Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » problema virus

3 pages: 1 [2] 3

problema virus

Opzioni

Topic Precedente · Topic Sucessivo

r16

Inviato: Monday, November 26, 2012 9:26:04 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Prova quello.
Caso mai ri-bonifichiamo il pc.
Per il momento mi interessa sapere se la connessione si ripristina.

Torna in alto

andreab

Inviato: Monday, November 26, 2012 9:45:02 PM

Rank: AiutAmico

Iscritto dal : 2/10/2004
Posts: 95

r16 ha scritto:

Prova quello.
Caso mai ri-bonifichiamo il pc.
Per il momento mi interessa sapere se la connessione si ripristina.

ecco ora la connessione funziona.
ti allego il log di HJT. alla sua apertura mi compare questo messaggio "fo some reason your sistem denied write access to the host file. if any hijacked domains are inthis file, hts may not be able to fix this. if that happens, you need to edit the file yourself. to do this click start run and type
edit c:\windows\system32\drivers\etc\hosts
and press enter ..... e continua"

ecco il log
e sempre grazie

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:44:32, on 26/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\taskhost.exe
C:\windows\System32\rundll32.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\FileServe Manager\FSStarter.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\WinAlarm\WinAlarm.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\taskeng.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\Users\Andrea Bonato\dpissp.exe
O1 - Hosts: ::1 localhost #[IPv6]
O2 - BHO: FileServeManager - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files\FileServe Manager\FileServeBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [APLangApp] "C:\Program Files\AnyPC Client\APLangApp.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [FileServe Manager Task] "C:\Program Files\FileServe Manager\FSStarter.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [WinAlarm] C:\Program Files\WinAlarm\WinAlarm.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Smart File Advisor] "C:\Program Files\Smart File Advisor\sfa.exe" /checkassoc
O4 - HKLM\..\Run: [KunoLabs] C:\windows\system32\KunoLabs\knlbs.exe
O4 - HKCU\..\Run: [KunoLabs] C:\Users\Andrea Bonato\AppData\Roaming\KunoLabs\knlbs.exe
O4 - HKLM\..\Policies\Explorer\Run: [24060] C:\PROGRA~2\LOCALS~1\Temp\msvyusz.bat
O4 - Startup: knlbs.exe
O8 - Extra context menu item: Download with FileServe Manager - C:\Program Files\FileServe Manager\GetUrl.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing)
O23 - Service: SAS Core Service (!SASCORE) - Unknown owner - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (file missing)
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Servizio Kaspersky Security Scan (KSS) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

--
End of file - 13228 bytes

Torna in alto

r16

Inviato: Monday, November 26, 2012 9:49:54 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ok ricominciamo da capo.
Elimina questa voce di HJT:

Commenta:

F3 - REG:win.ini: load=C:\Users\Andrea Bonato\dpissp.exe

Fai una scansione completa (non veloce) con Malwarebytes. (AGGIORNALO prima della scansione)
Elimina tutto quello che trova.
Se richiede il riavvio del pc per eliminare le infezioni:acconsenti.
Posta il log.

Poi:
Segui le istruzioni (che ho già postato) per fare una scansione con Combofix.
Posta il log.

Torna in alto

andreab

Inviato: Tuesday, November 27, 2012 12:12:35 AM

Rank: AiutAmico

Iscritto dal : 2/10/2004
Posts: 95

r16 ha scritto:

Ok ricominciamo da capo.
Elimina questa voce di HJT:

Commenta:

F3 - REG:win.ini: load=C:\Users\Andrea Bonato\dpissp.exe

la rete ed internet funzionano
ecco i file log
grazie

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Versione database: v2012.11.26.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Andrea Bonato :: ANDREABONATO-PC [amministratore]

26/11/2012 21:53:25
mbam-log-2012-11-26 (21-53-25).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 384282
Tempo impiegato: 1 ore, 25 minuti, 43 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Spostato in quarantena ed eliminato con successo.

Valori di registro rilevati: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Dati: C:\Users\Andrea Bonato\dpissp.exe -> Spostato in quarantena ed eliminato con successo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|24060 (Trojan.Agent) -> Dati: C:\PROGRA~2\LOCALS~1\Temp\msvyusz.bat -> Verrà eliminato al riavvio.

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 3
C:\Users\Andrea Bonato\AppData\Roaming\dduajf.exe (Trojan.Dropper) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Andrea Bonato\Userdata\explorer.exe (Trojan.Dropper) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Andrea Bonato\Windows\winsvcs.exe (Trojan.BCMiner) -> Spostato in quarantena ed eliminato con successo.

(fine)

ComboFix 12-11-26.02 - Andrea Bonato 26/11/2012 23:28:48.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3037.1796 [GMT 1:00]
Eseguito da: c:\users\Andrea Bonato\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
c:\programdata\TEMP
c:\programdata\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
c:\programdata\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\programdata\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
c:\programdata\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\programdata\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\programdata\TEMP\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
c:\programdata\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\programdata\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\40193eb11026fcae.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\aa09042d32495ec0.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b161e195cd7291e9.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-10-26 al 2012-11-26 )))))))))))))))))))))))))))))))))))
.
.
2012-11-21 21:23 . 2012-11-26 20:32 -------- d-----w- c:\program files\Kaspersky Lab
2012-11-21 15:47 . 2012-11-21 15:47 159608 ----a-w- c:\windows\system32\mfevtps.exe.5b9e.deleteme
2012-11-21 13:49 . 2012-11-21 13:49 159608 ----a-w- c:\windows\system32\mfevtps.exe.34ea.deleteme
2012-11-16 17:56 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 17:56 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 17:56 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 17:55 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 17:55 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 17:55 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 17:55 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 17:55 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 17:55 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 17:55 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 17:55 . 2012-10-08 07:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 23:06 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 23:06 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 23:06 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 23:06 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 23:06 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 23:06 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 23:06 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 23:06 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 23:06 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 23:06 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 23:06 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 23:06 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-06 22:00 . 2012-11-06 22:07 -------- d-----w- c:\program files\F1 2012
2012-11-06 20:53 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-11-06 20:53 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-11-06 20:53 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-11-06 20:53 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-11-06 20:53 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-11-06 20:53 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-11-06 20:53 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-11-06 20:53 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-11-06 20:37 . 2012-11-06 20:37 -------- d-----w- c:\program files\Smart File Advisor
2012-11-06 20:37 . 2012-11-06 20:37 -------- d-----w- c:\program files\Smart Projects
2012-10-28 20:28 . 2012-10-28 20:28 -------- d-----w- c:\program files\Songr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-22 22:13 . 2012-02-25 10:00 14664 ----a-w- c:\windows\stinger.sys
2012-11-13 18:29 . 2012-03-30 13:52 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-13 18:29 . 2011-05-17 09:41 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-08 18:03 . 2012-08-19 12:29 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-09-29 18:54 . 2012-07-09 19:09 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-17 16:58 . 2012-09-17 16:58 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-14 18:28 . 2012-10-13 17:22 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 03:34 . 2012-09-14 03:34 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-09-12 09:47 . 2012-09-12 09:47 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 09:47 . 2012-09-12 09:47 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-08-31 17:18 . 2012-10-13 17:19 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 20:03 . 2012-08-30 20:03 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 20:03 . 2012-08-30 20:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 17:12 . 2012-10-13 17:18 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-13 17:18 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 22:19 . 2012-07-11 15:12 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KunoLabs"="c:\users\Andrea Bonato\AppData\Roaming\KunoLabs\knlbs.exe" [2012-11-20 1517520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-04 13830760]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-21 8092192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"APLangApp"="c:\program files\AnyPC Client\APLangApp.exe" [2009-10-20 13312]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"FileServe Manager Task"="c:\program files\FileServe Manager\FSStarter.exe" [2011-09-21 954648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"WinAlarm"="c:\program files\WinAlarm\WinAlarm.exe" [2007-12-26 353280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [BU]
"ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [BU]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [BU]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"ROC_ROC_NT"="c:\program files\AVG Secure Search\ROC_ROC_NT.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2011-04-04 280824]
"KunoLabs"="c:\windows\system32\KunoLabs\knlbs.exe" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
c:\program files\SUPERAntiSpyware\SASWINLO.DLL [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update]
2012-05-11 22:03 155136 ----a-w- c:\users\Andrea Bonato\AppData\Roaming\t7f07ib.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
R2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\system32\Drivers\adildr.sys [x]
R2 KSS;Servizio Kaspersky Security Scan;c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 netr28u;Driver scheda LAN wireless USB RT2870 per Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Supporto digitalizzazione WSD tramite UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [x]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [x]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [x]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:29]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 19:07]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 19:07]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download with FileServe Manager - c:\program files\FileServe Manager\GetUrl.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\Andrea Bonato\AppData\Roaming\Mozilla\Firefox\Profiles\85lu6ikp.default\
FF - ExtSQL: 2012-10-16 20:51; avg@toolbar; c:\programdata\AVG Secure Search\11.1.0.12
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-11-26 23:38:55
ComboFix-quarantined-files.txt 2012-11-26 22:38
ComboFix2.txt 2012-11-25 21:46
ComboFix3.txt 2012-11-25 19:52
ComboFix4.txt 2012-11-25 16:42
ComboFix5.txt 2012-11-26 22:28
.
Pre-Run: 41.419.001.856 byte disponibili
Post-Run: 40.993.521.664 byte disponibili
.
- - End Of File - - BC01E5FC3DE5A3589F1B959FDCA9BFE9

