' è secondo voi l'antivirus???

Ho levato essential e ho messo avast.....
shapiro
Inviato: Saturday, July 28, 2012 11:53:11 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

internet si blocca solo con I.E. o anche con altri browser

per ora rimuovi combofix, rinominalo uninstall ed eseguilo.Aspetta che esca la scritta che dice che combofix è stato disinstallato.
controlla se in C trovi la cartella qoobox eventualmente rimuovila

fammi sapere
andemaldom
Inviato: Sunday, July 29, 2012 11:23:09 AM
Rank: Member

Iscritto dal : 4/15/2011
Posts: 17
si mia moglie usa solo internet explorer è quello è il suo pc.

succedeva anche prima di installare combofix da quando sono passato da essential a avast

inoltre con explorer non riesce ad inviare allegati con la sua casella di posta mentre con firefox si.

Qiest'ultimo problema si verifica da molto tempo.....

..............
shapiro
Inviato: Sunday, July 29, 2012 11:56:30 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
prova a reimpostare IE

start >esegui digita inetcpl.cpl e dai invio > vai su avanzate e clicca su reimposta

Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.