Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

PC infetto?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

PC infetto?

Postdi barca » 09/06/12 17:35

Ciao,
premetto che non sono certo che si tratti di infezione, ma non so che altro possa essere.
Da circa 2 giorni il pc si comporta in maniera strana:
-le pagine internet impiegano molto piu tempo del normale a caricarsi (soprattutto nella fase iniziale la pagina resta bianca per un pel po')(lo fa con ogni browser che ho) (mentre x es lo streaming a pagina caricata sembra essere normale);
-"non sa piu su quale programma sto lavorando", spiego meglio: se sto scrivendo su world o su google dopo un po sento lo "scampanellio" che avverte che sto premendo tasti a caso senza scrivere nulla, se x es sto scorrendo slide in pdf con il tasto pag(giù) dopo un po non funziona piu e x farle scorrere ancora devo clickare sul pdf col mouse.
-nod32 si blocca durante la scansione ad una data percentuale ed ad un dato file, se elimini quel file si blocca ad un'altro della stessa cartella (raggiunge il file e la % in pochi sec dall'avvio scansione e da li nn si muove piu(in 6h o in 5min non cambia nulla))
-le icone del desktop ad ogni riavvio si ridispongono per nome (ignorando come erano state lasciate a chiusura sessione)
Cosa ho fatto 2 giorni fa(prima che i problemi comparissero)?
-Ho aggiornato vista col SP2 e tutti gli altri aggiornamenti disponibili (cosa che avevo evitato di fare per anni),
-ho installato una nuova scheda di rete (passando da una connessione lan ad una wi-fi) (anche riconnettendomi via lan i problemi di caricamento pagine nn scompaiono).
DA quando sono iniziati i problemi ho lanciato SuperAntiSpyware free edition ma ha trovato solo qualche cookies, Malwarebytes anti malware che : File rilevati: 1
C:\Program Files\Babylon\Babylon-Pro\babylon.6.x.&.7.x.Patch.exe (PUP.Hacktool.Patcher) -> Spostato in quarantena ed eliminato con successo. (ma non ha risolto i broblemi.
Ho girato per internet ma non ho trovato nulla di utile :(
Qualche esperto può darmi una mano?
barca
Utente Junior
 
Post: 11
Iscritto il: 09/06/12 16:48

Sponsor
 

Re: PC infetto?

Postdi barca » 09/06/12 17:36

mess x postare link n2
barca
Utente Junior
 
Post: 11
Iscritto il: 09/06/12 16:48

Re: PC infetto?

Postdi barca » 09/06/12 17:36

mess x postare link n3
barca
Utente Junior
 
Post: 11
Iscritto il: 09/06/12 16:48

Re: PC infetto?

Postdi barca » 09/06/12 17:37

allego qualche log:

Malwarebytes Anti-Malware 1.61.0.1400
http://www.malwarebytes.org

Versione database: v2012.06.09.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Luca :: PC-LUCA [amministratore]

09/06/2012 13.30.04
mbam-log-2012-06-09 (13-30-04).txt

Tipo di scansione: Scansione completa
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 571347
Tempo impiegato: 3 ore, 31 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)

---------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.32.47, on 09/06/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Users\Luca\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\WpsServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\hp\kbd\kbd.exe
C:\Users\Luca\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - (no file)
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [Tesseract-OCR] C:\Program Files\Tesseract-OCR\tesseract.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Luca\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: &AOL Toolbar Cerca - C:\ProgramData\AOL\ieToolbar\resources\it-IT\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Wireless - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe
O23 - Service: WpsSupplicant - Unknown owner - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\WpsSupplicant.exe

--
End of file - 9850 bytes

Grazie mille
barca
Utente Junior
 
Post: 11
Iscritto il: 09/06/12 16:48

Re: PC infetto?

Postdi FrancescoFDAC » 09/06/12 20:02

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un doppio click
● una volta avviato clicca il pulsante Accetto: conferma cliccando Ok due volte
● segui le istruzioni che verranno rilasciate per eseguire la scansione:
"Tipicamente non impiega più di 10 minuti
Su pc molto infetti il tempo di scansione può raddoppiare facilmente"
● nel caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare (clicca il pulsante No)
senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato dopo l'utilizzo del programma stesso.
Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette, Hard Disk Esterni, Lettori MP3...) per prevenire future minacce: quando inserisci una Pendrive, dovrai avviarla manualmente dalle Risorse del computer.
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: PC infetto?

Postdi barca » 11/06/12 08:45

ho eseguito combofix (ma ho il dubbio di aver sbagliato e di non averlo lanciato come amministratore).
Il desktop è tornato normale e il caricamento delle pagine web è tornato normale nell'90% dei casi,
mentre nod32 continua a bloccarsi durante la scansionee e i problemi mentre scrivo sembrano continuare.
Devo rilanciare combofix come amministratore?
Grazie mille del pronto aiuto!

allego il log:

ComboFix 12-06-09.02 - Luca 10/06/2012 9.46.27.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3326.1956 [GMT 2:00]
Eseguito da: c:\users\Luca\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DFR2DA1.tmp
c:\programdata\xml33E3.tmp
c:\programdata\xml3589.tmp
c:\programdata\xml3626.tmp
c:\programdata\xmlBFA.tmp
c:\programdata\xmlD14.tmp
c:\programdata\xmlD24.tmp
c:\users\Luca\AppData\Local\assembly\tmp
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2012-05-10 al 2012-06-10 )))))))))))))))))))))))))))))))))))
.
.
2012-06-10 08:00 . 2012-06-10 08:03 -------- d-----w- c:\users\Luca\AppData\Local\temp
2012-06-10 08:00 . 2012-06-10 08:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-10 08:00 . 2012-06-10 08:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-08 15:35 . 2012-06-08 15:35 -------- d-----w- c:\program files\Xirrus
2012-06-08 15:35 . 2012-06-08 15:35 -------- d-----w- c:\users\Luca\AppData\Roaming\Xirrus
2012-06-08 15:12 . 2012-06-08 15:12 -------- d-----w- c:\users\Luca\AppData\Roaming\QuickScan
2012-06-08 06:50 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{629975C8-7DED-4B8E-90A7-A6BC41E9FBF5}\mpengine.dll
2012-06-07 15:17 . 2012-06-07 15:17 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-06-07 14:49 . 2012-06-07 15:17 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-06 08:11 . 2012-06-06 08:11 -------- d-----w- c:\program files\Windows Portable Devices
2012-06-06 08:03 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-06-06 08:03 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-06-06 08:03 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-06-06 07:56 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-06-06 07:54 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-06-06 07:54 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-06-06 07:54 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2012-06-06 07:54 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-06-06 07:54 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-06-06 07:53 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2012-06-06 07:53 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2012-06-06 07:53 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-06-06 07:53 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-06-06 07:53 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-06-06 07:52 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-06-06 07:52 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-06-06 07:52 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2012-06-06 07:52 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2012-06-06 07:52 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-06-06 07:52 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-06-06 07:48 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2012-06-06 07:48 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2012-06-06 07:48 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2012-06-05 07:05 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-06-05 07:05 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-06-05 07:05 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-06-05 07:05 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-06-05 07:05 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-06-05 06:45 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-05 06:45 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-06-05 06:45 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-05 06:45 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-04 21:47 . 2012-06-04 21:47 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-06-04 21:47 . 2012-06-04 21:47 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-06-04 21:47 . 2012-06-04 21:47 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-06-04 21:47 . 2012-06-04 21:47 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-06-04 21:47 . 2012-06-04 21:47 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-06-04 21:47 . 2012-06-04 21:47 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-06-04 21:47 . 2012-06-04 21:47 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-06-04 19:35 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-06-04 19:35 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-06-04 19:35 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-06-04 19:35 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-06-04 19:35 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-06-04 19:35 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-06-04 19:34 . 2011-04-21 13:55 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-06-04 19:34 . 2009-06-17 13:23 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-06-04 19:34 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-06-04 19:34 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-06-04 19:29 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-04 19:27 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-06-04 19:27 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-06-04 19:27 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-04 19:27 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-06-04 18:48 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-06-04 18:48 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-04 17:08 . 2012-06-04 17:09 -------- d-----w- c:\windows\system32\ca-ES
2012-06-04 17:08 . 2012-06-04 17:09 -------- d-----w- c:\windows\system32\eu-ES
2012-06-04 17:08 . 2012-06-04 17:09 -------- d-----w- c:\windows\system32\vi-VN
2012-05-31 17:02 . 2012-06-06 07:31 -------- d-----w- c:\users\Luca\AppData\Roaming\TP-LINK
2012-05-31 17:01 . 2011-03-31 13:36 884736 ----a-w- c:\windows\system32\jswscsup.dll
2012-05-31 17:01 . 2011-03-31 13:36 20384 ----a-w- c:\windows\system32\drivers\jswpslwf.sys
2012-05-31 17:01 . 2012-05-31 17:01 -------- d-----w- c:\program files\TP-LINK
2012-05-31 17:00 . 2011-04-12 09:39 1217024 ----a-w- c:\windows\system32\drivers\athr.sys
2012-05-31 17:00 . 2011-04-12 09:39 1217024 ------w- c:\windows\system32\athr.sys
2012-05-31 17:00 . 2012-05-31 17:01 -------- d-----w- c:\programdata\TP-LINK
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-07 15:17 . 2011-05-31 06:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-04 21:47 . 2012-06-04 21:47 4096 ----a-w- c:\windows\system32\drivers\it-IT\dxgkrnl.sys.mui
2012-04-04 13:56 . 2011-12-17 17:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-25 06:57 . 2011-05-21 11:00 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"POP Peeper"="c:\program files\POP Peeper\POPPeeper.exe" [2009-08-17 1486848]
"Tesseract-OCR"="c:\program files\Tesseract-OCR\tesseract.exe" [2010-09-30 1080320]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-31 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-11 178712]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-12-12 3551456]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 715568]
TP-LINK Wireless Configuration Utility.lnk - c:\program files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe [2012-5-31 788992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 257696]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 15:17]
.
2012-06-10 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-12-17 10:14]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226476680-1347873530-3885523910-1000Core.job
- c:\users\Luca\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-08 09:17]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226476680-1347873530-3885523910-1000UA.job
- c:\users\Luca\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-08 09:17]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
uInternet Settings,ProxyOverride = local
IE: &AOL Toolbar Cerca - c:\programdata\AOL\ieToolbar\resources\it-IT\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\2df9g6ov.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/calendar/render?tab=wc
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKCU-Run-PlayNC Launcher - (no file)
HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-10 10:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(6432)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\NetLimiter 2 Pro\nlsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\WpsSupplicant.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\hp\kbd\kbd.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Ora fine scansione: 2012-06-10 10:11:02 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-06-10 08:11
ComboFix2.txt 2011-12-17 19:33
.
Pre-Run: 121.871.384.576 byte disponibili
Post-Run: 122.310.742.016 byte disponibili
.
- - End Of File - - 5AD1F8F9497A903D4ED500707F2A2252
barca
Utente Junior
 
Post: 11
Iscritto il: 09/06/12 16:48

Re: PC infetto?

Postdi FrancescoFDAC » 11/06/12 18:16

Scarica ed installa HitmanPro: http://www.surfright.nl/en/downloads
● scegli la versione adatta al tuo Sistema Operativo (32Bit o 64Bit)
● una volta lanciato, nella finestra principale clicca su Impostazioni
● clicca su Licenza ed attiva la licenza
● clicca su scansione di default (consigliato)
● al termine della scansione ti verrà mostrato un riepilogo: nella finestra di riepilogo, in basso a sinistra, avrai modo di salvare il Report generato che dovrai allegare

Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● clicca due volte sul file TDSSKiller.exe per avviare l'applicazione
● successivamente premi il pulsante Start scan

Nota - riguardo al programma:
● non cliccare sul pulsante Stop scan per nessun motivo, la scansione si interromperebbe

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure: clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip: clicca quindi su Continua
● se non viene rilevato nulla, chiudi semplicemente il programma al termine della scansione

Una volta terminata la scansione, si presenterà una di queste due opzioni:
non è necessario il riavvio del sistema: allega il Report situato nel Disco Locale C:\, di nome TDSSKiller.[Version]_[Date]_[Time]_log.txt
● è necessario riavviare il sistema: clicca su Riavvia ora, infine allega il risultato della scansione (si trova nello stesso percorso menzionato poco fa')


Infine:
Scarica Security Check: http://screen317.spywareinfoforum.org/SecurityCheck.exe
● salva il tool sul Desktop
● esegui il programma e premi un tasto qualsiasi
● attendi la fine della scansione
● allega il log che si aprirà automaticamente
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: PC infetto?

Postdi barca » 13/06/12 19:31

ecco i log:

Results of screen317's Security Check version 0.99.41
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
ESET NOD32 Antivirus 4.2
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware versione 1.61.0.1400
Java(TM) 6 Update 26
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 7
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (12.0)
Mozilla Thunderbird (9.0.1)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

------------------------------------------------------------------------------------------------------------



<?xml version="1.0"?>
-<Log filesProcessed="160407" timeSpentInSecs="366" date="2012-06-13T19:18:44" version="3.6.0.156" scan="Normal" computer="PC-LUCA">-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adperium.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.letsbonus.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cinamuse.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cpxadroit.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cpxcenter.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creafi.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.glispa.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.lzjl.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.emjcd.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Cookies\2N2BGFRM.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Cookies\luca@adbrite[3].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Cookies\luca@advertising[3].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Cookies\luca@at.atwola[1].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Cookies\luca@counter.hitslink[1].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Cookies\luca@invitemedia[1].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Cookies\luca@media6degrees[3].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Cookies\luca@overture[3].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Cookies\luca@realmedia[1].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Cookies\luca@revsci[3].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Cookies\luca@ru4[2].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Cookies\luca@serving-sys[1].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Cookies\luca@smartadserver[3].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Cookies\luca@statcounter[2].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Cookies\luca@track.adform[3].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Cookies\luca@tradedoubler[2].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Cookies\P3B9QALN.txt"/></Item>-<Item status="Quarantiend" score="109.0" type="Malware" malwareName="Trojan">-<Scanners><Scanner name="Backdoor.Win32.Poison!IK" id="Ikarus"/></Scanners><File path="C:\Users\Luca\Desktop\NOD32 UPDATER Home Edition 3.0.669\NodLogin9.4_32bits\setup.exe" hash="1C64CF5C3A85DE27CA3C253B4540E03B6E7A6AF9FFF49FB974208108517DCF4B"/></Item></Log>
barca
Utente Junior
 
Post: 11
Iscritto il: 09/06/12 16:48

Re: PC infetto?

Postdi barca » 13/06/12 19:34

19:52:13.0323 4716 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
19:52:13.0439 4716 ============================================================
19:52:13.0439 4716 Current date / time: 2012/06/13 19:52:13.0439
19:52:13.0439 4716 SystemInfo:
19:52:13.0439 4716
19:52:13.0439 4716 OS Version: 6.0.6002 ServicePack: 2.0
19:52:13.0439 4716 Product type: Workstation
19:52:13.0439 4716 ComputerName: PC-LUCA
19:52:13.0439 4716 UserName: Luca
19:52:13.0439 4716 Windows directory: C:\Windows
19:52:13.0439 4716 System windows directory: C:\Windows
19:52:13.0439 4716 Processor architecture: Intel x86
19:52:13.0439 4716 Number of processors: 4
19:52:13.0439 4716 Page size: 0x1000
19:52:13.0439 4716 Boot type: Normal boot
19:52:13.0439 4716 ============================================================
19:52:13.0986 4716 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:52:14.0003 4716 ============================================================
19:52:14.0003 4716 \Device\Harddisk0\DR0:
19:52:14.0003 4716 MBR partitions:
19:52:14.0003 4716 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23B4FCEB
19:52:14.0003 4716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23B4FD2A, BlocksNum 0x18DD997
19:52:14.0003 4716 ============================================================
19:52:14.0023 4716 C: <-> \Device\Harddisk0\DR0\Partition0
19:52:14.0066 4716 D: <-> \Device\Harddisk0\DR0\Partition1
19:52:14.0066 4716 ============================================================
19:52:14.0066 4716 Initialize success
19:52:14.0066 4716 ============================================================
19:52:15.0711 2676 ============================================================
19:52:15.0711 2676 Scan started
19:52:15.0711 2676 Mode: Manual;
19:52:15.0711 2676 ============================================================
barca
Utente Junior
 
Post: 11
Iscritto il: 09/06/12 16:48

Re: PC infetto?

Postdi barca » 13/06/12 19:35

19:52:16.0448 2676 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:52:16.0452 2676 !SASCORE - ok
19:52:16.0668 2676 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:52:16.0678 2676 ACPI - ok
19:52:16.0689 2676 adfs - ok
19:52:16.0710 2676 adiusbaw - ok
19:52:16.0769 2676 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:52:16.0774 2676 AdobeFlashPlayerUpdateSvc - ok
19:52:16.0833 2676 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:52:16.0848 2676 adp94xx - ok
19:52:16.0872 2676 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:52:16.0898 2676 adpahci - ok
19:52:16.0916 2676 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:52:16.0917 2676 adpu160m - ok
19:52:16.0933 2676 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:52:16.0954 2676 adpu320 - ok
19:52:16.0984 2676 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:52:16.0986 2676 AeLookupSvc - ok
19:52:17.0034 2676 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:52:17.0068 2676 AFD - ok
19:52:17.0101 2676 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:52:17.0118 2676 agp440 - ok
19:52:17.0132 2676 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:52:17.0133 2676 aic78xx - ok
19:52:17.0149 2676 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:52:17.0152 2676 ALG - ok
19:52:17.0163 2676 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:52:17.0164 2676 aliide - ok
19:52:17.0182 2676 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:52:17.0214 2676 amdagp - ok
19:52:17.0231 2676 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:52:17.0232 2676 amdide - ok
19:52:17.0251 2676 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:52:17.0252 2676 AmdK7 - ok
19:52:17.0268 2676 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:52:17.0324 2676 AmdK8 - ok
19:52:17.0358 2676 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:52:17.0359 2676 Appinfo - ok
19:52:17.0391 2676 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:52:17.0408 2676 arc - ok
19:52:17.0432 2676 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:52:17.0433 2676 arcsas - ok
19:52:17.0511 2676 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:52:17.0514 2676 aspnet_state - ok
19:52:17.0541 2676 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:52:17.0558 2676 AsyncMac - ok
19:52:17.0581 2676 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
19:52:17.0597 2676 atapi - ok
19:52:17.0678 2676 athr (121d1fdc4491572e9f219a4f446b5c2c) C:\Windows\system32\DRIVERS\athr.sys
19:52:17.0702 2676 athr - ok
19:52:17.0780 2676 Ati External Event Utility (b8aa09f488985117a34b9fed68bfce79) C:\Windows\system32\Ati2evxx.exe
19:52:17.0799 2676 Ati External Event Utility - ok
19:52:18.0044 2676 atikmdag (c6eec3603b6d66d0f5a2edd430d338b3) C:\Windows\system32\DRIVERS\atikmdag.sys
19:52:18.0082 2676 atikmdag - ok
19:52:18.0185 2676 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\Windows\system32\DRIVERS\atksgt.sys
19:52:18.0203 2676 atksgt - ok
19:52:18.0262 2676 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:52:18.0274 2676 AudioEndpointBuilder - ok
19:52:18.0278 2676 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:52:18.0280 2676 Audiosrv - ok
19:52:18.0315 2676 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:52:18.0333 2676 Beep - ok
19:52:18.0382 2676 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:52:18.0386 2676 BFE - ok
19:52:18.0444 2676 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
19:52:18.0462 2676 BITS - ok
19:52:18.0478 2676 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:52:18.0511 2676 blbdrive - ok
19:52:18.0541 2676 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:52:18.0574 2676 bowser - ok
19:52:18.0594 2676 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:52:18.0598 2676 BrFiltLo - ok
19:52:18.0613 2676 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:52:18.0616 2676 BrFiltUp - ok
19:52:18.0641 2676 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:52:18.0643 2676 Browser - ok
19:52:18.0664 2676 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:52:18.0669 2676 Brserid - ok
19:52:18.0697 2676 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:52:18.0700 2676 BrSerWdm - ok
19:52:18.0727 2676 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:52:18.0729 2676 BrUsbMdm - ok
19:52:18.0744 2676 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:52:18.0747 2676 BrUsbSer - ok
19:52:18.0786 2676 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
19:52:18.0804 2676 BthEnum - ok
19:52:18.0849 2676 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
19:52:18.0850 2676 BTHMODEM - ok
19:52:18.0893 2676 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
19:52:18.0895 2676 BthPan - ok
19:52:18.0935 2676 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
19:52:18.0957 2676 BTHPORT - ok
19:52:18.0988 2676 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
19:52:18.0988 2676 BthServ - ok
19:52:19.0013 2676 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
19:52:19.0031 2676 BTHUSB - ok
19:52:19.0080 2676 btwaudio (f064be7316889ec0a63f8a91856047a1) C:\Windows\system32\drivers\btwaudio.sys
19:52:19.0110 2676 btwaudio - ok
19:52:19.0137 2676 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
19:52:19.0137 2676 btwavdt - ok
19:52:19.0146 2676 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
19:52:19.0146 2676 btwrchid - ok
19:52:19.0216 2676 catchme - ok
19:52:19.0245 2676 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:52:19.0264 2676 cdfs - ok
19:52:19.0317 2676 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:52:19.0351 2676 cdrom - ok
19:52:19.0384 2676 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:52:19.0385 2676 CertPropSvc - ok
19:52:19.0404 2676 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:52:19.0437 2676 circlass - ok
19:52:19.0471 2676 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:52:19.0481 2676 CLFS - ok
19:52:19.0520 2676 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:52:19.0521 2676 clr_optimization_v2.0.50727_32 - ok
19:52:19.0539 2676 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:52:19.0557 2676 cmdide - ok
19:52:19.0569 2676 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
19:52:19.0573 2676 Compbatt - ok
19:52:19.0575 2676 COMSysApp - ok
19:52:19.0593 2676 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:52:19.0616 2676 crcdisk - ok
19:52:19.0631 2676 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:52:19.0649 2676 Crusoe - ok
19:52:19.0681 2676 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
19:52:19.0711 2676 CryptSvc - ok
19:52:19.0764 2676 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:52:19.0782 2676 DcomLaunch - ok
19:52:19.0816 2676 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:52:19.0835 2676 DfsC - ok
19:52:19.0940 2676 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:52:19.0976 2676 DFSR - ok
19:52:20.0077 2676 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:52:20.0093 2676 Dhcp - ok
19:52:20.0139 2676 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:52:20.0140 2676 disk - ok
19:52:20.0175 2676 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:52:20.0176 2676 Dnscache - ok
19:52:20.0212 2676 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:52:20.0217 2676 dot3svc - ok
19:52:20.0246 2676 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:52:20.0248 2676 DPS - ok
19:52:20.0281 2676 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:52:20.0300 2676 drmkaud - ok
19:52:20.0337 2676 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:52:20.0339 2676 dtsoftbus01 - ok
19:52:20.0387 2676 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:52:20.0404 2676 DXGKrnl - ok
19:52:20.0435 2676 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:52:20.0441 2676 E1G60 - ok
19:52:20.0459 2676 EagleNT - ok
19:52:20.0559 2676 eamonm (73ce42907cf42bfb91bcd27fe7c7a7af) C:\Windows\system32\DRIVERS\eamonm.sys
19:52:20.0560 2676 eamonm - ok
19:52:20.0580 2676 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:52:20.0582 2676 EapHost - ok
19:52:20.0628 2676 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:52:20.0634 2676 Ecache - ok
19:52:20.0665 2676 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\Windows\system32\DRIVERS\ehdrv.sys
19:52:20.0686 2676 ehdrv - ok
19:52:20.0749 2676 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:52:20.0764 2676 ehRecvr - ok
19:52:20.0774 2676 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:52:20.0778 2676 ehSched - ok
19:52:20.0786 2676 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:52:20.0788 2676 ehstart - ok
19:52:20.0860 2676 EhttpSrv (d83323d7cd5d1cc46b42da9e59409890) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19:52:20.0861 2676 EhttpSrv - ok
19:52:20.0917 2676 ekrn (efa198f8983d064a81052851f7bb80c2) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
19:52:20.0924 2676 ekrn - ok
19:52:21.0039 2676 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:52:21.0071 2676 elxstor - ok
19:52:21.0121 2676 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:52:21.0139 2676 EMDMgmt - ok
19:52:21.0161 2676 epfwwfpr (96f9030ca15a8d2e8d44e53c1f0e842d) C:\Windows\system32\DRIVERS\epfwwfpr.sys
19:52:21.0162 2676 epfwwfpr - ok
19:52:21.0181 2676 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:52:21.0198 2676 ErrDev - ok
19:52:21.0230 2676 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:52:21.0242 2676 EventSystem - ok
19:52:21.0309 2676 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:52:21.0346 2676 exfat - ok
19:52:21.0369 2676 ezSharedSvc (42f721c52eef2d6df9372a53813a83ef) C:\Windows\System32\ezsvc7.dll
19:52:21.0373 2676 ezSharedSvc - ok
19:52:21.0409 2676 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:52:21.0429 2676 fastfat - ok
19:52:21.0454 2676 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:52:21.0455 2676 fdc - ok
19:52:21.0480 2676 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:52:21.0483 2676 fdPHost - ok
19:52:21.0487 2676 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:52:21.0488 2676 FDResPub - ok
19:52:21.0506 2676 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:52:21.0539 2676 FileInfo - ok
19:52:21.0551 2676 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:52:21.0569 2676 Filetrace - ok
19:52:21.0722 2676 FirebirdServerMAGIXInstance (167d24a045499ebef438f231976158df) C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
19:52:21.0778 2676 FirebirdServerMAGIXInstance - ok
19:52:21.0874 2676 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:52:21.0899 2676 FLEXnet Licensing Service - ok
19:52:21.0992 2676 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:52:22.0010 2676 flpydisk - ok
19:52:22.0043 2676 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:52:22.0046 2676 FltMgr - ok
19:52:22.0111 2676 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:52:22.0132 2676 FontCache - ok
19:52:22.0165 2676 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:52:22.0166 2676 FontCache3.0.0.0 - ok
19:52:22.0189 2676 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:52:22.0190 2676 Fs_Rec - ok
19:52:22.0203 2676 fxrjvd - ok
19:52:22.0226 2676 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:52:22.0245 2676 gagp30kx - ok
19:52:22.0320 2676 GameConsoleService (cc1c8068b05283d63ec5fe782d2d3946) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
19:52:22.0324 2676 GameConsoleService - ok
19:52:22.0376 2676 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:52:22.0391 2676 gpsvc - ok
19:52:22.0459 2676 gusvc (1bf044e23206fddc16891a32922d571b) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:52:22.0463 2676 gusvc - ok
19:52:22.0505 2676 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:52:22.0523 2676 HDAudBus - ok
19:52:22.0550 2676 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:52:22.0567 2676 HidBth - ok
19:52:22.0586 2676 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:52:22.0604 2676 HidIr - ok
19:52:22.0623 2676 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
19:52:22.0626 2676 hidserv - ok
19:52:22.0655 2676 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:52:22.0673 2676 HidUsb - ok
19:52:22.0707 2676 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:52:22.0711 2676 hkmsvc - ok
19:52:22.0782 2676 HP Health Check Service (a3a30438c48d2d71556e120c9c7ba7a0) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
19:52:22.0784 2676 HP Health Check Service - ok
19:52:22.0806 2676 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:52:22.0839 2676 HpCISSs - ok
19:52:22.0880 2676 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:52:22.0921 2676 HTTP - ok
19:52:22.0942 2676 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:52:22.0997 2676 i2omp - ok
19:52:23.0038 2676 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:52:23.0057 2676 i8042prt - ok
19:52:23.0111 2676 IAANTMON (5b19dfc29a9563a5da5ca559bed83aa8) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:52:23.0115 2676 IAANTMON - ok
19:52:23.0147 2676 iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\drivers\iastor.sys
19:52:23.0149 2676 iaStor - ok
19:52:23.0179 2676 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:52:23.0194 2676 iaStorV - ok
19:52:23.0286 2676 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:52:23.0367 2676 idsvc - ok
19:52:23.0391 2676 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:52:23.0409 2676 iirsp - ok
19:52:23.0453 2676 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:52:23.0468 2676 IKEEXT - ok
19:52:23.0580 2676 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
19:52:23.0592 2676 IntcAzAudAddService - ok
19:52:23.0695 2676 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:52:23.0715 2676 intelide - ok
19:52:23.0721 2676 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:52:23.0722 2676 intelppm - ok
19:52:23.0764 2676 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:52:23.0767 2676 IPBusEnum - ok
19:52:23.0781 2676 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:52:23.0800 2676 IpFilterDriver - ok
19:52:23.0835 2676 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:52:23.0839 2676 iphlpsvc - ok
19:52:23.0842 2676 IpInIp - ok
19:52:23.0856 2676 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:52:23.0889 2676 IPMIDRV - ok
19:52:23.0914 2676 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:52:23.0932 2676 IPNAT - ok
19:52:23.0948 2676 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:52:23.0966 2676 IRENUM - ok
19:52:23.0974 2676 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:52:23.0996 2676 isapnp - ok
19:52:24.0023 2676 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:52:24.0054 2676 iScsiPrt - ok
19:52:24.0074 2676 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:52:24.0106 2676 iteatapi - ok
19:52:24.0135 2676 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:52:24.0167 2676 iteraid - ok
19:52:24.0281 2676 jswpsapi (e712a6b57943d65aa587655335ef9dad) C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe
19:52:24.0346 2676 jswpsapi - ok
19:52:24.0379 2676 jswpslwf (55c9b4252b751226b838eed2bc50bb64) C:\Windows\system32\DRIVERS\jswpslwf.sys
19:52:24.0395 2676 jswpslwf - ok
19:52:24.0400 2676 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:52:24.0437 2676 kbdclass - ok
19:52:24.0461 2676 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:52:24.0462 2676 kbdhid - ok
19:52:24.0476 2676 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:52:24.0477 2676 KeyIso - ok
19:52:24.0507 2676 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:52:24.0514 2676 KSecDD - ok
19:52:24.0563 2676 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:52:24.0578 2676 KtmRm - ok
19:52:24.0610 2676 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
19:52:24.0615 2676 LanmanServer - ok
19:52:24.0649 2676 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:52:24.0660 2676 LanmanWorkstation - ok
19:52:24.0716 2676 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:52:24.0718 2676 LightScribeService - ok
19:52:24.0754 2676 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\Windows\system32\DRIVERS\lirsgt.sys
19:52:24.0755 2676 lirsgt - ok
19:52:24.0767 2676 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:52:24.0784 2676 lltdio - ok
19:52:24.0813 2676 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:52:24.0824 2676 lltdsvc - ok
19:52:24.0838 2676 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:52:24.0841 2676 lmhosts - ok
19:52:24.0855 2676 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:52:24.0874 2676 LSI_FC - ok
19:52:24.0891 2676 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:52:24.0911 2676 LSI_SAS - ok
19:52:24.0929 2676 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:52:24.0949 2676 LSI_SCSI - ok
19:52:24.0967 2676 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:52:24.0983 2676 luafv - ok
19:52:25.0027 2676 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
19:52:25.0028 2676 LVPr2Mon - ok
19:52:25.0102 2676 LVPrcSrv (5c7b88695ce461d8bda4fe0c0e57e71d) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
19:52:25.0106 2676 LVPrcSrv - ok
19:52:25.0124 2676 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:52:25.0127 2676 Mcx2Svc - ok
19:52:25.0150 2676 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:52:25.0168 2676 megasas - ok
19:52:25.0216 2676 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:52:25.0254 2676 MegaSR - ok
19:52:25.0287 2676 Mkd2kfNt (277b8b3536c1179fe432ef2dde294a97) C:\Windows\system32\drivers\Mkd2kfNt.sys
19:52:25.0288 2676 Mkd2kfNt - ok
19:52:25.0320 2676 Mkd2Nadr (0716efda4769995c67a3450fcd36e47e) C:\Windows\system32\drivers\Mkd2Nadr.sys
19:52:25.0337 2676 Mkd2Nadr - ok
19:52:25.0353 2676 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:52:25.0356 2676 MMCSS - ok
19:52:25.0366 2676 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:52:25.0384 2676 Modem - ok
19:52:25.0411 2676 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:52:25.0427 2676 monitor - ok
19:52:25.0445 2676 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:52:25.0463 2676 mouclass - ok
19:52:25.0471 2676 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
19:52:25.0489 2676 mouhid - ok
19:52:25.0504 2676 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:52:25.0521 2676 MountMgr - ok
19:52:25.0568 2676 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:52:25.0571 2676 MozillaMaintenance - ok
19:52:25.0610 2676 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:52:25.0628 2676 mpio - ok
19:52:25.0651 2676 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:52:25.0698 2676 mpsdrv - ok
19:52:25.0749 2676 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:52:25.0762 2676 MpsSvc - ok
19:52:25.0776 2676 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:52:25.0794 2676 Mraid35x - ok
19:52:25.0828 2676 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:52:25.0851 2676 MRxDAV - ok
19:52:25.0891 2676 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:52:25.0913 2676 mrxsmb - ok
19:52:25.0955 2676 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:52:25.0987 2676 mrxsmb10 - ok
19:52:25.0999 2676 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:52:26.0018 2676 mrxsmb20 - ok
19:52:26.0034 2676 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
19:52:26.0052 2676 msahci - ok
19:52:26.0066 2676 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:52:26.0085 2676 msdsm - ok
19:52:26.0110 2676 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:52:26.0116 2676 MSDTC - ok
19:52:26.0130 2676 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:52:26.0147 2676 Msfs - ok
19:52:26.0163 2676 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:52:26.0180 2676 msisadrv - ok
19:52:26.0206 2676 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:52:26.0211 2676 MSiSCSI - ok
19:52:26.0214 2676 msiserver - ok
19:52:26.0233 2676 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:52:26.0251 2676 MSKSSRV - ok
19:52:26.0266 2676 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:52:26.0269 2676 MSPCLOCK - ok
19:52:26.0282 2676 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:52:26.0288 2676 MSPQM - ok
19:52:26.0321 2676 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:52:26.0325 2676 MsRPC - ok
19:52:26.0336 2676 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:52:26.0353 2676 mssmbios - ok
19:52:26.0370 2676 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:52:26.0387 2676 MSTEE - ok
19:52:26.0407 2676 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:52:26.0426 2676 Mup - ok
19:52:26.0459 2676 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:52:26.0470 2676 napagent - ok
19:52:26.0510 2676 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:52:26.0544 2676 NativeWifiP - ok
19:52:26.0596 2676 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:52:26.0609 2676 NDIS - ok
19:52:26.0631 2676 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:52:26.0635 2676 NdisTapi - ok
19:52:26.0646 2676 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:52:26.0662 2676 Ndisuio - ok
19:52:26.0697 2676 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:52:26.0722 2676 NdisWan - ok
19:52:26.0736 2676 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:52:26.0769 2676 NDProxy - ok
19:52:26.0883 2676 Nero BackItUp Scheduler 4.0 (c7f5c284b6f46fcaf6910ea4e644700b) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
19:52:26.0891 2676 Nero BackItUp Scheduler 4.0 - ok
19:52:26.0906 2676 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:52:26.0907 2676 NetBIOS - ok
19:52:26.0951 2676 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:52:26.0973 2676 netbt - ok
19:52:27.0003 2676 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:52:27.0004 2676 Netlogon - ok
19:52:27.0029 2676 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:52:27.0041 2676 Netman - ok
19:52:27.0056 2676 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:52:27.0068 2676 netprofm - ok
19:52:27.0124 2676 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:52:27.0129 2676 NetTcpPortSharing - ok
19:52:27.0147 2676 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:52:27.0165 2676 nfrd960 - ok
19:52:27.0189 2676 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:52:27.0200 2676 NlaSvc - ok
19:52:27.0270 2676 nlsvc (c8f536fb328afe64a7f18bbfc00b10ee) C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
19:52:27.0317 2676 nlsvc - ok
19:52:27.0334 2676 nltdi (3ee27bcff781f07a12df75e8be852b0e) C:\Windows\system32\drivers\nltdi.sys
19:52:27.0338 2676 nltdi - ok
19:52:27.0367 2676 nmwcd (28e36e677849174c910faaead3e60e9e) C:\Windows\system32\drivers\ccdcmb.sys
19:52:27.0384 2676 nmwcd - ok
19:52:27.0414 2676 nmwcdc (3823deb17f9f6775de0187a98fa0536d) C:\Windows\system32\drivers\ccdcmbo.sys
19:52:27.0415 2676 nmwcdc - ok
19:52:27.0455 2676 NPF (c5f0202a00227aecb69e722c52385ffc) C:\Windows\system32\drivers\npf.sys
19:52:27.0456 2676 NPF - ok
19:52:27.0482 2676 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:52:27.0500 2676 Npfs - ok
19:52:27.0515 2676 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:52:27.0519 2676 nsi - ok
19:52:27.0538 2676 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:52:27.0557 2676 nsiproxy - ok
19:52:27.0632 2676 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:52:27.0670 2676 Ntfs - ok
19:52:27.0685 2676 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:52:27.0705 2676 ntrigdigi - ok
19:52:27.0724 2676 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:52:27.0741 2676 Null - ok
19:52:27.0761 2676 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:52:27.0793 2676 nvraid - ok
19:52:27.0816 2676 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:52:27.0834 2676 nvstor - ok
19:52:27.0850 2676 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:52:27.0883 2676 nv_agp - ok
19:52:27.0886 2676 NwlnkFlt - ok
19:52:27.0889 2676 NwlnkFwd - ok
19:52:27.0937 2676 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:52:27.0940 2676 ohci1394 - ok
19:52:28.0004 2676 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:52:28.0029 2676 p2pimsvc - ok
19:52:28.0035 2676 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:52:28.0040 2676 p2psvc - ok
19:52:28.0055 2676 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:52:28.0077 2676 Parport - ok
19:52:28.0105 2676 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
19:52:28.0122 2676 partmgr - ok
19:52:28.0138 2676 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:52:28.0156 2676 Parvdm - ok
19:52:28.0175 2676 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:52:28.0178 2676 PcaSvc - ok
19:52:28.0214 2676 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
19:52:28.0217 2676 pccsmcfd - ok
19:52:28.0356 2676 PCD5SRVC{BD6912E3-AC9D80E8-05040000} (ba3ec919dd303ca6700348cca1d8f317) C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms
19:52:28.0417 2676 PCD5SRVC{BD6912E3-AC9D80E8-05040000} - ok
19:52:28.0451 2676 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:52:28.0453 2676 pci - ok
19:52:28.0483 2676 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
19:52:28.0501 2676 pciide - ok
19:52:28.0524 2676 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:52:28.0542 2676 pcmcia - ok
19:52:28.0597 2676 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:52:28.0634 2676 PEAUTH - ok
19:52:28.0687 2676 pfc (6c1618a07b49e3873582b6449e744088) C:\Windows\system32\drivers\pfc.sys
19:52:28.0689 2676 pfc - ok
19:52:28.0833 2676 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
19:52:28.0850 2676 PID_PEPI - ok
19:52:29.0015 2676 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:52:29.0043 2676 pla - ok
19:52:29.0118 2676 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:52:29.0133 2676 PlugPlay - ok
19:52:29.0172 2676 PnkBstrA (831883b107684301f48ace752c963984) C:\Windows\system32\PnkBstrA.exe
19:52:29.0174 2676 PnkBstrA - ok
19:52:29.0236 2676 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:52:29.0242 2676 PNRPAutoReg - ok
19:52:29.0248 2676 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:52:29.0253 2676 PNRPsvc - ok
19:52:29.0280 2676 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:52:29.0304 2676 PolicyAgent - ok
19:52:29.0350 2676 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:52:29.0369 2676 PptpMiniport - ok
19:52:29.0387 2676 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:52:29.0405 2676 Processor - ok
19:52:29.0446 2676 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:52:29.0452 2676 ProfSvc - ok
19:52:29.0476 2676 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:52:29.0478 2676 ProtectedStorage - ok
19:52:29.0502 2676 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
19:52:29.0505 2676 Ps2 - ok
19:52:29.0533 2676 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:52:29.0550 2676 PSched - ok
19:52:29.0689 2676 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:52:29.0730 2676 ql2300 - ok
19:52:29.0753 2676 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:52:29.0773 2676 ql40xx - ok
19:52:29.0797 2676 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:52:29.0808 2676 QWAVE - ok
19:52:29.0819 2676 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:52:29.0835 2676 QWAVEdrv - ok
19:52:29.0841 2676 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:52:29.0859 2676 RasAcd - ok
19:52:29.0873 2676 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:52:29.0879 2676 RasAuto - ok
19:52:29.0899 2676 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:52:29.0932 2676 Rasl2tp - ok
19:52:29.0976 2676 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:52:29.0986 2676 RasMan - ok
19:52:30.0014 2676 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:52:30.0032 2676 RasPppoe - ok
19:52:30.0046 2676 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:52:30.0066 2676 RasSstp - ok
19:52:30.0082 2676 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:52:30.0099 2676 rdbss - ok
19:52:30.0115 2676 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:52:30.0133 2676 RDPCDD - ok
19:52:30.0162 2676 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:52:30.0189 2676 rdpdr - ok
19:52:30.0193 2676 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:52:30.0210 2676 RDPENCDD - ok
19:52:30.0250 2676 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
19:52:30.0282 2676 RDPWD - ok
19:52:30.0302 2676 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:52:30.0306 2676 RemoteAccess - ok
19:52:30.0351 2676 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:52:30.0356 2676 RemoteRegistry - ok
19:52:30.0398 2676 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
19:52:30.0418 2676 RFCOMM - ok
19:52:30.0457 2676 rpcapd (5380f54faa2d980c9c9a65e87a3cd7f1) C:\Program Files\WinPcap\rpcapd.exe
19:52:30.0460 2676 rpcapd - ok
19:52:30.0484 2676 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:52:30.0487 2676 RpcLocator - ok
19:52:30.0548 2676 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:52:30.0553 2676 RpcSs - ok
19:52:30.0579 2676 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:52:30.0596 2676 rspndr - ok
19:52:30.0631 2676 RTL8169 (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:52:30.0632 2676 RTL8169 - ok
19:52:30.0659 2676 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:52:30.0660 2676 SamSs - ok
19:52:30.0735 2676 SANDRA (1644ad672da94378b5564fbac4c7ce28) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\Sandra.sys
19:52:30.0751 2676 SANDRA - ok
19:52:30.0770 2676 SandraAgentSrv (c8306d69a38ac4697218a7d5580595c7) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe
19:52:30.0773 2676 SandraAgentSrv - ok
19:52:30.0819 2676 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:52:30.0820 2676 SASDIFSV - ok
19:52:30.0851 2676 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:52:30.0852 2676 SASKUTIL - ok
19:52:30.0876 2676 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:52:30.0895 2676 sbp2port - ok
19:52:30.0922 2676 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:52:30.0924 2676 SCardSvr - ok
19:52:30.0976 2676 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:52:31.0006 2676 Schedule - ok
19:52:31.0018 2676 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:52:31.0019 2676 SCPolicySvc - ok
19:52:31.0042 2676 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:52:31.0046 2676 SDRSVC - ok
19:52:31.0067 2676 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:52:31.0084 2676 secdrv - ok
19:52:31.0094 2676 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:52:31.0098 2676 seclogon - ok
19:52:31.0111 2676 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
19:52:31.0115 2676 SENS - ok
19:52:31.0127 2676 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:52:31.0145 2676 Serenum - ok
19:52:31.0161 2676 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:52:31.0180 2676 Serial - ok
19:52:31.0205 2676 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:52:31.0223 2676 sermouse - ok
19:52:31.0244 2676 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:52:31.0249 2676 SessionEnv - ok
19:52:31.0253 2676 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:52:31.0270 2676 sffdisk - ok
19:52:31.0286 2676 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:52:31.0306 2676 sffp_mmc - ok
19:52:31.0323 2676 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:52:31.0340 2676 sffp_sd - ok
19:52:31.0360 2676 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:52:31.0378 2676 sfloppy - ok
19:52:31.0404 2676 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:52:31.0419 2676 SharedAccess - ok
19:52:31.0455 2676 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:52:31.0466 2676 ShellHWDetection - ok
19:52:31.0480 2676 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:52:31.0514 2676 sisagp - ok
19:52:31.0524 2676 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:52:31.0543 2676 SiSRaid2 - ok
19:52:31.0561 2676 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:52:31.0594 2676 SiSRaid4 - ok
19:52:31.0758 2676 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:52:31.0830 2676 slsvc - ok
19:52:31.0918 2676 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:52:31.0920 2676 SLUINotify - ok
19:52:31.0946 2676 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:52:31.0965 2676 Smb - ok
19:52:32.0000 2676 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:52:32.0004 2676 SNMPTRAP - ok
19:52:32.0028 2676 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:52:32.0046 2676 spldr - ok
19:52:32.0091 2676 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:52:32.0096 2676 Spooler - ok
19:52:32.0149 2676 sptd (0c1dad75274cb6e31f053ce3e08bf9c3) C:\Windows\system32\Drivers\sptd.sys
19:52:32.0150 2676 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 0c1dad75274cb6e31f053ce3e08bf9c3
19:52:32.0152 2676 sptd ( LockedFile.Multi.Generic ) - warning
19:52:32.0152 2676 sptd - detected LockedFile.Multi.Generic (1)
19:52:32.0197 2676 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:52:32.0254 2676 srv - ok
19:52:32.0282 2676 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:52:32.0302 2676 srv2 - ok
19:52:32.0337 2676 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:52:32.0356 2676 srvnet - ok
19:52:32.0378 2676 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:52:32.0381 2676 SSDPSRV - ok
19:52:32.0409 2676 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:52:32.0412 2676 SstpSvc - ok
19:52:32.0460 2676 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:52:32.0474 2676 stisvc - ok
19:52:32.0490 2676 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:52:32.0494 2676 swenum - ok
19:52:32.0535 2676 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:52:32.0552 2676 swprv - ok
19:52:32.0565 2676 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:52:32.0587 2676 Symc8xx - ok
19:52:32.0602 2676 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:52:32.0620 2676 Sym_hi - ok
19:52:32.0635 2676 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:52:32.0655 2676 Sym_u3 - ok
19:52:32.0715 2676 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:52:32.0761 2676 SysMain - ok
19:52:32.0784 2676 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:52:32.0788 2676 TabletInputService - ok
19:52:32.0826 2676 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:52:32.0838 2676 TapiSrv - ok
19:52:32.0854 2676 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:52:32.0856 2676 TBS - ok
19:52:32.0921 2676 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
19:52:32.0928 2676 Tcpip - ok
19:52:32.0937 2676 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
19:52:32.0943 2676 Tcpip6 - ok
19:52:32.0972 2676 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:52:32.0990 2676 tcpipreg - ok
19:52:33.0007 2676 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:52:33.0025 2676 TDPIPE - ok
19:52:33.0036 2676 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:52:33.0068 2676 TDTCP - ok
19:52:33.0097 2676 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:52:33.0116 2676 tdx - ok
19:52:33.0154 2676 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:52:33.0173 2676 TermDD - ok
19:52:33.0227 2676 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:52:33.0246 2676 TermService - ok
19:52:33.0284 2676 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:52:33.0287 2676 Themes - ok
19:52:33.0314 2676 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:52:33.0316 2676 THREADORDER - ok
19:52:33.0336 2676 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:52:33.0339 2676 TrkWks - ok
19:52:33.0375 2676 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:52:33.0378 2676 TrustedInstaller - ok
19:52:33.0416 2676 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:52:33.0433 2676 tssecsrv - ok
19:52:33.0447 2676 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:52:33.0464 2676 tunmp - ok
19:52:33.0482 2676 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:52:33.0514 2676 tunnel - ok
19:52:33.0534 2676 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:52:33.0552 2676 uagp35 - ok
19:52:33.0579 2676 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:52:33.0608 2676 udfs - ok
19:52:33.0641 2676 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:52:33.0646 2676 UI0Detect - ok
19:52:33.0667 2676 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:52:33.0687 2676 uliagpkx - ok
19:52:33.0730 2676 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:52:33.0791 2676 uliahci - ok
19:52:33.0814 2676 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:52:33.0850 2676 UlSata - ok
19:52:33.0875 2676 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:52:33.0894 2676 ulsata2 - ok
19:52:33.0909 2676 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:52:33.0913 2676 umbus - ok
19:52:33.0944 2676 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:52:33.0954 2676 upnphost - ok
19:52:33.0987 2676 upperdev (b1b8bee26227dad9835019201552cb05) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
19:52:33.0988 2676 upperdev - ok
19:52:34.0014 2676 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
19:52:34.0019 2676 usbaudio - ok
19:52:34.0060 2676 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:52:34.0079 2676 usbccgp - ok
19:52:34.0114 2676 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:52:34.0131 2676 usbcir - ok
19:52:34.0167 2676 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:52:34.0186 2676 usbehci - ok
19:52:34.0220 2676 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:52:34.0250 2676 usbhub - ok
19:52:34.0281 2676 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:52:34.0303 2676 usbohci - ok
19:52:34.0332 2676 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:52:34.0350 2676 usbprint - ok
19:52:34.0392 2676 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:52:34.0416 2676 usbscan - ok
19:52:34.0458 2676 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
19:52:34.0476 2676 usbser - ok
19:52:34.0505 2676 UsbserFilt (98e1ff1d732c6c7200b6c59d4ff8c1c3) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
19:52:34.0506 2676 UsbserFilt - ok
19:52:34.0540 2676 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:52:34.0559 2676 USBSTOR - ok
19:52:34.0581 2676 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:52:34.0598 2676 usbuhci - ok
19:52:34.0637 2676 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:52:34.0639 2676 UxSms - ok
19:52:34.0689 2676 VBoxDrv (300bb4bc0b2c235f6209c21c7124d5c4) C:\Windows\system32\DRIVERS\VBoxDrv.sys
19:52:34.0690 2676 VBoxDrv - ok
19:52:34.0733 2676 VBoxNetAdp (a671867ac31e36be21d708f5dc6013de) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
19:52:34.0734 2676 VBoxNetAdp - ok
19:52:34.0739 2676 VBoxNetFlt - ok
19:52:34.0807 2676 VBoxUSB (f8165dc29d420962808e291f8f25f482) C:\Windows\system32\Drivers\VBoxUSB.sys
19:52:34.0808 2676 VBoxUSB - ok
19:52:34.0845 2676 VBoxUSBMon (ec16525629ee2d5eb136716b86879dbd) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
19:52:34.0876 2676 VBoxUSBMon - ok
19:52:34.0906 2676 VCSVADHWSer (b2abab4ca46bad182e27763dc19c780f) C:\Windows\system32\DRIVERS\vcsvad.sys
19:52:34.0909 2676 VCSVADHWSer - ok
19:52:34.0963 2676 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:52:34.0983 2676 vds - ok
19:52:35.0008 2676 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:52:35.0026 2676 vga - ok
19:52:35.0049 2676 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:52:35.0082 2676 VgaSave - ok
19:52:35.0099 2676 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:52:35.0117 2676 viaagp - ok
19:52:35.0132 2676 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:52:35.0150 2676 ViaC7 - ok
19:52:35.0161 2676 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:52:35.0178 2676 viaide - ok
19:52:35.0196 2676 VMnetAdapter - ok
19:52:35.0209 2676 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:52:35.0228 2676 volmgr - ok
19:52:35.0274 2676 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:52:35.0315 2676 volmgrx - ok
19:52:35.0353 2676 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:52:35.0357 2676 volsnap - ok
19:52:35.0374 2676 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:52:35.0375 2676 vsmraid - ok
19:52:35.0429 2676 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:52:35.0481 2676 VSS - ok
19:52:35.0506 2676 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:52:35.0522 2676 W32Time - ok
19:52:35.0571 2676 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:52:35.0588 2676 WacomPen - ok
19:52:35.0600 2676 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:52:35.0634 2676 Wanarp - ok
19:52:35.0636 2676 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:52:35.0637 2676 Wanarpv6 - ok
19:52:35.0688 2676 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:52:35.0732 2676 wcncsvc - ok
19:52:35.0752 2676 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:52:35.0754 2676 WcsPlugInService - ok
19:52:35.0778 2676 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:52:35.0796 2676 Wd - ok
19:52:35.0831 2676 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:52:35.0882 2676 Wdf01000 - ok
19:52:35.0896 2676 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:52:35.0899 2676 WdiServiceHost - ok
19:52:35.0902 2676 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:52:35.0905 2676 WdiSystemHost - ok
19:52:35.0950 2676 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:52:35.0978 2676 WebClient - ok
19:52:36.0005 2676 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:52:36.0010 2676 Wecsvc - ok
19:52:36.0033 2676 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:52:36.0037 2676 wercplsupport - ok
19:52:36.0068 2676 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:52:36.0073 2676 WerSvc - ok
19:52:36.0138 2676 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:52:36.0147 2676 WinDefend - ok
19:52:36.0151 2676 WinHttpAutoProxySvc - ok
19:52:36.0200 2676 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:52:36.0205 2676 Winmgmt - ok
19:52:36.0281 2676 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:52:36.0341 2676 WinRM - ok
19:52:36.0401 2676 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:52:36.0420 2676 Wlansvc - ok
19:52:36.0460 2676 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
19:52:36.0477 2676 WmiAcpi - ok
19:52:36.0534 2676 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:52:36.0539 2676 wmiApSrv - ok
19:52:36.0626 2676 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:52:36.0649 2676 WMPNetworkSvc - ok
19:52:36.0666 2676 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:52:36.0720 2676 WPCSvc - ok
19:52:36.0747 2676 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:52:36.0750 2676 WPDBusEnum - ok
19:52:36.0803 2676 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:52:36.0820 2676 WpdUsb - ok
19:52:36.0871 2676 WpsSupplicant (f41b4726be452724737ecfe1fb17e4e7) C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\WpsSupplicant.exe
19:52:36.0872 2676 WpsSupplicant - ok
19:52:36.0887 2676 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:52:36.0905 2676 ws2ifsl - ok
19:52:36.0939 2676 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
19:52:36.0943 2676 wscsvc - ok
19:52:36.0946 2676 WSearch - ok
19:52:37.0058 2676 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
19:52:37.0095 2676 wuauserv - ok
19:52:37.0190 2676 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:52:37.0195 2676 WUDFRd - ok
19:52:37.0226 2676 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:52:37.0230 2676 wudfsvc - ok
19:52:37.0263 2676 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
19:52:37.0886 2676 \Device\Harddisk0\DR0 - ok
19:52:38.0037 2676 Boot (0x1200) (bc5741cf2eec6f6c0185259b55f17e44) \Device\Harddisk0\DR0\Partition0
19:52:38.0039 2676 \Device\Harddisk0\DR0\Partition0 - ok
19:52:38.0042 2676 Boot (0x1200) (209a964df2b3ae525e9617d0ba92fac5) \Device\Harddisk0\DR0\Partition1
19:52:38.0043 2676 \Device\Harddisk0\DR0\Partition1 - ok
19:52:38.0043 2676 ============================================================
19:52:38.0043 2676 Scan finished
19:52:38.0043 2676 ============================================================
19:52:38.0051 5948 Detected object count: 1
19:52:38.0051 5948 Actual detected object count: 1
19:53:04.0826 5948 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:53:04.0826 5948 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:54:36.0630 5392 Deinitialize success
barca
Utente Junior
 
Post: 11
Iscritto il: 09/06/12 16:48

Re: PC infetto?

Postdi barca » 13/06/12 19:36

(grazie mille dell'aiuto che mi stai dando!!!)
barca
Utente Junior
 
Post: 11
Iscritto il: 09/06/12 16:48

Re: PC infetto?

Postdi barca » 15/06/12 07:31

Dopo combofix in poi non ci sono stati ulteriori miglioramenti: durante la scrittura continua a "smettere" di scrivere e nod32 continua a bloccarsi durante la scansione sui medesimi files.
Domanda nabba n1: per quanto riguarda nod si può provare a disinstallare e reinstallare? (non ho idea se abbia senso o anche solo se sia fattibile..).
Domanda nabba n2: il pc è o era infetto? ( se no cosa è successo? cosi evito in futuro..)
grazie mille!
barca
Utente Junior
 
Post: 11
Iscritto il: 09/06/12 16:48

Re: PC infetto?

Postdi FrancescoFDAC » 16/06/12 09:01

Ciao.

Aggiorna Adobe Reader e Java, disinstallando le versioni precedenti di entrambi i Software.
Quindi, ripeti la scansione con Hitman Pro, allega il Report.
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: PC infetto?

Postdi topino-chic » 28/06/12 18:41

messaggio per postare n.1
topino-chic
Newbie
 
Post: 4
Iscritto il: 28/06/12 18:04

Re: PC infetto?

Postdi barca » 01/07/12 10:11

ok, scusa il ritardo ma ero via.
ecco il log di hitman:


<?xml version="1.0"?>
-<Log filesProcessed="164855" timeSpentInSecs="358" date="2012-07-01T10:25:05" version="3.6.0.160" scan="Normal" computer="PC-LUCA">-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Cookies\57R4W89O.txt"/></Item></Log>

ieri ho inoltre fatto alcune prove empiriche col task manager (chiudendo un processo alla volta e vedendo quando il problema "non sa piu su quale programma sto lavorando" si risolve ) e sembra che sia coinvolto TWCU.exe, processo connesso col programma per la connessione wireless TP-LINK.
Su internet non vedo di altri con questo problema, comunque questo non sembra essere più un problema di sicurezza

Riguardo a nod32 l'ho disinstallato e installato l'ultima versione e la scansione nn si blocca piu.

Grazie mille a Francesco per l'aiuto, ora non mi resta che risolvere il problema con TWCU.exe ma come ho gia detto non credo faccia parte della sezione "sicurezza e privacy" quindi per me si può chiudere.
Grazie ancora!!
barca
Utente Junior
 
Post: 11
Iscritto il: 09/06/12 16:48

Re: PC infetto?

Postdi FrancescoFDAC » 01/07/12 10:14

Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe
● posiziona il tool sul Desktop
termina tutti i programmi attivi, comprese le pagine Internet
● avvia il tool con un doppio click
● clicca, in basso a sinistra, sul pulsante Start
scomparirà, per qualche istante, il Desktop: nulla di cui preoccuparsi
● attendi pazientemente il termine delle operazioni
● clicca, in basso a destra, sul pulsante Exit
● una volta terminate le operazioni, chiudi il programma

Nota - riguardo al programma:
TFC by OldTimer serve ad eliminare i file temporeanei di tutti gli utenti, con facilità e velocemente

Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
● posiziona il tool sul Desktop
● chiudi tutti i programmi attivi
● avvia il tool con un doppio click
● clicca sul pulsante CleanUp!
● il programma chiede di riavviare il sistema: consenti, cliccando su Yes per due volte

Nota - riguardo al programma:
OTC by OldTimer serve ad eliminare i programmi che abbiamo utilizzato per la pulizia (ComboFix in particolare) in modo automatico e preciso: al riavvio non noterai più l'icona di ComboFix, è del tutto normale

Ciao e alla prossima!
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53


Torna a Sicurezza e Privacy


Topic correlati a "PC infetto?":


Chi c’è in linea

Visitano il forum: Nessuno e 2 ospiti