Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Pc infetto da Trojan.Agent/Gen-Krypt

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi franco75 » 03/07/12 18:17

Ciao FDAC. ho eseguito i due punti della scansione ma alla scansione completa il pc si è bloccato ho dovuto spegnerlo bruscamento,riprovo a fare il tutto?
franco75
Utente Senior
 
Post: 182
Iscritto il: 28/04/12 12:35

Sponsor
 

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi franco75 » 04/07/12 18:47

Ciao FDAC,sto riseguendo doctor web sta andando bene a rilevato 2 virus in fase di scansione completa appena possibile posto il log. cmq. Grazie
franco75
Utente Senior
 
Post: 182
Iscritto il: 28/04/12 12:35

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi franco75 » 04/07/12 21:32

la scansione è terminata dopo circa 8 ore a rilevato tre virus penso che li ha eliminati però quando vado su c per trovare il log salvato non me lo fa vedere e si blocca,bisogna intraprendere altre azioni..
franco75
Utente Senior
 
Post: 182
Iscritto il: 28/04/12 12:35

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi franco75 » 05/07/12 16:02

Chiudo questo topic perchè il pc non da problemi,saluti a FDAC.
franco75
Utente Senior
 
Post: 182
Iscritto il: 28/04/12 12:35

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi franco75 » 11/07/12 20:26

Ciao Fdac volevo sapere se e tutto ok visto che il pc non mi da segni anomali ;)
franco75
Utente Senior
 
Post: 182
Iscritto il: 28/04/12 12:35

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi FrancescoFDAC » 11/07/12 20:53

Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe
● posiziona il tool sul Desktop
termina tutti i programmi attivi, comprese le pagine Internet
● avvia il tool con un doppio click
● clicca, in basso a sinistra, sul pulsante Start
scomparirà, per qualche istante, il Desktop: nulla di cui preoccuparsi
● attendi pazientemente il termine delle operazioni
● clicca, in basso a destra, sul pulsante Exit
● una volta terminate le operazioni, chiudi il programma

Nota - riguardo al programma:
TFC by OldTimer serve ad eliminare i file temporeanei di tutti gli utenti, con facilità e velocemente

Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
● posiziona il tool sul Desktop
● chiudi tutti i programmi attivi
● avvia il tool con un doppio click
● clicca sul pulsante CleanUp!
● il programma chiede di riavviare il sistema: consenti, cliccando su Yes per due volte

Nota - riguardo al programma:
OTC by OldTimer serve ad eliminare i programmi che abbiamo utilizzato per la pulizia (ComboFix in particolare) in modo automatico e preciso: al riavvio non noterai più l'icona di ComboFix, è del tutto normale

Abbiamo finito.
Ciao!
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi franco75 » 11/07/12 20:56

Ok,grazie ciao!
franco75
Utente Senior
 
Post: 182
Iscritto il: 28/04/12 12:35

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi fabiogi70 » 27/09/12 20:19

ciao a tutti sono nuovo.

ho lo stesso problema che FrancescoFDAC ha indicato di risolvere con ComboFix. siti streaming, cavalli di troia eccc...
L'ho scaricato, disattivato AVAST, fatto Accetta, poi si è aperta una finestra con una serie di log in verde che scorrevano velocemente.

sono trascorsi più di 10 minuti ma non vedo niente altro. sullo schermo non c'è nessuna schermata che indica che l'applicazione stia lavorando.

se provo a rilanciare Combofix non parte e sul Task manager non c'è nessun processo attivo.

cosa posso fare ?

grazie a tutti per l'aiuto
fabiogi70
Newbie
 
Post: 5
Iscritto il: 27/09/12 20:11

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi franco75 » 27/09/12 21:14

Ciao,apri un topic tutto tuo per non creare casini ;)
franco75
Utente Senior
 
Post: 182
Iscritto il: 28/04/12 12:35

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi fabiogi70 » 29/09/12 09:27

ciao Francesco FDAC ho eseguito ComboFix
vorrei allegarti il log per avere da te altri consigli, ma non l'abilitazione "attachment".

lo allego come testo del messaggio. scusatemi.
GRAZIEEEEEEEEE
PS
non fare caso alla data di esecuzione, devo cambiare la batteria tampone.


ComboFix 12-09-27.03 - Utente 01/01/2002 0.10.38.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2047.1440 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\DragToDiscUserNameD.txt
c:\documents and settings\All Users\Dati applicazioni\QTSBandwidthCache
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\All Users\Dati applicazioni\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\assembly\tmp
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\fepoohfx.dat
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\fepoohfx_nav.dat
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\fepoohfx_navps.dat
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\I Want This
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\I Want This\Chrome\I Want This.crx
c:\documents and settings\Utente\WINDOWS
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
c:\programmi\ESET\EGUI.exe
c:\programmi\I Want This
c:\programmi\I Want This\appAPIinternalWrapper.js
c:\programmi\I Want This\fb.js
c:\programmi\I Want This\I Want This.dll
c:\programmi\I Want This\I Want This.exe
c:\programmi\I Want This\I Want This.ico
c:\programmi\I Want This\I Want ThisGui.exe
c:\programmi\I Want This\jquery.js
c:\programmi\I Want This\json.js
c:\programmi\I Want This\Uninstall.exe
c:\recycler\S-1-5-18\$8f60bd97cacf62c6284292526e1f5161\@
c:\recycler\S-1-5-18\$8f60bd97cacf62c6284292526e1f5161\n
c:\windows\assembly\GAC\Desktop.ini
c:\windows\IsUn0410.exe
c:\windows\system\WINSPOOL.DRV
c:\windows\system32\AutoRun.inf
c:\windows\system32\roboot.exe
c:\windows\system32\SET534.tmp
c:\windows\system32\SET540.tmp
c:\windows\system32\spool\prtprocs\w32x86\BuEProNT.dll
c:\windows\system32\UNWISE.EXE
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
La copia infetta di c:\windows\system32\msgsvc.dll è stata trovata e disinfettata
ipristinata copia da - c:\system volume information\_restore{6C4A8D7A-1893-46AA-8A44-102727A90E48}\RP447\A0126572.dll
.
c:\windows\system32\proquota.exe . . . is missing!!
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 03:22 . 2001-08-31 12:00 156160 ----a-w- c:\windows\system32\msls31.dll
2008-05-08 12:28 . 2001-08-31 12:00 202752 ----a-w- c:\windows\system32\drivers\rmcast.sys
2006-11-01 19:18 . 2001-08-31 12:00 927504 ----a-w- c:\windows\system32\mfc40u.dll
2006-10-16 16:15 . 2001-08-31 12:00 124928 ----a-w- c:\windows\system32\oledlg.dll
2006-10-13 12:35 . 2001-08-31 12:00 64000 ----a-w- c:\windows\system32\nwapi32.dll
2006-10-04 14:05 . 2008-10-07 21:52 39424 ------w- c:\windows\apppatch\acadproc.dll
2006-07-21 08:27 . 2001-08-31 12:00 72704 ----a-w- c:\windows\system32\hlink.dll
2006-06-23 06:48 . 2008-05-26 14:47 32768 ----a-r- c:\windows\inf\UpdateUSB.exe
2005-10-17 21:20 . 2001-08-31 12:00 80896 ----a-w- c:\windows\system32\fontsub.dll
2005-07-26 04:40 . 2001-08-31 12:00 75264 ----a-w- c:\windows\system32\olecli32.dll
2005-07-26 04:40 . 2001-08-31 12:00 37888 ----a-w- c:\windows\system32\olecnv32.dll
2004-08-19 13:39 . 2008-05-24 22:20 151040 ----a-w- c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
2004-08-19 13:39 . 2008-05-24 22:20 160256 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
2004-08-19 13:39 . 2008-05-24 22:20 18944 ----a-w- c:\windows\pchealth\helpctr\binaries\HscUpd.exe
2004-08-19 13:39 . 2008-05-24 22:20 768512 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
2004-08-19 13:39 . 2008-05-24 22:20 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2004-08-19 13:39 . 2004-08-19 13:39 33280 ----a-w- c:\windows\help\sstub.dll
2004-08-19 13:39 . 2004-08-19 13:39 279040 ----a-w- c:\windows\help\tshoot.dll
2004-08-19 13:39 . 2008-05-24 22:20 726590 ----a-w- c:\windows\srchasst\srchui.dll
2004-08-19 13:39 . 2008-05-24 22:20 58434 ----a-w- c:\windows\srchasst\srchctls.dll
2004-08-19 13:39 . 2004-08-19 13:39 34816 ----a-w- c:\windows\help\sniffpol.dll
2004-08-19 13:39 . 2008-05-24 22:20 38912 ----a-w- c:\windows\pchealth\helpctr\binaries\pchsvc.dll
2004-08-19 13:39 . 2008-05-24 22:20 102400 ----a-w- c:\windows\pchealth\helpctr\binaries\pchshell.dll
2004-08-19 13:39 . 2008-05-24 22:20 3166208 ----a-w- c:\windows\srchasst\msgr3en.dll
2004-08-19 13:39 . 2008-05-24 22:20 379904 ----a-w- c:\windows\pchealth\helpctr\binaries\msinfo.dll
2004-08-19 13:39 . 2004-08-19 13:39 450048 ----a-w- c:\windows\apppatch\AcLayers.dll
2004-08-19 13:39 . 2004-08-19 13:39 244736 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2004-08-19 13:39 . 2004-08-19 13:39 1852416 ----a-w- c:\windows\apppatch\AcGenral.dll
2004-08-19 13:39 . 2004-08-19 13:39 137728 ----a-w- c:\windows\apppatch\AcLua.dll
2004-08-19 13:39 . 2004-08-19 13:39 116224 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2004-03-08 21:00 . 2000-05-22 14:58 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2004-03-08 21:00 . 2000-05-22 14:58 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2001-11-09 16:01 . 2001-11-09 16:01 24064 ----a-w- c:\windows\system32\ativcoxx.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f4035115-6152-4901-a81d-f4e0a0479615}"= "c:\programmi\ilcorsaronero\prxtbilc0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f4035115-6152-4901-a81d-f4e0a0479615}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4035115-6152-4901-a81d-f4e0a0479615}]
2011-05-09 09:49 176936 ----a-w- c:\programmi\ilcorsaronero\prxtbilc0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f4035115-6152-4901-a81d-f4e0a0479615}"= "c:\programmi\ilcorsaronero\prxtbilc0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f4035115-6152-4901-a81d-f4e0a0479615}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F4035115-6152-4901-A81D-F4E0A0479615}"= "c:\programmi\ilcorsaronero\prxtbilc0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f4035115-6152-4901-a81d-f4e0a0479615}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchList"="c:\programmi\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"AliceMessenger"="c:\programmi\Alice Messenger\alicemessenger.exe" [2009-02-05 3657728]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2006-05-18 843776]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"RoxioDragToDisc"="c:\programmi\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-30 1116920]
"Media Codec Update Service"="c:\programmi\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-06-20 202256]
"avast5"="c:\programmi\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Olympus ib"="c:\programmi\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"MDS_Menu"="c:\programmi\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25/11/2009 21.07.52 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/11/2009 21.07.52 17744]
R2 SMART Display Controller;SMART Display Controller;c:\programmi\SMART Technologies\SMART Product Drivers\UCService.exe [15/07/2010 15.48.22 844688]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [28/05/2008 15.27.12 203264]
R3 PAC7311;Cammaestro 1.0PT build 146;c:\windows\system32\drivers\PA707UCM.sys [27/06/2005 17.09.24 140800]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [28/10/2010 16.49.51 136176]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [28/10/2010 16.49.51 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programmi\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13.49.20 227232]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\programmi\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [15/07/2010 15.48.48 1662352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2001-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-10-28 15:49]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-10-28 15:49]
.
2001-12-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-789336058-1303643608-839522115-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2002-01-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-1303643608-839522115-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{fc600575-3013-4e8e-941c-4b00dafce730} - c:\programmi\myBabylon_English4\tbmyBa.dll
BHO-{fc600575-3013-4e8e-941c-4b00dafce730} - c:\programmi\myBabylon_English4\tbmyBa.dll
Toolbar-{fc600575-3013-4e8e-941c-4b00dafce730} - c:\programmi\myBabylon_English4\tbmyBa.dll
WebBrowser-{FC600575-3013-4E8E-941C-4B00DAFCE730} - c:\programmi\myBabylon_English4\tbmyBa.dll
HKLM-Run-StartCCC - c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
HKLM-Run-NWEReboot - (no file)
Notify-WgaLogon - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-I Want This - c:\programmi\I Want This\Uninstall.exe
AddRemove-Roma Antica - c:\windows\IsUn0410.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2002-01-01 00:25
Windows 5.1.2600 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2612)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\programmi\ArcSoft\WebCam Companion\PhotoImpression 5\share\pihook.dll
c:\programmi\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\programmi\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
c:\windows\System32\PAStiSvc.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\programmi\Canon\CAL\CALMAIN.exe
c:\progra~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\programmi\HP\Digital Imaging\bin\hpqSTE08.exe
c:\programmi\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Ora fine scansione: 2002-01-01 00:28:58 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2001-12-31 23:28
.
Pre-Run: 197.825.630.208 byte disponibili
Post-Run: 212.262.846.464 byte disponibili
.
- - End Of File - - BDC2D2D615E44AADBC911AEA34172637
fabiogi70
Newbie
 
Post: 5
Iscritto il: 27/09/12 20:11

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi FrancescoFDAC » 29/09/12 12:06

Il PC è infetto da Zero Access.

Scarica Defogger: http://download.bleepingcomputer.com/jp ... fogger.exe
Il programma provvederà a disattivare temporaneamente i driver impiegati per l'emulazione di unità ottica CD/DVD:

● salva il tool sul Desktop
● avvia il programma con un doppio click
● clicca su Disable
● premi
● attendi pazientemente la fine della procedura: al termine, clicca OK
riavvia il sistema

Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● clicca due volte sul file TDSSKiller.exe per avviare l'applicazione
● successivamente premi il pulsante Start scan

Nota - riguardo al programma:
● non cliccare sul pulsante Stop scan per nessun motivo, la scansione si interromperebbe

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure: clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip: clicca quindi su Continua
● se non viene rilevato nulla, chiudi semplicemente il programma al termine della scansione

Una volta terminata la scansione, si presenterà una di queste due opzioni:
non è necessario il riavvio del sistema: allega il Report situato nel Disco Locale C:\, ha nome TDSSKiller.[Version]_[Date]_[Time]_log.txt
● è necessario riavviare il sistema: clicca su Riavvia ora, infine allega il risultato della scansione

Scarica aswMBR: http://public.avast.com/~gmerek/aswMBR.exe
● posiziona il file scaricato sul Desktop
● avvia il programma con un doppio click
● rispondi Yes alla richiesta del programma:

This application can use the Avast! Free Antivirus for scanning.
It is recommended to download it for bettere detection results.
Would you like to download latest Avast! virus definitions?


● attendi il download delle firme virali aggiornate
● clicca sul pulsante Scan
● attendi pazientemente il termine della scansione
● clicca sul pulsante Save Log
● clicca sul pulsante Exit
● al messaggio seguente, clicca :

Are you sure you want to exit the program?


● comparirà un messaggio di avvenuto salvataggio: clicca su OK
● sul Desktop troverai i files:
aswMBR.txt: il log appena creato
MBR.dat: una copia del contenuto del MBR del tuo disco fisso
● zippali in un unico file e postalo secondo le solite modalità

Nota: riguardo al programma:
● per lanciare aswMBR su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come amministratore: conferma quindi la richiesta che ti viene proposta.
● in caso di problemi, togli il segno di spunta alla voce Trace disk IO calls
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi fabiogi70 » 30/09/12 14:48

grazie Francesco.
quindi scarico Defogger, Kaspersky TDSS Killerk, aswMBR nell'ordine in cui mi hai detto, e li lancio come mi hai suggerito.

dopo aver lanciato Defogger, il lettore CD/DVD quando tornerà attivo ?

spero vada tutto bene, ma in seguito cosa posso fare per proteggermi meglio ed evitare questi rischi ?
devo comprare un ottimo antivirus, o un antispyware ?

non sono molto esperto, grazie per i consigli.
fabiogi70
Newbie
 
Post: 5
Iscritto il: 27/09/12 20:11

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi FrancescoFDAC » 30/09/12 15:24

Questa minaccia penetra anche dietro le difese dei più potenti antivirus.
Esegui i software nell'ordine consigliato.
Il lettore CD, sarà sempre utilizzabile. Non potrai per un breve periodo, quello eguale al tempo di bonifica del PC, montare immagini ISO.
I consigli sono sempre gli stessi: buonsenso e cervello, tanto cervello.
Non devi comprare nulla.

Francesco
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi fabiogi70 » 30/09/12 17:04

ciao Francesco ho eseguito nell'ordine i software indicati. per lo stesso motivo della volta scorsa li allego qui come testo.
la data del log riporta il 2002 per via della batteria tampone.

DEFFOGER:
==========
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:58 on 01/01/2002 (Utente)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
==================================================
tdsskiller
========
01:06:24.0718 2020 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
01:06:25.0046 2020 ============================================================
01:06:25.0046 2020 Current date / time: 2002/01/01 01:06:25.0046
01:06:25.0046 2020 SystemInfo:
01:06:25.0046 2020
01:06:25.0046 2020 OS Version: 5.1.2600 ServicePack: 2.0
01:06:25.0046 2020 Product type: Workstation
01:06:25.0046 2020 ComputerName: PCHALFATEL
01:06:25.0046 2020 UserName: Utente
01:06:25.0046 2020 Windows directory: C:\WINDOWS
01:06:25.0046 2020 System windows directory: C:\WINDOWS
01:06:25.0046 2020 Processor architecture: Intel x86
01:06:25.0046 2020 Number of processors: 4
01:06:25.0046 2020 Page size: 0x1000
01:06:25.0046 2020 Boot type: Normal boot
01:06:25.0046 2020 ============================================================
01:06:25.0765 2020 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
01:06:25.0765 2020 ============================================================
01:06:25.0765 2020 \Device\Harddisk0\DR0:
01:06:25.0765 2020 MBR partitions:
01:06:25.0765 2020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2E933DC1
01:06:25.0765 2020 ============================================================
01:06:25.0796 2020 C: <-> \Device\Harddisk0\DR0\Partition1
01:06:25.0796 2020 ============================================================
01:06:25.0796 2020 Initialize success
01:06:25.0796 2020 ============================================================
01:06:28.0593 3000 ============================================================
01:06:28.0593 3000 Scan started
01:06:28.0593 3000 Mode: Manual;
01:06:28.0593 3000 ============================================================
01:06:29.0484 3000 ================ Scan system memory ========================
01:06:29.0484 3000 System memory - ok
01:06:29.0484 3000 ================ Scan services =============================
01:06:29.0703 3000 [ 86D7B1E70661D754685B9AC6D749AAE5 ] 61883 C:\WINDOWS\system32\DRIVERS\61883.sys
01:06:29.0703 3000 61883 - ok
01:06:29.0734 3000 [ 479C9835B91147BE1A92CB76FAD9C6DE ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
01:06:29.0734 3000 Aavmker4 - ok
01:06:29.0750 3000 Abiosdsk - ok
01:06:29.0765 3000 abp480n5 - ok
01:06:29.0828 3000 [ AD825CB3397C837D1FB91D566D78DE04 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:06:29.0843 3000 ACPI - ok
01:06:29.0875 3000 [ 49AC5CD87FBDDA62F3E25190019E7627 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
01:06:29.0875 3000 ACPIEC - ok
01:06:29.0906 3000 [ 175B51DDF26E9D06722BEEC50AC15A9A ] ADIDTSFiltService C:\WINDOWS\system32\drivers\adidts.sys
01:06:29.0906 3000 ADIDTSFiltService - ok
01:06:29.0968 3000 [ AB0D9669BAB1009E48CC91117E59912B ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
01:06:29.0968 3000 ADIHdAudAddService - ok
01:06:29.0968 3000 adpu160m - ok
01:06:29.0984 3000 [ 03BE587E90C8B37C7FF1FE2E9C1D1C90 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
01:06:29.0984 3000 AEAudio - ok
01:06:30.0046 3000 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
01:06:30.0046 3000 aec - ok
01:06:30.0078 3000 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
01:06:30.0078 3000 Afc - ok
01:06:30.0140 3000 [ 944CA435BFCFC82CC1ED9E3A7D731AA9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
01:06:30.0140 3000 AFD - ok
01:06:30.0140 3000 Aha154x - ok
01:06:30.0156 3000 aic78u2 - ok
01:06:30.0156 3000 aic78xx - ok
01:06:30.0203 3000 [ AD78B916B3CB2B7BCA9503B929E534B9 ] Alerter C:\WINDOWS\system32\alrsvc.dll
01:06:30.0203 3000 Alerter - ok
01:06:30.0234 3000 [ D4A42BF3C11302AA3CCD857034EF1E54 ] ALG C:\WINDOWS\System32\alg.exe
01:06:30.0234 3000 ALG - ok
01:06:30.0234 3000 AliIde - ok
01:06:30.0250 3000 amsint - ok
01:06:30.0359 3000 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:06:30.0359 3000 Apple Mobile Device - ok
01:06:30.0375 3000 [ 00E50CD4D9247CB56EFC1360C32AB755 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
01:06:30.0390 3000 AppMgmt - ok
01:06:30.0406 3000 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
01:06:30.0406 3000 Arp1394 - ok
01:06:30.0406 3000 asc - ok
01:06:30.0421 3000 asc3350p - ok
01:06:30.0437 3000 asc3550 - ok
01:06:30.0593 3000 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
01:06:30.0625 3000 aspnet_state - ok
01:06:30.0671 3000 [ CBA53C5E29AE0A0CE76F9A2BE3A40D9E ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
01:06:30.0671 3000 aswFsBlk - ok
01:06:30.0687 3000 [ A1C52B822B7B8A5C2162D38F579F97B7 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
01:06:30.0687 3000 aswMon2 - ok
01:06:30.0718 3000 [ B6E8C5874377A42756C282FAC2E20836 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
01:06:30.0718 3000 aswRdr - ok
01:06:30.0750 3000 [ B93A553C9B0F14263C8F016A44C3258C ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
01:06:30.0750 3000 aswSP - ok
01:06:30.0781 3000 [ 1408421505257846EB336FEEEF33352D ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
01:06:30.0781 3000 aswTdi - ok
01:06:30.0796 3000 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:06:30.0796 3000 AsyncMac - ok
01:06:30.0812 3000 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
01:06:30.0812 3000 atapi - ok
01:06:30.0828 3000 Atdisk - ok
01:06:30.0921 3000 [ 3E47191DDAFFCDD9B28CBC50FB6499B5 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
01:06:31.0078 3000 Ati HotKey Poller - ok
01:06:31.0093 3000 [ 096C9955485F2B3F910F4C503C318D74 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
01:06:31.0109 3000 ATI Smart - ok
01:06:31.0203 3000 [ E51AA5ADF535C847072C0AED3E642912 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
01:06:31.0218 3000 ati2mtag - ok
01:06:31.0281 3000 [ 3C4B9850A2631C2263507400D029057B ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
01:06:31.0281 3000 atksgt - ok
01:06:31.0312 3000 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:06:31.0312 3000 Atmarpc - ok
01:06:31.0343 3000 [ 15EE9EFF206DAA73B9642FCD51A69BB1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
01:06:31.0343 3000 AudioSrv - ok
01:06:31.0375 3000 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
01:06:31.0375 3000 audstub - ok
01:06:31.0453 3000 [ 25FB74EABCE5EC7836BA3CFB3C58449A ] avast! Antivirus C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
01:06:31.0453 3000 avast! Antivirus - ok
01:06:31.0484 3000 [ 87C223ADB8F7596B31CAAE3C67B16DDD ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys
01:06:31.0484 3000 Avc - ok
01:06:31.0515 3000 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
01:06:31.0515 3000 Beep - ok
01:06:31.0562 3000 [ FC6D0C2F327A5F716FDFDC24A305ACEB ] BENDER C:\WINDOWS\system32\drivers\bender.sys
01:06:31.0562 3000 BENDER - ok
01:06:31.0609 3000 [ 04E8321935AD5643FF59901F3EF5F4F3 ] BITS C:\WINDOWS\system32\qmgr.dll
01:06:31.0671 3000 BITS - ok
01:06:31.0734 3000 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Programmi\Bonjour\mDNSResponder.exe
01:06:31.0750 3000 Bonjour Service - ok
01:06:31.0796 3000 [ 72FBF0322BE8A0F25AE722FDE36AB1E6 ] Browser C:\WINDOWS\System32\browser.dll
01:06:31.0796 3000 Browser - ok
01:06:31.0796 3000 catchme - ok
01:06:31.0859 3000 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
01:06:31.0859 3000 cbidf2k - ok
01:06:31.0906 3000 [ 359E5A91D26D0439933BEF1C29CEDEF7 ] CCALib8 C:\Programmi\Canon\CAL\CALMAIN.exe
01:06:31.0906 3000 CCALib8 - ok
01:06:31.0937 3000 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
01:06:31.0937 3000 CCDECODE - ok
01:06:31.0937 3000 cd20xrnt - ok
01:06:31.0968 3000 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
01:06:31.0968 3000 Cdaudio - ok
01:06:32.0015 3000 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
01:06:32.0015 3000 Cdfs - ok
01:06:32.0046 3000 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:06:32.0046 3000 Cdrom - ok
01:06:32.0062 3000 Changer - ok
01:06:32.0093 3000 [ C4E84243292E37CA3B6FAF4A1855B8A7 ] CiSvc C:\WINDOWS\system32\cisvc.exe
01:06:32.0093 3000 CiSvc - ok
01:06:32.0109 3000 [ 0A215E4BAC9A1A9381D88C67517C850B ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
01:06:32.0109 3000 ClipSrv - ok
01:06:32.0140 3000 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:06:32.0218 3000 clr_optimization_v2.0.50727_32 - ok
01:06:32.0218 3000 CmdIde - ok
01:06:32.0234 3000 COMSysApp - ok
01:06:32.0250 3000 Cpqarray - ok
01:06:32.0296 3000 [ E0CC838265401128097D182FB583889A ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
01:06:32.0296 3000 CryptSvc - ok
01:06:32.0296 3000 dac2w2k - ok
01:06:32.0312 3000 dac960nt - ok
01:06:32.0375 3000 [ CC41F9D29EDD55037A4C26E70C175528 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
01:06:32.0406 3000 DcomLaunch - ok
01:06:32.0421 3000 [ 4F56AD1B19373851392BFF248C8CE1CB ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
01:06:32.0421 3000 Dhcp - ok
01:06:32.0468 3000 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
01:06:32.0468 3000 Disk - ok
01:06:32.0546 3000 [ A53723176D0002FEB486EFF8E17812F2 ] DLABMFSM C:\WINDOWS\system32\DLA\DLABMFSM.SYS
01:06:32.0546 3000 DLABMFSM - ok
01:06:32.0562 3000 [ D4587063ACEA776699251E177D719586 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
01:06:32.0562 3000 DLABOIOM - ok
01:06:32.0562 3000 [ 5230CDB7E715F3A3B4A882E254CDD35D ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
01:06:32.0562 3000 DLACDBHM - ok
01:06:32.0593 3000 [ FC22791223CE082D98DBC1D382104C52 ] DLADResM C:\WINDOWS\system32\DLA\DLADResM.SYS
01:06:32.0593 3000 DLADResM - ok
01:06:32.0593 3000 [ 24400137E387A24410C52A591F3CFB4D ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
01:06:32.0593 3000 DLAIFS_M - ok
01:06:32.0609 3000 [ 29A303FECEB28641ECEBDAE89EB71C63 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
01:06:32.0609 3000 DLAOPIOM - ok
01:06:32.0609 3000 [ C93E33A22A1AE0C5508F3FB1F6D0A50C ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
01:06:32.0609 3000 DLAPoolM - ok
01:06:32.0625 3000 [ 77FE51F0F8D86804CB81F6EF6BFB86DD ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
01:06:32.0625 3000 DLARTL_M - ok
01:06:32.0640 3000 [ B953498C35A31E5AC98F49ADBCF3E627 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
01:06:32.0640 3000 DLAUDFAM - ok
01:06:32.0640 3000 [ 4897704C093C1F59CE58FC65E1E1EF1E ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
01:06:32.0640 3000 DLAUDF_M - ok
01:06:32.0656 3000 dmadmin - ok
01:06:32.0703 3000 [ 6570B4C952F0D8FEE4C6EF2FF5E10C08 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
01:06:32.0718 3000 dmboot - ok
01:06:32.0718 3000 [ C57D35621782C7F40770F3E5CA20A182 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
01:06:32.0718 3000 dmio - ok
01:06:32.0750 3000 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
01:06:32.0750 3000 dmload - ok
01:06:32.0765 3000 [ 499FFF7BCA07009A23447776286F0510 ] dmserver C:\WINDOWS\System32\dmserver.dll
01:06:32.0765 3000 dmserver - ok
01:06:32.0796 3000 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
01:06:32.0796 3000 DMusic - ok
01:06:32.0828 3000 [ 68D8DD4A7CEBBBC9400444B5BC426FCD ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
01:06:32.0843 3000 Dnscache - ok
01:06:32.0843 3000 dpti2o - ok
01:06:32.0859 3000 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
01:06:32.0859 3000 drmkaud - ok
01:06:32.0875 3000 [ C00440385CF9F3D142917C63F989E244 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
01:06:32.0875 3000 DRVMCDB - ok
01:06:32.0875 3000 [ FFC371525AA55D1BAE18715EBCB8797C ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
01:06:32.0875 3000 DRVNDDM - ok
01:06:32.0906 3000 [ FF547B3876B6E652431412345FB8EE11 ] ERSvc C:\WINDOWS\System32\ersvc.dll
01:06:32.0921 3000 ERSvc - ok
01:06:32.0937 3000 [ E77F6FA2A15390F1727F4C1C55B69DA6 ] Eventlog C:\WINDOWS\system32\services.exe
01:06:32.0937 3000 Eventlog - ok
01:06:32.0984 3000 [ A0BACAB8AC1749987550D5C7F6E8D323 ] EventSystem C:\WINDOWS\system32\es.dll
01:06:32.0984 3000 EventSystem - ok
01:06:33.0015 3000 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
01:06:33.0031 3000 Fastfat - ok
01:06:33.0046 3000 [ FAD73705BED0910E910DE852B0F8AEBC ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
01:06:33.0062 3000 FastUserSwitchingCompatibility - ok
01:06:33.0093 3000 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
01:06:33.0093 3000 Fdc - ok
01:06:33.0109 3000 [ 333FBBC71BDCBB46C58A3B51B3D51184 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
01:06:33.0109 3000 Fips - ok
01:06:33.0125 3000 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
01:06:33.0125 3000 Flpydisk - ok
01:06:33.0171 3000 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
01:06:33.0187 3000 FltMgr - ok
01:06:33.0250 3000 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:06:33.0250 3000 FontCache3.0.0.0 - ok
01:06:33.0281 3000 [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
01:06:33.0281 3000 fssfltr - ok
01:06:33.0375 3000 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Programmi\Windows Live\Family Safety\fsssvc.exe
01:06:33.0406 3000 fsssvc - ok
01:06:33.0406 3000 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:06:33.0406 3000 Fs_Rec - ok
01:06:33.0453 3000 [ F3269A6EE547EA87B949A1CEA4816B38 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:06:33.0453 3000 Ftdisk - ok
01:06:33.0515 3000 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
01:06:33.0515 3000 GEARAspiWDM - ok
01:06:33.0546 3000 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:06:33.0546 3000 Gpc - ok
01:06:33.0625 3000 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programmi\Google\Update\GoogleUpdate.exe
01:06:33.0625 3000 gupdate - ok
01:06:33.0625 3000 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programmi\Google\Update\GoogleUpdate.exe
01:06:33.0625 3000 gupdatem - ok
01:06:33.0671 3000 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
01:06:33.0687 3000 gusvc - ok
01:06:33.0718 3000 [ 56BF27D7A539F9E6BBC1DE201ABA0EDF ] HdAudAddService C:\WINDOWS\system32\drivers\AtiHdAud.sys
01:06:33.0718 3000 HdAudAddService - ok
01:06:33.0750 3000 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
01:06:33.0750 3000 HDAudBus - ok
01:06:33.0843 3000 [ 03A7A19834E2A63C445B3AC5E73AAB50 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:06:33.0843 3000 helpsvc - ok
01:06:33.0859 3000 [ 3C924C33DE25E8F01EEB3C6B8030E7BD ] HidServ C:\WINDOWS\System32\hidserv.dll
01:06:33.0859 3000 HidServ - ok
01:06:33.0875 3000 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:06:33.0875 3000 hidusb - ok
01:06:33.0890 3000 hpn - ok
01:06:34.0000 3000 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Programmi\HP\Digital Imaging\bin\hpqcxs08.dll
01:06:34.0015 3000 hpqcxs08 - ok
01:06:34.0046 3000 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Programmi\HP\Digital Imaging\bin\hpqddsvc.dll
01:06:34.0046 3000 hpqddsvc - ok
01:06:34.0093 3000 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
01:06:34.0093 3000 HPZid412 - ok
01:06:34.0109 3000 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
01:06:34.0109 3000 HPZipr12 - ok
01:06:34.0109 3000 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
01:06:34.0109 3000 HPZius12 - ok
01:06:34.0171 3000 [ CB77BB47E67E84DEB17BA29632501730 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
01:06:34.0171 3000 HTTP - ok
01:06:34.0203 3000 [ 730374DCF08DF00178D190F9EBD0058A ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
01:06:34.0203 3000 HTTPFilter - ok
01:06:34.0218 3000 i2omgmt - ok
01:06:34.0218 3000 i2omp - ok
01:06:34.0265 3000 [ 30E64DFA4EFAACC8142EA07766181FB4 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:06:34.0265 3000 i8042prt - ok
01:06:34.0343 3000 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Programmi\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
01:06:34.0343 3000 IDriverT - ok
01:06:34.0390 3000 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:06:34.0421 3000 idsvc - ok
01:06:34.0453 3000 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
01:06:34.0453 3000 Imapi - ok
01:06:34.0484 3000 [ ED7ABB35C81709FB41972D30FE15311E ] ImapiService C:\WINDOWS\system32\imapi.exe
01:06:34.0484 3000 ImapiService - ok
01:06:34.0500 3000 InCDFs - ok
01:06:34.0500 3000 InCDPass - ok
01:06:34.0515 3000 InCDRm - ok
01:06:34.0531 3000 ini910u - ok
01:06:34.0546 3000 IntelIde - ok
01:06:34.0593 3000 [ EBC07787034BBE312020D30198A9F362 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:06:34.0593 3000 intelppm - ok
01:06:34.0625 3000 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
01:06:34.0625 3000 Ip6Fw - ok
01:06:34.0640 3000 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:06:34.0640 3000 IpFilterDriver - ok
01:06:34.0656 3000 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:06:34.0656 3000 IpInIp - ok
01:06:34.0687 3000 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:06:34.0687 3000 IpNat - ok
01:06:34.0750 3000 [ 3A6D4D8ABACF64292D060C9E06D2050D ] iPod Service C:\Programmi\iPod\bin\iPodService.exe
01:06:34.0765 3000 iPod Service - ok
01:06:34.0812 3000 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:06:34.0812 3000 IPSec - ok
01:06:34.0843 3000 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
01:06:34.0843 3000 IRENUM - ok
01:06:34.0890 3000 [ EA3245A8E8758D6B84DE189A5CAAA75E ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:06:34.0890 3000 isapnp - ok
01:06:34.0968 3000 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
01:06:34.0968 3000 JavaQuickStarterService - ok
01:06:35.0000 3000 [ E883AE6EA0B313E659225AA32E449CE9 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:06:35.0000 3000 Kbdclass - ok
01:06:35.0000 3000 [ 24F4D51E89822C349044C28BE255C8A5 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:06:35.0000 3000 kbdhid - ok
01:06:35.0062 3000 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
01:06:35.0062 3000 kmixer - ok
01:06:35.0078 3000 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
01:06:35.0078 3000 KSecDD - ok
01:06:35.0109 3000 [ 974831AA16AEE016D902F8582CCB30FE ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
01:06:35.0109 3000 lanmanserver - ok
01:06:35.0156 3000 [ 6953DE298C888ABE268FF59BAC64CF4E ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
01:06:35.0171 3000 lanmanworkstation - ok
01:06:35.0171 3000 lbrtfdc - ok
01:06:35.0203 3000 [ 4127E8B6DDB4090E815C1F8852C277D3 ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
01:06:35.0203 3000 lirsgt - ok
01:06:35.0234 3000 [ 6E008B7EB9B67D555B5EE1C1091F3A7E ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
01:06:35.0234 3000 LmHosts - ok
01:06:35.0265 3000 [ A3E700D78EEC390F1208098CDCA5C6B6 ] MarvinBus C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
01:06:35.0281 3000 MarvinBus - ok
01:06:35.0343 3000 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Programmi\McAfee Security Scan\2.0.181\McCHSvc.exe
01:06:35.0343 3000 McComponentHostService - ok
01:06:35.0421 3000 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
01:06:35.0421 3000 MDM - ok
01:06:35.0453 3000 [ 3777AB9537D05BFD404B0FBC13A140A6 ] Messenger C:\WINDOWS\System32\msgsvc.dll
01:06:35.0453 3000 Messenger - ok
01:06:35.0484 3000 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
01:06:35.0484 3000 mnmdd - ok
01:06:35.0515 3000 [ 940A4E02B7F03C2592A52E16DDDB3E46 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
01:06:35.0515 3000 mnmsrvc - ok
01:06:35.0531 3000 [ B30D2DB351E3191BD71232036CFE711A ] Modem C:\WINDOWS\system32\drivers\Modem.sys
01:06:35.0531 3000 Modem - ok
01:06:35.0546 3000 [ C458E314B8722253897C94A714C2E0C0 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:06:35.0546 3000 Mouclass - ok
01:06:35.0562 3000 [ D7662F0CF5B77BBBE3202716F5BD5318 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:06:35.0562 3000 mouhid - ok
01:06:35.0593 3000 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
01:06:35.0593 3000 MountMgr - ok
01:06:35.0593 3000 mraid35x - ok
01:06:35.0609 3000 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:06:35.0625 3000 MRxDAV - ok
01:06:35.0671 3000 [ 025AF03CE51645C62F3B6907A7E2BE5E ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:06:35.0687 3000 MRxSmb - ok
01:06:35.0718 3000 [ 3124662B40761A3EF8F4254D2F32E3F4 ] MSDTC C:\WINDOWS\system32\msdtc.exe
01:06:35.0718 3000 MSDTC - ok
01:06:35.0734 3000 [ 6DD721DFD2648F3F6D5808B5BA6CB095 ] MSDV C:\WINDOWS\system32\DRIVERS\msdv.sys
01:06:35.0734 3000 MSDV - ok
01:06:35.0750 3000 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
01:06:35.0750 3000 Msfs - ok
01:06:35.0765 3000 MSIServer - ok
01:06:35.0796 3000 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:06:35.0796 3000 MSKSSRV - ok
01:06:35.0796 3000 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:06:35.0796 3000 MSPCLOCK - ok
01:06:35.0812 3000 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
01:06:35.0812 3000 MSPQM - ok
01:06:35.0843 3000 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:06:35.0843 3000 mssmbios - ok
01:06:35.0875 3000 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
01:06:35.0875 3000 MSTEE - ok
01:06:35.0921 3000 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
01:06:35.0921 3000 MTsensor - ok
01:06:35.0937 3000 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
01:06:35.0937 3000 Mup - ok
01:06:35.0953 3000 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
01:06:35.0953 3000 NABTSFEC - ok
01:06:36.0000 3000 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
01:06:36.0000 3000 NDIS - ok
01:06:36.0015 3000 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
01:06:36.0015 3000 NdisIP - ok
01:06:36.0031 3000 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:06:36.0031 3000 NdisTapi - ok
01:06:36.0062 3000 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:06:36.0062 3000 Ndisuio - ok
01:06:36.0062 3000 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:06:36.0062 3000 NdisWan - ok
01:06:36.0093 3000 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
01:06:36.0093 3000 NDProxy - ok
01:06:36.0109 3000 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
01:06:36.0109 3000 Net Driver HPZ12 - ok
01:06:36.0125 3000 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
01:06:36.0125 3000 NetBIOS - ok
01:06:36.0140 3000 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
01:06:36.0140 3000 NetBT - ok
01:06:36.0171 3000 [ DE62EE316FAB09DE3D7A5180F0775ABF ] NetDDE C:\WINDOWS\system32\netdde.exe
01:06:36.0171 3000 NetDDE - ok
01:06:36.0171 3000 [ DE62EE316FAB09DE3D7A5180F0775ABF ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
01:06:36.0171 3000 NetDDEdsdm - ok
01:06:36.0203 3000 [ 0815E8DA286775FA432C7C9EE5E10BA1 ] Netlogon C:\WINDOWS\system32\lsass.exe
01:06:36.0203 3000 Netlogon - ok
01:06:36.0265 3000 [ 1231D4353698E19495DC8A929B8B74EB ] Netman C:\WINDOWS\System32\netman.dll
01:06:36.0265 3000 Netman - ok
01:06:36.0312 3000 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:06:36.0312 3000 NetTcpPortSharing - ok
01:06:36.0359 3000 [ 4635935FC972C582632BF45C26BFCB0E ] Network WanMiniport First Position C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
01:06:36.0359 3000 Network WanMiniport First Position - ok
01:06:36.0390 3000 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
01:06:36.0390 3000 NIC1394 - ok
01:06:36.0421 3000 [ E0723611F1A6CAAA66956AD234781617 ] Nla C:\WINDOWS\System32\mswsock.dll
01:06:36.0421 3000 Nla - ok
01:06:36.0453 3000 [ C3963D85B721A7F80D8A55F4E2867A3A ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
01:06:36.0453 3000 nmwcd - ok
01:06:36.0484 3000 [ 3859C69A77793180548802DAC9F34A38 ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
01:06:36.0484 3000 nmwcdc - ok
01:06:36.0500 3000 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
01:06:36.0515 3000 Npfs - ok
01:06:36.0562 3000 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
01:06:36.0578 3000 Ntfs - ok
01:06:36.0593 3000 [ 0815E8DA286775FA432C7C9EE5E10BA1 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
01:06:36.0593 3000 NtLmSsp - ok
01:06:36.0625 3000 [ 6D96A941EED90224486F9AF30B9666E1 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
01:06:36.0625 3000 NtmsSvc - ok
01:06:36.0640 3000 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
01:06:36.0640 3000 Null - ok
01:06:36.0687 3000 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:06:36.0687 3000 NwlnkFlt - ok
01:06:36.0703 3000 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:06:36.0703 3000 NwlnkFwd - ok
01:06:36.0703 3000 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
01:06:36.0703 3000 ohci1394 - ok
01:06:36.0734 3000 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
01:06:36.0734 3000 ose - ok
01:06:36.0781 3000 [ 95BD9287B49B01A3CF2488AF8A1AC312 ] PAC7311 C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS
01:06:36.0781 3000 PAC7311 - ok
01:06:36.0781 3000 [ 3490EAD0612BFD0E7C1B864EE24E6A4A ] Parport C:\WINDOWS\system32\drivers\Parport.sys
01:06:36.0796 3000 Parport - ok
01:06:36.0796 3000 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
01:06:36.0796 3000 PartMgr - ok
01:06:36.0843 3000 [ 0DABEF655A444CB1E193626FB1D24B9F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
01:06:36.0843 3000 ParVdm - ok
01:06:36.0875 3000 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
01:06:36.0875 3000 pccsmcfd - ok
01:06:36.0890 3000 [ 91FC1D483D900B1C0600A08B871C39D5 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
01:06:36.0890 3000 PCI - ok
01:06:36.0890 3000 PCIDump - ok
01:06:36.0906 3000 [ B2DF00D650FD6C4EE781740ED3C8E67F ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
01:06:36.0906 3000 PCIIde - ok
01:06:36.0921 3000 [ 1BEBE7DE8508A02650CDCE45C664C2A2 ] PCLEPCI C:\WINDOWS\system32\drivers\pclepci.sys
01:06:36.0921 3000 PCLEPCI - ok
01:06:36.0953 3000 [ 28F3538A2091993A03506311A05053E8 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
01:06:36.0953 3000 Pcmcia - ok
01:06:36.0953 3000 PDCOMP - ok
01:06:36.0968 3000 PDFRAME - ok
01:06:36.0984 3000 PDRELI - ok
01:06:37.0000 3000 PDRFRAME - ok
01:06:37.0000 3000 perc2 - ok
01:06:37.0015 3000 perc2hib - ok
01:06:37.0078 3000 [ E77F6FA2A15390F1727F4C1C55B69DA6 ] PlugPlay C:\WINDOWS\system32\services.exe
01:06:37.0078 3000 PlugPlay - ok
01:06:37.0109 3000 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
01:06:37.0109 3000 Pml Driver HPZ12 - ok
01:06:37.0109 3000 [ 0815E8DA286775FA432C7C9EE5E10BA1 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
01:06:37.0109 3000 PolicyAgent - ok
01:06:37.0125 3000 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:06:37.0125 3000 PptpMiniport - ok
01:06:37.0125 3000 [ 0815E8DA286775FA432C7C9EE5E10BA1 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
01:06:37.0125 3000 ProtectedStorage - ok
01:06:37.0125 3000 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
01:06:37.0125 3000 PSched - ok
01:06:37.0140 3000 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:06:37.0140 3000 Ptilink - ok
01:06:37.0171 3000 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:06:37.0187 3000 PxHelp20 - ok
01:06:37.0187 3000 ql1080 - ok
01:06:37.0187 3000 Ql10wnt - ok
01:06:37.0203 3000 ql12160 - ok
01:06:37.0218 3000 ql1240 - ok
01:06:37.0218 3000 ql1280 - ok
01:06:37.0234 3000 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:06:37.0234 3000 RasAcd - ok
01:06:37.0265 3000 [ 84D4005E21A887F87D943D9526020531 ] RasAuto C:\WINDOWS\System32\rasauto.dll
01:06:37.0281 3000 RasAuto - ok
01:06:37.0296 3000 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:06:37.0296 3000 Rasl2tp - ok
01:06:37.0343 3000 [ 6686C0C8B47618414215FC184972C69E ] RasMan C:\WINDOWS\System32\rasmans.dll
01:06:37.0343 3000 RasMan - ok
01:06:37.0343 3000 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:06:37.0343 3000 RasPppoe - ok
01:06:37.0359 3000 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
01:06:37.0359 3000 Raspti - ok
01:06:37.0375 3000 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:06:37.0375 3000 Rdbss - ok
01:06:37.0390 3000 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:06:37.0390 3000 RDPCDD - ok
01:06:37.0421 3000 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:06:37.0421 3000 rdpdr - ok
01:06:37.0468 3000 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
01:06:37.0468 3000 RDPWD - ok
01:06:37.0500 3000 [ CC0693C481502844A24EF71B90A7195E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
01:06:37.0500 3000 RDSessMgr - ok
01:06:37.0515 3000 [ A8EEE004A16AF1D583D9DE9F6DE250E0 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
01:06:37.0515 3000 redbook - ok
01:06:37.0546 3000 [ D9FF0C4EB3A3AEDBA4E7D75A74097F3C ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
01:06:37.0546 3000 RemoteAccess - ok
01:06:37.0578 3000 [ 78FBE7DA29307EDE7ED0E33F1C4969BC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
01:06:37.0578 3000 RemoteRegistry - ok
01:06:37.0687 3000 [ AD1411A7EA50F2F97A73A3F51153066E ] RoxMediaDB9 C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
01:06:37.0734 3000 RoxMediaDB9 - ok
01:06:37.0750 3000 [ 33A8F0FE0005B2D79DF53441679F5149 ] RpcLocator C:\WINDOWS\system32\locator.exe
01:06:37.0765 3000 RpcLocator - ok
01:06:37.0796 3000 [ CC41F9D29EDD55037A4C26E70C175528 ] RpcSs C:\WINDOWS\System32\rpcss.dll
01:06:37.0796 3000 RpcSs - ok
01:06:37.0828 3000 [ DCE0D20F8FB66DF41D53734BFF9D66F0 ] RSVP C:\WINDOWS\system32\rsvp.exe
01:06:37.0828 3000 RSVP - ok
01:06:37.0859 3000 [ 0815E8DA286775FA432C7C9EE5E10BA1 ] SamSs C:\WINDOWS\system32\lsass.exe
01:06:37.0859 3000 SamSs - ok
01:06:37.0890 3000 [ 74B1E7FCFCA9A3A23871AA014144013E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
01:06:37.0906 3000 SCardSvr - ok
01:06:37.0937 3000 [ 546254D4769E165CDC3388D74B201FCB ] Schedule C:\WINDOWS\system32\schedsvc.dll
01:06:37.0937 3000 Schedule - ok
01:06:38.0031 3000 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
01:06:38.0031 3000 SeaPort - ok
01:06:38.0062 3000 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:06:38.0062 3000 Secdrv - ok
01:06:38.0093 3000 [ 241D074DAB2A67D2D7616CE7C8B05650 ] seclogon C:\WINDOWS\System32\seclogon.dll
01:06:38.0093 3000 seclogon - ok
01:06:38.0093 3000 [ 688BE760C858E347A4E23186B725C86B ] SENS C:\WINDOWS\system32\sens.dll
01:06:38.0093 3000 SENS - ok
01:06:38.0109 3000 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
01:06:38.0109 3000 serenum - ok
01:06:38.0125 3000 [ DBAB3260E7EB3398CB87267D1410FAD4 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
01:06:38.0125 3000 Serial - ok
01:06:38.0218 3000 [ 5C1858EEADD097912443AE8EFD44DA6B ] ServiceLayer C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
01:06:38.0218 3000 ServiceLayer - ok
01:06:38.0265 3000 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
01:06:38.0265 3000 Sfloppy - ok
01:06:38.0281 3000 [ 1DA364FA673E18BC1DE8F5CDF3657DBD ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
01:06:38.0281 3000 SharedAccess - ok
01:06:38.0296 3000 [ FAD73705BED0910E910DE852B0F8AEBC ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
01:06:38.0296 3000 ShellHWDetection - ok
01:06:38.0312 3000 Simbad - ok
01:06:38.0343 3000 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
01:06:38.0343 3000 SLIP - ok
01:06:38.0531 3000 [ D71698E1AED284DB38F4D75941E65B47 ] SMART Board Service C:\Programmi\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
01:06:38.0640 3000 SMART Board Service - ok
01:06:38.0671 3000 [ A9211E7C9B7395FE1F5BC7E6ED1E78B1 ] SMART Display Controller C:\Programmi\SMART Technologies\SMART Product Drivers\UCService.exe
01:06:38.0671 3000 SMART Display Controller - ok
01:06:38.0718 3000 [ 94430B72358F84238C674090AEAE268C ] SMART SNMP Agent Service C:\Programmi\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
01:06:38.0750 3000 SMART SNMP Agent Service - ok
01:06:38.0765 3000 Sparrow - ok
01:06:38.0796 3000 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
01:06:38.0796 3000 splitter - ok
01:06:38.0843 3000 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
01:06:38.0843 3000 Spooler - ok
01:06:38.0875 3000 [ 896F566AFC498077172EAE8A50E8BAF8 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
01:06:38.0890 3000 sr - ok
01:06:38.0921 3000 [ BA4E8AC9A60C4527C969D08F3ABE9D36 ] srservice C:\WINDOWS\system32\srsvc.dll
01:06:38.0921 3000 srservice - ok
01:06:38.0968 3000 [ EA554A3FFC3F536FE8320EB38F5E4843 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
01:06:38.0968 3000 Srv - ok
01:06:39.0000 3000 [ 92B69020FC480219683D429DCA068D71 ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
01:06:39.0000 3000 sscdbus - ok
01:06:39.0000 3000 [ 77A2869D40CC84AF711C321F9B0C7A78 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
01:06:39.0015 3000 sscdmdfl - ok
01:06:39.0031 3000 [ B4255635195A8413FCDE7AF5B7C4E382 ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
01:06:39.0031 3000 sscdmdm - ok
01:06:39.0046 3000 [ 1FBF38A525EEDD7402BFA7E27236A64F ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
01:06:39.0046 3000 SSDPSRV - ok
01:06:39.0062 3000 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
01:06:39.0062 3000 StarOpen - ok
01:06:39.0078 3000 [ ED78DFAD8EFCDFBC89500492C4D14645 ] STI Simulator C:\WINDOWS\System32\PAStiSvc.exe
01:06:39.0093 3000 STI Simulator - ok
01:06:39.0093 3000 [ 385CF0E9C4679D23E1E8715AF2116D03 ] stisvc C:\WINDOWS\system32\wiaservc.dll
01:06:39.0093 3000 stisvc - ok
01:06:39.0156 3000 [ B254B1434208F280EDF3785613DCC41B ] stllssvr C:\Programmi\File comuni\SureThing Shared\stllssvr.exe
01:06:39.0156 3000 stllssvr - ok
01:06:39.0171 3000 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
01:06:39.0187 3000 streamip - ok
01:06:39.0203 3000 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
01:06:39.0203 3000 swenum - ok
01:06:39.0218 3000 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
01:06:39.0218 3000 swmidi - ok
01:06:39.0218 3000 SwPrv - ok
01:06:39.0234 3000 symc810 - ok
01:06:39.0234 3000 symc8xx - ok
01:06:39.0250 3000 sym_hi - ok
01:06:39.0265 3000 sym_u3 - ok
01:06:39.0281 3000 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
01:06:39.0281 3000 sysaudio - ok
01:06:39.0312 3000 [ BC8B8694DEF74B4E6C626322D4321A54 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
01:06:39.0312 3000 SysmonLog - ok
01:06:39.0343 3000 [ 3A4C429F316C510C3E4C5F2FC7372C26 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
01:06:39.0343 3000 TapiSrv - ok
01:06:39.0375 3000 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:06:39.0390 3000 Tcpip - ok
01:06:39.0406 3000 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
01:06:39.0406 3000 TDPIPE - ok
01:06:39.0421 3000 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
01:06:39.0421 3000 TDTCP - ok
01:06:39.0437 3000 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
01:06:39.0453 3000 TermDD - ok
01:06:39.0468 3000 [ C06CD1890279603E15020757E02DE56B ] TermService C:\WINDOWS\System32\termsrv.dll
01:06:39.0468 3000 TermService - ok
01:06:39.0515 3000 [ FAD73705BED0910E910DE852B0F8AEBC ] Themes C:\WINDOWS\System32\shsvcs.dll
01:06:39.0515 3000 Themes - ok
01:06:39.0546 3000 [ 2A9DAAEF2CC0333DB6F129F2F8B3D3FD ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
01:06:39.0546 3000 TlntSvr - ok
01:06:39.0546 3000 TosIde - ok
01:06:39.0578 3000 [ 6C7F265BD43A1D85103EC5CB1251D2B6 ] TrkWks C:\WINDOWS\system32\trkwks.dll
01:06:39.0593 3000 TrkWks - ok
01:06:39.0609 3000 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
01:06:39.0609 3000 Udfs - ok
01:06:39.0671 3000 [ CA90D2C55EB3BB90687677BEA3DB0B59 ] UleadBurningHelper C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
01:06:39.0671 3000 UleadBurningHelper - ok
01:06:39.0671 3000 ultra - ok
01:06:39.0734 3000 [ CED744117E91BDC0BEB810F7D8608183 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
01:06:39.0750 3000 Update - ok
01:06:39.0781 3000 [ 66A6CC644A3453E2C912CF5DFFE9F2DC ] upnphost C:\WINDOWS\System32\upnphost.dll
01:06:39.0781 3000 upnphost - ok
01:06:39.0796 3000 [ 0CCADC7391021376EDBB8AA649D04E68 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
01:06:39.0796 3000 upperdev - ok
01:06:39.0812 3000 [ E4896F38A3F8DACEA6EA8D7EC9889D91 ] UPS C:\WINDOWS\System32\ups.exe
01:06:39.0812 3000 UPS - ok
01:06:39.0843 3000 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
01:06:39.0843 3000 USBAAPL - ok
01:06:39.0875 3000 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:06:39.0875 3000 usbccgp - ok
01:06:39.0906 3000 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:06:39.0921 3000 usbehci - ok
01:06:39.0968 3000 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:06:39.0968 3000 usbhub - ok
01:06:39.0984 3000 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:06:39.0984 3000 usbprint - ok
01:06:40.0000 3000 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:06:40.0000 3000 usbscan - ok
01:06:40.0031 3000 [ 49106EE29074E6A3D3AC9E24C6D791D8 ] usbser C:\WINDOWS\system32\drivers\usbser.sys
01:06:40.0031 3000 usbser - ok
01:06:40.0046 3000 [ 68B4F83CCCF70A2FF32EE142C234332A ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
01:06:40.0046 3000 UsbserFilt - ok
01:06:40.0078 3000 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:06:40.0078 3000 USBSTOR - ok
01:06:40.0078 3000 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:06:40.0078 3000 usbuhci - ok
01:06:40.0093 3000 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
01:06:40.0093 3000 VgaSave - ok
01:06:40.0093 3000 ViaIde - ok
01:06:40.0140 3000 [ 698869E82C57169F2140C04A272BF12B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
01:06:40.0140 3000 VolSnap - ok
01:06:40.0187 3000 [ 147C653AD61BD01556723B3C8C4FAFC8 ] VSS C:\WINDOWS\System32\vssvc.exe
01:06:40.0187 3000 VSS - ok
01:06:40.0234 3000 [ 8B97D00E5C6A593EBB605CE4B8A5CAA5 ] W32Time C:\WINDOWS\system32\w32time.dll
01:06:40.0234 3000 W32Time - ok
01:06:40.0250 3000 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:06:40.0250 3000 Wanarp - ok
01:06:40.0296 3000 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
01:06:40.0296 3000 Wdf01000 - ok
01:06:40.0296 3000 WDICA - ok
01:06:40.0328 3000 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
01:06:40.0328 3000 wdmaud - ok
01:06:40.0359 3000 [ 83ED24C34250AFAB1E55DEB3D8D7EC1A ] WebClient C:\WINDOWS\System32\webclnt.dll
01:06:40.0375 3000 WebClient - ok
01:06:40.0437 3000 [ A91ACDD987DC3E0E1FCEDDA6F1FFEF2A ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
01:06:40.0453 3000 winmgmt - ok
01:06:40.0484 3000 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
01:06:40.0484 3000 WmdmPmSN - ok
01:06:40.0531 3000 [ 09BB0A2C325F7085E24FAE6134DE2D16 ] Wmi C:\WINDOWS\System32\advapi32.dll
01:06:40.0546 3000 Wmi - ok
01:06:40.0578 3000 [ 0EE2A2754039B13A632489726689DAD0 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
01:06:40.0578 3000 WmiApSrv - ok
01:06:40.0671 3000 [ F30DC8F80CF65A323E8B6A2DB81561E3 ] WMPNetworkSvc C:\Programmi\Windows Media Player\WMPNetwk.exe
01:06:40.0703 3000 WMPNetworkSvc - ok
01:06:40.0734 3000 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
01:06:40.0734 3000 WpdUsb - ok
01:06:40.0765 3000 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
01:06:40.0765 3000 WS2IFSL - ok
01:06:40.0812 3000 [ 17F70F4E37452A30C35565052AB68BE9 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
01:06:40.0812 3000 wscsvc - ok
01:06:40.0843 3000 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
01:06:40.0843 3000 WSTCODEC - ok
01:06:40.0875 3000 [ 4CBB7CC975E5B67022A7F95DFC6EF9EC ] wuauserv C:\WINDOWS\system32\wuauserv.dll
01:06:40.0875 3000 wuauserv - ok
01:06:40.0906 3000 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:06:40.0921 3000 WudfPf - ok
01:06:40.0937 3000 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:06:40.0953 3000 WudfRd - ok
01:06:40.0984 3000 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
01:06:40.0984 3000 WudfSvc - ok
01:06:41.0000 3000 [ 312913174D070ED81E9D78DA7B648774 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
01:06:41.0000 3000 WZCSVC - ok
01:06:41.0031 3000 [ 3208BAD59EFA3F4FCCCFBF1317F2A1C1 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
01:06:41.0031 3000 xmlprov - ok
01:06:41.0078 3000 [ 228D0403F0210D6D67A9ACF907597EFE ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
01:06:41.0078 3000 yukonwxp - ok
01:06:41.0093 3000 ================ Scan global ===============================
01:06:41.0140 3000 [ 7B37B598B55BF80415C15BFFE7A992A2 ] C:\WINDOWS\system32\basesrv.dll
01:06:41.0171 3000 [ A372E3E086A11A01CFCA3B8DCCBFCB50 ] C:\WINDOWS\system32\winsrv.dll
01:06:41.0187 3000 [ A372E3E086A11A01CFCA3B8DCCBFCB50 ] C:\WINDOWS\system32\winsrv.dll
01:06:41.0203 3000 [ E77F6FA2A15390F1727F4C1C55B69DA6 ] C:\WINDOWS\system32\services.exe
01:06:41.0203 3000 [Global] - ok
01:06:41.0203 3000 ================ Scan MBR ==================================
01:06:41.0218 3000 [ 828E02D5C4A4FBE53441EE9DBEE51F43 ] \Device\Harddisk0\DR0
01:06:41.0359 3000 \Device\Harddisk0\DR0 - ok
01:06:41.0359 3000 ================ Scan VBR ==================================
01:06:41.0359 3000 [ F8F5AFC2EBFCFE403D83EB565F57A9B2 ] \Device\Harddisk0\DR0\Partition1
01:06:41.0375 3000 \Device\Harddisk0\DR0\Partition1 - ok
01:06:41.0375 3000 ============================================================
01:06:41.0375 3000 Scan finished
01:06:41.0375 3000 ============================================================
01:06:41.0437 1176 Detected object count: 0
01:06:41.0437 1176 Actual detected object count: 0
01:08:36.0875 3500 Deinitialize success
=====================================================================================================
aswMBR
========
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2002-01-01 01:15:48
-----------------------------
01:15:48.640 OS Version: Windows 5.1.2600 Service Pack 2
01:15:48.640 Number of processors: 4 586 0xF0B
01:15:48.640 ComputerName: PCHALFATEL UserName: Utente
01:15:49.750 Initialize success
01:15:50.015 AVAST engine defs: 12093000
01:16:32.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10
01:16:32.781 Disk 0 Vendor: ST3400820AS 3.AAD Size: 381554MB BusType: 3
01:16:32.812 Disk 0 MBR read successfully
01:16:32.812 Disk 0 MBR scan
01:16:32.812 Disk 0 Windows XP default MBR code
01:16:32.812 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 381543 MB offset 63
01:16:32.812 Disk 0 scanning sectors +781401600
01:16:32.890 Disk 0 scanning C:\WINDOWS\system32\drivers
01:16:39.703 Service scanning
01:16:52.546 Modules scanning
01:16:59.484 Disk 0 trace - called modules:
01:16:59.515 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
01:16:59.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d7cab8]
01:16:59.515 3 CLASSPNP.SYS[ba10905b] -> nt!IofCallDriver -> \Device\00000079[0x89d889e8]
01:16:59.531 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-10[0x89d86940]
01:17:00.265 AVAST engine scan C:\WINDOWS
01:17:08.843 AVAST engine scan C:\WINDOWS\system32
01:19:05.000 AVAST engine scan C:\WINDOWS\system32\drivers
01:19:27.281 AVAST engine scan C:\Documents and Settings\Utente
01:42:52.906 AVAST engine scan C:\Documents and Settings\All Users
01:45:55.921 Scan finished successfully
01:50:22.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Utente\Desktop\MBR.dat"
01:50:22.234 The log file has been saved successfully to "C:\Documents and Settings\Utente\Desktop\aswMBR.txt"


GRAZIE Francesco
fabiogi70
Newbie
 
Post: 5
Iscritto il: 27/09/12 20:11

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi FrancescoFDAC » 01/10/12 10:09

Ok.
Ora, esegui nuovamente ComboFix.
E allega il report.
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi fabiogi70 » 01/10/12 20:07

fatto. eccolo. grazie.
===========================

ComboFix 12-09-30.03 - Utente 01/01/2002 5.50.38.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2047.1354 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
La copia infetta di c:\windows\system32\msgsvc.dll è stata trovata e disinfettata
ipristinata copia da - c:\windows\erdnt\cache\msgsvc.dll
.
c:\windows\system32\proquota.exe . . . is missing!!
.
.
((((((((((((((((((((((((( Files Creati Da 2001-12-01 al 2002-01-01 )))))))))))))))))))))))))))))))))))
.
.
2011-03-09 15:03 . 2001-12-31 23:42 -------- d-----w- C:\Neck Diagrams
2010-05-30 21:05 . 2011-08-17 18:25 -------- d-----w- C:\Microsoft
2009-11-18 19:17 . 2009-11-18 19:17 6905063 ----a-w- C:\Shareaza_2.5.0.0_Win32.exe
2009-11-06 21:16 . 2007-02-01 17:02 313344 ----a-w- C:\hjsplit.exe
2009-11-06 20:11 . 2009-11-06 20:41 -------- d-----w- C:\USDownloader
2009-11-06 20:10 . 2007-02-09 13:08 2261267 ----a-w- C:\USD.2007.V5.exe
2009-11-06 19:37 . 2009-11-06 19:37 2721280 ----a-w- C:\MDownloader-0.7.5.43616.msi
2008-05-26 14:38 . 2008-05-26 14:38 -------- d-----r- C:\MSOCache
2008-05-25 00:10 . 2001-12-31 23:41 -------- d-----r- C:\Programmi
2008-05-25 00:07 . 2010-09-22 14:44 -------- d-----w- C:\Documents and Settings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 03:22 . 2001-08-31 12:00 156160 ----a-w- c:\windows\system32\msls31.dll
2008-05-08 12:28 . 2001-08-31 12:00 202752 ----a-w- c:\windows\system32\drivers\rmcast.sys
2006-11-01 19:18 . 2001-08-31 12:00 927504 ----a-w- c:\windows\system32\mfc40u.dll
2006-10-16 16:15 . 2001-08-31 12:00 124928 ----a-w- c:\windows\system32\oledlg.dll
2006-10-13 12:35 . 2001-08-31 12:00 64000 ----a-w- c:\windows\system32\nwapi32.dll
2006-10-04 14:05 . 2008-10-07 21:52 39424 ------w- c:\windows\apppatch\acadproc.dll
2006-07-21 08:27 . 2001-08-31 12:00 72704 ----a-w- c:\windows\system32\hlink.dll
2006-06-23 06:48 . 2008-05-26 14:47 32768 ----a-r- c:\windows\inf\UpdateUSB.exe
2005-10-17 21:20 . 2001-08-31 12:00 80896 ----a-w- c:\windows\system32\fontsub.dll
2005-07-26 04:40 . 2001-08-31 12:00 75264 ----a-w- c:\windows\system32\olecli32.dll
2005-07-26 04:40 . 2001-08-31 12:00 37888 ----a-w- c:\windows\system32\olecnv32.dll
2004-08-19 13:39 . 2008-05-24 22:20 151040 ----a-w- c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
2004-08-19 13:39 . 2008-05-24 22:20 160256 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
2004-08-19 13:39 . 2008-05-24 22:20 18944 ----a-w- c:\windows\pchealth\helpctr\binaries\HscUpd.exe
2004-08-19 13:39 . 2008-05-24 22:20 768512 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
2004-08-19 13:39 . 2008-05-24 22:20 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2004-08-19 13:39 . 2004-08-19 13:39 33280 ----a-w- c:\windows\help\sstub.dll
2004-08-19 13:39 . 2004-08-19 13:39 279040 ----a-w- c:\windows\help\tshoot.dll
2004-08-19 13:39 . 2008-05-24 22:20 726590 ----a-w- c:\windows\srchasst\srchui.dll
2004-08-19 13:39 . 2008-05-24 22:20 58434 ----a-w- c:\windows\srchasst\srchctls.dll
2004-08-19 13:39 . 2004-08-19 13:39 34816 ----a-w- c:\windows\help\sniffpol.dll
2004-08-19 13:39 . 2008-05-24 22:20 38912 ----a-w- c:\windows\pchealth\helpctr\binaries\pchsvc.dll
2004-08-19 13:39 . 2008-05-24 22:20 102400 ----a-w- c:\windows\pchealth\helpctr\binaries\pchshell.dll
2004-08-19 13:39 . 2008-05-24 22:20 3166208 ----a-w- c:\windows\srchasst\msgr3en.dll
2004-08-19 13:39 . 2008-05-24 22:20 379904 ----a-w- c:\windows\pchealth\helpctr\binaries\msinfo.dll
2004-08-19 13:39 . 2004-08-19 13:39 450048 ----a-w- c:\windows\apppatch\AcLayers.dll
2004-08-19 13:39 . 2004-08-19 13:39 244736 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2004-08-19 13:39 . 2004-08-19 13:39 1852416 ----a-w- c:\windows\apppatch\AcGenral.dll
2004-08-19 13:39 . 2004-08-19 13:39 137728 ----a-w- c:\windows\apppatch\AcLua.dll
2004-08-19 13:39 . 2004-08-19 13:39 116224 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2004-03-08 21:00 . 2000-05-22 14:58 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2004-03-08 21:00 . 2000-05-22 14:58 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2001-11-09 16:01 . 2001-11-09 16:01 24064 ----a-w- c:\windows\system32\ativcoxx.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f4035115-6152-4901-a81d-f4e0a0479615}"= "c:\programmi\ilcorsaronero\prxtbilc0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f4035115-6152-4901-a81d-f4e0a0479615}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4035115-6152-4901-a81d-f4e0a0479615}]
2011-05-09 09:49 176936 ----a-w- c:\programmi\ilcorsaronero\prxtbilc0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f4035115-6152-4901-a81d-f4e0a0479615}"= "c:\programmi\ilcorsaronero\prxtbilc0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f4035115-6152-4901-a81d-f4e0a0479615}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F4035115-6152-4901-A81D-F4E0A0479615}"= "c:\programmi\ilcorsaronero\prxtbilc0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f4035115-6152-4901-a81d-f4e0a0479615}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchList"="c:\programmi\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"AliceMessenger"="c:\programmi\Alice Messenger\alicemessenger.exe" [2009-02-05 3657728]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2006-05-18 843776]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"RoxioDragToDisc"="c:\programmi\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-30 1116920]
"Media Codec Update Service"="c:\programmi\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-06-20 202256]
"avast5"="c:\programmi\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Olympus ib"="c:\programmi\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"MDS_Menu"="c:\programmi\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25/11/2009 21.07.52 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/11/2009 21.07.52 17744]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [16/11/2010 19.19.39 8192]
R2 SMART Display Controller;SMART Display Controller;c:\programmi\SMART Technologies\SMART Product Drivers\UCService.exe [15/07/2010 15.48.22 844688]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [28/05/2008 15.27.12 203264]
R3 PAC7311;Cammaestro 1.0PT build 146;c:\windows\system32\drivers\PA707UCM.sys [27/06/2005 17.09.24 140800]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [28/10/2010 16.49.51 136176]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [28/10/2010 16.49.51 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programmi\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13.49.20 227232]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\programmi\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [15/07/2010 15.48.48 1662352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2002-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-10-28 15:49]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-10-28 15:49]
.
2002-01-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-789336058-1303643608-839522115-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2002-01-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-1303643608-839522115-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/webhp?sourceid=nav ... t&ie=UTF-8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2002-01-01 06:05
Windows 5.1.2600 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2988)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\programmi\ArcSoft\WebCam Companion\PhotoImpression 5\share\pihook.dll
c:\programmi\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\programmi\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
c:\progra~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
c:\windows\System32\PAStiSvc.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\programmi\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\programmi\HP\Digital Imaging\bin\hpqSTE08.exe
c:\programmi\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Ora fine scansione: 2002-01-01 06:08:12 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2002-01-01 05:08
ComboFix2.txt 2001-12-31 23:39
.
Pre-Run: 210.944.880.640 byte disponibili
Post-Run: 211.164.393.472 byte disponibili
.
- - End Of File - - 337F806AEC650E07D0A03BF64CB64962
fabiogi70
Newbie
 
Post: 5
Iscritto il: 27/09/12 20:11

Re: Pc infetto da Trojan.Agent/Gen-Krypt

Postdi FrancescoFDAC » 02/10/12 13:15

Disinstalla Shareaza e USDownloader e elimina questi file/cartelle:
C:\Shareaza_2.5.0.0_Win32.exe
C:\hjsplit.exe
C:\USDownloader
C:\USD.2007.V5.exe
C:\MDownloader-0.7.5.43616.msi

Scarica SystemLook, scegliendo la versione adatta al tuo Sistema Operativo;
32 Bit: http://jpshortstuff.247fixes.com/SystemLook.exe
64 Bit: http://jpshortstuff.247fixes.com/SystemLook_x64.exe

● posiziona il file scaricato sul Desktop
● clicca due volte sul file SystemLook per avviare l'applicazione
● copia ed incolla le seguenti righe:

:filefind
proquota.exe

● clicca il bottone Look per iniziare la scansione
● terminata, verrà aperto automaticamente un file di testo
allega il log (si trova anche sul Desktop, ed ha nome SystemLook.txt)
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Precedente

Torna a Sicurezza e Privacy


Topic correlati a "Pc infetto da Trojan.Agent/Gen-Krypt":

trojan win32/sirefef
Autore: marzianu
Forum: Sicurezza e Privacy
Risposte: 27

Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti