Condividi:        

Pc infetto da Trojan.Agent/Gen-Krypt

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Pc infetto da Trojan.Agent/Gen-Krypt

Postdi franco75 » 29/06/12 12:17

Ciao a tutti riscrivo questo topic sbangliando lo scritto in maiuscolo..allora superantispyware in scansione completa mia rilevato questo virus mettendolo in quarantena,notavo da paio di giorni cose strane firefox si bloccava all'avvio il pc non sempre si bloccava poi la pagina di pc-facile.com era cambiata era spariti dove si digita il nome utente e password per l'accesso.
Allego il log.
Codice: Seleziona tutto
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/28/2012 at 10:35 PM

Application Version : 5.1.1002

Core Rules Database Version : 8815
Trace Rules Database Version: 6627

Scan type       : Complete Scan
Total Scan Time : 01:49:50

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 840
Memory threats detected   : 0
Registry items scanned    : 38192
Registry threats detected : 0
File items scanned        : 115378
File threats detected     : 4

Trojan.Agent/Gen-Kryptik
   C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\DOCUMENT MANAGER\HPQDCMGR.EXE
   C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HP\GESTORE DOCUMENTI HP.LNK
   C:\WINDOWS\INSTALLER\{92A51949-EE4C-466D-AAF0-99E74A49A63F}\DTCUT_C29C1940CB854F3B906C33FEE0E67103.EXE
   C:\WINDOWS\INSTALLER\{92A51949-EE4C-466D-AAF0-99E74A49A63F}\SCUT_C29C1940CB854F3B906C33FEE0E67103.EXE
franco75
Utente Senior
 
Post: 182
Iscritto il: 28/04/12 12:35

Sponsor
 

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi FrancescoFDAC » 29/06/12 18:48

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un doppio click
● una volta avviato clicca il pulsante Accetto: conferma cliccando Ok due volte
● segui le istruzioni che verranno rilasciate per eseguire la scansione:
"Tipicamente non impiega più di 10 minuti
Su pc molto infetti il tempo di scansione può raddoppiare facilmente"
● nel caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare (clicca il pulsante No)
senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato dopo l'utilizzo del programma stesso.
Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette, Hard Disk Esterni, Lettori MP3...) per prevenire future minacce: quando inserisci una Pendrive, dovrai avviarla manualmente dalle Risorse del computer.
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi franco75 » 29/06/12 19:20

Ciao FDAC.. ti posto il log.
Codice: Seleziona tutto
ComboFix 12-06-28.03 - FRANCO 29/06/2012  20.02.21.5.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.3067.1793 [GMT 2:00]
Eseguito da: c:\users\FRANCO\Downloads\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1337631009.1520.bin
c:\programdata\1337631009.1636.bin
c:\programdata\1337631009.1972.bin
c:\programdata\1337631009.2900.bin
c:\programdata\1337631009.3324.bin
c:\programdata\1337631009.3576.bin
c:\programdata\1337631009.4088.bin
c:\programdata\1337631009.4420.bin
c:\programdata\1337631009.4464.bin
c:\programdata\1337631009.6076.bin
c:\programdata\1337633395.bdinstall.bin
c:\programdata\1337634298.bdinstall.bin
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-05-28 al 2012-06-29  )))))))))))))))))))))))))))))))))))
.
.
2012-06-26 11:22 . 2009-07-24 16:08   1658880   ----a-w-   c:\windows\Acer Crystal Eye webcam.EXE
2012-06-26 11:22 . 2009-07-24 13:44   8362   ----a-w-   c:\windows\Suyin.reg
2012-06-26 11:22 . 2008-12-30 11:42   626688   ----a-w-   c:\windows\Image.dll
2012-06-26 11:22 . 2008-07-29 17:29   200704   ----a-w-   c:\windows\PLFSetI.exe
2012-06-26 11:22 . 2008-06-25 12:22   20480   ----a-w-   c:\windows\USB_VIDEO_REG.exe
2012-06-26 11:18 . 2012-06-26 11:19   --------   d-----w-   c:\users\FRANCO\AppData\Local\Smartbar
2012-06-26 11:01 . 2012-06-26 18:06   --------   d-----w-   c:\programdata\blekko toolbars
2012-06-26 11:00 . 2012-06-28 17:55   --------   d-----w-   c:\program files\Phyxion.net
2012-06-26 11:00 . 2012-06-26 11:13   --------   d-----w-   c:\users\FRANCO\AppData\Roaming\OpenCandy
2012-06-24 19:06 . 2012-06-24 19:06   --------   d-----w-   c:\programdata\Acer
2012-06-24 19:05 . 2012-06-24 19:05   --------   d-----w-   C:\OEM
2012-06-24 16:51 . 2012-06-24 17:06   --------   d-----w-   c:\program files\Real
2012-06-24 15:52 . 2009-01-05 06:47   487168   ----a-w-   c:\windows\system32\drivers\AVerAF15DMBTH.sys
2012-06-23 19:52 . 2012-06-23 19:52   --------   d-----w-   c:\users\FRANCO\AppData\Local\Macromedia
2012-06-23 19:49 . 2012-06-23 19:49   --------   d-----w-   c:\program files\Common Files\Java
2012-06-23 19:46 . 2012-06-23 19:46   --------   d-----w-   c:\program files\Oracle
2012-06-23 19:45 . 2012-05-04 17:29   772504   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-06-22 10:27 . 2012-06-02 22:19   53784   ----a-w-   c:\windows\system32\wuauclt.exe
2012-06-22 10:27 . 2012-06-02 22:19   45080   ----a-w-   c:\windows\system32\wups2.dll
2012-06-22 10:27 . 2012-06-02 22:19   1933848   ----a-w-   c:\windows\system32\wuaueng.dll
2012-06-22 10:27 . 2012-06-02 22:12   2422272   ----a-w-   c:\windows\system32\wucltux.dll
2012-06-22 10:27 . 2012-06-02 22:19   35864   ----a-w-   c:\windows\system32\wups.dll
2012-06-22 10:27 . 2012-06-02 22:19   577048   ----a-w-   c:\windows\system32\wuapi.dll
2012-06-22 10:27 . 2012-06-02 22:12   88576   ----a-w-   c:\windows\system32\wudriver.dll
2012-06-22 10:26 . 2012-06-02 13:19   171904   ----a-w-   c:\windows\system32\wuwebv.dll
2012-06-22 10:26 . 2012-06-02 13:12   33792   ----a-w-   c:\windows\system32\wuapp.exe
2012-06-19 15:35 . 2012-06-19 15:35   4967624   ----a-w-   c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-16 19:55 . 2012-06-16 19:55   --------   d-----w-   c:\users\FRANCO\AppData\Local\Chromium
2012-06-16 19:53 . 2012-06-16 20:56   --------   d-----w-   c:\program files\Norton PC Checkup 3.0
2012-06-14 11:27 . 2012-04-24 04:36   1158656   ----a-w-   c:\windows\system32\crypt32.dll
2012-06-14 11:27 . 2012-04-24 04:36   140288   ----a-w-   c:\windows\system32\cryptsvc.dll
2012-06-14 11:27 . 2012-04-24 04:36   103936   ----a-w-   c:\windows\system32\cryptnet.dll
2012-06-14 11:25 . 2012-04-28 03:17   183808   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-06-14 11:20 . 2012-04-07 11:26   2342400   ----a-w-   c:\windows\system32\msi.dll
2012-06-14 11:20 . 2012-05-15 01:05   2343936   ----a-w-   c:\windows\system32\win32k.sys
2012-06-14 11:20 . 2012-04-26 04:45   58880   ----a-w-   c:\windows\system32\rdpwsx.dll
2012-06-14 11:20 . 2012-04-26 04:45   129536   ----a-w-   c:\windows\system32\rdpcorekmts.dll
2012-06-14 11:20 . 2012-04-26 04:41   8192   ----a-w-   c:\windows\system32\rdrmemptylst.exe
2012-06-14 11:20 . 2012-05-01 04:44   164352   ----a-w-   c:\windows\system32\profsvc.dll
2012-06-10 14:11 . 2012-06-10 14:11   --------   d-----w-   c:\program files\PC Connectivity Solution
2012-06-05 18:05 . 2012-06-05 18:05   770384   ----a-w-   c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-05 18:05 . 2012-06-05 18:05   421200   ----a-w-   c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-02 07:24 . 2012-06-02 07:24   --------   d-----w-   c:\users\FRANCO\DoctorWeb
2012-06-01 17:51 . 2012-06-01 17:51   375336   ----a-w-   c:\windows\system32\drivers\k57nd60x.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 16:51 . 2009-11-18 19:41   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2012-06-24 16:51 . 2009-11-18 19:41   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2012-06-23 19:51 . 2012-04-08 07:58   426184   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-06-23 19:51 . 2011-05-13 18:29   70344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-24 21:18 . 2012-05-24 21:18   4472832   ----a-w-   c:\windows\system32\GPhotos.scr
2012-05-23 17:41 . 2012-05-23 17:41   141944   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2012-05-21 20:57 . 2012-01-18 15:15   447208   ----a-w-   c:\windows\system32\drivers\avckf.sys
2012-05-14 23:43 . 2012-05-22 10:41   6737808   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{5153FE5B-600E-4120-8474-65B58BFBD93F}\mpengine.dll
2012-05-09 20:21 . 2010-04-27 21:23   44184   ----a-w-   c:\windows\system32\drivers\fsbts.sys
2012-05-07 21:33 . 2012-05-07 21:33   388096   ----a-r-   c:\users\FRANCO\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-07 19:50 . 2012-05-07 19:50   6656   ----a-w-   c:\windows\system32\bcmwlrc.dll
2012-05-06 10:46 . 2012-05-06 10:47   33832   ----a-w-   c:\windows\system32\drivers\btwl2cap.sys
2012-05-06 10:46 . 2012-05-06 10:47   18728   ----a-w-   c:\windows\system32\drivers\btwrchid.sys
2012-05-06 10:46 . 2012-05-06 10:47   175144   ----a-w-   c:\windows\system32\drivers\btwavdt.sys
2012-05-06 10:46 . 2012-05-06 10:47   153128   ----a-w-   c:\windows\system32\drivers\btwaudio.sys
2012-05-06 10:46 . 2011-05-06 19:52   504360   ----a-w-   c:\windows\system32\drivers\btwampfl.sys
2012-05-04 17:29 . 2010-08-29 09:37   687504   ----a-w-   c:\windows\system32\deployJava1.dll
2012-04-22 11:51 . 2012-04-22 11:51   592896   ----a-w-   c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll
2012-04-22 11:51 . 2011-02-05 21:14   18816   ----a-w-   c:\windows\system32\drivers\pccsmcfd.sys
2012-04-19 02:50 . 2012-04-19 02:50   24896   ----a-w-   c:\windows\system32\drivers\avgidshx.sys
2012-04-15 21:32 . 2012-04-15 21:32   1068216   ----a-w-   c:\windows\system32\drivers\wcmvcam.sys
2012-04-13 12:28 . 2011-10-07 20:23   149432   ----a-w-   c:\windows\SGDetectionTool.dll0530.old
2012-04-13 12:28 . 2011-10-07 20:23   2271160   ----a-w-   c:\windows\PCTBDCore.dll0530.old
2012-04-13 12:28 . 2011-10-07 20:23   767928   ----a-w-   c:\windows\BDTSupport.dll0530.old
2012-04-04 13:56 . 2012-05-21 21:12   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-06-17 07:08 . 2012-05-20 08:10   85472   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-05 01:58   297808   ----a-w-   c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}]
2012-04-18 23:43   510904   ----a-r-   c:\program files\Norton Identity Safe\Engine\2012.6.0.72\CoIEPlg.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A13C2648-91D4-4bf3-BC6D-0079707C4389}"= "c:\program files\Norton Identity Safe\Engine\2012.6.0.72\coIEPlg.dll" [2012-04-18 510904]
.
[HKEY_CLASSES_ROOT\clsid\{a13c2648-91d4-4bf3-bc6d-0079707c4389}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-05 39408]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
"Browser Infrastructure Helper"="c:\users\FRANCO\AppData\Local\Smartbar\Application\Linkury.exe" [2012-06-24 19800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2010-02-12 30080]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"BTMTrayAgent"="c:\program files\Intel\Bluetooth\btmshell.dll" [2011-03-30 9902352]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-03-27 10967656]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-4-1 1110816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ      scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^FRANCO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37   843712   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07   252296   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"B2C_AGENT"=c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [x]
R3 AVerAF15DMBTH;AVerMedia A850 USB;c:\windows\system32\Drivers\AVerAF15DMBTH.sys [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NETw5s32;Driver scheda Intel(R) Wireless WiFi Link 5000 Series per Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
R3 netw5v32;Driver scheda Intel(R) Wireless WiFi Link serie 5000 per Windows Vista a 32 bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307010.005\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307010.005\SYMEFA.SYS [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120619.001\BHDrvx86.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307010.005\ccSetx86.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NST\7DC06000.048\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120628.001\IDSvix86.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307010.005\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1307010.005\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Intel\Bluetooth\obexsrv.exe [x]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NCO;Norton Identity Safe;c:\program files\Norton Identity Safe\Engine\2012.6.0.72\ccSvcHst.exe [x]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETwNs32;___ Driver scheda Intel(R) Wireless WiFi Link 5000 Series per Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*Deregistered* - cmdGuard
*Deregistered* - cmdHlp
*Deregistered* - PCTAppEvent
*Deregistered* - pctDS
*Deregistered* - pctEFA
*Deregistered* - pctgntdi
*Deregistered* - PCTSD
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
HPService   REG_MULTI_SZ      HPSLPSVC
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 19:51]
.
2012-05-03 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2012-05-03 17:20]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:12]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:12]
.
2012-06-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ad5b8325-e4ed-45d9-b380-2bfdf2b88caa.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=IT&userid=55d480d9-f7f4-414e-bc14-9a23e15c633f&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.3
TCP: Interfaces\{04C826DA-126A-459B-9424-94C766EA606F}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{09F54451-697F-4C97-9199-9789DF48F2D8}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{31AB7A5C-8E41-4729-8164-EC489778AD1A}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{34F6317E-4A40-4BD5-A906-F00C9AEB6D45}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{840E4623-DEFE-4F37-A326-C5F64FFE446A}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{A8BD4204-D72A-40D3-8225-45E828E22E77}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\078696C6960737F596E6374716C6C6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\4496769636F6D6642716E636F6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\4496769636F6D6F5135303: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C416023616371602469602479647479702: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C4160236163716024696024797474797: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C41602361637160246960247974747970233: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C496265627F675966496: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: NameServer = 176.31.229.24,176.31.229.25
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\FRANCO\AppData\Roaming\Mozilla\Firefox\Profiles\78x8kk0b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.virgilio.it
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2012.6.0.72\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2012.6.0.72\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll\" /prefetch:1"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,8b,51,1d,6f,7d,24,47,bf,31,ba,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,8b,51,1d,6f,7d,24,47,bf,31,ba,\
.
[HKEY_USERS\S-1-5-21-799568924-1534362706-3771050731-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-799568924-1534362706-3771050731-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000059
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-06-29  20:18:32
ComboFix-quarantined-files.txt  2012-06-29 18:18
.
Pre-Run: 371.041.398.784 byte disponibili
Post-Run: 374.122.299.392 byte disponibili
.
- - End Of File - - DE93E3BFD2C6D44ACDE3EA478592708A
franco75
Utente Senior
 
Post: 182
Iscritto il: 28/04/12 12:35

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi FrancescoFDAC » 30/06/12 08:35

Disinstalla blekko toolbars.

Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● clicca due volte sul file TDSSKiller.exe per avviare l'applicazione
● successivamente premi il pulsante Start scan

Nota - riguardo al programma:
● non cliccare sul pulsante Stop scan per nessun motivo, la scansione si interromperebbe

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure: clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip: clicca quindi su Continua
● se non viene rilevato nulla, chiudi semplicemente il programma al termine della scansione

Una volta terminata la scansione, si presenterà una di queste due opzioni:
non è necessario il riavvio del sistema: allega il Report situato nel Disco Locale C:\, di nome TDSSKiller.[Version]_[Date]_[Time]_log.txt
● è necessario riavviare il sistema: clicca su Riavvia ora, infine allega il risultato della scansione (si trova nello stesso percorso menzionato poco fa')
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi franco75 » 30/06/12 16:44

Ecco il log.
Codice: Seleziona tutto
TDSSKiller.[Version]_[Date]_[Time]_log.txt
17:34:59.0044 5964   VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
17:34:59.0053 5964   VSS - ok
17:34:59.0308 5964   vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
17:34:59.0316 5964   vToolbarUpdater11.1.0 - ok
17:34:59.0475 5964   vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
17:34:59.0478 5964   vwifibus - ok
17:34:59.0511 5964   vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
17:34:59.0512 5964   vwififlt - ok
17:34:59.0541 5964   vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
17:34:59.0542 5964   vwifimp - ok
17:34:59.0601 5964   W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
17:34:59.0632 5964   W32Time - ok
17:34:59.0665 5964   WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:34:59.0667 5964   WacomPen - ok
17:34:59.0704 5964   WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:34:59.0705 5964   WANARP - ok
17:34:59.0713 5964   Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:34:59.0714 5964   Wanarpv6 - ok
17:34:59.0841 5964   WatAdminSvc     (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
17:34:59.0861 5964   WatAdminSvc - ok
17:34:59.0967 5964   wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
17:34:59.0994 5964   wbengine - ok
17:35:00.0046 5964   WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
17:35:00.0049 5964   WbioSrvc - ok
17:35:00.0198 5964   WCMVCAM         (70ff13d0c853acea859737ec8a8d220f) C:\Windows\system32\DRIVERS\wcmvcam.sys
17:35:00.0205 5964   WCMVCAM - ok
17:35:00.0254 5964   wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
17:35:00.0259 5964   wcncsvc - ok
17:35:00.0282 5964   WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
17:35:00.0286 5964   WcsPlugInService - ok
17:35:00.0322 5964   Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:35:00.0323 5964   Wd - ok
17:35:00.0373 5964   Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:35:00.0376 5964   Wdf01000 - ok
17:35:00.0410 5964   WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:35:00.0414 5964   WdiServiceHost - ok
17:35:00.0422 5964   WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:35:00.0426 5964   WdiSystemHost - ok
17:35:00.0491 5964   WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
17:35:00.0504 5964   WebClient - ok
17:35:00.0537 5964   Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
17:35:00.0553 5964   Wecsvc - ok
17:35:00.0592 5964   wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
17:35:00.0596 5964   wercplsupport - ok
17:35:00.0617 5964   WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
17:35:00.0620 5964   WerSvc - ok
17:35:00.0646 5964   WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:35:00.0647 5964   WfpLwf - ok
17:35:00.0673 5964   WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:35:00.0675 5964   WIMMount - ok
17:35:00.0817 5964   WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
17:35:00.0825 5964   WinDefend - ok
17:35:00.0854 5964   WinHttpAutoProxySvc - ok
17:35:00.0957 5964   Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
17:35:00.0960 5964   Winmgmt - ok
17:35:01.0079 5964   WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
17:35:01.0111 5964   WinRM - ok
17:35:01.0197 5964   WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
17:35:01.0200 5964   WinUsb - ok
17:35:01.0302 5964   Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
17:35:01.0311 5964   Wlansvc - ok
17:35:01.0428 5964   wlcrasvc        (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:35:01.0430 5964   wlcrasvc - ok
17:35:01.0709 5964   wlidsvc         (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:35:01.0726 5964   wlidsvc - ok
17:35:01.0865 5964   WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
17:35:01.0866 5964   WmiAcpi - ok
17:35:01.0949 5964   wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
17:35:01.0963 5964   wmiApSrv - ok
17:35:02.0203 5964   WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:35:02.0221 5964   WMPNetworkSvc - ok
17:35:02.0412 5964   WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
17:35:02.0417 5964   WPCSvc - ok
17:35:02.0492 5964   WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
17:35:02.0497 5964   WPDBusEnum - ok
17:35:02.0612 5964   ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:35:02.0615 5964   ws2ifsl - ok
17:35:02.0701 5964   wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
17:35:02.0715 5964   wscsvc - ok
17:35:02.0727 5964   WSearch - ok
17:35:02.0941 5964   wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
17:35:02.0961 5964   wuauserv - ok
17:35:03.0117 5964   WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
17:35:03.0118 5964   WudfPf - ok
17:35:03.0191 5964   WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:35:03.0192 5964   WUDFRd - ok
17:35:03.0284 5964   wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
17:35:03.0288 5964   wudfsvc - ok
17:35:03.0382 5964   WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
17:35:03.0413 5964   WwanSvc - ok
17:35:03.0547 5964   MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:35:03.0963 5964   \Device\Harddisk0\DR0 - ok
17:35:03.0970 5964   MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
17:35:03.0977 5964   \Device\Harddisk1\DR1 - ok
17:35:03.0982 5964   Boot (0x1200)   (f03e469bf252a68f9faf914feaa2a0a2) \Device\Harddisk0\DR0\Partition0
17:35:03.0983 5964   \Device\Harddisk0\DR0\Partition0 - ok
17:35:03.0998 5964   Boot (0x1200)   (09748f86a80f31de2fd84e188ef4dd4a) \Device\Harddisk1\DR1\Partition0
17:35:04.0001 5964   \Device\Harddisk1\DR1\Partition0 - ok
17:35:04.0001 5964   ============================================================
17:35:04.0001 5964   Scan finished
17:35:04.0001 5964   ============================================================
17:35:04.0125 4840   Detected object count: 0
17:35:04.0125 4840   Actual detected object count: 0
17:37:39.0820 3576   ============================================================
17:37:39.0820 3576   Scan started
17:37:39.0820 3576   Mode: Manual; SigCheck; TDLFS;
17:37:39.0820 3576   ============================================================
17:37:40.0059 3576   !SASCORE        (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:37:40.0128 3576   !SASCORE - ok
17:37:40.0205 3576   1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
17:37:40.0299 3576   1394ohci - ok
17:37:40.0374 3576   ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
17:37:40.0398 3576   ACDaemon - ok
17:37:40.0435 3576   ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
17:37:40.0454 3576   ACPI - ok
17:37:40.0465 3576   AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
17:37:40.0522 3576   AcpiPmi - ok
17:37:40.0578 3576   AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:37:40.0590 3576   AdobeARMservice - ok
17:37:40.0657 3576   AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:37:40.0674 3576   AdobeFlashPlayerUpdateSvc - ok
17:37:40.0731 3576   adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
17:37:40.0754 3576   adp94xx - ok
17:37:40.0789 3576   adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
17:37:40.0809 3576   adpahci - ok
17:37:40.0833 3576   adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
17:37:40.0851 3576   adpu320 - ok
17:37:40.0878 3576   AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
17:37:40.0951 3576   AeLookupSvc - ok
17:37:40.0975 3576   Afc             (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
17:37:40.0988 3576   Afc - ok
17:37:41.0024 3576   AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
17:37:41.0064 3576   AFD - ok
17:37:41.0114 3576   AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Program Files\LSI SoftModem\agrsmsvc.exe
17:37:41.0148 3576   AgereModemAudio - ok
17:37:41.0296 3576   AgereSoftModem  (bceb020d36634cada07882e4c221e85e) C:\Windows\system32\DRIVERS\AGRSM.sys
17:37:41.0374 3576   AgereSoftModem - ok
17:37:41.0406 3576   agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
17:37:41.0422 3576   agp440 - ok
17:37:41.0451 3576   aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
17:37:41.0467 3576   aic78xx - ok
17:37:41.0494 3576   ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
17:37:41.0524 3576   ALG - ok
17:37:41.0534 3576   aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
17:37:41.0551 3576   aliide - ok
17:37:41.0572 3576   amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
17:37:41.0587 3576   amdagp - ok
17:37:41.0607 3576   amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
17:37:41.0623 3576   amdide - ok
17:37:41.0655 3576   AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
17:37:41.0671 3576   AmdK8 - ok
17:37:41.0689 3576   AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
17:37:41.0729 3576   AmdPPM - ok
17:37:41.0763 3576   amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
17:37:41.0778 3576   amdsata - ok
17:37:41.0808 3576   amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
17:37:41.0826 3576   amdsbs - ok
17:37:41.0847 3576   amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
17:37:41.0862 3576   amdxata - ok
17:37:41.0896 3576   AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
17:37:41.0943 3576   AppID - ok
17:37:41.0967 3576   AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
17:37:42.0008 3576   AppIDSvc - ok
17:37:42.0043 3576   Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
17:37:42.0078 3576   Appinfo - ok
17:37:42.0157 3576   Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:37:42.0178 3576   Apple Mobile Device - ok
17:37:42.0209 3576   arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
17:37:42.0225 3576   arc - ok
17:37:42.0248 3576   arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
17:37:42.0264 3576   arcsas - ok
17:37:42.0358 3576   aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:37:42.0375 3576   aspnet_state - ok
17:37:42.0395 3576   AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:37:42.0515 3576   AsyncMac - ok
17:37:42.0563 3576   atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
17:37:42.0579 3576   atapi - ok
17:37:42.0675 3576   athrusb         (44fa26470d4c8123ccf71f4200b782d3) C:\Windows\system32\DRIVERS\athrusb.sys
17:37:42.0737 3576   athrusb - ok
17:37:42.0790 3576   AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:37:42.0824 3576   AudioEndpointBuilder - ok
17:37:42.0830 3576   Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:37:42.0864 3576   Audiosrv - ok
17:37:42.0939 3576   AVerAF15DMBTH   (aa45ad8a95f469cf31ae809c8a6c5719) C:\Windows\system32\Drivers\AVerAF15DMBTH.sys
17:37:42.0980 3576   AVerAF15DMBTH - ok
17:37:43.0017 3576   AVGIDSHX        (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
17:37:43.0030 3576   AVGIDSHX - ok
17:37:43.0098 3576   Avgtdix         (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
17:37:43.0120 3576   Avgtdix - ok
17:37:43.0168 3576   AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
17:37:43.0234 3576   AxInstSV - ok
17:37:43.0315 3576   b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
17:37:43.0363 3576   b06bdrv - ok
17:37:43.0404 3576   b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:37:43.0423 3576   b57nd60x - ok
17:37:43.0457 3576   BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
17:37:43.0511 3576   BDESVC - ok
17:37:43.0523 3576   Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:37:43.0569 3576   Beep - ok
17:37:43.0621 3576   BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
17:37:43.0672 3576   BFE - ok
17:37:43.0943 3576   BHDrvx86        (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120619.001\BHDrvx86.sys
17:37:43.0983 3576   BHDrvx86 - ok
17:37:44.0176 3576   BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
17:37:44.0243 3576   BITS - ok
17:37:44.0275 3576   blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:37:44.0303 3576   blbdrive - ok
17:37:44.0530 3576   Bluetooth Device Monitor (fee8eee4b33e4cb560bd0f5ee26ea3e5) C:\Program Files\Intel\Bluetooth\devmonsrv.exe
17:37:44.0563 3576   Bluetooth Device Monitor - ok
17:37:44.0666 3576   Bluetooth Media Service (5ae7f6e810853aebcb60c4acdcd87103) C:\Program Files\Intel\Bluetooth\mediasrv.exe
17:37:44.0699 3576   Bluetooth Media Service - ok
17:37:44.0793 3576   Bluetooth OBEX Service (6030437c07d554090d63826e9f608de1) C:\Program Files\Intel\Bluetooth\obexsrv.exe
17:37:44.0820 3576   Bluetooth OBEX Service - ok
17:37:44.0874 3576   Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:37:44.0891 3576   Bonjour Service - ok
17:37:45.0061 3576   bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
17:37:45.0113 3576   bowser - ok
17:37:45.0144 3576   BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:37:45.0183 3576   BrFiltLo - ok
17:37:45.0212 3576   BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:37:45.0258 3576   BrFiltUp - ok
17:37:45.0276 3576   BridgeMP        (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
17:37:45.0324 3576   BridgeMP - ok
17:37:45.0367 3576   Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
17:37:45.0398 3576   Browser - ok
17:37:45.0452 3576   Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:37:45.0498 3576   Brserid - ok
17:37:45.0523 3576   BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:37:45.0552 3576   BrSerWdm - ok
17:37:45.0565 3576   BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:37:45.0590 3576   BrUsbMdm - ok
17:37:45.0604 3576   BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:37:45.0634 3576   BrUsbSer - ok
17:37:45.0655 3576   BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
17:37:45.0708 3576   BthEnum - ok
17:37:45.0727 3576   BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
17:37:45.0746 3576   BTHMODEM - ok
17:37:45.0778 3576   BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
17:37:45.0806 3576   BthPan - ok
17:37:45.0859 3576   BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
17:37:45.0890 3576   BTHPORT - ok
17:37:45.0918 3576   bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
17:37:45.0955 3576   bthserv - ok
17:37:45.0983 3576   BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
17:37:46.0010 3576   BTHUSB - ok
17:37:46.0040 3576   btmaux          (ecf4c3bb58c701d73fce05f25c8b323b) C:\Windows\system32\DRIVERS\btmaux.sys
17:37:46.0082 3576   btmaux - ok
17:37:46.0139 3576   BTWAMPFL        (546dbc93a563f456a6233e1a1228998d) C:\Windows\system32\DRIVERS\btwampfl.sys
17:37:46.0159 3576   BTWAMPFL - ok
17:37:46.0190 3576   btwaudio        (d382d0de5a39b16a08d59b93a4cb2afd) C:\Windows\system32\drivers\btwaudio.sys
17:37:46.0204 3576   btwaudio - ok
17:37:46.0225 3576   btwavdt         (c8d1adefd6d5feaf95c6c7a2cc6b4b97) C:\Windows\system32\DRIVERS\btwavdt.sys
17:37:46.0240 3576   btwavdt - ok
17:37:46.0394 3576   btwdins         (9e0d116e588d503040c4099b1f2430b6) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:37:46.0437 3576   btwdins - ok
17:37:46.0469 3576   BTWDPAN         (4c0b3d7ed5b6057fd14895355e6f3f26) C:\Windows\system32\DRIVERS\btwdpan.sys
17:37:46.0482 3576   BTWDPAN - ok
17:37:46.0495 3576   btwl2cap        (e26610d44609574e13baad367ab34967) C:\Windows\system32\DRIVERS\btwl2cap.sys
17:37:46.0507 3576   btwl2cap - ok
17:37:46.0526 3576   btwrchid        (c49cc9b5e06fbdc87137ba24018b6ede) C:\Windows\system32\DRIVERS\btwrchid.sys
17:37:46.0538 3576   btwrchid - ok
17:37:46.0629 3576   catchme - ok
17:37:46.0695 3576   ccSet_NIS       (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NIS\1307010.005\ccSetx86.sys
17:37:46.0712 3576   ccSet_NIS - ok
17:37:46.0758 3576   ccSet_NST       (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NST\7DC06000.048\ccSetx86.sys
17:37:46.0772 3576   ccSet_NST - ok
17:37:46.0808 3576   cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:37:46.0856 3576   cdfs - ok
17:37:46.0883 3576   cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
17:37:46.0910 3576   cdrom - ok
17:37:46.0956 3576   CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:37:46.0995 3576   CertPropSvc - ok
17:37:47.0017 3576   circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
17:37:47.0036 3576   circlass - ok
17:37:47.0091 3576   CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:37:47.0126 3576   CLFS - ok
17:37:47.0213 3576   CLHNService     (252f4b4edc7bb632e531834f59abb84e) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
17:37:47.0239 3576   CLHNService - ok
17:37:47.0301 3576   clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:37:47.0330 3576   clr_optimization_v2.0.50727_32 - ok
17:37:47.0387 3576   clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:37:47.0401 3576   clr_optimization_v4.0.30319_32 - ok
17:37:47.0420 3576   CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:37:47.0451 3576   CmBatt - ok
17:37:47.0481 3576   cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
17:37:47.0496 3576   cmdide - ok
17:37:47.0577 3576   CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
17:37:47.0620 3576   CNG - ok
17:37:47.0653 3576   Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:37:47.0668 3576   Compbatt - ok
17:37:47.0684 3576   CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
17:37:47.0748 3576   CompositeBus - ok
17:37:47.0753 3576   COMSysApp - ok
17:37:47.0768 3576   crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:37:47.0784 3576   crcdisk - ok
17:37:47.0825 3576   CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
17:37:47.0856 3576   CryptSvc - ok
17:37:47.0890 3576   dc3d            (90f8539fa0de4aafe4fdbe7f95d6a512) C:\Windows\system32\DRIVERS\dc3d.sys
17:37:47.0903 3576   dc3d - ok
17:37:47.0944 3576   DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:37:47.0991 3576   DcomLaunch - ok
17:37:48.0030 3576   defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
17:37:48.0063 3576   defragsvc - ok
17:37:48.0094 3576   DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
17:37:48.0135 3576   DfsC - ok
17:37:48.0186 3576   Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
17:37:48.0233 3576   Dhcp - ok
17:37:48.0258 3576   discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:37:48.0298 3576   discache - ok
17:37:48.0338 3576   Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:37:48.0354 3576   Disk - ok
17:37:48.0386 3576   DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
17:37:48.0399 3576   DKbFltr - ok
17:37:48.0431 3576   Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
17:37:48.0491 3576   Dnscache - ok
17:37:48.0532 3576   dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
17:37:48.0576 3576   dot3svc - ok
17:37:48.0611 3576   Dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
17:37:48.0653 3576   Dot4 - ok
17:37:48.0668 3576   Dot4Print       (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:37:48.0701 3576   Dot4Print - ok
17:37:48.0720 3576   dot4usb         (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
17:37:48.0755 3576   dot4usb - ok
17:37:48.0789 3576   DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
17:37:48.0843 3576   DPS - ok
17:37:48.0871 3576   drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:37:48.0900 3576   drmkaud - ok
17:37:48.0972 3576   DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
17:37:48.0998 3576   DXGKrnl - ok
17:37:49.0024 3576   EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
17:37:49.0069 3576   EapHost - ok
17:37:49.0254 3576   ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:37:49.0306 3576   ebdrv - ok
17:37:49.0387 3576   eeCtrl          (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:37:49.0404 3576   eeCtrl - ok
17:37:49.0538 3576   EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
17:37:49.0601 3576   EFS - ok
17:37:49.0708 3576   ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
17:37:49.0764 3576   ehRecvr - ok
17:37:49.0800 3576   ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
17:37:49.0842 3576   ehSched - ok
17:37:49.0952 3576   elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:37:49.0979 3576   elxstor - ok
17:37:50.0070 3576   EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:37:50.0096 3576   EraserUtilRebootDrv - ok
17:37:50.0124 3576   ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
17:37:50.0155 3576   ErrDev - ok
17:37:50.0213 3576   EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
17:37:50.0260 3576   EventSystem - ok
17:37:50.0295 3576   exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:37:50.0327 3576   exfat - ok
17:37:50.0357 3576   fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:37:50.0397 3576   fastfat - ok
17:37:50.0454 3576   Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
17:37:50.0496 3576   Fax - ok
17:37:50.0510 3576   fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:37:50.0532 3576   fdc - ok
17:37:50.0551 3576   fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
17:37:50.0589 3576   fdPHost - ok
17:37:50.0604 3576   FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
17:37:50.0638 3576   FDResPub - ok
17:37:50.0651 3576   FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:37:50.0667 3576   FileInfo - ok
17:37:50.0682 3576   Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:37:50.0713 3576   Filetrace - ok
17:37:50.0730 3576   flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:37:50.0762 3576   flpydisk - ok
17:37:50.0792 3576   FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:37:50.0810 3576   FltMgr - ok
17:37:50.0895 3576   FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
17:37:50.0944 3576   FontCache - ok
17:37:51.0007 3576   FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:37:51.0038 3576   FontCache3.0.0.0 - ok
17:37:51.0074 3576   fsbts           (1d2de58a837e6909f98ca35103d10739) C:\Windows\system32\Drivers\fsbts.sys
17:37:51.0089 3576   fsbts - ok
17:37:51.0128 3576   FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:37:51.0144 3576   FsDepends - ok
17:37:51.0168 3576   fssfltr         (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
17:37:51.0181 3576   fssfltr - ok
17:37:51.0400 3576   fsssvc          (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
17:37:51.0443 3576   fsssvc - ok
17:37:51.0595 3576   Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
17:37:51.0623 3576   Fs_Rec - ok
17:37:51.0665 3576   fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
17:37:51.0686 3576   fvevol - ok
17:37:51.0723 3576   gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:37:51.0739 3576   gagp30kx - ok
17:37:51.0762 3576   GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\drivers\GEARAspiWDM.sys
17:37:51.0774 3576   GEARAspiWDM - ok
17:37:51.0804 3576   giveio          (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
17:37:51.0825 3576   giveio ( UnsignedFile.Multi.Generic ) - warning
17:37:51.0825 3576   giveio - detected UnsignedFile.Multi.Generic (1)
17:37:51.0903 3576   gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
17:37:51.0990 3576   gpsvc - ok
17:37:52.0109 3576   gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:37:52.0136 3576   gupdate - ok
17:37:52.0142 3576   gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:37:52.0157 3576   gupdatem - ok
17:37:52.0198 3576   gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:37:52.0213 3576   gusvc - ok
17:37:52.0245 3576   hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:37:52.0297 3576   hcw85cir - ok
17:37:52.0368 3576   HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
17:37:52.0422 3576   HdAudAddService - ok
17:37:52.0465 3576   HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
17:37:52.0505 3576   HDAudBus - ok
17:37:52.0524 3576   HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:37:52.0556 3576   HidBatt - ok
17:37:52.0579 3576   HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:37:52.0611 3576   HidBth - ok
17:37:52.0626 3576   HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:37:52.0646 3576   HidIr - ok
17:37:52.0675 3576   hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
17:37:52.0717 3576   hidserv - ok
17:37:52.0738 3576   HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
17:37:52.0769 3576   HidUsb - ok
17:37:52.0804 3576   hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
17:37:52.0835 3576   hkmsvc - ok
17:37:52.0867 3576   HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
17:37:52.0933 3576   HomeGroupListener - ok
17:37:52.0976 3576   HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
17:37:53.0003 3576   HomeGroupProvider - ok
17:37:53.0132 3576   hpqcxs08        (08457d8f8149757c70cea59c71ec5d27) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:37:53.0150 3576   hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
17:37:53.0150 3576   hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
17:37:53.0178 3576   hpqddsvc        (75cc8c5146a3fb76221a7606628778d5) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:37:53.0203 3576   hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
17:37:53.0203 3576   hpqddsvc - detected UnsignedFile.Multi.Generic (1)
17:37:53.0242 3576   HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
17:37:53.0262 3576   HpSAMD - ok
17:37:53.0388 3576   HPSLPSVC        (83db5dd8be71cba5447fbd7a48fdbeda) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
17:37:53.0431 3576   HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
17:37:53.0431 3576   HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
17:37:53.0510 3576   HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
17:37:53.0549 3576   HTTP - ok
17:37:53.0578 3576   hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
17:37:53.0593 3576   hwpolicy - ok
17:37:53.0609 3576   i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
17:37:53.0638 3576   i8042prt - ok
17:37:53.0687 3576   iaStor          (e64665e2a6caeb52c8ae6e5eb6f3fd7c) C:\Windows\system32\DRIVERS\iaStor.sys
17:37:53.0707 3576   iaStor - ok
17:37:53.0793 3576   IAStorDataMgrSvc (7d4b9a48430ed57aca6373b71d5904ca) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:37:53.0816 3576   IAStorDataMgrSvc - ok
17:37:53.0854 3576   iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
17:37:53.0874 3576   iaStorV - ok
17:37:54.0014 3576   idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:37:54.0047 3576   idsvc - ok
17:37:54.0274 3576   IDSVix86        (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120629.001\IDSvix86.sys
17:37:54.0302 3576   IDSVix86 - ok
17:37:54.0408 3576   iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:37:54.0424 3576   iirsp - ok
17:37:54.0510 3576   IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
17:37:54.0598 3576   IKEEXT - ok
17:37:54.0840 3576   IntcAzAudAddService (b35f19aff279e08b567b281fb2e94291) C:\Windows\system32\drivers\RTKVHDA.sys
17:37:54.0906 3576   IntcAzAudAddService - ok
17:37:55.0067 3576   intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
17:37:55.0100 3576   intelide - ok
17:37:55.0148 3576   intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:37:55.0181 3576   intelppm - ok
17:37:55.0225 3576   IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
17:37:55.0299 3576   IPBusEnum - ok
17:37:55.0324 3576   IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:37:55.0369 3576   IpFilterDriver - ok
17:37:55.0456 3576   iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
17:37:55.0502 3576   iphlpsvc - ok
17:37:55.0534 3576   IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
17:37:55.0565 3576   IPMIDRV - ok
17:37:55.0592 3576   IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:37:55.0641 3576   IPNAT - ok
17:37:55.0807 3576   iPod Service    (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
17:37:55.0842 3576   iPod Service - ok
17:37:55.0875 3576   IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:37:55.0911 3576   IRENUM - ok
17:37:55.0946 3576   isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
17:37:55.0962 3576   isapnp - ok
17:37:56.0001 3576   iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
17:37:56.0020 3576   iScsiPrt - ok
17:37:56.0064 3576   k57nd60x        (8c216be202ade328c78b52dfd20947d4) C:\Windows\system32\DRIVERS\k57nd60x.sys
17:37:56.0082 3576   k57nd60x - ok
17:37:56.0104 3576   kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:37:56.0120 3576   kbdclass - ok
17:37:56.0144 3576   kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
17:37:56.0172 3576   kbdhid - ok
17:37:56.0202 3576   KBFiltr         (0fcffa317cf713f2dc97459217e5868d) C:\Windows\system32\Drivers\KBFiltr.sys
17:37:56.0223 3576   KBFiltr ( UnsignedFile.Multi.Generic ) - warning
17:37:56.0223 3576   KBFiltr - detected UnsignedFile.Multi.Generic (1)
17:37:56.0247 3576   KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:37:56.0264 3576   KeyIso - ok
17:37:56.0284 3576   KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
17:37:56.0299 3576   KSecDD - ok
17:37:56.0326 3576   KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
17:37:56.0343 3576   KSecPkg - ok
17:37:56.0392 3576   KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
17:37:56.0441 3576   KtmRm - ok
17:37:56.0475 3576   LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
17:37:56.0531 3576   LanmanServer - ok
17:37:56.0560 3576   LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
17:37:56.0603 3576   LanmanWorkstation - ok
17:37:56.0726 3576   Live Updater Service (93b73ded2bc688f140c6ae2fbad45789) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
17:37:56.0744 3576   Live Updater Service - ok
17:37:56.0768 3576   lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:37:56.0800 3576   lltdio - ok
17:37:56.0847 3576   lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
17:37:56.0892 3576   lltdsvc - ok
17:37:56.0913 3576   lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
17:37:56.0956 3576   lmhosts - ok
17:37:56.0979 3576   LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:37:56.0996 3576   LSI_FC - ok
17:37:57.0010 3576   LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:37:57.0026 3576   LSI_SAS - ok
17:37:57.0044 3576   LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:37:57.0060 3576   LSI_SAS2 - ok
17:37:57.0083 3576   LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:37:57.0100 3576   LSI_SCSI - ok
17:37:57.0126 3576   luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:37:57.0174 3576   luafv - ok
17:37:57.0206 3576   ManyCam         (8e17d513d8011b0ee03c355eaab0e0cc) C:\Windows\system32\DRIVERS\mcvidrv.sys
17:37:57.0252 3576   ManyCam - ok
17:37:57.0287 3576   MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
17:37:57.0307 3576   MBAMProtector - ok
17:37:57.0382 3576   MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:37:57.0404 3576   MBAMService - ok
17:37:57.0434 3576   mcaudrv_simple  (562d95e00e14a944debe655decbd3f5b) C:\Windows\system32\drivers\mcaudrv.sys
17:37:57.0494 3576   mcaudrv_simple - ok
17:37:57.0570 3576   McciCMService   (4f74184920b2d6e33024409b4c5c57c1) C:\Program Files\Common Files\Motive\McciCMService.exe
17:37:57.0581 3576   McciCMService ( UnsignedFile.Multi.Generic ) - warning
17:37:57.0581 3576   McciCMService - detected UnsignedFile.Multi.Generic (1)
17:37:57.0619 3576   Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
17:37:57.0638 3576   Mcx2Svc - ok
17:37:57.0659 3576   megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:37:57.0674 3576   megasas - ok
17:37:57.0726 3576   MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:37:57.0744 3576   MegaSR - ok
17:37:57.0790 3576   MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:37:57.0831 3576   MMCSS - ok
17:37:57.0867 3576   Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:37:57.0907 3576   Modem - ok
17:37:57.0928 3576   monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:37:57.0960 3576   monitor - ok
17:37:57.0992 3576   mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
17:37:58.0008 3576   mouclass - ok
17:37:58.0028 3576   mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:37:58.0052 3576   mouhid - ok
17:37:58.0085 3576   mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
17:37:58.0101 3576   mountmgr - ok
17:37:58.0135 3576   MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:37:58.0149 3576   MozillaMaintenance - ok
17:37:58.0188 3576   mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
17:37:58.0206 3576   mpio - ok
17:37:58.0221 3576   mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:37:58.0264 3576   mpsdrv - ok
17:37:58.0323 3576   MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
17:37:58.0376 3576   MpsSvc - ok
17:37:58.0438 3576   MREMP50         (80b2ec735495823ae5771a5f603e73bd) C:\Program Files\Common Files\Motive\MREMP50.sys
17:37:58.0453 3576   MREMP50 ( UnsignedFile.Multi.Generic ) - warning
17:37:58.0453 3576   MREMP50 - detected UnsignedFile.Multi.Generic (1)
17:37:58.0472 3576   MRESP50         (37d7c22f7e26da90e2d2d260e5d27846) C:\Program Files\Common Files\Motive\MRESP50.sys
17:37:58.0506 3576   MRESP50 ( UnsignedFile.Multi.Generic ) - warning
17:37:58.0506 3576   MRESP50 - detected UnsignedFile.Multi.Generic (1)
17:37:58.0541 3576   MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
17:37:58.0562 3576   MRxDAV - ok
17:37:58.0589 3576   mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:37:58.0642 3576   mrxsmb - ok
17:37:58.0679 3576   mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:37:58.0709 3576   mrxsmb10 - ok
17:37:58.0732 3576   mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:37:58.0758 3576   mrxsmb20 - ok
17:37:58.0780 3576   msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
17:37:58.0795 3576   msahci - ok
17:37:58.0824 3576   msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
17:37:58.0842 3576   msdsm - ok
17:37:58.0895 3576   MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
17:37:58.0930 3576   MSDTC - ok
17:37:58.0962 3576   Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:37:58.0993 3576   Msfs - ok
17:37:59.0008 3576   mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:37:59.0038 3576   mshidkmdf - ok
17:37:59.0056 3576   msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
17:37:59.0071 3576   msisadrv - ok
17:37:59.0104 3576   MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
17:37:59.0145 3576   MSiSCSI - ok
17:37:59.0154 3576   msiserver - ok
17:37:59.0189 3576   MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:37:59.0227 3576   MSKSSRV - ok
17:37:59.0243 3576   MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:37:59.0285 3576   MSPCLOCK - ok
17:37:59.0303 3576   MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:37:59.0352 3576   MSPQM - ok
17:37:59.0380 3576   MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:37:59.0398 3576   MsRPC - ok
17:37:59.0422 3576   mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
17:37:59.0438 3576   mssmbios - ok
17:37:59.0476 3576   MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:37:59.0524 3576   MSTEE - ok
17:37:59.0538 3576   MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:37:59.0578 3576   MTConfig - ok
17:37:59.0603 3576   Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:37:59.0619 3576   Mup - ok
17:37:59.0692 3576   napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
17:37:59.0742 3576   napagent - ok
17:37:59.0807 3576   NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:37:59.0847 3576   NativeWifiP - ok
17:38:00.0046 3576   NAVENG          (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120629.024\NAVENG.SYS
17:38:00.0062 3576   NAVENG - ok
17:38:00.0197 3576   NAVEX15         (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120629.024\NAVEX15.SYS
17:38:00.0234 3576   NAVEX15 - ok
17:38:00.0329 3576   NCO             (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Identity Safe\Engine\2012.6.0.72\ccSvcHst.exe
17:38:00.0360 3576   NCO - ok
17:38:00.0523 3576   NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
17:38:00.0549 3576   NDIS - ok
17:38:00.0575 3576   NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:38:00.0614 3576   NdisCap - ok
17:38:00.0634 3576   NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:38:00.0679 3576   NdisTapi - ok
17:38:00.0711 3576   Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
17:38:00.0740 3576   Ndisuio - ok
17:38:00.0769 3576   NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
17:38:00.0813 3576   NdisWan - ok
17:38:00.0839 3576   NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
17:38:00.0877 3576   NDProxy - ok
17:38:00.0918 3576   Net Driver HPZ12 (f7c14f5077bf2bc476c348b88a7f74e2) C:\Windows\system32\HPZinw12.dll
17:38:00.0945 3576   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:38:00.0945 3576   Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:38:00.0967 3576   NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:38:01.0013 3576   NetBIOS - ok
17:38:01.0053 3576   NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
17:38:01.0093 3576   NetBT - ok
17:38:01.0113 3576   Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
franco75
Utente Senior
 
Post: 182
Iscritto il: 28/04/12 12:35

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi franco75 » 30/06/12 16:45

Continuo del Log.
Codice: Seleziona tutto
17:38:01.0131 3576   Netlogon - ok
17:38:01.0165 3576   Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
17:38:01.0215 3576   Netman - ok
17:38:01.0313 3576   NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:38:01.0342 3576   NetMsmqActivator - ok
17:38:01.0348 3576   NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:38:01.0362 3576   NetPipeActivator - ok
17:38:01.0402 3576   netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
17:38:01.0446 3576   netprofm - ok
17:38:01.0453 3576   NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:38:01.0467 3576   NetTcpActivator - ok
17:38:01.0474 3576   NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:38:01.0489 3576   NetTcpPortSharing - ok
17:38:01.0842 3576   NETw5s32        (a520aed8926ad6185031b9b18f55397e) C:\Windows\system32\DRIVERS\NETw5s32.sys
17:38:01.0949 3576   NETw5s32 - ok
17:38:02.0536 3576   netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
17:38:02.0617 3576   netw5v32 - ok
17:38:03.0210 3576   NETwNs32        (aecf4344a771231d538ed7d6080f0a38) C:\Windows\system32\DRIVERS\NETwNs32.sys
17:38:03.0345 3576   NETwNs32 - ok
17:38:03.0443 3576   nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:38:03.0459 3576   nfrd960 - ok
17:38:03.0558 3576   NIS             (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
17:38:03.0590 3576   NIS - ok
17:38:03.0655 3576   NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
17:38:03.0706 3576   NlaSvc - ok
17:38:03.0747 3576   nmwcd           (f6c40e0a565ee3ce5aeeb325e10054f2) C:\Windows\system32\drivers\ccdcmb.sys
17:38:03.0857 3576   nmwcd - ok
17:38:03.0878 3576   nmwcdc          (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\Windows\system32\drivers\ccdcmbo.sys
17:38:03.0934 3576   nmwcdc - ok
17:38:03.0959 3576   Norton PC Checkup Application Launcher - ok
17:38:03.0976 3576   Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:38:04.0021 3576   Npfs - ok
17:38:04.0053 3576   nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
17:38:04.0101 3576   nsi - ok
17:38:04.0128 3576   nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:38:04.0168 3576   nsiproxy - ok
17:38:04.0282 3576   Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
17:38:04.0316 3576   Ntfs - ok
17:38:04.0381 3576   NTI IScheduleSvc (944e3911888b9fffd843b91c8abbd3f6) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
17:38:04.0403 3576   NTI IScheduleSvc - ok
17:38:04.0429 3576   NTIBackupSvc    (973dcb15731339fca176e534055cf115) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
17:38:04.0442 3576   NTIBackupSvc - ok
17:38:04.0609 3576   NTIDrvr         (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys
17:38:04.0638 3576   NTIDrvr - ok
17:38:04.0678 3576   NTISchedulerSvc (58751f9248d50bce1053976c9e2f0859) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
17:38:04.0690 3576   NTISchedulerSvc - ok
17:38:04.0723 3576   Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:38:04.0764 3576   Null - ok
17:38:04.0803 3576   NVHDA           (5942c96a3ac3029490961949f9009344) C:\Windows\system32\drivers\nvhda32v.sys
17:38:04.0816 3576   NVHDA - ok
17:38:05.0456 3576   nvlddmkm        (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:38:05.0649 3576   nvlddmkm - ok
17:38:05.0838 3576   nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
17:38:05.0872 3576   nvraid - ok
17:38:05.0902 3576   nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
17:38:05.0919 3576   nvstor - ok
17:38:05.0986 3576   nvsvc           (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
17:38:06.0011 3576   nvsvc - ok
17:38:06.0031 3576   nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
17:38:06.0047 3576   nv_agp - ok
17:38:06.0076 3576   ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
17:38:06.0108 3576   ohci1394 - ok
17:38:06.0167 3576   p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:38:06.0213 3576   p2pimsvc - ok
17:38:06.0258 3576   p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
17:38:06.0279 3576   p2psvc - ok
17:38:06.0316 3576   Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:38:06.0360 3576   Parport - ok
17:38:06.0388 3576   partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
17:38:06.0404 3576   partmgr - ok
17:38:06.0425 3576   Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:38:06.0455 3576   Parvdm - ok
17:38:06.0479 3576   PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
17:38:06.0506 3576   PcaSvc - ok
17:38:06.0535 3576   pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
17:38:06.0561 3576   pccsmcfd - ok
17:38:06.0632 3576   PCCUJobMgr      (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
17:38:06.0657 3576   PCCUJobMgr - ok
17:38:06.0716 3576   pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
17:38:06.0738 3576   pci - ok
17:38:06.0768 3576   pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
17:38:06.0783 3576   pciide - ok
17:38:06.0818 3576   pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:38:06.0836 3576   pcmcia - ok
17:38:06.0854 3576   pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:38:06.0869 3576   pcw - ok
17:38:06.0917 3576   PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:38:06.0966 3576   PEAUTH - ok
17:38:07.0115 3576   pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
17:38:07.0178 3576   pla - ok
17:38:07.0303 3576   PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
17:38:07.0348 3576   PlugPlay - ok
17:38:07.0379 3576   Pml Driver HPZ12 (e638656001c52a1faa34f92e6d3a086b) C:\Windows\system32\HPZipm12.dll
17:38:07.0385 3576   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:38:07.0385 3576   Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:38:07.0427 3576   PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
17:38:07.0510 3576   PNRPAutoReg - ok
17:38:07.0546 3576   PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:38:07.0566 3576   PNRPsvc - ok
17:38:07.0618 3576   Point32         (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
17:38:07.0631 3576   Point32 - ok
17:38:07.0693 3576   PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
17:38:07.0751 3576   PolicyAgent - ok
17:38:07.0804 3576   Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
17:38:07.0838 3576   Power - ok
17:38:07.0866 3576   PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:38:07.0897 3576   PptpMiniport - ok
17:38:07.0932 3576   Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:38:07.0958 3576   Processor - ok
17:38:08.0002 3576   ProfSvc         (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
17:38:08.0093 3576   ProfSvc - ok
17:38:08.0137 3576   ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:38:08.0158 3576   ProtectedStorage - ok
17:38:08.0188 3576   Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:38:08.0220 3576   Psched - ok
17:38:08.0333 3576   ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:38:08.0371 3576   ql2300 - ok
17:38:08.0539 3576   ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:38:08.0560 3576   ql40xx - ok
17:38:08.0600 3576   QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
17:38:08.0639 3576   QWAVE - ok
17:38:08.0662 3576   QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:38:08.0682 3576   QWAVEdrv - ok
17:38:08.0700 3576   RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:38:08.0754 3576   RasAcd - ok
17:38:08.0790 3576   RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:38:08.0835 3576   RasAgileVpn - ok
17:38:08.0869 3576   RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
17:38:08.0914 3576   RasAuto - ok
17:38:08.0940 3576   Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:38:08.0983 3576   Rasl2tp - ok
17:38:09.0059 3576   RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
17:38:09.0103 3576   RasMan - ok
17:38:09.0147 3576   RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:38:09.0196 3576   RasPppoe - ok
17:38:09.0216 3576   RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:38:09.0263 3576   RasSstp - ok
17:38:09.0301 3576   rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
17:38:09.0339 3576   rdbss - ok
17:38:09.0362 3576   rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:38:09.0396 3576   rdpbus - ok
17:38:09.0429 3576   RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:38:09.0469 3576   RDPCDD - ok
17:38:09.0507 3576   RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:38:09.0547 3576   RDPENCDD - ok
17:38:09.0571 3576   RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:38:09.0614 3576   RDPREFMP - ok
17:38:09.0662 3576   RDPWD           (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
17:38:09.0720 3576   RDPWD - ok
17:38:09.0771 3576   rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
17:38:09.0788 3576   rdyboost - ok
17:38:09.0820 3576   RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
17:38:09.0866 3576   RemoteAccess - ok
17:38:09.0897 3576   RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
17:38:09.0931 3576   RemoteRegistry - ok
17:38:09.0972 3576   RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
17:38:10.0003 3576   RFCOMM - ok
17:38:10.0026 3576   RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
17:38:10.0059 3576   RpcEptMapper - ok
17:38:10.0078 3576   RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
17:38:10.0107 3576   RpcLocator - ok
17:38:10.0152 3576   RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:38:10.0186 3576   RpcSs - ok
17:38:10.0222 3576   rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:38:10.0253 3576   rspndr - ok
17:38:10.0296 3576   RSUSBSTOR       (2ee8660902436d0c1e543987bec13ebe) C:\Windows\system32\Drivers\RtsUStor.sys
17:38:10.0320 3576   RSUSBSTOR ( UnsignedFile.Multi.Generic ) - warning
17:38:10.0320 3576   RSUSBSTOR - detected UnsignedFile.Multi.Generic (1)
17:38:10.0359 3576   RTLWUSB         (691db86b09e13ca5d3e8881141738cc5) C:\Windows\system32\DRIVERS\wg111v2.sys
17:38:10.0389 3576   RTLWUSB - ok
17:38:10.0413 3576   RTSTOR          (9b09f336de36a7a6ca871de8a7847b65) C:\Windows\system32\drivers\RTSTOR.SYS
17:38:10.0455 3576   RTSTOR - ok
17:38:10.0465 3576   RtsUIR - ok
17:38:10.0491 3576   SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:38:10.0508 3576   SamSs - ok
17:38:10.0554 3576   SASDIFSV        (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:38:10.0580 3576   SASDIFSV - ok
17:38:10.0609 3576   SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:38:10.0621 3576   SASKUTIL - ok
17:38:10.0658 3576   sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
17:38:10.0674 3576   sbp2port - ok
17:38:10.0716 3576   SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
17:38:10.0766 3576   SCardSvr - ok
17:38:10.0803 3576   scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
17:38:10.0851 3576   scfilter - ok
17:38:10.0985 3576   Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
17:38:11.0054 3576   Schedule - ok
17:38:11.0099 3576   SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:38:11.0130 3576   SCPolicySvc - ok
17:38:11.0178 3576   SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
17:38:11.0223 3576   SDRSVC - ok
17:38:11.0251 3576   secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:38:11.0282 3576   secdrv - ok
17:38:11.0315 3576   seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
17:38:11.0357 3576   seclogon - ok
17:38:11.0390 3576   SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
17:38:11.0432 3576   SENS - ok
17:38:11.0461 3576   SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
17:38:11.0485 3576   SensrSvc - ok
17:38:11.0505 3576   Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:38:11.0522 3576   Serenum - ok
17:38:11.0541 3576   Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
17:38:11.0565 3576   Serial - ok
17:38:11.0590 3576   sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:38:11.0619 3576   sermouse - ok
17:38:11.0766 3576   ServiceLayer    (c15b813f2fdb44f87f23312472c6e790) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
17:38:11.0791 3576   ServiceLayer - ok
17:38:11.0848 3576   SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
17:38:11.0879 3576   SessionEnv - ok
17:38:11.0910 3576   sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
17:38:11.0928 3576   sffdisk - ok
17:38:11.0946 3576   sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
17:38:11.0972 3576   sffp_mmc - ok
17:38:11.0994 3576   sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
17:38:12.0015 3576   sffp_sd - ok
17:38:12.0045 3576   sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:38:12.0084 3576   sfloppy - ok
17:38:12.0134 3576   SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
17:38:12.0169 3576   SharedAccess - ok
17:38:12.0239 3576   ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
17:38:12.0284 3576   ShellHWDetection - ok
17:38:12.0341 3576   sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
17:38:12.0357 3576   sisagp - ok
17:38:12.0381 3576   SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:38:12.0396 3576   SiSRaid2 - ok
17:38:12.0422 3576   SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:38:12.0438 3576   SiSRaid4 - ok
17:38:12.0852 3576   Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:38:12.0918 3576   Skype C2C Service - ok
17:38:12.0976 3576   SkypeUpdate     (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe
17:38:12.0989 3576   SkypeUpdate - ok
17:38:13.0162 3576   Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:38:13.0213 3576   Smb - ok
17:38:13.0255 3576   SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
17:38:13.0274 3576   SNMPTRAP - ok
17:38:13.0398 3576   SNP2UVC         (fa8a150623ed0e99b8e4f5cc3d57968b) C:\Windows\system32\DRIVERS\snp2uvc.sys
17:38:13.0437 3576   SNP2UVC - ok
17:38:13.0580 3576   speedfan        (3fa2e254bfbce52b3c6f1bf23aab6911) C:\Windows\system32\speedfan.sys
17:38:13.0596 3576   speedfan - ok
17:38:13.0635 3576   spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:38:13.0650 3576   spldr - ok
17:38:13.0711 3576   Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
17:38:13.0754 3576   Spooler - ok
17:38:13.0988 3576   sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
17:38:14.0056 3576   sppsvc - ok
17:38:14.0198 3576   sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
17:38:14.0253 3576   sppuinotify - ok
17:38:14.0321 3576   SQLWriter       (8e6e5cfa06769a417b03fd6faa29e010) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:38:14.0340 3576   SQLWriter - ok
17:38:14.0490 3576   SRTSP           (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\System32\Drivers\NIS\1307010.005\SRTSP.SYS
17:38:14.0515 3576   SRTSP - ok
17:38:14.0538 3576   SRTSPX          (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\NIS\1307010.005\SRTSPX.SYS
17:38:14.0550 3576   SRTSPX - ok
17:38:14.0594 3576   srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
17:38:14.0640 3576   srv - ok
17:38:14.0681 3576   srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
17:38:14.0710 3576   srv2 - ok
17:38:14.0744 3576   srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
17:38:14.0768 3576   srvnet - ok
17:38:14.0811 3576   SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
17:38:14.0870 3576   SSDPSRV - ok
17:38:14.0898 3576   SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
17:38:14.0940 3576   SstpSvc - ok
17:38:14.0976 3576   stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:38:14.0996 3576   stexstor - ok
17:38:15.0078 3576   StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
17:38:15.0105 3576   StiSvc - ok
17:38:15.0138 3576   swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
17:38:15.0153 3576   swenum - ok
17:38:15.0193 3576   swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
17:38:15.0246 3576   swprv - ok
17:38:15.0349 3576   SymDS           (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1307010.005\SYMDS.SYS
17:38:15.0370 3576   SymDS - ok
17:38:15.0464 3576   SymEFA          (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\NIS\1307010.005\SYMEFA.SYS
17:38:15.0491 3576   SymEFA - ok
17:38:15.0531 3576   SymEvent        (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS
17:38:15.0545 3576   SymEvent - ok
17:38:15.0575 3576   SymIM           (6e3ad51710cb4a27ea70adf685fca4ca) C:\Windows\system32\DRIVERS\SymIMv.sys
17:38:15.0587 3576   SymIM - ok
17:38:15.0609 3576   SymIRON         (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\NIS\1307010.005\Ironx86.SYS
17:38:15.0622 3576   SymIRON - ok
17:38:15.0648 3576   SymNetS         (3ee215d6fe821e3edf0f7134d9ae905a) C:\Windows\System32\Drivers\NIS\1307010.005\SYMNETS.SYS
17:38:15.0664 3576   SymNetS - ok
17:38:15.0717 3576   SynTP           (219aa9ff531490c51e766bd0d3e481cb) C:\Windows\system32\DRIVERS\SynTP.sys
17:38:15.0735 3576   SynTP - ok
17:38:15.0835 3576   SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
17:38:15.0882 3576   SysMain - ok
17:38:15.0919 3576   TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
17:38:15.0942 3576   TabletInputService - ok
17:38:15.0998 3576   tap0901         (1e89de7a4fb7a854ebb241d0aa8996dd) C:\Windows\system32\DRIVERS\tap0901.sys
17:38:16.0034 3576   tap0901 - ok
17:38:16.0098 3576   TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
17:38:16.0143 3576   TapiSrv - ok
17:38:16.0176 3576   TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
17:38:16.0217 3576   TBS - ok
17:38:16.0327 3576   Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
17:38:16.0362 3576   Tcpip - ok
17:38:16.0381 3576   TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
17:38:16.0418 3576   TCPIP6 - ok
17:38:16.0462 3576   tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
17:38:16.0492 3576   tcpipreg - ok
17:38:16.0529 3576   TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
17:38:16.0559 3576   TDPIPE - ok
17:38:16.0583 3576   TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
17:38:16.0599 3576   TDTCP - ok
17:38:16.0636 3576   tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
17:38:16.0684 3576   tdx - ok
17:38:16.0719 3576   TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
17:38:16.0735 3576   TermDD - ok
17:38:16.0797 3576   TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
17:38:16.0833 3576   TermService - ok
17:38:16.0842 3576   TfFsMon - ok
17:38:16.0853 3576   TfNetMon - ok
17:38:16.0863 3576   TFSysMon - ok
17:38:16.0896 3576   Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
17:38:16.0918 3576   Themes - ok
17:38:16.0956 3576   THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:38:16.0988 3576   THREADORDER - ok
17:38:17.0069 3576   TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
17:38:17.0094 3576   TomTomHOMEService - ok
17:38:17.0121 3576   TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
17:38:17.0155 3576   TrkWks - ok
17:38:17.0222 3576   TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
17:38:17.0274 3576   TrustedInstaller - ok
17:38:17.0308 3576   tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:38:17.0354 3576   tssecsrv - ok
17:38:17.0384 3576   TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
17:38:17.0424 3576   TsUsbFlt - ok
17:38:17.0463 3576   tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
17:38:17.0501 3576   tunnel - ok
17:38:17.0534 3576   uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:38:17.0550 3576   uagp35 - ok
17:38:17.0583 3576   UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
17:38:17.0595 3576   UBHelper - ok
17:38:17.0639 3576   udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
17:38:17.0684 3576   udfs - ok
17:38:17.0730 3576   UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
17:38:17.0756 3576   UI0Detect - ok
17:38:17.0794 3576   uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
17:38:17.0810 3576   uliagpkx - ok
17:38:17.0845 3576   umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
17:38:17.0862 3576   umbus - ok
17:38:17.0911 3576   UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:38:17.0939 3576   UmPass - ok
17:38:17.0998 3576   upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
17:38:18.0064 3576   upnphost - ok
17:38:18.0088 3576   upperdev        (47f5f9d837d80ffd5882a14db9da0a67) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
17:38:18.0130 3576   upperdev - ok
17:38:18.0169 3576   usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
17:38:18.0188 3576   usbaudio - ok
17:38:18.0198 3576   usbbus - ok
17:38:18.0231 3576   usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
17:38:18.0261 3576   usbccgp - ok
17:38:18.0270 3576   USBCCID - ok
17:38:18.0302 3576   usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
17:38:18.0321 3576   usbcir - ok
17:38:18.0330 3576   UsbDiag - ok
17:38:18.0359 3576   usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
17:38:18.0375 3576   usbehci - ok
17:38:18.0431 3576   usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
17:38:18.0449 3576   usbhub - ok
17:38:18.0458 3576   USBModem - ok
17:38:18.0505 3576   usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
17:38:18.0540 3576   usbohci - ok
17:38:18.0575 3576   usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:38:18.0593 3576   usbprint - ok
17:38:18.0626 3576   usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
17:38:18.0645 3576   usbscan - ok
17:38:18.0677 3576   usbser          (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
17:38:18.0705 3576   usbser - ok
17:38:18.0730 3576   UsbserFilt      (e44f0d17be0908b58dcc99ccb99c6c32) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
17:38:18.0775 3576   UsbserFilt - ok
17:38:18.0826 3576   USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:38:18.0882 3576   USBSTOR - ok
17:38:18.0916 3576   usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
17:38:18.0944 3576   usbuhci - ok
17:38:18.0982 3576   usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
17:38:19.0002 3576   usbvideo - ok
17:38:19.0044 3576   UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
17:38:19.0090 3576   UxSms - ok
17:38:19.0114 3576   VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:38:19.0130 3576   VaultSvc - ok
17:38:19.0149 3576   vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
17:38:19.0164 3576   vdrvroot - ok
17:38:19.0224 3576   vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
17:38:19.0261 3576   vds - ok
17:38:19.0288 3576   vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:38:19.0325 3576   vga - ok
17:38:19.0345 3576   VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:38:19.0378 3576   VgaSave - ok
17:38:19.0419 3576   vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
17:38:19.0436 3576   vhdmp - ok
17:38:19.0457 3576   viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
17:38:19.0473 3576   viaagp - ok
17:38:19.0497 3576   ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:38:19.0525 3576   ViaC7 - ok
17:38:19.0545 3576   viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
17:38:19.0561 3576   viaide - ok
17:38:19.0587 3576   volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
17:38:19.0603 3576   volmgr - ok
17:38:19.0643 3576   volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:38:19.0663 3576   volmgrx - ok
17:38:19.0723 3576   volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
17:38:19.0742 3576   volsnap - ok
17:38:19.0771 3576   vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:38:19.0788 3576   vsmraid - ok
17:38:19.0878 3576   VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
17:38:19.0921 3576   VSS - ok
17:38:20.0144 3576   vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
17:38:20.0178 3576   vToolbarUpdater11.1.0 - ok
17:38:20.0344 3576   vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
17:38:20.0387 3576   vwifibus - ok
17:38:20.0412 3576   vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
17:38:20.0433 3576   vwififlt - ok
17:38:20.0454 3576   vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
17:38:20.0474 3576   vwifimp - ok
17:38:20.0525 3576   W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
17:38:20.0561 3576   W32Time - ok
17:38:20.0589 3576   WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:38:20.0631 3576   WacomPen - ok
17:38:20.0672 3576   WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:38:20.0702 3576   WANARP - ok
17:38:20.0711 3576   Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:38:20.0740 3576   Wanarpv6 - ok
17:38:20.0860 3576   WatAdminSvc     (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
17:38:20.0898 3576   WatAdminSvc - ok
17:38:21.0003 3576   wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
17:38:21.0056 3576   wbengine - ok
17:38:21.0092 3576   WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
17:38:21.0122 3576   WbioSrvc - ok
17:38:21.0284 3576   WCMVCAM         (70ff13d0c853acea859737ec8a8d220f) C:\Windows\system32\DRIVERS\wcmvcam.sys
17:38:21.0336 3576   WCMVCAM - ok
17:38:21.0389 3576   wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
17:38:21.0414 3576   wcncsvc - ok
17:38:21.0440 3576   WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
17:38:21.0465 3576   WcsPlugInService - ok
17:38:21.0501 3576   Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:38:21.0516 3576   Wd - ok
17:38:21.0575 3576   Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:38:21.0597 3576   Wdf01000 - ok
17:38:21.0624 3576   WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:38:21.0668 3576   WdiServiceHost - ok
17:38:21.0677 3576   WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:38:21.0699 3576   WdiSystemHost - ok
17:38:21.0753 3576   WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
17:38:21.0790 3576   WebClient - ok
17:38:21.0828 3576   Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
17:38:21.0877 3576   Wecsvc - ok
17:38:21.0905 3576   wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
17:38:21.0937 3576   wercplsupport - ok
17:38:21.0963 3576   WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
17:38:21.0996 3576   WerSvc - ok
17:38:22.0025 3576   WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:38:22.0056 3576   WfpLwf - ok
17:38:22.0075 3576   WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:38:22.0090 3576   WIMMount - ok
17:38:22.0212 3576   WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
17:38:22.0259 3576   WinDefend - ok
17:38:22.0286 3576   WinHttpAutoProxySvc - ok
17:38:22.0359 3576   Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
17:38:22.0403 3576   Winmgmt - ok
17:38:22.0517 3576   WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
17:38:22.0563 3576   WinRM - ok
17:38:22.0631 3576   WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
17:38:22.0649 3576   WinUsb - ok
17:38:22.0741 3576   Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
17:38:22.0779 3576   Wlansvc - ok
17:38:22.0898 3576   wlcrasvc        (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:38:22.0917 3576   wlcrasvc - ok
17:38:23.0163 3576   wlidsvc         (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:38:23.0216 3576   wlidsvc - ok
17:38:23.0379 3576   WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
17:38:23.0408 3576   WmiAcpi - ok
17:38:23.0534 3576   wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
17:38:23.0598 3576   wmiApSrv - ok
17:38:23.0803 3576   WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:38:23.0856 3576   WMPNetworkSvc - ok
17:38:23.0992 3576   WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
17:38:24.0049 3576   WPCSvc - ok
17:38:24.0086 3576   WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
17:38:24.0110 3576   WPDBusEnum - ok
17:38:24.0158 3576   ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:38:24.0196 3576   ws2ifsl - ok
17:38:24.0223 3576   wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
17:38:24.0290 3576   wscsvc - ok
17:38:24.0303 3576   WSearch - ok
17:38:24.0462 3576   wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
17:38:24.0509 3576   wuauserv - ok
17:38:24.0689 3576   WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
17:38:24.0737 3576   WudfPf - ok
17:38:24.0770 3576   WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:38:24.0800 3576   WUDFRd - ok
17:38:24.0830 3576   wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
17:38:24.0874 3576   wudfsvc - ok
17:38:24.0923 3576   WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
17:38:24.0954 3576   WwanSvc - ok
17:38:25.0060 3576   MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:38:25.0573 3576   \Device\Harddisk0\DR0 - ok
17:38:25.0581 3576   MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
17:38:28.0192 3576   \Device\Harddisk1\DR1 - ok
17:38:28.0200 3576   Boot (0x1200)   (f03e469bf252a68f9faf914feaa2a0a2) \Device\Harddisk0\DR0\Partition0
17:38:28.0202 3576   \Device\Harddisk0\DR0\Partition0 - ok
17:38:28.0213 3576   Boot (0x1200)   (09748f86a80f31de2fd84e188ef4dd4a) \Device\Harddisk1\DR1\Partition0
17:38:28.0217 3576   \Device\Harddisk1\DR1\Partition0 - ok
17:38:28.0222 3576   ============================================================
17:38:28.0222 3576   Scan finished
17:38:28.0222 3576   ============================================================
17:38:28.0238 3116   Detected object count: 11
17:38:28.0238 3116   Actual detected object count: 11
17:38:47.0966 3116   giveio ( UnsignedFile.Multi.Generic ) - skipped by user
17:38:47.0966 3116   giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:38:47.0967 3116   hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
17:38:47.0967 3116   hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:38:47.0969 3116   hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:38:47.0969 3116   hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:38:47.0971 3116   HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
17:38:47.0971 3116   HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:38:47.0972 3116   KBFiltr ( UnsignedFile.Multi.Generic ) - skipped by user
17:38:47.0973 3116   KBFiltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:38:47.0975 3116   McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
17:38:47.0975 3116   McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:38:47.0977 3116   MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
17:38:47.0977 3116   MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:38:48.0001 3116   MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
17:38:48.0001 3116   MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:38:48.0002 3116   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:38:48.0003 3116   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:38:48.0004 3116   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:38:48.0004 3116   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:38:48.0006 3116   RSUSBSTOR ( UnsignedFile.Multi.Generic ) - skipped by user
17:38:48.0006 3116   RSUSBSTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip
franco75
Utente Senior
 
Post: 182
Iscritto il: 28/04/12 12:35

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi FrancescoFDAC » 01/07/12 09:37

Ciao. Segui questa guida (5 step) in inglese, se hai problemi, traduci pure con Google Translate.

http://www.techspot.com/community/topic ... ons.58138/

Quindi:
Scarica aswMBR: http://public.avast.com/~gmerek/aswMBR.exe
● posiziona il file scaricato sul Desktop
● avvia il programma con un doppio click
● rispondi no alla richiesta del programma di installare Avast! Free:

This application can use the Avast! Free Antivirus for scanning.
It is recommended to download it for bettere detection results.

Would you like to download latest Avast! virus definitions?
● clicca sul pulsante Scan
● attendi pazientemente il termine della scansione
● clicca sul pulsante Save Log
●clicca sul pulsante Exit
● Are you sure you want to exit the program?
clicca Sì
● salva il risultato del programma sul Desktop
● comparirà un messaggio di avvenuto salvataggio: clicca su OK
● allega il Report del programma

sul desktop troverai i files:
aswMBR.txt è il log appena creato
MBR.dat è una copia del contenuto dell'MBR del tuo disco fisso
zippali in unico file e postalo secondo le solite modalità

Nota: riguardo al programma:
● per lanciare aswMBR su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come amministratore: conferma quindi la richiesta che ti viene proposta.

Scarica Bootkit Remover: http://www.smartestcomputing.us.com/fil ... t-remover/
decomprimi il contenuto della cartella bootkit_remover.rar
● posiziona il file remover.exe sul Desktop
● doppio click su Remover
● verrà mostrata una finestra DOS: riporta quello che c'è scritto sotto MBR Status
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi franco75 » 01/07/12 13:19

ecco il primo log.
Codice: Seleziona tutto
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-01 14:18:43
-----------------------------
14:18:43.774    OS Version: Windows 6.1.7601 Service Pack 1
14:18:43.774    Number of processors: 2 586 0x1706
14:18:43.777    ComputerName: PC-FRANCO  UserName: FRANCO
14:18:46.578    Initialize success
14:18:58.119    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:18:58.124    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
14:18:58.139    Disk 0 MBR read successfully
14:18:58.146    Disk 0 MBR scan
14:18:58.154    Disk 0 Windows 7 default MBR code
14:18:58.172    Disk 0 Partition 1 00     27 Hidden NTFS WinRE MSDOS5.0    10000 MB offset 2048
14:18:58.203    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       466938 MB offset 20482048
14:18:58.216    Disk 0 scanning sectors +976771072
14:18:58.301    Disk 0 scanning C:\Windows\system32\drivers
14:19:08.230    Service scanning
14:19:31.721    Modules scanning
14:19:42.690    Disk 0 trace - called modules:
14:19:42.712    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
14:19:42.717    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88d9f030]
14:19:42.724    3 CLASSPNP.SYS[8c3d159e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86ac7028]
14:19:42.731    Scan finished successfully
14:21:07.250    Disk 0 MBR has been saved successfully to "C:\Users\FRANCO\Desktop\MBR.dat"
14:21:07.257    The log file has been saved successfully to "C:\Users\FRANCO\Desktop\aswMBR.txt"


franco75
Utente Senior
 
Post: 182
Iscritto il: 28/04/12 12:35

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi franco75 » 01/07/12 13:42

Risultato bootkit remover non so se ho fatto tutto come hai richiesto.
Boot code on some of your physical discks is hidden by a rootkit.
To disinfect the master boot sector use the following command remover.exe
fix <device_name>
To inspect the boot code manually,dump the master boot sectoor.
remover.exe dump <device_name> [output_file]
franco75
Utente Senior
 
Post: 182
Iscritto il: 28/04/12 12:35

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi franco75 » 01/07/12 15:27

Ciao FDAC. non capito bene che dovevo eseguire i 5 step di 4 li ho eseguiti ti posto i log.
Codice: Seleziona tutto
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.5.1
Run by FRANCO at 16:16:21 on 2012-07-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.3067.1577 [GMT 2:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton Identity Safe\Engine\2012.6.0.72\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Norton Identity Safe\Engine\2012.6.0.72\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\snuvcdsm.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Intel\Bluetooth\mediasrv.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\PROGRA~1\COMMON~1\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.virgilio.it/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=IT&userid=55d480d9-f7f4-414e-bc14-9a23e15c633f&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.7.1.5\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Norton Identity Protection: {ab4c7833-a6ec-433f-b9fe-6b14b1a2f836} - c:\program files\norton identity safe\engine\2012.6.0.72\coIEPlg.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll
TB: Norton Identity Safe Toolbar: {a13c2648-91d4-4bf3-bc6d-0079707c4389} - c:\program files\norton identity safe\engine\2012.6.0.72\coIEPlg.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {3D8F0570-BCA7-4009-ABB4-BAFB07A49E4F} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [NokiaSuite.exe] c:\program files\nokia\nokia suite\NokiaSuite.exe -tray
mRun: [SNUVCDSM] c:\windows\snuvcdsm.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [BTMTrayAgent] rundll32.exe "c:\program files\intel\bluetooth\btmshell.dll",TrayApp
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PLFSetI] c:\windows\PLFSetI.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.3
TCP: Interfaces\{04C826DA-126A-459B-9424-94C766EA606F} : NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{09F54451-697F-4C97-9199-9789DF48F2D8} : NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{31AB7A5C-8E41-4729-8164-EC489778AD1A} : NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{34F6317E-4A40-4BD5-A906-F00C9AEB6D45} : NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{34F6317E-4A40-4BD5-A906-F00C9AEB6D45} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{840E4623-DEFE-4F37-A326-C5F64FFE446A} : NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{A8BD4204-D72A-40D3-8225-45E828E22E77} : NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773} : DhcpNameServer = 192.168.1.3
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\078696C6960737F596E6374716C6C6 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\078696C6960737F596E6374716C6C6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\4496769636F6D6642716E636F6 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\4496769636F6D6642716E636F6 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\4496769636F6D6F5135303 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\4496769636F6D6F5135303 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C416023616371602469602479647479702 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C416023616371602469602479647479702 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C4160236163716024696024797474797 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C4160236163716024696024797474797 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C41602361637160246960247974747970223 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C41602361637160246960247974747970233 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C41602361637160246960247974747970233 : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C496265627F675966496 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C496265627F675966496 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856} : NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{C7DB716E-9D93-4CD8-8D3D-71530EF94EED} : DhcpNameServer = 192.168.1.3
TCP: Interfaces\{C7DB716E-9D93-4CD8-8D3D-71530EF94EED}\C416023616371602469602479747479702 : DhcpNameServer = 192.168.1.3
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\program files\widcomm\bluetooth software\BtwProximityCP.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\franco\appdata\roaming\mozilla\firefox\profiles\78x8kk0b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.virgilio.it
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\common~1\nero\browserplugin\npBrowserPlugin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.1.0\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\nokia\nokia suite\npNokiaSuiteEnabler.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-4-27 44184]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1307010.005\symds.sys [2012-5-23 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1307010.005\symefa.sys [2012-5-23 905336]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.0.145\definitions\bashdefs\20120619.001\BHDrvx86.sys [2012-6-19 821920]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys [2012-5-23 132744]
R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\nst\7dc06000.048\ccSetx86.sys [2012-5-23 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.0.145\definitions\ipsdefs\20120629.001\IDSvix86.sys [2012-6-30 382624]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1307010.005\ironx86.sys [2012-5-23 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1307010.005\symnets.sys [2012-5-23 318584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files\intel\bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\intel\bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-2-25 75048]
R2 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-10 39272]
R2 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2012-5-3 13592]
R2 Live Updater Service;Live Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2012-6-24 255376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-21 654408]
R2 NCO;Norton Identity Safe;c:\program files\norton identity safe\engine\2012.6.0.72\ccSvcHst.exe [2012-5-23 138232]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.7.1.5\ccsvchst.exe [2012-5-23 138232]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [2012-6-16 131512]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-4-11 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.8.13\ccSvcHst.exe [2011-9-17 126392]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-6-19 3048136]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-12 935480]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\intel\bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\drivers\btmaux.sys [2011-3-8 40960]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2011-5-6 504360]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-5-6 33832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-31 106656]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2012-6-1 375336]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-21 22344]
R3 NETwNs32;___ Driver scheda Intel(R) Wireless WiFi Link 5000 Series per Windows 7 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2012-3-2 7523840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-1-22 52768]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-5-4 190464]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Servizio di Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\wcmvcam.sys [2012-4-15 1068216]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-8 250056]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]
S3 AVerAF15DMBTH;AVerMedia A850 USB;c:\windows\system32\drivers\AVerAF15DMBTH.sys [2012-6-24 487168]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\drivers\btwdpan.sys [2011-10-15 76328]
S3 gupdatem;Servizio Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2012-1-11 32000]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2012-2-22 22400]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-19 113120]
S3 NETw5s32;Driver scheda Intel(R) Wireless WiFi Link 5000 Series per Windows 7 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-6-15 6766080]
S3 netw5v32;Driver scheda Intel(R) Wireless WiFi Link serie 5000 per Windows Vista a 32 bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-3-27 167808]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-1 52224]
S3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-18 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-06-29 18:18:39   --------   d-sh--w-   C:\$RECYCLE.BIN
2012-06-29 17:59:50   98816   ----a-w-   c:\windows\sed.exe
2012-06-29 17:59:50   518144   ----a-w-   c:\windows\SWREG.exe
2012-06-29 17:59:50   256000   ----a-w-   c:\windows\PEV.exe
2012-06-29 17:59:50   208896   ----a-w-   c:\windows\MBR.exe
2012-06-26 11:22:19   8362   ----a-w-   c:\windows\Suyin.reg
2012-06-26 11:22:19   626688   ----a-w-   c:\windows\Image.dll
2012-06-26 11:22:19   20480   ----a-w-   c:\windows\USB_VIDEO_REG.exe
2012-06-26 11:22:19   200704   ----a-w-   c:\windows\PLFSetI.exe
2012-06-26 11:22:19   1658880   ----a-w-   c:\windows\Acer Crystal Eye webcam.EXE
2012-06-26 11:01:06   --------   d-----w-   c:\programdata\blekko toolbars
2012-06-26 11:00:20   --------   d-----w-   c:\users\franco\appdata\roaming\OpenCandy
2012-06-26 11:00:20   --------   d-----w-   c:\program files\Phyxion.net
2012-06-24 19:06:03   --------   d-----w-   c:\programdata\Acer
2012-06-24 19:05:49   --------   d-----w-   C:\OEM
2012-06-24 15:52:49   487168   ----a-w-   c:\windows\system32\drivers\AVerAF15DMBTH.sys
2012-06-23 19:52:21   --------   d-----w-   c:\users\franco\appdata\local\Macromedia
2012-06-23 19:46:00   --------   d-----w-   c:\program files\Oracle
2012-06-23 19:45:39   772504   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-06-22 10:27:51   2422272   ----a-w-   c:\windows\system32\wucltux.dll
2012-06-22 10:27:16   88576   ----a-w-   c:\windows\system32\wudriver.dll
2012-06-22 10:26:45   33792   ----a-w-   c:\windows\system32\wuapp.exe
2012-06-22 10:26:45   171904   ----a-w-   c:\windows\system32\wuwebv.dll
2012-06-19 15:35:14   4967624   ----a-w-   c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2012-06-16 19:55:41   --------   d-----w-   c:\users\franco\appdata\local\Chromium
2012-06-16 19:53:27   --------   d-----w-   c:\program files\Norton PC Checkup 3.0
2012-06-14 11:27:21   1158656   ----a-w-   c:\windows\system32\crypt32.dll
2012-06-14 11:27:20   140288   ----a-w-   c:\windows\system32\cryptsvc.dll
2012-06-14 11:27:20   103936   ----a-w-   c:\windows\system32\cryptnet.dll
2012-06-14 11:25:16   183808   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-06-14 11:20:15   2342400   ----a-w-   c:\windows\system32\msi.dll
2012-06-14 11:20:13   8192   ----a-w-   c:\windows\system32\rdrmemptylst.exe
2012-06-14 11:20:13   58880   ----a-w-   c:\windows\system32\rdpwsx.dll
2012-06-14 11:20:13   2343936   ----a-w-   c:\windows\system32\win32k.sys
2012-06-14 11:20:13   129536   ----a-w-   c:\windows\system32\rdpcorekmts.dll
2012-06-14 11:20:12   164352   ----a-w-   c:\windows\system32\profsvc.dll
2012-06-10 14:11:56   --------   d-----w-   c:\program files\PC Connectivity Solution
2012-06-05 18:05:10   770384   ----a-w-   c:\program files\mozilla firefox\msvcr100.dll
2012-06-05 18:05:10   421200   ----a-w-   c:\program files\mozilla firefox\msvcp100.dll
2012-06-03 08:39:43   --------   d-----w-   c:\users\franco\appdata\local\{F9117C97-135D-481C-9C75-D228D41A621E}
2012-06-03 08:39:31   --------   d-----w-   c:\users\franco\appdata\local\{E8D027D4-0C7C-4D5E-A574-4BD1EDF78306}
2012-06-03 08:07:12   --------   d-----w-   c:\users\franco\appdata\local\{3A3B5DD2-AB33-495C-AE4C-531127F96BB9}
2012-06-03 08:05:05   --------   d-----w-   c:\users\franco\appdata\local\{5049187D-D5D8-4D2B-9748-C52E3B4E3DDB}
2012-06-03 08:04:36   --------   d-----w-   c:\users\franco\appdata\local\{1C453A02-F6F8-40E0-A845-B78E919DA7D4}
2012-06-02 07:24:05   --------   d-----w-   c:\users\franco\DoctorWeb
2012-06-01 17:51:56   375336   ----a-w-   c:\windows\system32\drivers\k57nd60x.sys
.
==================== Find3M  ====================
.
2012-06-24 16:51:42   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2012-06-24 16:51:42   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2012-06-23 19:51:48   70344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 19:51:48   426184   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-05-24 21:18:40   4472832   ----a-w-   c:\windows\system32\GPhotos.scr
2012-05-23 17:41:07   141944   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2012-05-21 20:57:11   447208   ----a-w-   c:\windows\system32\drivers\avckf.sys
2012-05-17 22:45:37   1800192   ----a-w-   c:\windows\system32\jscript9.dll
2012-05-17 22:35:47   1129472   ----a-w-   c:\windows\system32\wininet.dll
2012-05-17 22:35:39   1427968   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-05-09 20:21:18   44184   ----a-w-   c:\windows\system32\drivers\fsbts.sys
2012-05-07 19:50:05   6656   ----a-w-   c:\windows\system32\bcmwlrc.dll
2012-05-06 10:46:02   504360   ----a-w-   c:\windows\system32\drivers\btwampfl.sys
2012-05-06 10:46:02   33832   ----a-w-   c:\windows\system32\drivers\btwl2cap.sys
2012-05-06 10:46:02   18728   ----a-w-   c:\windows\system32\drivers\btwrchid.sys
2012-05-06 10:46:02   175144   ----a-w-   c:\windows\system32\drivers\btwavdt.sys
2012-05-06 10:46:02   153128   ----a-w-   c:\windows\system32\drivers\btwaudio.sys
2012-05-04 17:29:16   687504   ----a-w-   c:\windows\system32\deployJava1.dll
2012-05-04 09:59:54   514560   ----a-w-   c:\windows\system32\qdvd.dll
2012-04-22 11:51:40   592896   ----a-w-   c:\windows\system32\drivers\umdf\PCCSWpdDriver.dll
2012-04-22 11:51:38   18816   ----a-w-   c:\windows\system32\drivers\pccsmcfd.sys
2012-04-19 02:50:26   24896   ----a-w-   c:\windows\system32\drivers\avgidshx.sys
2012-04-15 21:32:14   1068216   ----a-w-   c:\windows\system32\drivers\wcmvcam.sys
2012-04-13 12:28:50   149432   ----a-w-   c:\windows\SGDetectionTool.dll0530.old
2012-04-13 12:28:48   2271160   ----a-w-   c:\windows\PCTBDCore.dll0530.old
2012-04-13 12:28:30   767928   ----a-w-   c:\windows\BDTSupport.dll0530.old
2012-04-04 13:56:40   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD50 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x8364D000]<< >>UNKNOWN [0x8C3C8000]<< >>UNKNOWN [0x8C3B7000]<< >>UNKNOWN [0x8C006000]<< >>UNKNOWN [0x83616000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL;  }
1 ntkrnlpa!IofCallDriver[0x8368455A] -> \Device\Harddisk0\DR0[0x88D9DA20]
\Driver\Disk[0x88D9C030] -> IRP_MJ_CREATE -> 0x8C3CC39F
3 [0x8C3CC59E] -> ntkrnlpa!IofCallDriver[0x8368455A] -> \Device\Ide\IAAStorageDevice-1[0x86AC8028]
\Driver\iaStor[0x86EC40E0] -> IRP_MJ_CREATE -> 0x8C02D8FA
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0;  }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 16.17.16,10 ===============
Codice: Seleziona tutto
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 29/04/2011 18.40.28
System Uptime: 01/07/2012 15.56.56 (1 hours ago)
.
Motherboard: Acer            |  | JV50                           
Processor: Intel(R) Core(TM)2 Duo CPU     P7350  @ 2.00GHz | U2E1 | 800/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 345,604 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Scheda Microsoft Teredo Tunneling
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Scheda Microsoft Teredo Tunneling
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP780: 24/06/2012 17.42.08 - Installed A850T_AP.6.0.18.09122902_Drv_1.0.X.30_100628.exe by DriverEasy
RP782: 24/06/2012 17.43.08 - Configurato AVerTV
RP784: 24/06/2012 17.50.12 - Installato AVerTV
RP786: 24/06/2012 18.01.55 - Configurato AVerTV
RP788: 24/06/2012 18.04.00 - Installato AVerTV
RP790: 24/06/2012 18.20.26 - Configurato AVerTV
RP792: 24/06/2012 18.58.54 - Revo Uninstaller's restore point - Super Internet TV v8.1 (Free Edition)
RP794: 24/06/2012 19.04.17 - Revo Uninstaller's restore point - RealPlayer
RP796: 24/06/2012 21.05.01 - Installato Acer Updater
RP798: 24/06/2012 21.08.32 - Installato Acer Crystal Eye Webcam
RP800: 24/06/2012 21.12.00 - Installato Acer Crystal Eye Webcam
RP802: 24/06/2012 21.21.45 - Installato Acer Crystal Eye Webcam
RP804: 26/06/2012 13.03.14 - Revo Uninstaller's restore point - Driver Sweeper versione 3.2.0
RP806: 26/06/2012 13.11.47 - Rimosso Acer Crystal Eye Webcam
RP808: 26/06/2012 13.21.52 - Installato Acer Crystal Eye Webcam
RP810: 26/06/2012 20.05.59 - Revo Uninstaller's restore point - blekko search bar
RP812: 28/06/2012 19.52.56 - Revo Uninstaller's restore point - Driver Sweeper versione 3.2.0
RP814: 29/06/2012 20.47.46 - Revo Uninstaller's restore point - Linkury Smartbar
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4500_Help
8600_Help
8600_Readme
Acer Arcade Deluxe
Acer Backup Manager
Acer Crystal Eye Webcam
Acer eRecovery Management
Acer Product Registration
Acer ScreenSaver
Acer Updater
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) - Italiano
Adobe Shockwave Player 11.6
Androsa FileProtector
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 2.1.8
Ashampoo Burning Studio 2012 v10.0.15
µTorrent
Backup Manager Basic
Bibbia italiana
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
Broadcom 802.11 Network Adapter
Broadcom Gigabit NetLink Controller
BufferChm
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
Defraggler
Destinations
DeviceDiscovery
DocMgr
DocProc
Driver Genius Professional Edition
DriverEasy 3.11.3
Fax
File di supporto installazione di Microsoft SQL Server 2008
Google Earth
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
High-Definition Video Playback
HiJackThis
HP Officejet J4500 Series
HP Officejet Pro K8600
HP Product Detection
HP Smart Web Printing 4.60
HP Update
HPProductAssistant
HPSSupply
Installazione di Microsoft SQL Server 2008 R2 (Italiano)
Intel(R) Control Center
Intel(R) Processor ID Utility
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) Rapid Storage Technology
iTunes
J4500
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 7 Update 5
JavaFX 2.1.1
Jewel Quest Solitaire
Junk Mail filter update
K-Lite Mega Codec Pack 6.4.0
K8600_Basic
Launch Manager
Malwarebytes Anti-Malware versione 1.61.0.1400
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
Microsoft .NET Framework 4 Client Profile ITA Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended - Language Pack (ITA)
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft IntelliType Pro 8.2
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server Browser
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Web Platform Installer 3.0
Microsoft_VC100_CRT_SP1_x86
MobileMe Control Panel
Mozilla Firefox 13.0.1 (x86 it)
Mozilla Maintenance Service
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mz CPU Accelerator
Nero 10 Movie ThemePack Basic
Nero Core Components 10
Nero Dolby Files 10
Nero Update
NeroKwikMedia Help (CHM)
Network
Nokia Connectivity Cable Driver
Nokia Software Updater
Nokia Suite
Norton Bootable Recovery Tool Wizard
Norton Identity Safe
Norton Internet Security
Norton PC Checkup
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA Driver audio HD 1.3.12.0
NVIDIA Driver del controller 3D Vision 296.10
NVIDIA Driver grafico 296.10
NVIDIA Drivers
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
OGA Notifier 2.0.0048.0
OpenOffice.org 3.4
Pacchetto driver Windows - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
Pannello di controllo NVIDIA 296.10
PC Connectivity Solution
Philips SNU5600 Wireless USB Adapter 11b/g
Picasa 3
ProductContext
QuickTime
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.94
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Service Pack 1 per SQL Server 2008 R2 (KB2528583)
Skype Click to Call
Skype™ 5.9
SmartWebPrinting
SolutionCenter
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9
SQL Server 2008 R2 SP1 Common Files
SQL Server 2008 R2 SP1 Database Engine Services
SQL Server 2008 R2 SP1 Database Engine Shared
Sql Server Customer Experience Improvement Program
Status
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
System Requirements Lab for Intel
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
TuneUp Utilities Language Pack (it-IT)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 2.0.1
WebReg
WIDCOMM Bluetooth Software
Windows 7 Upgrade Advisor
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Movie Maker 2.6
Xvid Video Codec
.
==== End Of File ===========================
franco75
Utente Senior
 
Post: 182
Iscritto il: 28/04/12 12:35

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi franco75 » 01/07/12 15:29

Dei 5 step richiesto anche il Log. di malwarebytes.
Codice: Seleziona tutto
Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Versione database: v2012.07.01.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
FRANCO :: PC-FRANCO [amministratore]

Protezione: Disattivata

01/07/2012 16.23.12
mbam-log-2012-07-01 (16-23-12).txt

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 261449
Tempo impiegato: 7 minuti, 6 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)
franco75
Utente Senior
 
Post: 182
Iscritto il: 28/04/12 12:35

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi FrancescoFDAC » 01/07/12 16:15

Clicca sul pulsante Start
● scegli la voce Esegui
● copia ed incolla, nello spazio bianco, questa dicitura:
"%userprofile%\Desktop\remover.exe" fix \\.\PhysicalDrive0
● clicca OK
● la scansione dura pochissimo
● premi Invio per terminare il programma
riavvia il sistema

Una volta riavviato il sistema:
rifai la scansione con Remover.
● sotto MBR status dovresti trovare scritto, in verde:
OK <DOS/Win32 Boot Code Found>

Confermi?
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi franco75 » 01/07/12 16:20

FDAC. copio ed incollo su start non succede nulla..
franco75
Utente Senior
 
Post: 182
Iscritto il: 28/04/12 12:35

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi FrancescoFDAC » 01/07/12 16:24

Hai fatto prima questo step?

Scarica Bootkit Remover: http://www.smartestcomputing.us.com/fil ... t-remover/
● decomprimi il contenuto della cartella bootkit_remover.rar
● posiziona il file remover.exe sul Desktop
● doppio click su Remover
● verrà mostrata una finestra DOS: riporta quello che c'è scritto sotto MBR Status
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi franco75 » 01/07/12 16:31

Si ho eseguito prima i due step da te consigliati poi i 4 step,ma compare sempre la stessa dicitura del dos che ti ho posto prima.
franco75
Utente Senior
 
Post: 182
Iscritto il: 28/04/12 12:35

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi FrancescoFDAC » 01/07/12 16:40

● rifai la scansione con Remover.
● sotto MBR status dovresti trovare scritto, in verde:
OK <DOS/Win32 Boot Code Found>

Confermi?

FrancescoFDAC
Utente Senior

Messaggi: 773
Iscritto il: 13/08/11 08:53
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi franco75 » 01/07/12 16:44

Ho riffato la scansione che dura pochissimo NON confermo la scritta in verde.
franco75
Utente Senior
 
Post: 182
Iscritto il: 28/04/12 12:35

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi FrancescoFDAC » 01/07/12 17:06

C'è qualcosa che non va a buon fine evidentemente.

Scarica MBRCheck: http://ad13.geekstogo.com/MBRCheck.exe
● salva il file scaricato sul Desktop
● avvia il programma con un doppio click
● attendi pazientemente il termine della scansione
● se appare questa dicitura in verde:
Windows xp MBR code detected

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0200000d

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`065f9a00 (NTFS)

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Windows XP code detected
SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365


Done!
Press ENTER to exit...

● se invece appare questa scritta, è probabile che l'MBR sia infetto:
Found non-standard or infected MBR

Tu, semplicemente, allega il log presente sul Desktop:
MBRCheck_MM.gg.aa_hh.mm.ss.txt
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi franco75 » 01/07/12 17:12

Allego il log.
Codice: Seleziona tutto
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:         
Windows Version:      Windows 7 Home Premium Edition
Windows Information:      Service Pack 1 (build 7601), 32-bit
Logical Drives Mask:      0x0000001c

Kernel Drivers (total 231):
  0x83651000 \SystemRoot\system32\ntkrnlpa.exe
  0x8361A000 \SystemRoot\system32\halmacpi.dll
  0x80BB6000 \SystemRoot\system32\kdcom.dll
  0x8BC29000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8BCAE000 \SystemRoot\system32\PSHED.dll
  0x8BCBF000 \SystemRoot\system32\BOOTVID.dll
  0x8BCC7000 \SystemRoot\system32\CLFS.SYS
  0x8BD09000 \SystemRoot\system32\CI.dll
  0x8BE35000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8BEA6000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8BEB4000 \SystemRoot\system32\drivers\ACPI.sys
  0x8BEFC000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x8BF05000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8BF0D000 \SystemRoot\system32\drivers\pci.sys
  0x8BF37000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x8BF42000 \SystemRoot\System32\drivers\partmgr.sys
  0x8BF53000 \SystemRoot\system32\drivers\volmgr.sys
  0x8BF63000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8BFAE000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8BFB6000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8BFC1000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8BFD7000 \SystemRoot\System32\Drivers\UBHelper.sys
  0x8C017000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x8C2CC000 \SystemRoot\system32\drivers\amdxata.sys
  0x8C2D5000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8C309000 \SystemRoot\system32\drivers\NIS\1307010.005\SYMDS.SYS
  0x8C360000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8C42F000 \SystemRoot\system32\drivers\NIS\1307010.005\SYMEFA.SYS
  0x8C62B000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8C75A000 \SystemRoot\System32\Drivers\msrpc.sys
  0x8C785000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8C798000 \SystemRoot\System32\Drivers\cng.sys
  0x8C600000 \SystemRoot\System32\drivers\pcw.sys
  0x8C60E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x8C513000 \SystemRoot\system32\drivers\ndis.sys
  0x8C371000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8C5CA000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8C83E000 \SystemRoot\System32\drivers\tcpip.sys
  0x8C989000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8C9BA000 \SystemRoot\system32\drivers\volsnap.sys
  0x8C800000 \SystemRoot\System32\Drivers\spldr.sys
  0x8C808000 \SystemRoot\system32\speedfan.sys
  0x8C80D000 \SystemRoot\System32\drivers\rdyboost.sys
  0x8C617000 \SystemRoot\System32\Drivers\mup.sys
  0x8C7F5000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x8C83A000 \SystemRoot\system32\giveio.sys
  0x8C3AF000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x8C5EF000 \SystemRoot\system32\Drivers\fsbts.sys
  0x8C400000 \SystemRoot\system32\DRIVERS\disk.sys
  0x8BE00000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x8C9F9000 \SystemRoot\system32\DRIVERS\avgidshx.sys
  0x966E8000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x96707000 \SystemRoot\system32\drivers\NIS\1307010.005\ccSetx86.sys
  0x9672B000 \SystemRoot\system32\drivers\NST\7DC06000.048\ccSetx86.sys
  0x9674F000 \SystemRoot\system32\drivers\NIS\1307010.005\Ironx86.SYS
  0x96776000 \SystemRoot\System32\Drivers\Null.SYS
  0x9677D000 \SystemRoot\System32\Drivers\Beep.SYS
  0x96784000 \SystemRoot\System32\drivers\vga.sys
  0x96790000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x967B1000 \SystemRoot\System32\drivers\watchdog.sys
  0x967BE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x967C6000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x967CE000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x967D6000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x967E1000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x96400000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x967EF000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8BDB4000 \SystemRoot\system32\DRIVERS\avgtdix.sys
  0x96831000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x96863000 \SystemRoot\system32\drivers\afd.sys
  0x968BD000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x968C6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x968CD000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x968EC000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x968FD000 \SystemRoot\system32\DRIVERS\SymIMv.sys
  0x96909000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x96917000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x9692A000 \SystemRoot\system32\drivers\termdd.sys
  0x9693B000 \SystemRoot\System32\Drivers\NIS\1307010.005\SYMNETS.SYS
  0x9698F000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
  0x969B9000 \SystemRoot\system32\drivers\NIS\1307010.005\SRTSPX.SYS
  0x969C9000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
  0x969EB000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
  0x9782F000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x97870000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x9787A000 \SystemRoot\system32\drivers\mssmbios.sys
  0x97884000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120629.001\IDSvix86.sys
  0x978E6000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
  0x97945000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
  0x97963000 \SystemRoot\System32\drivers\discache.sys
  0x9796F000 \SystemRoot\System32\Drivers\dfsc.sys
  0x97987000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x9840A000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120619.001\BHDrvx86.sys
  0x9A606000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x9B076000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x9B0A0000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x9B157000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x9B190000 \SystemRoot\system32\drivers\usbuhci.sys
  0x9B19B000 \SystemRoot\system32\drivers\USBPORT.SYS
  0x9B1E6000 \SystemRoot\system32\drivers\usbehci.sys
  0x984D6000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x984F5000 \SystemRoot\system32\DRIVERS\k57nd60x.sys
  0x9BE29000 \SystemRoot\system32\DRIVERS\NETwNs32.sys
  0x9C58E000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x9C598000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x9C59C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x9C5B4000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x9C5BE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x98553000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x9C5CB000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x9C5CD000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x9C5DA000 \SystemRoot\system32\drivers\Afc.sys
  0x9C5E2000 \SystemRoot\system32\Drivers\NTIDrvr.sys
  0x9C5EA000 \SystemRoot\System32\drivers\GEARAspiWDM.sys
  0x9C5F0000 \SystemRoot\system32\drivers\wmiacpi.sys
  0x9BE00000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x9BE12000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x985A0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x985B2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x9B1F5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x985CA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x97995000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x979AD000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x979C4000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x9BE1F000 \SystemRoot\system32\drivers\swenum.sys
  0x9CC2D000 \SystemRoot\system32\drivers\ks.sys
  0x9CC61000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x9CC6F000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x9CCB3000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x81E15000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x82122000 \SystemRoot\system32\drivers\portcls.sys
  0x82151000 \SystemRoot\system32\drivers\drmk.sys
  0x9CCC4000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0x8216A000 \SystemRoot\system32\drivers\modem.sys
  0x82177000 \SystemRoot\system32\drivers\nvhda32v.sys
  0x82E70000 \SystemRoot\System32\win32k.sys
  0x82187000 \SystemRoot\System32\drivers\Dxapi.sys
  0x82191000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x96417000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x8219E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x821AF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x821C6000 \SystemRoot\system32\DRIVERS\dc3d.sys
  0x821D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x821D7000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x821E2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x81E00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x821F5000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x81E0C000 \SystemRoot\system32\DRIVERS\point32.sys
  0x9CC00000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x8EE21000 \SystemRoot\System32\Drivers\RtsUStor.sys
  0x8EE53000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x8EE5E000 \SystemRoot\system32\DRIVERS\btwampfl.sys
  0x8EF44000 \SystemRoot\System32\Drivers\BTHUSB.sys
  0x8EF56000 \SystemRoot\System32\Drivers\bthport.sys
  0x830D0000 \SystemRoot\System32\TSDDD.dll
  0x83100000 \SystemRoot\System32\cdd.dll
  0x83120000 \SystemRoot\System32\ATMFD.DLL
  0x8EFBA000 \SystemRoot\system32\drivers\luafv.sys
  0x8EFD5000 \SystemRoot\system32\drivers\WudfPf.sys
  0x8EFEF000 \SystemRoot\system32\DRIVERS\fssfltr.sys
  0x8EE00000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA602E000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0xA6074000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA6084000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA6097000 \SystemRoot\system32\DRIVERS\rfcomm.sys
  0xA60BB000 \SystemRoot\system32\DRIVERS\BthEnum.sys
  0xA60C8000 \SystemRoot\system32\DRIVERS\bthpan.sys
  0xA60E3000 \SystemRoot\system32\DRIVERS\bthmodem.sys
  0xA60F5000 \SystemRoot\system32\DRIVERS\btwavdt.sys
  0xA6152000 \SystemRoot\system32\drivers\btwaudio.sys
  0xA61A4000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
  0xA61B0000 \SystemRoot\system32\DRIVERS\btwrchid.sys
  0xA61B3000 \SystemRoot\system32\DRIVERS\btmaux.sys
  0xA6E2D000 \SystemRoot\system32\drivers\HTTP.sys
  0xA6EB2000 \SystemRoot\system32\DRIVERS\vwifimp.sys
  0xA6EBB000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA6ED4000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA6EE6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA6F09000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA6F44000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA6F5F000 \SystemRoot\system32\drivers\peauth.sys
  0xA6FF6000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA6E00000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA61C2000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xABA06000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xABA56000 \SystemRoot\System32\DRIVERS\srv.sys
  0xABAA8000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xABAC9000 \SystemRoot\System32\Drivers\NIS\1307010.005\SRTSP.SYS
  0xBAFC8000 \??\C:\Windows\system32\drivers\mbam.sys
  0xBAFCC000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0xBAE00000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120630.009\NAVEX15.SYS
  0xBAF83000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120630.009\NAVENG.SYS
  0x77D30000 \Windows\System32\ntdll.dll
  0x479E0000 \Windows\System32\smss.exe
  0x77F70000 \Windows\System32\apisetschema.dll
  0x00440000 \Windows\System32\autochk.exe
  0x77EB0000 \Windows\System32\rpcrt4.dll
  0x77EA0000 \Windows\System32\lpk.dll
  0x77CA0000 \Windows\System32\clbcatq.dll
  0x77B00000 \Windows\System32\setupapi.dll
  0x77A70000 \Windows\System32\oleaut32.dll
  0x779C0000 \Windows\System32\msvcrt.dll
  0x77E90000 \Windows\System32\psapi.dll
  0x77E80000 \Windows\System32\normaliz.dll
  0x77920000 \Windows\System32\usp10.dll
  0x778E0000 \Windows\System32\ws2_32.dll
  0x777C0000 \Windows\System32\urlmon.dll
  0x77760000 \Windows\System32\difxapi.dll
  0x77730000 \Windows\System32\imagehlp.dll
  0x77690000 \Windows\System32\advapi32.dll
  0x77670000 \Windows\System32\sechost.dll
  0x76A20000 \Windows\System32\shell32.dll
  0x769A0000 \Windows\System32\comdlg32.dll
  0x767E0000 \Windows\System32\iertutil.dll
  0x77E70000 \Windows\System32\nsi.dll
  0x767C0000 \Windows\System32\imm32.dll
  0x766F0000 \Windows\System32\user32.dll
  0x766A0000 \Windows\System32\gdi32.dll
  0x76540000 \Windows\System32\ole32.dll
  0x76460000 \Windows\System32\kernel32.dll
  0x76340000 \Windows\System32\wininet.dll
  0x762F0000 \Windows\System32\Wldap32.dll
  0x76290000 \Windows\System32\shlwapi.dll
  0x761C0000 \Windows\System32\msctf.dll
  0x76170000 \Windows\System32\KernelBase.dll
  0x76150000 \Windows\System32\devobj.dll
  0x76120000 \Windows\System32\wintrust.dll
  0x76090000 \Windows\System32\comctl32.dll
  0x76060000 \Windows\System32\cfgmgr32.dll
  0x75F40000 \Windows\System32\crypt32.dll
  0x75F30000 \Windows\System32\msasn1.dll

Processes (total 95):
       0 System Idle Process
       4 System
     352 C:\Windows\System32\smss.exe
     508 csrss.exe
     588 C:\Windows\System32\wininit.exe
     596 csrss.exe
     648 C:\Windows\System32\services.exe
     656 C:\Windows\System32\lsass.exe
     668 C:\Windows\System32\lsm.exe
     780 C:\Windows\System32\winlogon.exe
     792 C:\Windows\System32\svchost.exe
     872 C:\Windows\System32\nvvsvc.exe
     900 C:\Windows\System32\svchost.exe
     956 C:\Windows\System32\svchost.exe
    1028 C:\Windows\System32\svchost.exe
    1092 C:\Windows\System32\svchost.exe
    1164 C:\Windows\System32\audiodg.exe
    1216 C:\Windows\System32\svchost.exe
    1300 C:\Windows\System32\svchost.exe
    1396 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    1424 C:\Windows\System32\nvvsvc.exe
    1592 C:\Windows\System32\spoolsv.exe
    1644 C:\Windows\System32\svchost.exe
    1724 C:\Program Files\SUPERAntiSpyware\SASCore.exe
    1752 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    1772 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    1792 C:\Program Files\LSI SoftModem\agrsmsvc.exe
    1816 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1840 C:\Program Files\Intel\Bluetooth\devmonsrv.exe
    1880 C:\Program Files\Bonjour\mDNSResponder.exe
    1916 C:\Windows\System32\svchost.exe
    1956 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    1976 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    2024 C:\Program Files\Windows Live\Family Safety\fsssvc.exe
     396 C:\Windows\System32\svchost.exe
     512 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
     896 C:\Program Files\Common Files\Motive\McciCMService.exe
    1264 C:\Program Files\Norton Identity Safe\Engine\2012.6.0.72\ccSvcHst.exe
    1492 C:\Windows\System32\svchost.exe
    2036 C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe
    2092 C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
    2112 C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    2288 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2312 C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
    2356 C:\Windows\System32\svchost.exe
    2384 C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    2452 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    2544 C:\Windows\System32\svchost.exe
    2580 C:\Windows\System32\svchost.exe
    2620 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    2668 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
    2752 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2776 C:\Program Files\Intel\Bluetooth\obexsrv.exe
    2820 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    3208 C:\Windows\System32\svchost.exe
    3436 C:\Windows\System32\svchost.exe
    3460 WUDFHost.exe
    3872 C:\Windows\System32\taskhost.exe
    3912 C:\Program Files\Norton Identity Safe\Engine\2012.6.0.72\ccSvcHst.exe
    3940 C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe
    3948 C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
    4032 C:\Windows\System32\dwm.exe
    4072 C:\Windows\explorer.exe
    3488 C:\Windows\snuvcdsm.exe
    3764 C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    3484 C:\Windows\System32\rundll32.exe
    3780 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    4248 C:\Program Files\Intel\Bluetooth\mediasrv.exe
    4428 C:\Program Files\Launch Manager\LManager.exe
    4456 C:\Program Files\AVG Secure Search\vprot.exe
    4464 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    4472 C:\Windows\PLFSetI.exe
    4532 C:\Program Files\Intel\Bluetooth\btplayerctrl.exe
    4556 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    4564 C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
    4572 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    4744 C:\Windows\System32\SearchIndexer.exe
    4808 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    4880 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    4908 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    4936 C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
    5032 C:\PROGRA~1\COMMON~1\Nokia\MPlatform\NokiaMServer.exe
    5172 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    6124 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4436 WmiPrvSE.exe
    3076 C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    1068 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    4084 C:\Program Files\Internet Explorer\ielowutil.exe
    3748 C:\Program Files\Mozilla Firefox\firefox.exe
    5180 C:\Windows\System32\SearchProtocolHost.exe
     692 C:\Windows\System32\SearchFilterHost.exe
    5908 dllhost.exe
    2416 dllhost.exe
    2252 C:\Users\FRANCO\Desktop\MBRCheck.exe
    1556 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000  (NTFS)

PhysicalDrive0 Model Number: WDCWD5000BEVT-22ZAT0, Rev: 01.01A01

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
franco75
Utente Senior
 
Post: 182
Iscritto il: 28/04/12 12:35

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi FrancescoFDAC » 01/07/12 18:27

Scarica DoctorWeb CureIt: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
● posiziona il tool sul Desktop
● avvia il programma con un doppio click
● alla prima ed alla seconda finestra che appare, clicca sul pulsante OK
● clicca sul pulsante Avvia, per avviare una scansione preliminare
● clicca sul pulsante
● attendi pazientemente il termine della scansione

Una volta eseguiti i passaggi indicati sopra:
● clicca, in alto, su Opzioni
● scegli la voce Modifica impostazioni
● clicca sul pulsante Scan e togli la spunta da Analisi Euristica
● torna alla finestra principale del programma
● seleziona tutte le unità disponibili
● un click sulla freccia verde a destra, per avviare una scansione completa
● attendi pazientemente il termine della scansione
● allega il Report del programma; lo trovi qui:
C:\Documents and Settings\nomeutente\DoctorWeb\CureIt.log
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "Pc infetto da Trojan.Agent/Gen-Krypt":

pc infetto
Autore: vermulen
Forum: Sicurezza e Privacy
Risposte: 9

Chi c’è in linea

Visitano il forum: Nessuno e 26 ospiti