Torna in alto

andreab

Inviato: Tuesday, November 27, 2012 7:42:50 AM

Rank: AiutAmico

Iscritto dal : 2/10/2004
Posts: 95

questa notte ho lanciato anche una scansione completa con MSE ed ha trovato questo virus: backdoor.wind32/fynloski.a
rimosso
ciao

Torna in alto

cbbusto

Inviato: Tuesday, November 27, 2012 10:09:37 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964

andreab ha scritto:

questa notte ho lanciato anche una scansione completa con MSE ed ha trovato questo virus: backdoor.wind32/fynloski.a
rimosso
ciao

Questo è lo stesso virus che ti ha trovato la volta scorsa, bastava rimuoverlo ed eri a posto, adesso hai ancora un sacco di voci da rimuovere compreso AVG che c'è sempre.
Alle mie domande non hai mai risposto ??? Vedo che i miei consigli non ti piacciono.
OK io ho terminato. Ciao

Torna in alto

andreab

Inviato: Tuesday, November 27, 2012 12:21:55 PM

Rank: AiutAmico

Iscritto dal : 2/10/2004
Posts: 95

cbbusto ha scritto:

andreab ha scritto:

questa notte ho lanciato anche una scansione completa con MSE ed ha trovato questo virus: backdoor.wind32/fynloski.a
rimosso
ciao

per ccbusto
scusami non era mia intenzione irritarti. assolutamente .... dopo tutto illavoro che fate per gli altri ci mancherebbe.
fino a ieri sera ero concentrato sulla mancata connessione alla rete. problema risolta solo in tarda serata.
ho eseguito le cancellazioni (fix) delle voci che mi avevi suggerito ma le stesse ricompaiono quando rilancio HJT.
forse dipende dal messaggio che compare all'avvio di HJT: "for some reason your sistem denied write access to the host file. if any hijacked domains are inthis file, hts may not be able to fix this. if that happens, you need to edit the file yourself. to do this click start run and type
edit c:\windows\system32\drivers\etc\hosts
and press enter ..... e continua"
i programmi fstarter e SFA sono conosciuti ma non li uso più mentre kuna non so cosa sia
ciao e grazie

Torna in alto

r16

Inviato: Tuesday, November 27, 2012 5:37:13 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

cbbusto ha scritto:

Alle mie domande non hai mai risposto ??? Vedo che i miei consigli non ti piacciono.
OK io ho terminato. Ciao

Dai cbbusto non "imbufalirti" Angel

Il pc di Andrea era (ed è) molto infetto, e bisognava agire con software "pesanti" per cercare di risolvere.

Commenta:

adesso hai ancora un sacco di voci da rimuovere compreso AVG che c'è sempre.

Ecco, continua pure tu, che sei bravo a rimuovere le voci inutili di HJT.
Però si deve fare attenzione con i driver di AVG, perchè sono loro la causa della mancata connessione se li rimuovi.
Alle volte, succede lo stesso con Kasperky.

@andreab:

Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:

KillAll::

File::
c:\users\Andrea Bonato\AppData\Roaming\KunoLabs\knlbs.exe
c:\windows\system32\KunoLabs\knlbs.exe

Folder::
c:\users\Andrea Bonato\AppData\Roaming\KunoLabs
c:\windows\system32\KunoLabs

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KunoLabs"=-

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix

Poi segui le indicazioni di cbbusto.

Torna in alto

andreab

Inviato: Tuesday, November 27, 2012 6:02:58 PM

Rank: AiutAmico

Iscritto dal : 2/10/2004
Posts: 95

ancora io
non riesco a cancellare le voci di hjt forse il messaggio che allego può essere d'aiuto
hjt.doc
anche i file sfa.exe e fstarter li ho disinstallati mentre non riesco a cancellare sia il file che la cartella kunolabs
ogni volta che la cancello ricompare con data e ora aggiornati. che sia questo un virus?

riallego nuovamente il log di hjt
abbiate pazienza
grazie

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:56:32, on 27/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\windows\explorer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\windows\System32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [APLangApp] "C:\Program Files\AnyPC Client\APLangApp.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [WinAlarm] C:\Program Files\WinAlarm\WinAlarm.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [KunoLabs] C:\windows\system32\KunoLabs\knlbs.exe
O4 - HKCU\..\Run: [KunoLabs] C:\Users\Andrea Bonato\AppData\Roaming\KunoLabs\knlbs.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing)
O23 - Service: SAS Core Service (!SASCORE) - Unknown owner - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (file missing)
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Servizio Kaspersky Security Scan (KSS) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

--
End of file - 12109 bytes

Torna in alto

r16

Inviato: Tuesday, November 27, 2012 6:07:03 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Commenta:

non riesco a cancellare sia il file che la cartella kunolabs

Ho postato le indicazioni in ritardo.
Puoi eseguire lo script di Combofix.

Torna in alto

andreab

Inviato: Tuesday, November 27, 2012 6:39:01 PM

Rank: AiutAmico

Iscritto dal : 2/10/2004
Posts: 95

r16 ha scritto:

Commenta:

non riesco a cancellare sia il file che la cartella kunolabs

Ho postato le indicazioni in ritardo.
Puoi eseguire lo script di Combofix.

ecco il file log
hjt continua a dare lo stesso messaggio all'avvio
grazie

ComboFix 12-11-26.02 - Andrea Bonato 27/11/2012 18:22:50.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3037.1709 [GMT 1:00]
Eseguito da: c:\users\Andrea Bonato\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Andrea Bonato\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Andrea Bonato\AppData\Roaming\KunoLabs\knlbs.exe"
"c:\windows\system32\KunoLabs\knlbs.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Andrea Bonato\AppData\Roaming\8256E5E08ZBGP1463148524.stickam2.exe
c:\users\Andrea Bonato\AppData\Roaming\9T1SHbamicrypt.exe
c:\users\Andrea Bonato\AppData\Roaming\Andrea Bonato-wchelper.dll
c:\users\Andrea Bonato\AppData\Roaming\eshquc.exe
c:\users\Andrea Bonato\AppData\Roaming\Installs.exe
c:\users\Andrea Bonato\AppData\Roaming\KunoLabs
c:\users\Andrea Bonato\AppData\Roaming\KunoLabs\knlbs.exe
c:\users\Andrea Bonato\AppData\Roaming\kzrcrs.exe
c:\users\Andrea Bonato\AppData\Roaming\RLTKZVBC5BBIDPxfhsdfhhhh.exe
c:\users\Andrea Bonato\WINDOWS
c:\users\Andrea Bonato\WINDOWS\miner.dll
c:\users\Andrea Bonato\WINDOWS\phatk.cl
c:\users\Andrea Bonato\WINDOWS\phatk.ptx
c:\users\Andrea Bonato\WINDOWS\usft_ext.dll
c:\users\Andrea Bonato\WINDOWS\windefender.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-10-27 al 2012-11-27 )))))))))))))))))))))))))))))))))))
.
.
2012-11-27 17:29 . 2012-11-27 17:29 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-11-27 17:29 . 2012-11-27 17:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-27 17:29 . 2012-11-27 17:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-27 11:23 . 2012-11-27 11:23 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D97A2339-C19C-4028-96F7-8E776F175EDB}\offreg.dll
2012-11-27 11:23 . 2012-11-27 11:23 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D97A2339-C19C-4028-96F7-8E776F175EDB}\MpKsl3b287cb8.sys
2012-11-26 23:14 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D97A2339-C19C-4028-96F7-8E776F175EDB}\mpengine.dll
2012-11-26 20:33 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-21 21:23 . 2012-11-26 20:32 -------- d-----w- c:\programdata\Kaspersky Lab
2012-11-21 21:23 . 2012-11-26 20:32 -------- d-----w- c:\program files\Kaspersky Lab
2012-11-21 21:10 . 2012-11-21 21:11 -------- d-----w- c:\users\Andrea Bonato\AppData\Roaming\QuickScan
2012-11-21 18:43 . 2012-11-21 23:06 -------- d-sh--w- c:\users\Andrea Bonato\msconfig
2012-11-21 15:47 . 2012-11-21 15:47 159608 ----a-w- c:\windows\system32\mfevtps.exe.5b9e.deleteme
2012-11-21 13:55 . 2012-11-26 22:19 -------- d-sh--w- c:\users\Andrea Bonato\Userdata
2012-11-21 13:49 . 2012-11-21 13:49 159608 ----a-w- c:\windows\system32\mfevtps.exe.34ea.deleteme
2012-11-21 01:59 . 2012-11-21 23:06 -------- d-sh--w- c:\users\Andrea Bonato\Data
2012-11-20 22:36 . 2012-11-21 23:06 -------- d-sh--w- c:\users\Andrea Bonato\Drivers
2012-11-20 20:09 . 2012-11-20 20:09 -------- d-----w- c:\programdata\Local Settings
2012-11-16 17:56 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 17:56 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 17:56 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 17:55 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 17:55 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 17:55 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 17:55 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 17:55 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 17:55 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 17:55 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 17:55 . 2012-10-08 07:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 23:06 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 23:06 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 23:06 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 23:06 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 23:06 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 23:06 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 23:06 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 23:06 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 23:06 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 23:06 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 23:06 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 23:06 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-06 22:00 . 2012-11-06 22:07 -------- d-----w- c:\program files\F1 2012
2012-11-06 20:54 . 2012-11-06 20:54 -------- d-----w- c:\users\Andrea Bonato\AppData\Local\FLT
2012-11-06 20:54 . 2012-11-06 20:54 -------- d-----w- c:\programdata\Codemasters
2012-11-06 20:53 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-11-06 20:53 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-11-06 20:53 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-11-06 20:53 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-11-06 20:53 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-11-06 20:53 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-11-06 20:53 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-11-06 20:53 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-11-06 20:37 . 2012-11-06 20:37 -------- d-----w- c:\program files\Smart Projects
2012-10-28 20:28 . 2012-10-28 20:28 -------- d-----w- c:\users\Andrea Bonato\AppData\Local\Songr
2012-10-28 20:28 . 2012-10-28 20:28 -------- d-----w- c:\program files\Songr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-22 22:13 . 2012-02-25 10:00 14664 ----a-w- c:\windows\stinger.sys
2012-11-13 18:29 . 2012-03-30 13:52 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-13 18:29 . 2011-05-17 09:41 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-08 18:03 . 2012-08-19 12:29 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-16 19:23 . 2012-10-20 07:17 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-16 19:23 . 2012-10-20 07:17 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF215D04-3031-4E71-99A0-9A0625EA7F7F}\gapaengine.dll
2012-09-29 18:54 . 2012-07-09 19:09 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-17 16:58 . 2012-09-17 16:58 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-14 18:28 . 2012-10-13 17:22 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 03:34 . 2012-09-14 03:34 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-09-12 09:47 . 2012-09-12 09:47 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 09:47 . 2012-09-12 09:47 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-08-31 17:18 . 2012-10-13 17:19 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 20:03 . 2012-08-30 20:03 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 20:03 . 2012-08-30 20:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 17:12 . 2012-10-13 17:18 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-13 17:18 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 22:19 . 2012-07-11 15:12 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-04 13830760]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-21 8092192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"APLangApp"="c:\program files\AnyPC Client\APLangApp.exe" [2009-10-20 13312]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"WinAlarm"="c:\program files\WinAlarm\WinAlarm.exe" [2007-12-26 353280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [BU]
"ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [BU]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [BU]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"ROC_ROC_NT"="c:\program files\AVG Secure Search\ROC_ROC_NT.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"KunoLabs"="c:\windows\system32\KunoLabs\knlbs.exe" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
c:\program files\SUPERAntiSpyware\SASWINLO.DLL [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update]
2012-05-11 22:03 155136 ----a-w- c:\users\Andrea Bonato\AppData\Roaming\t7f07ib.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
R2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\system32\Drivers\adildr.sys [x]
R2 KSS;Servizio Kaspersky Security Scan;c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 netr28u;Driver scheda LAN wireless USB RT2870 per Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Supporto digitalizzazione WSD tramite UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 MpKsl3b287cb8;MpKsl3b287cb8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D97A2339-C19C-4028-96F7-8E776F175EDB}\MpKsl3b287cb8.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [x]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [x]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [x]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:29]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 19:07]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 19:07]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\Andrea Bonato\AppData\Roaming\Mozilla\Firefox\Profiles\85lu6ikp.default\
FF - ExtSQL: 2012-10-16 20:51; avg@toolbar; c:\programdata\AVG Secure Search\11.1.0.12
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\rundll32.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe
c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Ora fine scansione: 2012-11-27 18:36:46 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-11-27 17:36
ComboFix2.txt 2012-11-26 22:38
ComboFix3.txt 2012-11-25 21:46
ComboFix4.txt 2012-11-25 19:52
ComboFix5.txt 2012-11-27 17:21
.
Pre-Run: 40.270.905.344 byte disponibili
Post-Run: 39.901.949.952 byte disponibili
.
- - End Of File - - 4444583213EDEE0E97981BA7E42FACEE

Torna in alto

r16

Inviato: Tuesday, November 27, 2012 6:48:41 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Prima di eseguire ulteriori indicazioni, devi creare un punto di ripristino.
E' molto importante, perchè se qualcosa và storto, puoi ripristinare il pc a come è adesso.

Dopo aver creato un punto di ripristino scarica questo software che eliminerà i rimasugli di AVG:
Scaricalo sul desktop.
http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2013_2706.exe
Eseguilo.
N.B:
Chiudi TUTTI i programmi e fai la scansione.

Se dopo avere eliminato i file di AVG non ti connetti alla rete, ripristina il pc con il punto di ripristino creato.

Poi:
Scarica TDSSKiller.zip sul desktop:
http://support.kaspersky.com/viruses/solutions?qid=208280684
Estrai i dati in una cartella e fai doppio clik su TDSSKiller.exe
Poi clicca su "Start Scan"
Se trova qualche infezione di default avrai l'opzione "Cure" per cui, clicca su "Continue".
Se un file sospetto viene trovato,l'azione di default sarà "skip",clicca su "Continue".
Se è richiesto il riavvio,(Reboot) acconsenti. (per eliminare l'infezione è necessario riavviare il pc)
Se nessun riavvio è richiesto clicca su report e salva il contenuto in un file di testo.
Il log lo trovi in C:\
Postalo qui.

Torna in alto

andreab

Inviato: Tuesday, November 27, 2012 7:02:54 PM

Rank: AiutAmico

Iscritto dal : 2/10/2004
Posts: 95

r16 ha scritto:

scusa dopo aver lanciato il file avg_remover devo chiudere i programmi e fare una scansione?
con cosa?
oppure intendevi chiudere i programmi e lanciare avg_remover?
grazie

Torna in alto

r16

Inviato: Tuesday, November 27, 2012 7:11:03 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Commenta:

oppure intendevi chiudere i programmi e lanciare avg_remover?

Intendevo quello.
Ti raccomando di creare un punto di ripristino, PRIMA della scansione.

N.B:
Per favore NON quotare le mie risposte.
Grazie.

Torna in alto

andreab

Inviato: Tuesday, November 27, 2012 7:37:10 PM

Rank: AiutAmico

Iscritto dal : 2/10/2004
Posts: 95

rieccomi
fatto come mi ha suggerito.
la avg_remover non ha creato problemi alla connessione
nella cartella c:\ ho trovato due report creati da tdsskiller
te li allego nell'ordine di creazione.
grazie

1° log
19:29:47.0712 5488 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:29:48.0040 5488 ============================================================
19:29:48.0040 5488 Current date / time: 2012/11/27 19:29:48.0040
19:29:48.0040 5488 SystemInfo:
19:29:48.0040 5488
19:29:48.0040 5488 OS Version: 6.1.7601 ServicePack: 1.0
19:29:48.0040 5488 Product type: Workstation
19:29:48.0040 5488 ComputerName: ANDREABONATO-PC
19:29:48.0040 5488 UserName: Andrea Bonato
19:29:48.0040 5488 Windows directory: C:\windows
19:29:48.0040 5488 System windows directory: C:\windows
19:29:48.0040 5488 Processor architecture: Intel x86
19:29:48.0040 5488 Number of processors: 2
19:29:48.0040 5488 Page size: 0x1000
19:29:48.0040 5488 Boot type: Normal boot
19:29:48.0040 5488 ============================================================
19:29:48.0508 5488 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:29:48.0523 5488 ============================================================
19:29:48.0523 5488 \Device\Harddisk0\DR0:
19:29:48.0523 5488 MBR partitions:
19:29:48.0523 5488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
19:29:48.0523 5488 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x1AE25000
19:29:48.0523 5488 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1CC57800, BlocksNum 0x87D6800
19:29:48.0523 5488 ============================================================
19:29:48.0617 5488 C: <-> \Device\Harddisk0\DR0\Partition2
19:29:48.0664 5488 D: <-> \Device\Harddisk0\DR0\Partition3
19:29:48.0664 5488 ============================================================
19:29:48.0664 5488 Initialize success
19:29:48.0664 5488 ============================================================
19:29:53.0234 0952 Deinitialize success

2° log
19:30:28.0288 5292 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:30:28.0490 5292 ============================================================
19:30:28.0490 5292 Current date / time: 2012/11/27 19:30:28.0490
19:30:28.0490 5292 SystemInfo:
19:30:28.0490 5292
19:30:28.0490 5292 OS Version: 6.1.7601 ServicePack: 1.0
19:30:28.0490 5292 Product type: Workstation
19:30:28.0490 5292 ComputerName: ANDREABONATO-PC
19:30:28.0490 5292 UserName: Andrea Bonato
19:30:28.0490 5292 Windows directory: C:\windows
19:30:28.0490 5292 System windows directory: C:\windows
19:30:28.0490 5292 Processor architecture: Intel x86
19:30:28.0490 5292 Number of processors: 2
19:30:28.0490 5292 Page size: 0x1000
19:30:28.0490 5292 Boot type: Normal boot
19:30:28.0490 5292 ============================================================
19:30:28.0912 5292 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:30:28.0912 5292 ============================================================
19:30:28.0912 5292 \Device\Harddisk0\DR0:
19:30:28.0912 5292 MBR partitions:
19:30:28.0912 5292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
19:30:28.0912 5292 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x1AE25000
19:30:28.0912 5292 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1CC57800, BlocksNum 0x87D6800
19:30:28.0912 5292 ============================================================
19:30:28.0943 5292 C: <-> \Device\Harddisk0\DR0\Partition2
19:30:28.0990 5292 D: <-> \Device\Harddisk0\DR0\Partition3
19:30:28.0990 5292 ============================================================
19:30:28.0990 5292 Initialize success
19:30:28.0990 5292 ============================================================
19:30:32.0188 5780 ============================================================
19:30:32.0188 5780 Scan started
19:30:32.0188 5780 Mode: Manual;
19:30:32.0188 5780 ============================================================
19:30:33.0404 5780 ================ Scan system memory ========================
19:30:33.0404 5780 System memory - ok
19:30:33.0404 5780 ================ Scan services =============================
19:30:33.0482 5780 !SASCORE - ok
19:30:33.0935 5780 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
19:30:33.0950 5780 1394ohci - ok
19:30:34.0060 5780 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
19:30:34.0075 5780 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
19:30:34.0122 5780 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys
19:30:34.0122 5780 ACPI - ok
19:30:34.0169 5780 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
19:30:34.0169 5780 AcpiPmi - ok
19:30:34.0216 5780 [ B944AD9F92D31285DBA3D190DEB43883 ] adiusbaw C:\windows\system32\DRIVERS\adiusbaw.sys
19:30:34.0216 5780 adiusbaw - ok
19:30:34.0309 5780 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:30:34.0309 5780 AdobeFlashPlayerUpdateSvc - ok
19:30:34.0372 5780 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
19:30:34.0387 5780 adp94xx - ok
19:30:34.0403 5780 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
19:30:34.0403 5780 adpahci - ok
19:30:34.0434 5780 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
19:30:34.0434 5780 adpu320 - ok
19:30:34.0465 5780 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
19:30:34.0465 5780 AeLookupSvc - ok
19:30:34.0512 5780 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys
19:30:34.0512 5780 AFD - ok
19:30:34.0543 5780 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys
19:30:34.0543 5780 agp440 - ok
19:30:34.0652 5780 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
19:30:34.0652 5780 aic78xx - ok
19:30:34.0699 5780 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
19:30:34.0699 5780 ALG - ok
19:30:34.0746 5780 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys
19:30:34.0746 5780 aliide - ok
19:30:34.0777 5780 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys
19:30:34.0777 5780 amdagp - ok
19:30:34.0808 5780 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys
19:30:34.0808 5780 amdide - ok
19:30:34.0840 5780 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
19:30:34.0840 5780 AmdK8 - ok
19:30:34.0855 5780 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
19:30:34.0855 5780 AmdPPM - ok
19:30:34.0886 5780 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys
19:30:34.0886 5780 amdsata - ok
19:30:34.0902 5780 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
19:30:34.0902 5780 amdsbs - ok
19:30:34.0918 5780 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys
19:30:34.0918 5780 amdxata - ok
19:30:34.0980 5780 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys
19:30:34.0980 5780 AppID - ok
19:30:35.0011 5780 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
19:30:35.0011 5780 AppIDSvc - ok
19:30:35.0042 5780 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll
19:30:35.0042 5780 Appinfo - ok
19:30:35.0136 5780 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:30:35.0152 5780 Apple Mobile Device - ok
19:30:35.0198 5780 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
19:30:35.0198 5780 arc - ok
19:30:35.0230 5780 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
19:30:35.0230 5780 arcsas - ok
19:30:35.0245 5780 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
19:30:35.0245 5780 AsyncMac - ok
19:30:35.0292 5780 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys
19:30:35.0292 5780 atapi - ok
19:30:35.0370 5780 [ 49F17A2E79469BE6581D491706720671 ] athr C:\windows\system32\DRIVERS\athr.sys
19:30:35.0432 5780 athr - ok
19:30:35.0495 5780 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:30:35.0495 5780 AudioEndpointBuilder - ok
19:30:35.0526 5780 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll
19:30:35.0526 5780 Audiosrv - ok
19:30:35.0588 5780 [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] avgtp C:\windows\system32\drivers\avgtpx86.sys
19:30:35.0588 5780 avgtp - ok
19:30:35.0620 5780 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll
19:30:35.0635 5780 AxInstSV - ok
19:30:35.0666 5780 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
19:30:35.0682 5780 b06bdrv - ok
19:30:35.0713 5780 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
19:30:35.0713 5780 b57nd60x - ok
19:30:35.0822 5780 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
19:30:35.0822 5780 BBSvc - ok
19:30:35.0854 5780 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
19:30:35.0869 5780 BDESVC - ok
19:30:35.0900 5780 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
19:30:35.0900 5780 Beep - ok
19:30:35.0947 5780 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll
19:30:35.0963 5780 BFE - ok
19:30:36.0010 5780 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\system32\qmgr.dll
19:30:36.0010 5780 BITS - ok
19:30:36.0025 5780 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
19:30:36.0025 5780 blbdrive - ok
19:30:36.0088 5780 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:30:36.0088 5780 Bonjour Service - ok
19:30:36.0119 5780 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys
19:30:36.0119 5780 bowser - ok
19:30:36.0150 5780 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
19:30:36.0150 5780 BrFiltLo - ok
19:30:36.0166 5780 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
19:30:36.0166 5780 BrFiltUp - ok
19:30:36.0244 5780 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
19:30:36.0244 5780 BridgeMP - ok
19:30:36.0290 5780 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll
19:30:36.0290 5780 Browser - ok
19:30:36.0322 5780 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
19:30:36.0322 5780 Brserid - ok
19:30:36.0337 5780 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
19:30:36.0337 5780 BrSerWdm - ok
19:30:36.0368 5780 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
19:30:36.0368 5780 BrUsbMdm - ok
19:30:36.0368 5780 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
19:30:36.0368 5780 BrUsbSer - ok
19:30:36.0431 5780 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
19:30:36.0431 5780 BthEnum - ok
19:30:36.0446 5780 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
19:30:36.0446 5780 BTHMODEM - ok
19:30:36.0478 5780 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
19:30:36.0478 5780 BthPan - ok
19:30:36.0540 5780 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
19:30:36.0556 5780 BTHPORT - ok
19:30:36.0587 5780 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
19:30:36.0587 5780 bthserv - ok
19:30:36.0634 5780 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
19:30:36.0634 5780 BTHUSB - ok
19:30:36.0712 5780 catchme - ok
19:30:36.0743 5780 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
19:30:36.0743 5780 cdfs - ok
19:30:36.0790 5780 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
19:30:36.0805 5780 cdrom - ok
19:30:36.0836 5780 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll
19:30:36.0836 5780 CertPropSvc - ok
19:30:36.0868 5780 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
19:30:36.0868 5780 circlass - ok
19:30:36.0899 5780 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
19:30:36.0914 5780 CLFS - ok
19:30:36.0977 5780 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:30:36.0992 5780 clr_optimization_v2.0.50727_32 - ok
19:30:37.0055 5780 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:30:37.0070 5780 clr_optimization_v4.0.30319_32 - ok
19:30:37.0086 5780 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
19:30:37.0086 5780 CmBatt - ok
19:30:37.0102 5780 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys
19:30:37.0102 5780 cmdide - ok
19:30:37.0148 5780 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys
19:30:37.0148 5780 CNG - ok
19:30:37.0180 5780 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
19:30:37.0180 5780 Compbatt - ok
19:30:37.0226 5780 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
19:30:37.0226 5780 CompositeBus - ok
19:30:37.0226 5780 COMSysApp - ok
19:30:37.0242 5780 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
19:30:37.0242 5780 crcdisk - ok
19:30:37.0289 5780 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\windows\system32\cryptsvc.dll
19:30:37.0289 5780 CryptSvc - ok
19:30:37.0336 5780 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll
19:30:37.0336 5780 DcomLaunch - ok
19:30:37.0351 5780 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
19:30:37.0367 5780 defragsvc - ok
19:30:37.0398 5780 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys
19:30:37.0398 5780 DfsC - ok
19:30:37.0445 5780 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll
19:30:37.0460 5780 Dhcp - ok
19:30:37.0476 5780 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
19:30:37.0476 5780 discache - ok
19:30:37.0507 5780 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
19:30:37.0507 5780 Disk - ok
19:30:37.0538 5780 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll
19:30:37.0554 5780 Dnscache - ok
19:30:37.0648 5780 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll
19:30:37.0648 5780 dot3svc - ok
19:30:37.0663 5780 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll
19:30:37.0663 5780 DPS - ok
19:30:37.0710 5780 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
19:30:37.0710 5780 drmkaud - ok
19:30:37.0741 5780 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
19:30:37.0757 5780 DXGKrnl - ok
19:30:37.0788 5780 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
19:30:37.0788 5780 EapHost - ok
19:30:37.0882 5780 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
19:30:37.0975 5780 ebdrv - ok
19:30:38.0022 5780 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe
19:30:38.0022 5780 EFS - ok
19:30:38.0084 5780 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\windows\ehome\ehRecvr.exe
19:30:38.0084 5780 ehRecvr - ok
19:30:38.0147 5780 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe
19:30:38.0147 5780 ehSched - ok
19:30:38.0194 5780 [ 9A3A8614859FB77767B63A82A017CCC6 ] ELOADER C:\windows\system32\Drivers\adildr.sys
19:30:38.0194 5780 ELOADER - ok
19:30:38.0256 5780 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
19:30:38.0256 5780 elxstor - ok
19:30:38.0334 5780 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
19:30:38.0334 5780 EpsonBidirectionalService - ok
19:30:38.0396 5780 [ 0786BF6298B4927FCFBB0B34614AEC79 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
19:30:38.0396 5780 EPSON_EB_RPCV4_04 - ok
19:30:38.0443 5780 [ 41655972D8829F0974812FFE342031B5 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
19:30:38.0443 5780 EPSON_PM_RPCV4_04 - ok
19:30:38.0474 5780 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys
19:30:38.0474 5780 ErrDev - ok
19:30:38.0521 5780 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
19:30:38.0537 5780 EventSystem - ok
19:30:38.0584 5780 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
19:30:38.0584 5780 exfat - ok
19:30:38.0630 5780 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
19:30:38.0630 5780 fastfat - ok
19:30:38.0693 5780 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe
19:30:38.0708 5780 Fax - ok
19:30:38.0755 5780 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
19:30:38.0755 5780 fdc - ok
19:30:38.0786 5780 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
19:30:38.0786 5780 fdPHost - ok
19:30:38.0802 5780 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
19:30:38.0802 5780 FDResPub - ok
19:30:38.0833 5780 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
19:30:38.0833 5780 FileInfo - ok
19:30:38.0849 5780 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
19:30:38.0849 5780 Filetrace - ok
19:30:38.0864 5780 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
19:30:38.0864 5780 flpydisk - ok
19:30:38.0896 5780 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
19:30:38.0896 5780 FltMgr - ok
19:30:38.0942 5780 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\windows\system32\FntCache.dll
19:30:38.0958 5780 FontCache - ok
19:30:39.0020 5780 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:30:39.0020 5780 FontCache3.0.0.0 - ok
19:30:39.0036 5780 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
19:30:39.0052 5780 FsDepends - ok
19:30:39.0083 5780 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
19:30:39.0083 5780 fssfltr - ok
19:30:39.0192 5780 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:30:39.0239 5780 fsssvc - ok
19:30:39.0301 5780 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
19:30:39.0301 5780 Fs_Rec - ok
19:30:39.0332 5780 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
19:30:39.0348 5780 fvevol - ok
19:30:39.0379 5780 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
19:30:39.0379 5780 gagp30kx - ok
19:30:39.0410 5780 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:30:39.0410 5780 GEARAspiWDM - ok
19:30:39.0442 5780 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll
19:30:39.0457 5780 gpsvc - ok
19:30:39.0613 5780 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:30:39.0629 5780 gupdate - ok
19:30:39.0676 5780 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:30:39.0676 5780 gupdatem - ok
19:30:39.0707 5780 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:30:39.0707 5780 gusvc - ok
19:30:39.0738 5780 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
19:30:39.0738 5780 hcw85cir - ok
19:30:39.0785 5780 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:30:39.0785 5780 HdAudAddService - ok
19:30:39.0800 5780 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
19:30:39.0800 5780 HDAudBus - ok
19:30:39.0816 5780 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
19:30:39.0816 5780 HidBatt - ok
19:30:39.0832 5780 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
19:30:39.0832 5780 HidBth - ok
19:30:39.0847 5780 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
19:30:39.0847 5780 HidIr - ok
19:30:39.0878 5780 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\System32\hidserv.dll
19:30:39.0878 5780 hidserv - ok
19:30:39.0925 5780 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
19:30:39.0925 5780 HidUsb - ok
19:30:39.0972 5780 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll
19:30:39.0972 5780 hkmsvc - ok
19:30:40.0003 5780 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:30:40.0003 5780 HomeGroupListener - ok
19:30:40.0034 5780 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:30:40.0034 5780 HomeGroupProvider - ok
19:30:40.0066 5780 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
19:30:40.0066 5780 HpSAMD - ok
19:30:40.0128 5780 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys
19:30:40.0128 5780 HTTP - ok
19:30:40.0159 5780 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
19:30:40.0159 5780 hwpolicy - ok
19:30:40.0222 5780 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
19:30:40.0222 5780 i8042prt - ok
19:30:40.0253 5780 [ 0BAA4115DFFFD6A6D809A89D65E1281A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
19:30:40.0253 5780 iaStor - ok
19:30:40.0284 5780 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys
19:30:40.0284 5780 iaStorV - ok
19:30:40.0346 5780 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:30:40.0362 5780 idsvc - ok
19:30:40.0518 5780 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
19:30:40.0721 5780 igfx - ok
19:30:40.0752 5780 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
19:30:40.0752 5780 iirsp - ok
19:30:40.0814 5780 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll
19:30:40.0846 5780 IKEEXT - ok
19:30:40.0970 5780 [ 3202E26501E5E18C35DC2CC74709A704 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
19:30:41.0017 5780 IntcAzAudAddService - ok
19:30:41.0080 5780 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys
19:30:41.0080 5780 intelide - ok
19:30:41.0095 5780 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
19:30:41.0095 5780 intelppm - ok
19:30:41.0158 5780 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
19:30:41.0158 5780 IPBusEnum - ok
19:30:41.0173 5780 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
19:30:41.0189 5780 IpFilterDriver - ok
19:30:41.0236 5780 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\windows\System32\iphlpsvc.dll
19:30:41.0251 5780 iphlpsvc - ok
19:30:41.0282 5780 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
19:30:41.0282 5780 IPMIDRV - ok
19:30:41.0314 5780 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
19:30:41.0314 5780 IPNAT - ok
19:30:41.0423 5780 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:30:41.0438 5780 iPod Service - ok
19:30:41.0454 5780 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
19:30:41.0470 5780 IRENUM - ok
19:30:41.0532 5780 [ F5CF53D41F5A6B9D66B8C49C2DE43064 ] IS360service C:\Program Files\IObit\IObit Security 360\IS360srv.exe
19:30:41.0532 5780 IS360service - ok
19:30:41.0548 5780 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys
19:30:41.0548 5780 isapnp - ok
19:30:41.0594 5780 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
19:30:41.0594 5780 iScsiPrt - ok
19:30:41.0641 5780 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\drivers\kbdclass.sys
19:30:41.0641 5780 kbdclass - ok
19:30:41.0688 5780 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
19:30:41.0688 5780 kbdhid - ok
19:30:41.0704 5780 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe
19:30:41.0704 5780 KeyIso - ok
19:30:41.0735 5780 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
19:30:41.0735 5780 KSecDD - ok
19:30:41.0766 5780 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
19:30:41.0766 5780 KSecPkg - ok
19:30:41.0860 5780 [ E47FFCA0909871AC1BFF0D446FF63CA9 ] KSS C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
19:30:41.0875 5780 KSS - ok
19:30:41.0922 5780 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
19:30:41.0938 5780 KtmRm - ok
19:30:41.0984 5780 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\System32\srvsvc.dll
19:30:41.0984 5780 LanmanServer - ok
19:30:42.0016 5780 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:30:42.0016 5780 LanmanWorkstation - ok
19:30:42.0047 5780 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
19:30:42.0047 5780 lltdio - ok
19:30:42.0078 5780 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
19:30:42.0078 5780 lltdsvc - ok
19:30:42.0094 5780 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
19:30:42.0094 5780 lmhosts - ok
19:30:42.0109 5780 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
19:30:42.0125 5780 LSI_FC - ok
19:30:42.0125 5780 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
19:30:42.0140 5780 LSI_SAS - ok
19:30:42.0140 5780 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
19:30:42.0140 5780 LSI_SAS2 - ok
19:30:42.0156 5780 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
19:30:42.0156 5780 LSI_SCSI - ok
19:30:42.0172 5780 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
19:30:42.0172 5780 luafv - ok
19:30:42.0218 5780 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
19:30:42.0218 5780 MBAMProtector - ok
19:30:42.0281 5780 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:30:42.0281 5780 MBAMScheduler - ok
19:30:42.0312 5780 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:30:42.0328 5780 MBAMService - ok
19:30:42.0390 5780 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
19:30:42.0390 5780 Mcx2Svc - ok
19:30:42.0406 5780 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
19:30:42.0406 5780 megasas - ok
19:30:42.0437 5780 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
19:30:42.0452 5780 MegaSR - ok
19:30:42.0484 5780 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
19:30:42.0484 5780 MMCSS - ok
19:30:42.0484 5780 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
19:30:42.0484 5780 Modem - ok
19:30:42.0515 5780 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
19:30:42.0515 5780 monitor - ok
19:30:42.0546 5780 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
19:30:42.0546 5780 mouclass - ok
19:30:42.0577 5780 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
19:30:42.0577 5780 mouhid - ok
19:30:42.0608 5780 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
19:30:42.0608 5780 mountmgr - ok
19:30:42.0671 5780 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
19:30:42.0671 5780 MpFilter - ok
19:30:42.0702 5780 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys
19:30:42.0702 5780 mpio - ok
19:30:42.0733 5780 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
19:30:42.0749 5780 mpsdrv - ok
19:30:42.0780 5780 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll
19:30:42.0796 5780 MpsSvc - ok
19:30:42.0858 5780 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
19:30:42.0858 5780 MRxDAV - ok
19:30:42.0889 5780 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
19:30:42.0889 5780 mrxsmb - ok
19:30:42.0920 5780 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
19:30:42.0936 5780 mrxsmb10 - ok
19:30:42.0967 5780 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
19:30:42.0967 5780 mrxsmb20 - ok
19:30:42.0998 5780 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys
19:30:42.0998 5780 msahci - ok
19:30:43.0045 5780 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys
19:30:43.0045 5780 msdsm - ok
19:30:43.0061 5780 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
19:30:43.0061 5780 MSDTC - ok
19:30:43.0092 5780 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
19:30:43.0092 5780 Msfs - ok
19:30:43.0108 5780 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
19:30:43.0108 5780 mshidkmdf - ok
19:30:43.0139 5780 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
19:30:43.0139 5780 msisadrv - ok
19:30:43.0170 5780 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
19:30:43.0170 5780 MSiSCSI - ok
19:30:43.0186 5780 msiserver - ok
19:30:43.0232 5780 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
19:30:43.0232 5780 MSKSSRV - ok
19:30:43.0326 5780 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:30:43.0326 5780 MsMpSvc - ok
19:30:43.0357 5780 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
19:30:43.0357 5780 MSPCLOCK - ok
19:30:43.0373 5780 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
19:30:43.0373 5780 MSPQM - ok
19:30:43.0388 5780 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
19:30:43.0388 5780 MsRPC - ok
19:30:43.0435 5780 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
19:30:43.0435 5780 mssmbios - ok
19:30:43.0482 5780 MSSQL$SQLEXPRESS - ok
19:30:43.0544 5780 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
19:30:43.0544 5780 MSSQLServerADHelper - ok
19:30:43.0576 5780 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
19:30:43.0576 5780 MSTEE - ok
19:30:43.0591 5780 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
19:30:43.0591 5780 MTConfig - ok
19:30:43.0591 5780 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
19:30:43.0607 5780 Mup - ok
19:30:43.0638 5780 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll
19:30:43.0638 5780 napagent - ok
19:30:43.0669 5780 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
19:30:43.0669 5780 NativeWifiP - ok
19:30:43.0732 5780 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys
19:30:43.0747 5780 NDIS - ok
19:30:43.0794 5780 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
19:30:43.0794 5780 NdisCap - ok
19:30:43.0810 5780 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
19:30:43.0810 5780 NdisTapi - ok
19:30:43.0856 5780 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
19:30:43.0856 5780 Ndisuio - ok
19:30:43.0903 5780 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
19:30:43.0903 5780 NdisWan - ok
19:30:43.0919 5780 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
19:30:43.0919 5780 NDProxy - ok
19:30:44.0044 5780 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
19:30:44.0059 5780 Nero BackItUp Scheduler 4.0 - ok
19:30:44.0122 5780 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
19:30:44.0122 5780 NetBIOS - ok
19:30:44.0153 5780 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
19:30:44.0168 5780 NetBT - ok
19:30:44.0184 5780 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe
19:30:44.0184 5780 Netlogon - ok
19:30:44.0231 5780 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
19:30:44.0231 5780 Netman - ok
19:30:44.0246 5780 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
19:30:44.0246 5780 netprofm - ok
19:30:44.0324 5780 [ 27EE4B406E2F26F6117A9A420BD4CB65 ] netr28u C:\windows\system32\DRIVERS\netr28u.sys
19:30:44.0340 5780 netr28u - ok
19:30:44.0418 5780 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:30:44.0418 5780 NetTcpPortSharing - ok
19:30:44.0449 5780 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
19:30:44.0449 5780 nfrd960 - ok
19:30:44.0512 5780 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
19:30:44.0512 5780 NisDrv - ok
19:30:44.0558 5780 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:30:44.0574 5780 NisSrv - ok
19:30:44.0636 5780 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\windows\System32\nlasvc.dll
19:30:44.0636 5780 NlaSvc - ok
19:30:44.0652 5780 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
19:30:44.0652 5780 Npfs - ok
19:30:44.0683 5780 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
19:30:44.0683 5780 nsi - ok
19:30:44.0699 5780 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
19:30:44.0699 5780 nsiproxy - ok
19:30:44.0746 5780 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
19:30:44.0777 5780 Ntfs - ok
19:30:44.0839 5780 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
19:30:44.0839 5780 Null - ok
19:30:44.0886 5780 [ D2F4C4B22969236382CA853B8DAA2D4E ] NVHDA C:\windows\system32\drivers\nvhda32v.sys
19:30:44.0886 5780 NVHDA - ok
19:30:45.0151 5780 [ 104C0FE08DD64965CF788D91CCBB2CC6 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
19:30:45.0214 5780 nvlddmkm - ok
19:30:45.0260 5780 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys
19:30:45.0260 5780 nvraid - ok
19:30:45.0276 5780 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys
19:30:45.0276 5780 nvstor - ok
19:30:45.0307 5780 [ 63A9CACE87C31A46BDF4AD448D9A033A ] nvsvc C:\windows\system32\nvvsvc.exe
19:30:45.0307 5780 nvsvc - ok
19:30:45.0338 5780 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys
19:30:45.0338 5780 nv_agp - ok
19:30:45.0385 5780 [ B5D5DA8230D3D3525839D939A9196C3E ] OberonGameConsoleService C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
19:30:45.0385 5780 OberonGameConsoleService - ok
19:30:45.0401 5780 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
19:30:45.0416 5780 ohci1394 - ok
19:30:45.0448 5780 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
19:30:45.0448 5780 p2pimsvc - ok
19:30:45.0463 5780 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
19:30:45.0463 5780 p2psvc - ok
19:30:45.0494 5780 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
19:30:45.0494 5780 Parport - ok
19:30:45.0526 5780 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys
19:30:45.0526 5780 partmgr - ok
19:30:45.0541 5780 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
19:30:45.0541 5780 Parvdm - ok
19:30:45.0619 5780 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
19:30:45.0619 5780 PcaSvc - ok
19:30:45.0682 5780 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\windows\system32\DRIVERS\pccsmcfd.sys
19:30:45.0682 5780 pccsmcfd - ok
19:30:45.0713 5780 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys
19:30:45.0713 5780 pci - ok
19:30:45.0744 5780 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys
19:30:45.0744 5780 pciide - ok
19:30:45.0760 5780 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
19:30:45.0775 5780 pcmcia - ok
19:30:45.0791 5780 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
19:30:45.0791 5780 pcw - ok
19:30:45.0822 5780 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
19:30:45.0838 5780 PEAUTH - ok
19:30:45.0916 5780 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll
19:30:45.0947 5780 pla - ok
19:30:46.0025 5780 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll
19:30:46.0040 5780 PlugPlay - ok
19:30:46.0056 5780 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
19:30:46.0056 5780 PNRPAutoReg - ok
19:30:46.0087 5780 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
19:30:46.0087 5780 PNRPsvc - ok
19:30:46.0118 5780 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll
19:30:46.0134 5780 PolicyAgent - ok
19:30:46.0150 5780 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll
19:30:46.0150 5780 Power - ok
19:30:46.0196 5780 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
19:30:46.0196 5780 PptpMiniport - ok
19:30:46.0196 5780 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
19:30:46.0196 5780 Processor - ok
19:30:46.0228 5780 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll
19:30:46.0243 5780 ProfSvc - ok
19:30:46.0243 5780 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
19:30:46.0243 5780 ProtectedStorage - ok
19:30:46.0274 5780 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
19:30:46.0274 5780 Psched - ok
19:30:46.0306 5780 [ F15D03C5F5EF2DA9D5A1ABDBBD7DEBF1 ] pssnap C:\windows\system32\DRIVERS\pssnap.sys
19:30:46.0306 5780 pssnap - ok
19:30:46.0352 5780 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
19:30:46.0384 5780 ql2300 - ok
19:30:46.0446 5780 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
19:30:46.0446 5780 ql40xx - ok
19:30:46.0477 5780 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
19:30:46.0477 5780 QWAVE - ok
19:30:46.0493 5780 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
19:30:46.0493 5780 QWAVEdrv - ok
19:30:46.0633 5780 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\windows\WindowsMobile\rapimgr.dll
19:30:46.0633 5780 RapiMgr - ok
19:30:46.0649 5780 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
19:30:46.0649 5780 RasAcd - ok
19:30:46.0696 5780 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
19:30:46.0696 5780 RasAgileVpn - ok
19:30:46.0727 5780 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
19:30:46.0727 5780 RasAuto - ok
19:30:46.0742 5780 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
19:30:46.0742 5780 Rasl2tp - ok
19:30:46.0805 5780 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll
19:30:46.0805 5780 RasMan - ok
19:30:46.0820 5780 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
19:30:46.0820 5780 RasPppoe - ok
19:30:46.0836 5780 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
19:30:46.0836 5780 RasSstp - ok
19:30:46.0883 5780 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
19:30:46.0883 5780 rdbss - ok
19:30:46.0914 5780 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
19:30:46.0914 5780 rdpbus - ok
19:30:46.0945 5780 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
19:30:46.0945 5780 RDPCDD - ok
19:30:46.0976 5780 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
19:30:46.0976 5780 RDPENCDD - ok
19:30:46.0976 5780 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
19:30:46.0976 5780 RDPREFMP - ok
19:30:47.0039 5780 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
19:30:47.0054 5780 RDPWD - ok
19:30:47.0101 5780 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
19:30:47.0101 5780 rdyboost - ok
19:30:47.0132 5780 [ 9EBD7D8E752B065308139668D82EEB1D ] ReflectService C:\Program Files\Macrium\Reflect\ReflectService.exe
19:30:47.0148 5780 ReflectService - ok
19:30:47.0164 5780 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
19:30:47.0179 5780 RemoteAccess - ok
19:30:47.0195 5780 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
19:30:47.0195 5780 RemoteRegistry - ok
19:30:47.0257 5780 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
19:30:47.0257 5780 RFCOMM - ok
19:30:47.0335 5780 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
19:30:47.0351 5780 RichVideo - ok
19:30:47.0382 5780 [ 906DCFC5EBF4EC0433F8D4FFFB0BA334 ] RMCAST C:\windows\system32\DRIVERS\RMCAST.sys
19:30:47.0398 5780 RMCAST - ok
19:30:47.0413 5780 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
19:30:47.0413 5780 RpcEptMapper - ok
19:30:47.0429 5780 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
19:30:47.0429 5780 RpcLocator - ok
19:30:47.0444 5780 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll
19:30:47.0460 5780 RpcSs - ok
19:30:47.0491 5780 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
19:30:47.0491 5780 rspndr - ok
19:30:47.0522 5780 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys
19:30:47.0538 5780 RTL8167 - ok
19:30:47.0632 5780 [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI C:\windows\system32\Drivers\SABI.sys
19:30:47.0632 5780 SABI - ok
19:30:47.0632 5780 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe
19:30:47.0647 5780 SamSs - ok
19:30:47.0694 5780 SASKUTIL - ok
19:30:47.0741 5780 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys
19:30:47.0741 5780 sbp2port - ok
19:30:47.0772 5780 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
19:30:47.0772 5780 SCardSvr - ok
19:30:47.0788 5780 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
19:30:47.0788 5780 scfilter - ok
19:30:47.0834 5780 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll
19:30:47.0866 5780 Schedule - ok
19:30:47.0928 5780 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll
19:30:47.0928 5780 SCPolicySvc - ok
19:30:47.0959 5780 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll
19:30:47.0959 5780 SDRSVC - ok
19:30:48.0037 5780 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
19:30:48.0037 5780 SeaPort - ok
19:30:48.0084 5780 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
19:30:48.0084 5780 secdrv - ok
19:30:48.0100 5780 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
19:30:48.0100 5780 seclogon - ok
19:30:48.0131 5780 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\system32\sens.dll
19:30:48.0146 5780 SENS - ok
19:30:48.0162 5780 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll
19:30:48.0162 5780 SensrSvc - ok
19:30:48.0193 5780 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
19:30:48.0193 5780 Serenum - ok
19:30:48.0224 5780 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
19:30:48.0224 5780 Serial - ok
19:30:48.0256 5780 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
19:30:48.0256 5780 sermouse - ok
19:30:48.0318 5780 [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:30:48.0334 5780 ServiceLayer - ok
19:30:48.0380 5780 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll
19:30:48.0396 5780 SessionEnv - ok
19:30:48.0412 5780 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys
19:30:48.0427 5780 sffdisk - ok
19:30:48.0443 5780 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
19:30:48.0443 5780 sffp_mmc - ok
19:30:48.0443 5780 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
19:30:48.0458 5780 sffp_sd - ok
19:30:48.0474 5780 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
19:30:48.0474 5780 sfloppy - ok
19:30:48.0521 5780 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
19:30:48.0536 5780 SharedAccess - ok
19:30:48.0614 5780 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:30:48.0614 5780 ShellHWDetection - ok
19:30:48.0661 5780 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys
19:30:48.0661 5780 sisagp - ok
19:30:48.0692 5780 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
19:30:48.0692 5780 SiSRaid2 - ok
19:30:48.0708 5780 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
19:30:48.0708 5780 SiSRaid4 - ok
19:30:48.0739 5780 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
19:30:48.0739 5780 Smb - ok
19:30:48.0802 5780 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
19:30:48.0802 5780 SNMPTRAP - ok
19:30:48.0802 5780 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
19:30:48.0802 5780 spldr - ok
19:30:48.0864 5780 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe
19:30:48.0864 5780 Spooler - ok
19:30:48.0958 5780 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe
19:30:48.0973 5780 sppsvc - ok
19:30:49.0004 5780 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll
19:30:49.0020 5780 sppuinotify - ok
19:30:49.0051 5780 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:30:49.0051 5780 SQLBrowser - ok
19:30:49.0082 5780 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:30:49.0082 5780 SQLWriter - ok
19:30:49.0114 5780 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys
19:30:49.0129 5780 srv - ok
19:30:49.0160 5780 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
19:30:49.0160 5780 srv2 - ok
19:30:49.0192 5780 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
19:30:49.0192 5780 srvnet - ok
19:30:49.0223 5780 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
19:30:49.0223 5780 SSDPSRV - ok
19:30:49.0238 5780 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
19:30:49.0238 5780 SstpSvc - ok
19:30:49.0285 5780 [ 3F0164FBC0BD1ADBD02DF9759181451A ] ss_bbus C:\windows\system32\DRIVERS\ss_bbus.sys
19:30:49.0301 5780 ss_bbus - ok
19:30:49.0301 5780 [ B89D62206034E5FE573C80A24DD55675 ] ss_bmdfl C:\windows\system32\DRIVERS\ss_bmdfl.sys
19:30:49.0301 5780 ss_bmdfl - ok
19:30:49.0316 5780 [ 1ED0FCEA586FE2A416EE15196E5631DD ] ss_bmdm C:\windows\system32\DRIVERS\ss_bmdm.sys
19:30:49.0316 5780 ss_bmdm - ok
19:30:49.0348 5780 [ 994D2E5378CC337EC7DD73C1E04FCAA4 ] ss_bserd C:\windows\system32\DRIVERS\ss_bserd.sys
19:30:49.0348 5780 ss_bserd - ok
19:30:49.0379 5780 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
19:30:49.0379 5780 stexstor - ok
19:30:49.0426 5780 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll
19:30:49.0441 5780 StiSvc - ok
19:30:49.0472 5780 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys
19:30:49.0472 5780 swenum - ok
19:30:49.0504 5780 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
19:30:49.0504 5780 swprv - ok
19:30:49.0613 5780 [ 215A45246C6E2D0A9C263CE1786C8D8A ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
19:30:49.0613 5780 SynTP - ok
19:30:49.0660 5780 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll
19:30:49.0691 5780 SysMain - ok
19:30:49.0738 5780 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
19:30:49.0738 5780 TabletInputService - ok
19:30:49.0753 5780 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll
19:30:49.0769 5780 TapiSrv - ok
19:30:49.0784 5780 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
19:30:49.0784 5780 TBS - ok
19:30:49.0847 5780 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\windows\system32\drivers\tcpip.sys
19:30:49.0878 5780 Tcpip - ok
19:30:49.0909 5780 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
19:30:49.0925 5780 TCPIP6 - ok
19:30:49.0956 5780 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
19:30:49.0956 5780 tcpipreg - ok
19:30:49.0987 5780 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
19:30:50.0003 5780 TDPIPE - ok
19:30:50.0018 5780 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
19:30:50.0018 5780 TDTCP - ok
19:30:50.0050 5780 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys
19:30:50.0050 5780 tdx - ok
19:30:50.0096 5780 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys
19:30:50.0096 5780 TermDD - ok
19:30:50.0128 5780 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll
19:30:50.0143 5780 TermService - ok
19:30:50.0174 5780 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
19:30:50.0174 5780 Themes - ok
19:30:50.0190 5780 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
19:30:50.0206 5780 THREADORDER - ok
19:30:50.0206 5780 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
19:30:50.0221 5780 TrkWks - ok
19:30:50.0252 5780 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:30:50.0268 5780 TrustedInstaller - ok
19:30:50.0299 5780 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
19:30:50.0299 5780 tssecsrv - ok
19:30:50.0362 5780 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
19:30:50.0362 5780 TsUsbFlt - ok
19:30:50.0408 5780 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
19:30:50.0424 5780 tunnel - ok
19:30:50.0440 5780 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
19:30:50.0440 5780 uagp35 - ok
19:30:50.0486 5780 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys
19:30:50.0486 5780 udfs - ok
19:30:50.0518 5780 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
19:30:50.0518 5780 UI0Detect - ok
19:30:50.0549 5780 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
19:30:50.0580 5780 uliagpkx - ok
19:30:50.0642 5780 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\DRIVERS\umbus.sys
19:30:50.0642 5780 umbus - ok
19:30:50.0658 5780 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
19:30:50.0658 5780 UmPass - ok
19:30:50.0674 5780 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
19:30:50.0674 5780 upnphost - ok
19:30:50.0705 5780 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
19:30:50.0705 5780 usbccgp - ok
19:30:50.0736 5780 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys
19:30:50.0736 5780 usbcir - ok
19:30:50.0752 5780 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
19:30:50.0752 5780 usbehci - ok
19:30:50.0798 5780 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
19:30:50.0798 5780 usbhub - ok
19:30:50.0814 5780 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
19:30:50.0814 5780 usbohci - ok
19:30:50.0830 5780 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
19:30:50.0830 5780 usbprint - ok
19:30:50.0845 5780 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
19:30:50.0845 5780 usbscan - ok
19:30:50.0861 5780 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
19:30:50.0876 5780 USBSTOR - ok
19:30:50.0892 5780 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
19:30:50.0892 5780 usbuhci - ok
19:30:50.0939 5780 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
19:30:50.0939 5780 usbvideo - ok
19:30:50.0970 5780 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
19:30:50.0970 5780 UxSms - ok
19:30:50.0986 5780 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe
19:30:50.0986 5780 VaultSvc - ok
19:30:51.0032 5780 [ 12525F65E8C561B66E0BCE2DE2018C0C ] VBoxDrv C:\windows\system32\DRIVERS\VBoxDrv.sys
19:30:51.0032 5780 VBoxDrv - ok
19:30:51.0064 5780 [ B9D3C274E937A15FD2CEF8AA1E4C3477 ] VBoxNetAdp C:\windows\system32\DRIVERS\VBoxNetAdp.sys
19:30:51.0064 5780 VBoxNetAdp - ok
19:30:51.0110 5780 [ 601FE4801743B00B446EF8E21E753ED5 ] VBoxNetFlt C:\windows\system32\DRIVERS\VBoxNetFlt.sys
19:30:51.0110 5780 VBoxNetFlt - ok
19:30:51.0126 5780 [ 257358491D40BD541B9B8CE6F9917EF0 ] VBoxUSB C:\windows\system32\Drivers\VBoxUSB.sys
19:30:51.0126 5780 VBoxUSB - ok
19:30:51.0173 5780 [ 4AC4D33350CDD927CD575934CF983E68 ] VBoxUSBMon C:\windows\system32\DRIVERS\VBoxUSBMon.sys
19:30:51.0173 5780 VBoxUSBMon - ok
19:30:51.0188 5780 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
19:30:51.0188 5780 vdrvroot - ok
19:30:51.0235 5780 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe
19:30:51.0235 5780 vds - ok
19:30:51.0282 5780 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
19:30:51.0282 5780 vga - ok
19:30:51.0298 5780 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
19:30:51.0298 5780 VgaSave - ok
19:30:51.0329 5780 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
19:30:51.0329 5780 vhdmp - ok
19:30:51.0360 5780 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys
19:30:51.0360 5780 viaagp - ok
19:30:51.0376 5780 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
19:30:51.0376 5780 ViaC7 - ok
19:30:51.0407 5780 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys
19:30:51.0407 5780 viaide - ok
19:30:51.0422 5780 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys
19:30:51.0422 5780 volmgr - ok
19:30:51.0454 5780 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
19:30:51.0454 5780 volmgrx - ok
19:30:51.0469 5780 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys
19:30:51.0469 5780 volsnap - ok
19:30:51.0500 5780 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
19:30:51.0500 5780 vsmraid - ok
19:30:51.0547 5780 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe
19:30:51.0625 5780 VSS - ok
19:30:51.0766 5780 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
19:30:51.0781 5780 vToolbarUpdater13.2.0 - ok
19:30:51.0797 5780 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
19:30:51.0797 5780 vwifibus - ok
19:30:51.0812 5780 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
19:30:51.0812 5780 vwififlt - ok
19:30:51.0844 5780 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
19:30:51.0844 5780 vwifimp - ok
19:30:51.0890 5780 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
19:30:51.0890 5780 W32Time - ok
19:30:51.0906 5780 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
19:30:51.0906 5780 WacomPen - ok
19:30:51.0953 5780 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
19:30:51.0953 5780 WANARP - ok
19:30:51.0953 5780 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
19:30:51.0953 5780 Wanarpv6 - ok
19:30:52.0015 5780 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
19:30:52.0062 5780 WatAdminSvc - ok
19:30:52.0109 5780 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe
19:30:52.0140 5780 wbengine - ok
19:30:52.0171 5780 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
19:30:52.0171 5780 WbioSrvc - ok
19:30:52.0218 5780 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\windows\WindowsMobile\wcescomm.dll
19:30:52.0218 5780 WcesComm - ok
19:30:52.0249 5780 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll
19:30:52.0249 5780 wcncsvc - ok
19:30:52.0265 5780 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:30:52.0265 5780 WcsPlugInService - ok
19:30:52.0296 5780 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
19:30:52.0296 5780 Wd - ok
19:30:52.0327 5780 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
19:30:52.0327 5780 Wdf01000 - ok
19:30:52.0343 5780 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
19:30:52.0358 5780 WdiServiceHost - ok
19:30:52.0358 5780 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
19:30:52.0358 5780 WdiSystemHost - ok
19:30:52.0390 5780 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll
19:30:52.0405 5780 WebClient - ok
19:30:52.0421 5780 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
19:30:52.0421 5780 Wecsvc - ok
19:30:52.0436 5780 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
19:30:52.0452 5780 wercplsupport - ok
19:30:52.0468 5780 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
19:30:52.0483 5780 WerSvc - ok
19:30:52.0499 5780 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
19:30:52.0514 5780 WfpLwf - ok
19:30:52.0530 5780 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
19:30:52.0530 5780 WIMMount - ok
19:30:52.0655 5780 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:30:52.0670 5780 WinDefend - ok
19:30:52.0670 5780 WinHttpAutoProxySvc - ok
19:30:52.0748 5780 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
19:30:52.0748 5780 Winmgmt - ok
19:30:52.0795 5780 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll
19:30:52.0842 5780 WinRM - ok
19:30:52.0889 5780 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
19:30:52.0889 5780 WinUsb - ok
19:30:52.0951 5780 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
19:30:52.0982 5780 Wlansvc - ok
19:30:53.0045 5780 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:30:53.0045 5780 wlcrasvc - ok
19:30:53.0138 5780 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:30:53.0201 5780 wlidsvc - ok
19:30:53.0216 5780 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
19:30:53.0216 5780 WmiAcpi - ok
19:30:53.0263 5780 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
19:30:53.0263 5780 wmiApSrv - ok
19:30:53.0326 5780 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:30:53.0326 5780 WMPNetworkSvc - ok
19:30:53.0372 5780 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
19:30:53.0372 5780 WPCSvc - ok
19:30:53.0388 5780 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
19:30:53.0388 5780 WPDBusEnum - ok
19:30:53.0419 5780 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
19:30:53.0419 5780 ws2ifsl - ok
19:30:53.0435 5780 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\system32\wscsvc.dll
19:30:53.0435 5780 wscsvc - ok
19:30:53.0466 5780 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
19:30:53.0466 5780 WSDPrintDevice - ok
19:30:53.0497 5780 [ 7DC0270CFD4A05B4112E3EBBF083B595 ] WSDScan C:\windows\system32\DRIVERS\WSDScan.sys
19:30:53.0497 5780 WSDScan - ok
19:30:53.0513 5780 WSearch - ok
19:30:53.0653 5780 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
19:30:53.0669 5780 wuauserv - ok
19:30:53.0700 5780 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
19:30:53.0700 5780 WudfPf - ok
19:30:53.0731 5780 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
19:30:53.0731 5780 WUDFRd - ok
19:30:53.0778 5780 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\windows\System32\WUDFSvc.dll
19:30:53.0778 5780 wudfsvc - ok
19:30:53.0825 5780 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
19:30:53.0825 5780 WwanSvc - ok
19:30:53.0887 5780 [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7 C:\windows\system32\DRIVERS\yk62x86.sys
19:30:53.0887 5780 yukonw7 - ok
19:30:53.0934 5780 ================ Scan global ===============================
19:30:53.0965 5780 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
19:30:53.0996 5780 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll
19:30:54.0012 5780 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll
19:30:54.0059 5780 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
19:30:54.0090 5780 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
19:30:54.0090 5780 [Global] - ok
19:30:54.0090 5780 ================ Scan MBR ==================================
19:30:54.0106 5780 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
19:30:54.0402 5780 \Device\Harddisk0\DR0 - ok
19:30:54.0402 5780 ================ Scan VBR ==================================
19:30:54.0418 5780 [ F92B9D6B59FD66260C04087457A4D6E1 ] \Device\Harddisk0\DR0\Partition1
19:30:54.0418 5780 \Device\Harddisk0\DR0\Partition1 - ok
19:30:54.0449 5780 [ 0ECCEBB411F76DE75AAD26BB8D7362FE ] \Device\Harddisk0\DR0\Partition2
19:30:54.0449 5780 \Device\Harddisk0\DR0\Partition2 - ok
19:30:54.0480 5780 [ A98253446D260A47A2757F5BFE019A79 ] \Device\Harddisk0\DR0\Partition3
19:30:54.0480 5780 \Device\Harddisk0\DR0\Partition3 - ok
19:30:54.0480 5780 ============================================================
19:30:54.0480 5780 Scan finished
19:30:54.0480 5780 ============================================================
19:30:54.0480 5696 Detected object count: 0
19:30:54.0480 5696 Actual detected object count: 0

Torna in alto

r16

Inviato: Tuesday, November 27, 2012 8:32:07 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Adesso fai una scansione con OTL:
Scarica OTL, e salvalo sul desktop:

http://oldtimer.geekstogo.com/OTL.exe

Clicca sull'icona di OTL che trovi sul tuo desktop .

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta : minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend, per postarli sul forum.

Per postare i log:

Collegati ad internet e vai alla pagina WikiSend: http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.

Torna in alto

andreab

Inviato: Tuesday, November 27, 2012 8:46:00 PM

Rank: AiutAmico

Iscritto dal : 2/10/2004
Posts: 95

ecco
OTL.Txt
Extras.Txt

Torna in alto

r16

Inviato: Tuesday, November 27, 2012 9:06:27 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Avvia OTL.

Sotto "Custom Scans\Fixes" copia-incolla questo codice: Non copiare la parola Code)

Code:

:OTL
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE File not found
SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
[2012/11/27 19:23:51 | 002,586,752 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Andrea Bonato\Desktop\avg_remover_stf_x86_2013_2706.exe
[2012/11/21 16:47:30 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\mfevtps.exe.5b9e.deleteme
[2012/11/21 14:49:21 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\mfevtps.exe.34ea.deleteme
[2012/11/21 22:24:32 | 000,001,047 | ---- | M] () -- C:\Users\Andrea Bonato\Desktop\Kaspersky Security Scan.lnk
[2012/05/11 23:03:17 | 000,155,136 | ---- | C] () -- C:\Users\Andrea Bonato\AppData\Roaming\t7f07ib.exe

:commands
[purity]
[emptytemp]
[Reboot]

Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.
Il pc si riavvierà da solo.

Posta il log.

Disistalla HJT.

Rifai la scansione con OTL. (con gli stessi parametri indicati in precedenza)
Posta il log. (ne rilascerà 1 solo)

Torna in alto

andreab

Inviato: Tuesday, November 27, 2012 9:26:39 PM

Rank: AiutAmico

Iscritto dal : 2/10/2004
Posts: 95

ecco
11272012_211010.log
OTL.Txt

Torna in alto

r16

Inviato: Tuesday, November 27, 2012 9:30:23 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Vai in "Programmi e funzionalità" e disistalla TUTTE le versioni Java che trovi.
Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223

Scarica l'ultima versione di Java:
http://www.java.com/it/download/index.jsp

Reistalla HJT fai una scansione e posta il log.

Dimmi come funziona il pc.

@cbbusto
Devo andare.
Per favore, vuoi continuare tu con il log di HJT ?
Mi è sfuggita questa voce:

Commenta:

O4 - HKLM..\Run: [KunoLabs] C:\windows\system32\KunoLabs\knlbs.exe File not found

E non ti arrabbiare!!! Angel

Ciao!

Torna in alto

Utenti presenti in questo topic

Guest

3 pages: 1 [2] 3

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » problema virus

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded