Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

FORSE PC INFETTATO???

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: Luke57, kadosh

FORSE PC INFETTATO???

Postdi danyela » 09/11/17 23:05

Buonasera a tutti.
Ho bisogno di aiuto (credo). Spesso mentre navigo in Internet e clicco su link di varia natura si aprono pagine strane, tipo richieste di scaricare programmi PDF, oppure avvisi di Windows che dicono il pc è infettato e devo installare alcuni componenti aggiuntivi. Usi ancora windows XP (service pack 3 ma con aggiornamenti oramai obsoleti) e come motore di ricerca Slimjet. Provo ad allegarVi il logfile. Potete aiutarmi? Grazie della vostra consueta gentilezza


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 22.43.02, on 09/11/2017
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)


Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\HiSuite\HandSetService\HuaweiHiSuiteService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\CCleaner\CCleaner.exe
C:\Programmi\AVAST Software\Avast\AvastUI.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\mshta.exe
C:\Programmi\AVAST Software\Avast\aswidsagent.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Daniela\Documenti\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [DriverPack Notifier] C:\Programmi\DriverPack Notifier\DriverPackNotifier.exe --run startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Programmi\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Programmi\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Programmi\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Programmi\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: HuaweiHiSuiteService.exe - Unknown owner - C:\Programmi\HiSuite\HandSetService\HuaweiHiSuiteService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe

--
End of file - 5388 bytes
danyela
Utente Junior
 
Post: 84
Iscritto il: 28/06/07 09:20
Località: torino

Sponsor
 

Re: FORSE PC INFETTATO???

Postdi dany79 » 10/11/17 08:28

Ciao Danyela,

Hajickthis é ormai obsoleto...

Esegui i seguenti passaggi in ordine cronologica:

Scarica Malwarebyte antimalware da qui https://it.malwarebytes.com/
fai la scansione ed elimina cio che trova e posta il log generato

Poi scarica adwcleaner da qui www.bleepingcomputer.com/download/adwcleaner/
tasto dx sopra eseguibile avvia comeamministratore e fai la scansione elimina quello che trova e posta il log

poi prova jrt scaricalo da qui www.bleepingcomputer.com/download/junkw ... oval-tool/
disattiva antivirus
metti l eseguibile sul desktop
tasto dx sopra ed apri come amministratore
dai invio quando richiesto
attendi la fine della scansione
riattiva antivirus
posta il log scaturito(lotrovi sul desktop)

Infine scarica frst da qui www.bleepingcomputer.com/download/farba ... scan-tool/
scarica la versione adatta al tuo sistema operativo 32 o 64 bit
posiziona l eseguibile sul desktop
tasto dx sopra eseguibile--apri come amministratore
una volta aperto clicca su scan
postare log frst.txt e addition.txt

Non preoccuparti le scansioni sono quasi tutte relativamente veloci...
--DARRILL79--
Avatar utente
dany79
Utente Junior
 
Post: 46
Iscritto il: 26/10/13 11:51
Località: Barchi (pu)

Re: FORSE PC INFETTATO???

Postdi danyela » 10/11/17 14:16

Ciao e grazie della risposta.
Ho fatto il primo passaggio tutto ok. Poi posto tutti log insieme.
Ho però un problema con adwcleaner perchè dopo aver dato l'esegui come amministratore mi dice che "non è un applicazione di Win32 valida". :(
Posso procedere con il resto?
Grazie
danyela
Utente Junior
 
Post: 84
Iscritto il: 28/06/07 09:20
Località: torino

Re: FORSE PC INFETTATO???

Postdi dany79 » 10/11/17 14:50

Si vai con il resto...
--DARRILL79--
Avatar utente
dany79
Utente Junior
 
Post: 46
Iscritto il: 26/10/13 11:51
Località: Barchi (pu)

Re: FORSE PC INFETTATO???

Postdi dany79 » 10/11/17 15:04

Caio una domanda:
Riesci ad accedere alla modalita provvisoria???

(Ho un sospetto che sei infetta dal worm beagle) :-?

Fai anche queste scansioni prima di eseguire frst...

Scarica tdsskiller da qui www.bleepingcomputer.com/download/tdsskiller/
Segui questa guida per il programma www.why-tech.it/come-rimuovere-defi...t-dal-pc-1.html
Posta il log...

Poi scarica Malwarebyte Antirootkit da qui https://it.malwarebytes.com/antirootkit/
Segui la guida fornita nel sito nella stessapagina del download
Posta il log generato

Esegui anche una scansione con rogue killer...
Scaricalo da qui...
www.adlice.com/download/roguekiller/
Segui questa guida per usare il programma
http://it.ccm.net/faq/3204-come-usare
Cancella solo le voci di colore rosso...
Posta il.report

Grazie
--DARRILL79--
Avatar utente
dany79
Utente Junior
 
Post: 46
Iscritto il: 26/10/13 11:51
Località: Barchi (pu)

Re: FORSE PC INFETTATO???

Postdi danyela » 10/11/17 21:06

Ciao caspita ho visto solo dopo il tuo post e ho già fatto la scansione con FRST... Mi spiace: dimmi se posso fare comunque il resto.Per ora ti posto i log eseguiti:
Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data scansione: 10/11/17
Ora scansione: 11:58
File di log: 23f265e2-c606-11e7-8f8b-0040d08f3128.json
Amministratore: Sì

-Informazioni software-
Versione: 3.3.1.2183
Versione componenti: 1.0.236
Aggiorna versione pacchetto: 1.0.3220
Licenza: Trial

-Informazioni sistema-
SO: Windows XP Service Pack 3
CPU: x86
File system: NTFS
Utente: PC\Daniela

-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Risultati: Completata
Elementi analizzati: 115775
Minacce rilevate: 41
Minacce messe in quarantena: 41
Tempo impiegato: 8 min, 38 sec

-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Analisi euristica: Attivata
PUP: Rilevare
PUM: Rilevare

-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)

Modulo: 0
(Nessun elemento nocivo rilevato)

Chiave di registro: 1
PUP.Optional.DriverPack, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DriverPack Notifier, In quarantena, [2085], [358058],1.0.3220

Valore di registro: 3
PUP.Optional.DriverPack, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DriverPack Notifier, In quarantena, [2085], [358058],1.0.3220
Trojan.Floxif.Trace, HKLM\SOFTWARE\PIRIFORM\AGOMO|MUID, In quarantena, [8858], [436740],1.0.3220
Trojan.Floxif.Trace, HKLM\SOFTWARE\PIRIFORM\AGOMO|TCID, In quarantena, [8858], [436739],1.0.3220

Dati di registro: 3
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, Sostituito, [15880], [293294],1.0.3220
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, Sostituito, [15880], [293295],1.0.3220
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, Sostituito, [15880], [293296],1.0.3220

Flusso di dati: 0
(Nessun elemento nocivo rilevato)

Cartella: 5
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\notifier, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\icons, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\PROGRAMMI\DRIVERPACK NOTIFIER, In quarantena, [2085], [358058],1.0.3220

File: 29
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\icons\gliph-celcium.png, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\icons\blank.gif, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\icons\close.png, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\icons\drp.png, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\icons\file-icon.png, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\icons\gliph-battery-failure.png, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\icons\gliph-battery.png, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\icons\gliph-chipset.png, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\icons\gliph-cooler.png, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\icons\gliph-danger.png, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\icons\gliph-fire.png, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\icons\gliph-harddrive.png, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\icons\gliph-phone.png, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\icons\gliph-ram.png, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\icons\gliph-security.png, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\icons\gliph-success.png, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\icons\gliph-tip.png, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\icons\gliph-tool.png, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\icons\gliph-usb.png, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\icons\loading.gif, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\notifier\64.png, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\notifier\notification.js, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\notifier\notifier.hta, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\main.js, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\run.hta, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\bin\Tools\wget.exe, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\DriverPackNotifier.exe, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\Icon.ico, In quarantena, [2085], [358058],1.0.3220
PUP.Optional.DriverPack, C:\Programmi\DriverPack Notifier\Uninstall.exe, In quarantena, [2085], [358058],1.0.3220

Settore fisico: 0
(Nessun elemento nocivo rilevato)


(end)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Microsoft Windows XP x86
Ran by Administrator (Administrator) on 10/11/2017 at 14.43.47,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Programmi\comodo\geekbuddy (Folder)



Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/11/2017 at 14.44.43,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
danyela
Utente Junior
 
Post: 84
Iscritto il: 28/06/07 09:20
Località: torino

Re: FORSE PC INFETTATO???

Postdi danyela » 10/11/17 21:06

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2017 02
Ran by Administrator (administrator) on PC (10-11-2017 20:37:43)
Running from C:\Documents and Settings\Daniela\Desktop
Loaded Profiles: Daniela & Administrator (Available Profiles: Daniela & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: Italiano (Italia)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Programmi\AVAST Software\Avast\AvastSvc.exe
() C:\Programmi\HiSuite\HandSetService\HuaweiHiSuiteService.exe
(Microsoft Corporation) C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
(TeamViewer GmbH) C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe
(Malwarebytes) C:\Programmi\Malwarebytes\Anti-Malware\MBAMService.exe
(Hewlett-Packard Co.) C:\Programmi\HP\HP Software Update\hpwuSchd2.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Piriform Ltd) C:\Programmi\CCleaner\CCleaner.exe
(Hewlett-Packard Co.) C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
(AVAST Software) C:\Programmi\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Co.) C:\Programmi\HP\Digital Imaging\bin\hpqste08.exe
(AVAST Software) C:\Programmi\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Malwarebytes) C:\Programmi\Malwarebytes\Anti-Malware\mbamtray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] => C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Programmi\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-09] (AVAST Software)
HKLM\...\Run: [HP Software Update] => C:\Programmi\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25] (ATI Technologies Inc.)
HKU\S-1-5-21-682003330-299502267-1177238915-1003\...\Run: [CCleaner Monitoring] => C:\Programmi\CCleaner\CCleaner.exe [7814656 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-682003330-299502267-1177238915-1003\...\MountPoints2: {1277f744-7c03-11e7-8c84-0040d08f3128} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-682003330-299502267-1177238915-1003\...\MountPoints2: {212b6885-c457-11e7-8cd3-0040d08f3128} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-682003330-299502267-1177238915-1003\...\MountPoints2: {6c2d6d8c-2270-11e7-8c2d-0040d08f3128} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-682003330-299502267-1177238915-1003\...\MountPoints2: {82796843-7d3c-11e7-8c86-0040d08f3128} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-682003330-299502267-1177238915-1003\...\MountPoints2: {8f4ee902-22d5-11e7-8c2e-0040d08f3128} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-682003330-299502267-1177238915-1003\...\MountPoints2: {8f4ee903-22d5-11e7-8c2e-0040d08f3128} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-682003330-299502267-1177238915-1003\...\MountPoints2: {c691f9ce-4376-11e7-8c3d-0040d08f3128} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-682003330-299502267-1177238915-1003\...\MountPoints2: {ed66f884-4965-11e7-8c40-0040d08f3128} - E:\HiSuiteDownLoader.exe
ShellExecuteHooks: Hook per l'esecuzione degli URL - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8492032 2012-06-08] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk [2016-12-30]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk [2016-12-17]
ShortcutTarget: Microsoft Office.lnk -> C:\Programmi\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 185.162.9.197 8.8.4.4
Tcpip\..\Interfaces\{59C77444-4460-422D-959A-48F18693839B}: [DhcpNameServer] 185.162.9.197 8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-682003330-299502267-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.it/
HKU\S-1-5-21-682003330-299502267-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: [S-1-5-21-682003330-299502267-1177238915-500] ATTENTION => Default URLSearchHook is missing
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll [2017-11-09] (AVAST Software)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-12-22] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-26] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programmi\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programmi\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Programmi\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-10-31] (Adobe Systems Incorporated) [File not signed]
R3 aswbIDSAgent; C:\Programmi\AVAST Software\Avast\aswidsagent.exe [5904136 2017-11-09] (AVAST Software)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2009-02-25] () [File not signed]
R2 avast! Antivirus; C:\Programmi\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-09] (AVAST Software)
S2 gupdate; C:\Programmi\Google\Update\GoogleUpdate.exe [153752 2016-12-17] (Google Inc.)
S3 gupdatem; C:\Programmi\Google\Update\GoogleUpdate.exe [153752 2016-12-17] (Google Inc.)
R3 hpqcxs08; C:\Programmi\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Programmi\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 HuaweiHiSuiteService.exe; C:\Programmi\HiSuite\HandSetService\HuaweiHiSuiteService.exe [155848 2017-07-26] () [File not signed]
R2 MBAMService; C:\Programmi\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 MDM; C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 TeamViewer9; C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe [5261584 2015-04-09] (TeamViewer GmbH)
S3 WMPNetworkSvc; C:\Programmi\Windows Media Player\WMPNetwk.exe [918528 2009-02-04] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [157176 2017-11-09] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [255616 2017-11-09] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [157408 2017-11-09] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [276728 2017-11-09] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [50376 2017-11-09] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42848 2017-11-09] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [39784 2017-08-31] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [124952 2017-11-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70112 2017-11-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [70864 2017-11-09] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783136 2017-11-09] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [388768 2017-11-09] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [205392 2017-11-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [298360 2017-11-09] (AVAST Software)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59896 2017-11-01] ()
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-08] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-08] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-08] (HP)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [210048 2008-10-15] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [985856 2008-10-15] (Conexant Systems, Inc.)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [150304 2017-11-10] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40376 2017-11-10] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [221112 2017-11-10] (Malwarebytes)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [4221952 2009-10-26] (Intel Corporation)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2017-07-26] (Huawei Technologies Co., Ltd.)
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-10 20:37 - 2017-11-10 20:38 - 000013488 _____ C:\Documents and Settings\Daniela\Desktop\FRST.txt
2017-11-10 20:37 - 2017-11-10 20:37 - 000000000 ____D C:\FRST
2017-11-10 14:48 - 2017-11-10 14:48 - 002403328 _____ (Farbar) C:\Documents and Settings\Daniela\Desktop\FRST64.exe
2017-11-10 14:48 - 2017-11-10 14:47 - 001799680 _____ (Farbar) C:\Documents and Settings\Daniela\Desktop\FRST.exe
2017-11-10 14:44 - 2017-11-10 14:45 - 000000730 _____ C:\Documents and Settings\Administrator\Desktop\JRT.txt
2017-11-10 14:43 - 2017-11-10 14:43 - 000000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2017-11-10 14:42 - 2017-11-10 14:42 - 001790024 _____ (Malwarebytes) C:\Documents and Settings\Daniela\Desktop\JRT.exe
2017-11-10 13:59 - 2017-11-10 20:38 - 000000000 ____D C:\Documents and Settings\Administrator\Impostazioni locali\Temp
2017-11-10 13:59 - 2017-11-10 20:37 - 000000194 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2017-11-10 13:59 - 2017-11-10 14:43 - 000000000 ____D C:\Documents and Settings\Administrator
2017-11-10 13:59 - 2016-12-16 20:23 - 000000000 __SHD C:\Documents and Settings\Administrator\Impostazioni locali\Cronologia
2017-11-10 13:59 - 2016-12-16 20:23 - 000000000 __RHD C:\Documents and Settings\Administrator\Dati applicazioni
2017-11-10 13:59 - 2016-12-16 20:23 - 000000000 ___RD C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica
2017-11-10 13:59 - 2016-12-16 20:23 - 000000000 ___RD C:\Documents and Settings\Administrator\Menu Avvio
2017-11-10 13:59 - 2016-12-16 20:23 - 000000000 ___HD C:\Documents and Settings\Administrator\Risorse di stampa
2017-11-10 13:59 - 2016-12-16 20:23 - 000000000 ___HD C:\Documents and Settings\Administrator\Risorse di rete
2017-11-10 13:59 - 2016-12-16 20:23 - 000000000 ___HD C:\Documents and Settings\Administrator\Impostazioni locali
2017-11-10 13:59 - 2016-12-16 20:23 - 000000000 ____D C:\Documents and Settings\Administrator\Preferiti
2017-11-10 13:59 - 2016-12-16 20:23 - 000000000 ____D C:\Documents and Settings\Administrator\Documenti
2017-11-10 13:59 - 2016-12-16 19:45 - 000001599 _____ C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Assistenza remota.lnk
2017-11-10 13:59 - 2016-12-16 19:45 - 000000772 _____ C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Windows Media Player.lnk
2017-11-10 13:59 - 2016-12-16 19:45 - 000000000 ___RD C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Accessori
2017-11-10 13:59 - 2016-12-16 19:45 - 000000000 ___RD C:\Documents and Settings\Administrator\Menu Avvio\Programmi
2017-11-10 13:59 - 2016-12-16 19:45 - 000000000 ___HD C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni
2017-11-10 13:59 - 2016-12-16 19:39 - 000000000 ___HD C:\Documents and Settings\Administrator\Modelli
2017-11-10 12:14 - 2017-11-10 12:23 - 000006390 _____ C:\Documents and Settings\Daniela\Desktop\malwarebyts LOG.txt
2017-11-10 12:12 - 2017-11-10 12:12 - 000006616 _____ C:\Documents and Settings\Daniela\Desktop\malwarebyts.txt
2017-11-10 11:58 - 2017-11-10 20:05 - 000040376 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-10 11:58 - 2017-11-10 11:58 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-11-10 11:58 - 2017-11-10 11:58 - 000150304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-11-10 11:57 - 2017-11-10 11:57 - 000001679 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-11-10 11:57 - 2017-11-10 11:57 - 000000000 ____D C:\Programmi\Malwarebytes
2017-11-10 11:57 - 2017-11-10 11:57 - 000000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes
2017-11-10 11:57 - 2017-11-10 11:57 - 000000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2017-11-10 11:57 - 2017-11-01 08:54 - 000059896 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-11-10 08:29 - 2017-11-10 08:29 - 000019480 _____ C:\Documents and Settings\Daniela\Dati applicazioni\GDIPFONTCACHEV1.DAT
2017-11-09 21:05 - 2017-11-09 21:05 - 000026725 _____ C:\Documents and Settings\Daniela\Desktop\cv_europeo rev 27 ott 17_ nf.pdf
2017-11-09 18:57 - 2017-11-09 18:55 - 000157176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2017-11-09 18:56 - 2017-11-09 18:55 - 000305328 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-11-09 14:47 - 2017-11-09 14:47 - 000019480 _____ C:\Documents and Settings\Daniela\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2017-11-09 14:47 - 2017-11-09 14:47 - 000000000 _____ C:\WINDOWS\system32\h323log.txt
2017-11-09 14:46 - 2017-11-09 14:46 - 000118952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-09 14:46 - 2017-11-09 14:46 - 000000000 ____D C:\Programmi\xerox
2017-11-09 14:46 - 2017-11-09 14:46 - 000000000 ____D C:\Programmi\microsoft frontpage
2017-11-08 08:34 - 2017-11-08 08:34 - 000000000 ____H C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2017-11-03 18:47 - 2017-11-03 18:47 - 000014159 _____ C:\Documents and Settings\Daniela\Documenti\lettera presentazione FACIT.pdf
2017-11-03 18:40 - 2017-11-03 18:40 - 000014066 _____ C:\Documents and Settings\Daniela\Desktop\lettera presentazione IREN.pdf
2017-11-03 17:29 - 2017-11-05 20:31 - 000107196 _____ C:\Documents and Settings\Daniela\Desktop\cv_europeo rev 27 ott 17_.pdf
2017-11-02 18:04 - 2017-11-02 19:06 - 000015874 _____ C:\Documents and Settings\Daniela\Desktop\lettera presentazione.pdf
2017-11-01 10:34 - 2017-11-01 10:35 - 000085288 _____ C:\Documents and Settings\Daniela\Desktop\cv_europeo rev 27 ott 17.pdf
2017-11-01 10:20 - 2017-11-01 10:20 - 000000000 ____D C:\Documents and Settings\Daniela\Impostazioni locali\Dati applicazioni\Help
2017-11-01 10:20 - 2017-11-01 10:20 - 000000000 ____D C:\Documents and Settings\Daniela\Dati applicazioni\Help
2017-11-01 10:16 - 2017-11-01 10:17 - 000000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\gotomaxx
2017-11-01 10:16 - 2017-11-01 10:16 - 000000000 ____D C:\Programmi\GEngine
2017-11-01 10:16 - 2017-11-01 10:16 - 000000000 ____D C:\Documents and Settings\Daniela\Dati applicazioni\gotomaxx
2017-11-01 10:16 - 2017-11-01 10:16 - 000000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\gotomaxx
2017-11-01 10:15 - 2017-11-01 10:16 - 000000000 ____D C:\Programmi\gotomaxx
2017-11-01 10:11 - 2017-11-01 10:12 - 000000000 ____D C:\Programmi\A-PDF Mailer
2017-11-01 09:34 - 2017-11-02 17:51 - 000034304 ___SH C:\Documents and Settings\Daniela\Desktop\Thumbs.db
2017-11-01 07:54 - 2017-11-01 07:54 - 000082807 _____ C:\Documents and Settings\Daniela\Documenti\Modulo_6573 (2).pdf
2017-10-26 20:39 - 2017-10-26 20:39 - 000000082 _____ C:\Documents and Settings\Daniela\Documenti\cc_20171026_213910.reg
2017-10-26 20:38 - 2017-11-10 20:04 - 000000324 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2017-10-12 20:06 - 2017-10-12 20:06 - 000000000 ____D C:\Documents and Settings\LocalService\Dati applicazioni\Macromedia

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-10 20:12 - 2016-12-16 20:45 - 000000000 ____D C:\Documents and Settings\Daniela\Impostazioni locali\Temp
2017-11-10 20:06 - 2017-08-29 20:58 - 000000978 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-11-10 20:06 - 2016-12-16 19:49 - 000032470 _____ C:\WINDOWS\SchedLgU.Txt
2017-11-10 20:04 - 2017-03-25 09:29 - 000000350 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2017-11-10 20:03 - 2016-12-18 17:16 - 000000452 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1482077763.job
2017-11-10 20:03 - 2016-12-17 15:12 - 000001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-11-10 20:03 - 2008-04-14 04:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-11-10 20:02 - 2016-12-17 14:06 - 000000226 _____ C:\WINDOWS\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job
2017-11-10 20:02 - 2016-12-16 19:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-10 14:49 - 2016-12-17 16:49 - 000065536 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2017-11-10 14:49 - 2016-12-16 20:45 - 000000306 ___SH C:\Documents and Settings\Daniela\ntuser.ini
2017-11-10 14:49 - 2016-12-16 20:45 - 000000000 ____D C:\Documents and Settings\Daniela
2017-11-10 14:44 - 2016-12-22 22:37 - 000000000 ____D C:\Programmi\COMODO
2017-11-10 13:59 - 2016-12-16 20:22 - 000000000 ____D C:\Documents and Settings
2017-11-10 13:50 - 2016-12-17 15:12 - 000001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-11-10 13:13 - 2016-12-16 20:45 - 000000000 ___RD C:\Documents and Settings\Daniela\Preferiti
2017-11-10 12:54 - 2016-12-16 19:45 - 000001607 _____ C:\Documents and Settings\All Users\Menu Avvio\Impostazioni accesso ai programmi.lnk
2017-11-10 12:09 - 2016-12-16 20:24 - 000000000 ___RD C:\Programmi
2017-11-10 11:57 - 2016-12-16 20:23 - 000000000 __RHD C:\Documents and Settings\All Users\Dati applicazioni
2017-11-10 11:57 - 2016-12-16 20:23 - 000000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi
2017-11-10 08:35 - 2016-12-16 20:45 - 000000000 ___RD C:\Documents and Settings\Daniela\Documenti
2017-11-10 08:29 - 2016-12-17 13:04 - 000002523 _____ C:\Documents and Settings\All Users\Menu Avvio\Programmi\Microsoft Word.lnk
2017-11-10 08:29 - 2016-12-16 20:45 - 000000000 __RHD C:\Documents and Settings\Daniela\Dati applicazioni
2017-11-09 21:04 - 2017-01-16 15:18 - 000000000 ____D C:\Documents and Settings\Daniela\Documenti\DANIEL
2017-11-09 18:58 - 2016-12-16 20:11 - 000000000 ___HD C:\WINDOWS\inf
2017-11-09 18:55 - 2016-12-18 17:06 - 000388768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-11-09 18:55 - 2016-12-18 17:06 - 000298360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-11-09 18:55 - 2016-12-18 17:06 - 000205392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2017-11-09 18:55 - 2016-12-18 17:06 - 000124952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-11-09 18:55 - 2016-12-18 17:06 - 000070864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-11-09 18:55 - 2016-12-18 17:06 - 000070112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2017-11-09 18:55 - 2016-12-18 17:06 - 000042848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-11-09 18:54 - 2017-03-25 09:29 - 000276728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys
2017-11-09 18:54 - 2017-03-25 09:29 - 000255616 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-11-09 18:54 - 2017-03-25 09:29 - 000157408 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-11-09 18:54 - 2017-03-25 09:29 - 000050376 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2017-11-09 18:54 - 2016-12-18 17:06 - 000783136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-11-09 14:47 - 2016-12-16 20:45 - 000000000 ___HD C:\Documents and Settings\Daniela\Impostazioni locali\Dati applicazioni
2017-11-09 12:23 - 2017-09-05 21:51 - 000000000 ____D C:\Documents and Settings\Daniela\Impostazioni locali\Dati applicazioni\PrivaZer
2017-11-09 12:15 - 2016-12-18 17:13 - 000000000 ____D C:\Documents and Settings\Daniela\Impostazioni locali\Dati applicazioni\Temp
2017-11-09 12:06 - 2016-12-16 20:45 - 000000000 __SHD C:\Documents and Settings\Daniela\Impostazioni locali\Cronologia
2017-11-09 08:50 - 2017-07-30 09:13 - 000000000 ____D C:\Documents and Settings\Daniela\Dati applicazioni\Telegram Desktop
2017-11-09 08:36 - 2017-04-16 07:55 - 000000000 ____D C:\Documents and Settings\Daniela\Documenti\HiSuite
2017-11-08 09:13 - 2016-12-16 20:45 - 000000000 ___RD C:\Documents and Settings\Daniela\Documenti\Immagini
2017-11-08 08:58 - 2017-10-07 19:35 - 000009728 _____ C:\Documents and Settings\Daniela\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-02 14:56 - 2017-04-25 07:51 - 000000000 ____D C:\Documents and Settings\Daniela\Documenti\Scansioni personali
2017-11-02 08:36 - 2016-12-18 17:16 - 000000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2017-11-02 08:36 - 2016-12-17 15:10 - 000000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
2017-11-01 10:21 - 2017-09-05 21:51 - 000001518 _____ C:\Documents and Settings\All Users\Menu Avvio\Programmi\PrivaZer.lnk
2017-11-01 10:21 - 2017-09-05 21:51 - 000001512 _____ C:\Documents and Settings\All Users\Desktop\PrivaZer.lnk
2017-11-01 10:21 - 2017-09-05 21:51 - 000000000 ____D C:\Programmi\PrivaZer
2017-10-31 15:06 - 2017-09-01 19:25 - 000001040 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-10-31 15:06 - 2017-08-29 20:58 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-10-31 15:06 - 2017-08-29 20:58 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-10-31 15:06 - 2016-12-16 19:42 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-31 15:01 - 2016-12-16 20:24 - 001073486 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-31 15:01 - 2008-04-14 04:00 - 000479866 _____ C:\WINDOWS\system32\perfh010.dat
2017-10-31 15:01 - 2008-04-14 04:00 - 000080160 _____ C:\WINDOWS\system32\perfc010.dat
2017-10-26 20:38 - 2017-08-19 06:57 - 000000654 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2017-10-26 20:38 - 2017-07-30 08:46 - 000000000 ____D C:\Programmi\CCleaner
2017-10-26 20:38 - 2016-12-17 12:58 - 000000000 __SHD C:\Documents and Settings\Daniela\UserData
2017-10-17 21:10 - 2016-12-18 17:04 - 000000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\AVAST Software

==================== Files in the root of some directories =======

2016-12-30 16:50 - 2016-12-30 17:00 - 000000737 _____ () C:\Documents and Settings\All Users\Dati applicazioni\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2017 02
Ran by Administrator (administrator) on PC (10-11-2017 20:37:43)
Running from C:\Documents and Settings\Daniela\Desktop
Loaded Profiles: Daniela & Administrator (Available Profiles: Daniela & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: Italiano (Italia)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Programmi\AVAST Software\Avast\AvastSvc.exe
() C:\Programmi\HiSuite\HandSetService\HuaweiHiSuiteService.exe
(Microsoft Corporation) C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
(TeamViewer GmbH) C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe
(Malwarebytes) C:\Programmi\Malwarebytes\Anti-Malware\MBAMService.exe
(Hewlett-Packard Co.) C:\Programmi\HP\HP Software Update\hpwuSchd2.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Piriform Ltd) C:\Programmi\CCleaner\CCleaner.exe
(Hewlett-Packard Co.) C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
(AVAST Software) C:\Programmi\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Co.) C:\Programmi\HP\Digital Imaging\bin\hpqste08.exe
(AVAST Software) C:\Programmi\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Malwarebytes) C:\Programmi\Malwarebytes\Anti-Malware\mbamtray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] => C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Programmi\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-09] (AVAST Software)
HKLM\...\Run: [HP Software Update] => C:\Programmi\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25] (ATI Technologies Inc.)
HKU\S-1-5-21-682003330-299502267-1177238915-1003\...\Run: [CCleaner Monitoring] => C:\Programmi\CCleaner\CCleaner.exe [7814656 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-682003330-299502267-1177238915-1003\...\MountPoints2: {1277f744-7c03-11e7-8c84-0040d08f3128} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-682003330-299502267-1177238915-1003\...\MountPoints2: {212b6885-c457-11e7-8cd3-0040d08f3128} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-682003330-299502267-1177238915-1003\...\MountPoints2: {6c2d6d8c-2270-11e7-8c2d-0040d08f3128} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-682003330-299502267-1177238915-1003\...\MountPoints2: {82796843-7d3c-11e7-8c86-0040d08f3128} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-682003330-299502267-1177238915-1003\...\MountPoints2: {8f4ee902-22d5-11e7-8c2e-0040d08f3128} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-682003330-299502267-1177238915-1003\...\MountPoints2: {8f4ee903-22d5-11e7-8c2e-0040d08f3128} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-682003330-299502267-1177238915-1003\...\MountPoints2: {c691f9ce-4376-11e7-8c3d-0040d08f3128} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-682003330-299502267-1177238915-1003\...\MountPoints2: {ed66f884-4965-11e7-8c40-0040d08f3128} - E:\HiSuiteDownLoader.exe
ShellExecuteHooks: Hook per l'esecuzione degli URL - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8492032 2012-06-08] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk [2016-12-30]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk [2016-12-17]
ShortcutTarget: Microsoft Office.lnk -> C:\Programmi\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 185.162.9.197 8.8.4.4
Tcpip\..\Interfaces\{59C77444-4460-422D-959A-48F18693839B}: [DhcpNameServer] 185.162.9.197 8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-682003330-299502267-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.it/
HKU\S-1-5-21-682003330-299502267-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: [S-1-5-21-682003330-299502267-1177238915-500] ATTENTION => Default URLSearchHook is missing
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll [2017-11-09] (AVAST Software)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-12-22] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-26] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programmi\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programmi\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Programmi\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-10-31] (Adobe Systems Incorporated) [File not signed]
R3 aswbIDSAgent; C:\Programmi\AVAST Software\Avast\aswidsagent.exe [5904136 2017-11-09] (AVAST Software)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2009-02-25] () [File not signed]
R2 avast! Antivirus; C:\Programmi\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-09] (AVAST Software)
S2 gupdate; C:\Programmi\Google\Update\GoogleUpdate.exe [153752 2016-12-17] (Google Inc.)
S3 gupdatem; C:\Programmi\Google\Update\GoogleUpdate.exe [153752 2016-12-17] (Google Inc.)
R3 hpqcxs08; C:\Programmi\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Programmi\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 HuaweiHiSuiteService.exe; C:\Programmi\HiSuite\HandSetService\HuaweiHiSuiteService.exe [155848 2017-07-26] () [File not signed]
R2 MBAMService; C:\Programmi\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 MDM; C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 TeamViewer9; C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe [5261584 2015-04-09] (TeamViewer GmbH)
S3 WMPNetworkSvc; C:\Programmi\Windows Media Player\WMPNetwk.exe [918528 2009-02-04] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [157176 2017-11-09] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [255616 2017-11-09] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [157408 2017-11-09] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [276728 2017-11-09] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [50376 2017-11-09] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42848 2017-11-09] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [39784 2017-08-31] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [124952 2017-11-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70112 2017-11-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [70864 2017-11-09] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783136 2017-11-09] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [388768 2017-11-09] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [205392 2017-11-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [298360 2017-11-09] (AVAST Software)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59896 2017-11-01] ()
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-08] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-08] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-08] (HP)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [210048 2008-10-15] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [985856 2008-10-15] (Conexant Systems, Inc.)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [150304 2017-11-10] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40376 2017-11-10] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [221112 2017-11-10] (Malwarebytes)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [4221952 2009-10-26] (Intel Corporation)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2017-07-26] (Huawei Technologies Co., Ltd.)
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-10 20:37 - 2017-11-10 20:38 - 000013488 _____ C:\Documents and Settings\Daniela\Desktop\FRST.txt
2017-11-10 20:37 - 2017-11-10 20:37 - 000000000 ____D C:\FRST
2017-11-10 14:48 - 2017-11-10 14:48 - 002403328 _____ (Farbar) C:\Documents and Settings\Daniela\Desktop\FRST64.exe
2017-11-10 14:48 - 2017-11-10 14:47 - 001799680 _____ (Farbar) C:\Documents and Settings\Daniela\Desktop\FRST.exe
2017-11-10 14:44 - 2017-11-10 14:45 - 000000730 _____ C:\Documents and Settings\Administrator\Desktop\JRT.txt
2017-11-10 14:43 - 2017-11-10 14:43 - 000000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2017-11-10 14:42 - 2017-11-10 14:42 - 001790024 _____ (Malwarebytes) C:\Documents and Settings\Daniela\Desktop\JRT.exe
2017-11-10 13:59 - 2017-11-10 20:38 - 000000000 ____D C:\Documents and Settings\Administrator\Impostazioni locali\Temp
2017-11-10 13:59 - 2017-11-10 20:37 - 000000194 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2017-11-10 13:59 - 2017-11-10 14:43 - 000000000 ____D C:\Documents and Settings\Administrator
2017-11-10 13:59 - 2016-12-16 20:23 - 000000000 __SHD C:\Documents and Settings\Administrator\Impostazioni locali\Cronologia
2017-11-10 13:59 - 2016-12-16 20:23 - 000000000 __RHD C:\Documents and Settings\Administrator\Dati applicazioni
2017-11-10 13:59 - 2016-12-16 20:23 - 000000000 ___RD C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica
2017-11-10 13:59 - 2016-12-16 20:23 - 000000000 ___RD C:\Documents and Settings\Administrator\Menu Avvio
2017-11-10 13:59 - 2016-12-16 20:23 - 000000000 ___HD C:\Documents and Settings\Administrator\Risorse di stampa
2017-11-10 13:59 - 2016-12-16 20:23 - 000000000 ___HD C:\Documents and Settings\Administrator\Risorse di rete
2017-11-10 13:59 - 2016-12-16 20:23 - 000000000 ___HD C:\Documents and Settings\Administrator\Impostazioni locali
2017-11-10 13:59 - 2016-12-16 20:23 - 000000000 ____D C:\Documents and Settings\Administrator\Preferiti
2017-11-10 13:59 - 2016-12-16 20:23 - 000000000 ____D C:\Documents and Settings\Administrator\Documenti
2017-11-10 13:59 - 2016-12-16 19:45 - 000001599 _____ C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Assistenza remota.lnk
2017-11-10 13:59 - 2016-12-16 19:45 - 000000772 _____ C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Windows Media Player.lnk
2017-11-10 13:59 - 2016-12-16 19:45 - 000000000 ___RD C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Accessori
2017-11-10 13:59 - 2016-12-16 19:45 - 000000000 ___RD C:\Documents and Settings\Administrator\Menu Avvio\Programmi
2017-11-10 13:59 - 2016-12-16 19:45 - 000000000 ___HD C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni
2017-11-10 13:59 - 2016-12-16 19:39 - 000000000 ___HD C:\Documents and Settings\Administrator\Modelli
2017-11-10 12:14 - 2017-11-10 12:23 - 000006390 _____ C:\Documents and Settings\Daniela\Desktop\malwarebyts LOG.txt
2017-11-10 12:12 - 2017-11-10 12:12 - 000006616 _____ C:\Documents and Settings\Daniela\Desktop\malwarebyts.txt
2017-11-10 11:58 - 2017-11-10 20:05 - 000040376 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-10 11:58 - 2017-11-10 11:58 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-11-10 11:58 - 2017-11-10 11:58 - 000150304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-11-10 11:57 - 2017-11-10 11:57 - 000001679 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-11-10 11:57 - 2017-11-10 11:57 - 000000000 ____D C:\Programmi\Malwarebytes
2017-11-10 11:57 - 2017-11-10 11:57 - 000000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes
2017-11-10 11:57 - 2017-11-10 11:57 - 000000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2017-11-10 11:57 - 2017-11-01 08:54 - 000059896 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-11-10 08:29 - 2017-11-10 08:29 - 000019480 _____ C:\Documents and Settings\Daniela\Dati applicazioni\GDIPFONTCACHEV1.DAT
2017-11-09 21:05 - 2017-11-09 21:05 - 000026725 _____ C:\Documents and Settings\Daniela\Desktop\cv_europeo rev 27 ott 17_ nf.pdf
2017-11-09 18:57 - 2017-11-09 18:55 - 000157176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2017-11-09 18:56 - 2017-11-09 18:55 - 000305328 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-11-09 14:47 - 2017-11-09 14:47 - 000019480 _____ C:\Documents and Settings\Daniela\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2017-11-09 14:47 - 2017-11-09 14:47 - 000000000 _____ C:\WINDOWS\system32\h323log.txt
2017-11-09 14:46 - 2017-11-09 14:46 - 000118952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-09 14:46 - 2017-11-09 14:46 - 000000000 ____D C:\Programmi\xerox
2017-11-09 14:46 - 2017-11-09 14:46 - 000000000 ____D C:\Programmi\microsoft frontpage
2017-11-08 08:34 - 2017-11-08 08:34 - 000000000 ____H C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2017-11-03 18:47 - 2017-11-03 18:47 - 000014159 _____ C:\Documents and Settings\Daniela\Documenti\lettera presentazione FACIT.pdf
2017-11-03 18:40 - 2017-11-03 18:40 - 000014066 _____ C:\Documents and Settings\Daniela\Desktop\lettera presentazione IREN.pdf
2017-11-03 17:29 - 2017-11-05 20:31 - 000107196 _____ C:\Documents and Settings\Daniela\Desktop\cv_europeo rev 27 ott 17_.pdf
2017-11-02 18:04 - 2017-11-02 19:06 - 000015874 _____ C:\Documents and Settings\Daniela\Desktop\lettera presentazione.pdf
2017-11-01 10:34 - 2017-11-01 10:35 - 000085288 _____ C:\Documents and Settings\Daniela\Desktop\cv_europeo rev 27 ott 17.pdf
2017-11-01 10:20 - 2017-11-01 10:20 - 000000000 ____D C:\Documents and Settings\Daniela\Impostazioni locali\Dati applicazioni\Help
2017-11-01 10:20 - 2017-11-01 10:20 - 000000000 ____D C:\Documents and Settings\Daniela\Dati applicazioni\Help
2017-11-01 10:16 - 2017-11-01 10:17 - 000000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\gotomaxx
2017-11-01 10:16 - 2017-11-01 10:16 - 000000000 ____D C:\Programmi\GEngine
2017-11-01 10:16 - 2017-11-01 10:16 - 000000000 ____D C:\Documents and Settings\Daniela\Dati applicazioni\gotomaxx
2017-11-01 10:16 - 2017-11-01 10:16 - 000000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\gotomaxx
2017-11-01 10:15 - 2017-11-01 10:16 - 000000000 ____D C:\Programmi\gotomaxx
2017-11-01 10:11 - 2017-11-01 10:12 - 000000000 ____D C:\Programmi\A-PDF Mailer
2017-11-01 09:34 - 2017-11-02 17:51 - 000034304 ___SH C:\Documents and Settings\Daniela\Desktop\Thumbs.db
2017-11-01 07:54 - 2017-11-01 07:54 - 000082807 _____ C:\Documents and Settings\Daniela\Documenti\Modulo_6573 (2).pdf
2017-10-26 20:39 - 2017-10-26 20:39 - 000000082 _____ C:\Documents and Settings\Daniela\Documenti\cc_20171026_213910.reg
2017-10-26 20:38 - 2017-11-10 20:04 - 000000324 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2017-10-12 20:06 - 2017-10-12 20:06 - 000000000 ____D C:\Documents and Settings\LocalService\Dati applicazioni\Macromedia

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-10 20:12 - 2016-12-16 20:45 - 000000000 ____D C:\Documents and Settings\Daniela\Impostazioni locali\Temp
2017-11-10 20:06 - 2017-08-29 20:58 - 000000978 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-11-10 20:06 - 2016-12-16 19:49 - 000032470 _____ C:\WINDOWS\SchedLgU.Txt
2017-11-10 20:04 - 2017-03-25 09:29 - 000000350 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2017-11-10 20:03 - 2016-12-18 17:16 - 000000452 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1482077763.job
2017-11-10 20:03 - 2016-12-17 15:12 - 000001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-11-10 20:03 - 2008-04-14 04:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-11-10 20:02 - 2016-12-17 14:06 - 000000226 _____ C:\WINDOWS\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job
2017-11-10 20:02 - 2016-12-16 19:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-10 14:49 - 2016-12-17 16:49 - 000065536 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2017-11-10 14:49 - 2016-12-16 20:45 - 000000306 ___SH C:\Documents and Settings\Daniela\ntuser.ini
2017-11-10 14:49 - 2016-12-16 20:45 - 000000000 ____D C:\Documents and Settings\Daniela
2017-11-10 14:44 - 2016-12-22 22:37 - 000000000 ____D C:\Programmi\COMODO
2017-11-10 13:59 - 2016-12-16 20:22 - 000000000 ____D C:\Documents and Settings
2017-11-10 13:50 - 2016-12-17 15:12 - 000001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-11-10 13:13 - 2016-12-16 20:45 - 000000000 ___RD C:\Documents and Settings\Daniela\Preferiti
2017-11-10 12:54 - 2016-12-16 19:45 - 000001607 _____ C:\Documents and Settings\All Users\Menu Avvio\Impostazioni accesso ai programmi.lnk
2017-11-10 12:09 - 2016-12-16 20:24 - 000000000 ___RD C:\Programmi
2017-11-10 11:57 - 2016-12-16 20:23 - 000000000 __RHD C:\Documents and Settings\All Users\Dati applicazioni
2017-11-10 11:57 - 2016-12-16 20:23 - 000000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi
2017-11-10 08:35 - 2016-12-16 20:45 - 000000000 ___RD C:\Documents and Settings\Daniela\Documenti
2017-11-10 08:29 - 2016-12-17 13:04 - 000002523 _____ C:\Documents and Settings\All Users\Menu Avvio\Programmi\Microsoft Word.lnk
2017-11-10 08:29 - 2016-12-16 20:45 - 000000000 __RHD C:\Documents and Settings\Daniela\Dati applicazioni
2017-11-09 21:04 - 2017-01-16 15:18 - 000000000 ____D C:\Documents and Settings\Daniela\Documenti\DANIEL
2017-11-09 18:58 - 2016-12-16 20:11 - 000000000 ___HD C:\WINDOWS\inf
2017-11-09 18:55 - 2016-12-18 17:06 - 000388768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-11-09 18:55 - 2016-12-18 17:06 - 000298360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-11-09 18:55 - 2016-12-18 17:06 - 000205392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2017-11-09 18:55 - 2016-12-18 17:06 - 000124952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-11-09 18:55 - 2016-12-18 17:06 - 000070864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-11-09 18:55 - 2016-12-18 17:06 - 000070112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2017-11-09 18:55 - 2016-12-18 17:06 - 000042848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-11-09 18:54 - 2017-03-25 09:29 - 000276728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys
2017-11-09 18:54 - 2017-03-25 09:29 - 000255616 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-11-09 18:54 - 2017-03-25 09:29 - 000157408 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-11-09 18:54 - 2017-03-25 09:29 - 000050376 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2017-11-09 18:54 - 2016-12-18 17:06 - 000783136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-11-09 14:47 - 2016-12-16 20:45 - 000000000 ___HD C:\Documents and Settings\Daniela\Impostazioni locali\Dati applicazioni
2017-11-09 12:23 - 2017-09-05 21:51 - 000000000 ____D C:\Documents and Settings\Daniela\Impostazioni locali\Dati applicazioni\PrivaZer
2017-11-09 12:15 - 2016-12-18 17:13 - 000000000 ____D C:\Documents and Settings\Daniela\Impostazioni locali\Dati applicazioni\Temp
2017-11-09 12:06 - 2016-12-16 20:45 - 000000000 __SHD C:\Documents and Settings\Daniela\Impostazioni locali\Cronologia
2017-11-09 08:50 - 2017-07-30 09:13 - 000000000 ____D C:\Documents and Settings\Daniela\Dati applicazioni\Telegram Desktop
2017-11-09 08:36 - 2017-04-16 07:55 - 000000000 ____D C:\Documents and Settings\Daniela\Documenti\HiSuite
2017-11-08 09:13 - 2016-12-16 20:45 - 000000000 ___RD C:\Documents and Settings\Daniela\Documenti\Immagini
2017-11-08 08:58 - 2017-10-07 19:35 - 000009728 _____ C:\Documents and Settings\Daniela\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-02 14:56 - 2017-04-25 07:51 - 000000000 ____D C:\Documents and Settings\Daniela\Documenti\Scansioni personali
2017-11-02 08:36 - 2016-12-18 17:16 - 000000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2017-11-02 08:36 - 2016-12-17 15:10 - 000000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
2017-11-01 10:21 - 2017-09-05 21:51 - 000001518 _____ C:\Documents and Settings\All Users\Menu Avvio\Programmi\PrivaZer.lnk
2017-11-01 10:21 - 2017-09-05 21:51 - 000001512 _____ C:\Documents and Settings\All Users\Desktop\PrivaZer.lnk
2017-11-01 10:21 - 2017-09-05 21:51 - 000000000 ____D C:\Programmi\PrivaZer
2017-10-31 15:06 - 2017-09-01 19:25 - 000001040 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-10-31 15:06 - 2017-08-29 20:58 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-10-31 15:06 - 2017-08-29 20:58 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-10-31 15:06 - 2016-12-16 19:42 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-31 15:01 - 2016-12-16 20:24 - 001073486 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-31 15:01 - 2008-04-14 04:00 - 000479866 _____ C:\WINDOWS\system32\perfh010.dat
2017-10-31 15:01 - 2008-04-14 04:00 - 000080160 _____ C:\WINDOWS\system32\perfc010.dat
2017-10-26 20:38 - 2017-08-19 06:57 - 000000654 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2017-10-26 20:38 - 2017-07-30 08:46 - 000000000 ____D C:\Programmi\CCleaner
2017-10-26 20:38 - 2016-12-17 12:58 - 000000000 __SHD C:\Documents and Settings\Daniela\UserData
2017-10-17 21:10 - 2016-12-18 17:04 - 000000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\AVAST Software

==================== Files in the root of some directories =======

2016-12-30 16:50 - 2016-12-30 17:00 - 000000737 _____ () C:\Documents and Settings\All Users\Dati applicazioni\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================
danyela
Utente Junior
 
Post: 84
Iscritto il: 28/06/07 09:20
Località: torino

Re: FORSE PC INFETTATO???

Postdi danyela » 10/11/17 21:07

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2017 02
Ran by Administrator (10-11-2017 20:39:02)
Running from C:\Documents and Settings\Daniela\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2016-12-16 18:47:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-682003330-299502267-1177238915-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Daniela (S-1-5-21-682003330-299502267-1177238915-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Daniela
Guest (S-1-5-21-682003330-299502267-1177238915-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-682003330-299502267-1177238915-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-682003330-299502267-1177238915-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}) (Version: 1.0.0 - Hewlett-Packard) Hidden
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Aggiornamento della protezione per Windows XP (KB923789) (HKLM\...\KB923789) (Version: - Microsoft Corporation)
AIO_Scan (HKLM\...\{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}) (Version: 90.0.200.000 - Hewlett-Packard) Hidden
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1022 - )
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0225.1545 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.591-090225a-076831C-ATI - )
ATI Parental Control & Encoder (HKLM\...\{36CDA33B-909B-4719-97D1-C4B99309BDC7}) (Version: 3.0 - Nome società) Hidden
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
BufferChm (HKLM\...\{E2662C24-B31E-4349-A084-32EB76E8B760}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
ccc-core-preinstall (HKLM\...\{C6A83D5C-636B-83F9-CEA4-9E2A31C4F509}) (Version: 2009.0225.1546.28221 - ATI) Hidden
ccc-core-static (HKLM\...\{0355CF40-97AF-9CDD-7282-BF151AEE724B}) (Version: 2009.0225.1546.28221 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
Copy (HKLM\...\{1753255A-0AEB-4220-8C75-607B73F0C133}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (HKLM\...\{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (HKLM\...\{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}) (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{93F54611-2701-454e-94AB-623F458D9E6B}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (HKLM\...\{AB5D51AE-EBC3-438D-872C-705C7C2084B0}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
DJ_AIO_ProductContext (HKLM\...\{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}) (Version: 90.0.201.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (HKLM\...\{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}) (Version: 90.0.200.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (HKLM\...\{F56D6F46-1D62-4734-BF12-6457A1ED17BD}) (Version: 90.0.200.000 - Hewlett-Packard) Hidden
eSupportQFolder (HKLM\...\{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
F2100 (HKLM\...\{A3FD0CA9-884F-4525-97B8-0AE6179302E6}) (Version: 90.0.200.000 - Hewlett-Packard) Hidden
F2100_doccd (HKLM\...\{EB48851B-96A4-489f-9F95-29F3731E9764}) (Version: 90.0.200.000 - Hewlett-Packard) Hidden
F2100_Help (HKLM\...\{CDC7BEC8-D631-4e36-81D7-FC3689209AA6}) (Version: 90.0.200.000 - Hewlett-Packard) Hidden
FlashPeak Slimjet (HKLM\...\Slimjet) (Version: 10.0.13.0 - FlashPeak Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
gotomaxx PDFMAILER (HKLM\...\{01310914-E3B8-40E8-BCF7-9C42E0639A43}) (Version: 5.4.795 - gotomaxx GmbH)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.2.0 - Conexant Systems)
HiSuite (HKLM\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.006.002 - Hewlett-Packard)
HPProductAssistant (HKLM\...\{AEA07F97-9088-497c-8821-0F36BD5DC251}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Nome società)
Malwarebytes versione 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MarketResearch (HKLM\...\{13F00518-807A-4B3A-83B0-A7CD90F3A398}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{91110410-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.3 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Pacchetto driver Windows - Intel (E100B) Net (12/06/2007 8.0.47.0) (HKLM\...\C7B6A7578346CE1F78C5E6EF9F4F2976C297DB70) (Version: 12/06/2007 8.0.47.0 - Intel)
PrivaZer (HKLM\...\PrivaZer) (Version: 3.0.30.0 - Goversoft LLC)
PSSWCORE (HKLM\...\{F72E2DDC-3DB8-4190-A21D-63883D955FE7}) (Version: 2.01.0000 - Hewlett-Packard) Hidden
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.36 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7111 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
Scan (HKLM\...\{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}) (Version: 9.0.0.0 - Hewlett-Packard) Hidden
Skins (HKLM\...\{EA5D652F-EC02-D5E8-6887-CE9EE1C9846F}) (Version: 2009.0225.1546.28221 - ATI) Hidden
SolutionCenter (HKLM\...\{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Status (HKLM\...\{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
Telegram Desktop version 1.1.19 (HKU\S-1-5-21-682003330-299502267-1177238915-1003\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.1.19 - Telegram Messenger LLP)
Toolbox (HKLM\...\{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{10E1E87C-656C-4D08-86D6-5443D28583BE}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM\...\{543E938C-BDC4-4933-A612-01293996845F}) (Version: 9.0.0 - Hewlett-Packard) Hidden
VideoToolkit01 (HKLM\...\{824D3839-DAA1-4315-A822-7AE3E620E528}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WebFldrs XP (HKLM\...\{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (HKLM\...\{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programmi\AVAST Software\Avast\ashShell.dll [2017-11-09] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programmi\AVAST Software\Avast\ashShell.dll [2017-11-09] (AVAST Software)
ContextMenuHandlers1: [PDFMailerShellExtension] -> {1B754366-0788-4D2A-8028-ED8376AFB635} => C:\Programmi\gotomaxx\maxxPDFMAILER\PDFMailerShellExt32.dll [2016-06-15] (gotomaxx software gmbh)
ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Programmi\PrivaZer\PrivaMenu5.dll [2017-09-05] ()
ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Programmi\PrivaZer\PrivaMenu5.dll [2017-09-05] ()
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programmi\AVAST Software\Avast\ashShell.dll [2017-11-09] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Programmi\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Programmi\PrivaZer\PrivaMenu5.dll [2017-09-05] ()
ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Programmi\PrivaZer\PrivaMenu5.dll [2017-09-05] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2009-02-25] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programmi\AVAST Software\Avast\ashShell.dll [2017-11-09] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Programmi\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Programmi\PrivaZer\PrivaMenu5.dll [2017-09-05] ()

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Programmi\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Programmi\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programmi\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programmi\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Mensile.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1482077763.job => C:\Programmi\AVAST Software\SZBrowser\launcher.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-11-09 18:54 - 2017-11-09 18:54 - 000059040 _____ () C:\Programmi\AVAST Software\Avast\module_lifetime.dll
2017-11-09 18:55 - 2017-11-09 18:55 - 000167096 _____ () C:\Programmi\AVAST Software\Avast\JsonRpcServer.dll
2017-11-09 18:55 - 2017-11-09 18:55 - 000237808 _____ () C:\Programmi\AVAST Software\Avast\event_routing_rpc.dll
2017-11-09 18:55 - 2017-11-09 18:55 - 000244584 _____ () C:\Programmi\AVAST Software\Avast\tasks_core.dll
2017-11-09 18:55 - 2017-11-09 18:55 - 000151104 _____ () C:\Programmi\AVAST Software\Avast\network_notifications.dll
2017-11-10 11:49 - 2017-11-10 11:49 - 005883064 _____ () C:\Programmi\AVAST Software\Avast\defs\17111000\algo.dll
2017-11-09 18:55 - 2017-11-09 18:55 - 000710056 _____ () C:\Programmi\AVAST Software\Avast\ffl2.dll
2017-11-09 18:55 - 2017-11-09 18:55 - 000245608 _____ () C:\Programmi\AVAST Software\Avast\streamback.dll
2016-08-10 15:42 - 2016-08-10 15:42 - 000115624 _____ () C:\WINDOWS\system32\gengpmon.dll
2017-09-05 21:51 - 2017-09-05 21:51 - 002159415 _____ () C:\Programmi\PrivaZer\PrivaMenu5.dll
2017-07-26 08:58 - 2017-07-26 08:58 - 000155848 _____ () C:\Programmi\HiSuite\HandSetService\HuaweiHiSuiteService.exe
2017-11-10 11:57 - 2017-11-01 08:55 - 001930696 _____ () C:\PROGRAMMI\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-18 17:19 - 2017-10-18 17:19 - 000094536 _____ () C:\Programmi\CCleaner\lang\lang-1040.dll
2016-12-18 17:06 - 2016-12-18 17:06 - 048936448 _____ () C:\Programmi\AVAST Software\Avast\libcef.dll
2017-11-09 18:54 - 2017-11-09 18:54 - 000142792 _____ () c:\Programmi\AVAST Software\Avast\vaarclient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 04:00 - 2008-04-14 04:00 - 000000768 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-682003330-299502267-1177238915-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Colline.bmp
HKU\S-1-5-21-682003330-299502267-1177238915-500\Control Panel\Desktop\\Wallpaper -> (Nessuno)
DNS Servers: 185.162.9.197 - 8.8.4.4
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: MSMSGS => "C:\Programmi\Messenger\msmsgs.exe" /background

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Programmi\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Programmi\TeamViewer\Version9\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008

==================== Restore Points =========================

05-09-2017 21:58:09 Punto di ripristino
10-09-2017 07:26:19 Punto di arresto del sistema
11-09-2017 20:27:09 Punto di ripristino
14-09-2017 19:55:56 Punto di arresto del sistema
15-09-2017 20:27:47 Punto di arresto del sistema
17-09-2017 09:06:58 Punto di arresto del sistema
21-09-2017 19:38:51 Punto di arresto del sistema
22-09-2017 20:44:11 Punto di arresto del sistema
24-09-2017 19:22:51 Punto di arresto del sistema
28-09-2017 20:04:43 Punto di arresto del sistema
01-10-2017 07:05:32 Punto di arresto del sistema
06-10-2017 19:54:13 Punto di arresto del sistema
07-10-2017 20:09:45 Punto di arresto del sistema
12-10-2017 20:01:59 Punto di arresto del sistema
17-10-2017 21:19:10 Installed Windows XP Wdf01009.
19-10-2017 19:40:18 Punto di arresto del sistema
20-10-2017 21:08:44 Punto di arresto del sistema
01-11-2017 10:16:18 Installed gotomaxx PDFMAILER
02-11-2017 14:38:11 Punto di arresto del sistema
03-11-2017 19:04:17 Punto di arresto del sistema
05-11-2017 20:00:11 Punto di arresto del sistema
07-11-2017 09:12:11 Punto di arresto del sistema
08-11-2017 08:34:22 Installed Windows XP Wdf01009.
09-11-2017 17:36:54 Punto di arresto del sistema
09-11-2017 18:58:26 Installed Windows XP Wdf01009.
10-11-2017 14:43:54 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Intel(R) PRO/Wireless 3945ABG Network Connection
Description: Intel(R) PRO/Wireless 3945ABG Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: NETw5x32
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Controller memoria di massa
Description: Controller memoria di massa
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Controller del bus di gestione sistema
Description: Controller del bus di gestione sistema
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/09/2017 10:28:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Applicazione in stallo WINWORD.EXE, versione 10.0.2627.0, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.


System errors:
=============
Error: (11/10/2017 08:22:45 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Il lease 10.0.0.100 dell'indirizzo IP della scheda di rete con indirizzo 0040D08F3128 è stato
negato dal server DHCP 10.0.0.1. Il server DHCP ha inviato un messaggio DHCPNACK.

Error: (11/10/2017 02:44:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Interruzione imprevista del servizio Machine Debug Manager. Questo evento si è già verificato 1 volta(e).

Error: (11/10/2017 02:44:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Interruzione imprevista del servizio HuaweiHiSuiteService.exe. Questo evento si è già verificato 1 volta(e).

Error: (11/10/2017 02:44:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Interruzione imprevista del servizio Ati HotKey Poller. Questo evento si è già verificato 1 volta(e).

Error: (11/10/2017 01:54:41 PM) (Source: Schannel) (EventID: 4116) (User: )
Description: Il certificato ricevuto dal server remoto non contiene il nome previsto.
Impossibile determinare se il server a cui ci si sta connettendo
è quello corretto. Il nome del server previsto è au.avastbrowser.com. La richiesta di connessione SSL non è
riuscita. I dati allegati contengono il certificato del server.

Error: (11/10/2017 01:43:33 PM) (Source: Schannel) (EventID: 4116) (User: )
Description: Il certificato ricevuto dal server remoto non contiene il nome previsto.
Impossibile determinare se il server a cui ci si sta connettendo
è quello corretto. Il nome del server previsto è au.avastbrowser.com. La richiesta di connessione SSL non è
riuscita. I dati allegati contengono il certificato del server.

Error: (11/10/2017 01:15:37 PM) (Source: Schannel) (EventID: 4116) (User: )
Description: Il certificato ricevuto dal server remoto non contiene il nome previsto.
Impossibile determinare se il server a cui ci si sta connettendo
è quello corretto. Il nome del server previsto è au.avastbrowser.com. La richiesta di connessione SSL non è
riuscita. I dati allegati contengono il certificato del server.

Error: (11/10/2017 01:01:00 PM) (Source: Schannel) (EventID: 4116) (User: )
Description: Il certificato ricevuto dal server remoto non contiene il nome previsto.
Impossibile determinare se il server a cui ci si sta connettendo
è quello corretto. Il nome del server previsto è au.avastbrowser.com. La richiesta di connessione SSL non è
riuscita. I dati allegati contengono il certificato del server.

Error: (11/10/2017 12:15:55 PM) (Source: Schannel) (EventID: 4116) (User: )
Description: Il certificato ricevuto dal server remoto non contiene il nome previsto.
Impossibile determinare se il server a cui ci si sta connettendo
è quello corretto. Il nome del server previsto è au.avastbrowser.com. La richiesta di connessione SSL non è
riuscita. I dati allegati contengono il certificato del server.

Error: (11/10/2017 11:46:58 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Il lease 10.0.0.100 dell'indirizzo IP della scheda di rete con indirizzo 0040D08F3128 è stato
negato dal server DHCP 10.0.0.1. Il server DHCP ha inviato un messaggio DHCPNACK.


==================== Memory info ===========================

Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz
Percentage of memory in use: 40%
Total physical RAM: 2046.02 MB
Available physical RAM: 1218.67 MB
Total Virtual: 3941.54 MB
Available Virtual: 3252.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.88 GB) (Free:27.92 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 55.9 GB) (Disk ID: ACE22E9E)
Partition 1: (Active) - (Size=55.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
danyela
Utente Junior
 
Post: 84
Iscritto il: 28/06/07 09:20
Località: torino

Re: FORSE PC INFETTATO???

Postdi dany79 » 10/11/17 23:02

Ok non inporta fai le altre scansioni...
--DARRILL79--
Avatar utente
dany79
Utente Junior
 
Post: 46
Iscritto il: 26/10/13 11:51
Località: Barchi (pu)

Re: FORSE PC INFETTATO???

Postdi dany79 » 11/11/17 18:10

Ciao

Non avevo notato una eliminaxione di malwarebyte.....

Trojan.Floxif.Trace, HKLM\SOFTWARE\PIRIFORM\AGOMO|MUID, In quarantena, [8858], [436740],1.0.3220
Trojan.Floxif.Trace, HKLM\SOFTWARE\PIRIFORM\AGOMO|TCID, In quarantena, [8858],

Sta a dire che hai preso il virus di ccleaner...
Hai per caso installato o scaricato ccleaner tra il 15settembre e il 15 agosto??
Molto probabile di si...
Per farla breve il consiglio che ti do riguardo questa infezione, è di
formattare....ti rinando a questo link che ho scritto riguardo questo virus:
http://aiuto-pc.forumfree.it/m/?t=74865950

In piu probabile che hai anche il worm beagle visto che adecleaner ti dice non è un applicazione di Win32 valida".

Poi dimmi te se vuoi continuare con la rimozione....pero sappi che non si è sicuri al cento per cento con questi due malware....io non consiglio mai la formattazione ma in questi casi si...

Ciao
Avatar utente
dany79
Utente Junior
 
Post: 46
Iscritto il: 26/10/13 11:51
Località: Barchi (pu)

Re: FORSE PC INFETTATO???

Postdi danyela » 11/11/17 19:51

Ecco i log manca ougekiller perchè non mi fa aprire il sito.
18:55:28.0359 0x16d0 TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
18:55:41.0375 0x16d0 ============================================================
18:55:41.0375 0x16d0 Current date / time: 2017/11/11 18:55:41.0375
18:55:41.0375 0x16d0 SystemInfo:
18:55:41.0375 0x16d0
18:55:41.0375 0x16d0 OS Version: 5.1.2600 ServicePack: 3.0
18:55:41.0375 0x16d0 Product type: Workstation
18:55:41.0375 0x16d0 ComputerName: PC
18:55:41.0375 0x16d0 UserName: Daniela
18:55:41.0375 0x16d0 Windows directory: C:\WINDOWS
18:55:41.0375 0x16d0 System windows directory: C:\WINDOWS
18:55:41.0375 0x16d0 Processor architecture: Intel x86
18:55:41.0375 0x16d0 Number of processors: 2
18:55:41.0375 0x16d0 Page size: 0x1000
18:55:41.0375 0x16d0 Boot type: Normal boot
18:55:41.0375 0x16d0 ============================================================
18:55:44.0140 0x16d0 KLMD registered as C:\WINDOWS\system32\drivers\02751146.sys
18:55:44.0140 0x16d0 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 2600.6419, osProperties = 0x0
18:55:44.0609 0x16d0 System UUID: {A50349B3-39F4-D0FD-6526-8DB75842DBE3}
18:55:45.0718 0x16d0 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 ( 55.89 Gb ), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:55:45.0718 0x16d0 Drive \Device\Harddisk1\DR2 - Size: 0x78000000 ( 1.88 Gb ), SectorSize: 0x200, Cylinders: 0xF4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:55:45.0718 0x16d0 ============================================================
18:55:45.0718 0x16d0 \Device\Harddisk0\DR0:
18:55:45.0718 0x16d0 MBR partitions:
18:55:45.0718 0x16d0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
18:55:45.0718 0x16d0 \Device\Harddisk1\DR2:
18:55:45.0718 0x16d0 MBR partitions:
18:55:45.0718 0x16d0 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3BFFE0
18:55:45.0718 0x16d0 ============================================================
18:55:45.0750 0x16d0 C: <-> \Device\Harddisk0\DR0\Partition1
18:55:45.0750 0x16d0 ============================================================
18:55:45.0750 0x16d0 Initialize success
18:55:45.0750 0x16d0 ============================================================
18:56:08.0343 0x15e8 ============================================================
18:56:08.0343 0x15e8 Scan started
18:56:08.0343 0x15e8 Mode: Manual;
18:56:08.0343 0x15e8 ============================================================
18:56:08.0343 0x15e8 KSN ping started
18:56:10.0812 0x15e8 KSN ping finished: true
18:56:11.0781 0x15e8 ================ Scan system memory ========================
18:56:11.0781 0x15e8 System memory - ok
18:56:11.0781 0x15e8 ================ Scan services =============================
18:56:11.0921 0x15e8 Abiosdsk - ok
18:56:11.0921 0x15e8 abp480n5 - ok
18:56:11.0984 0x15e8 [ D766E636187B8F240BBFBABCD51EB2C6, 7B4CA12B475DCD25BD1E7B0D97BCD7ACCA2B937C413725A25DE414FDDDF3E435 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:56:12.0015 0x15e8 ACPI - ok
18:56:12.0250 0x15e8 [ 49AC5CD87FBDDA62F3E25190019E7627, E2AF6436C460CB7FC8E5458383395C94E155120730887E611841D39C33A6B0FA ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:56:12.0250 0x15e8 ACPIEC - ok
18:56:12.0359 0x15e8 [ EF3FA1EEC533C8B1B12CB3BAEBD0E84F, 88A53496F4E56A3993C419D71C2AC9A177CE7E92B289A6F736C15691692A4779 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:56:12.0406 0x15e8 AdobeFlashPlayerUpdateSvc - ok
18:56:12.0406 0x15e8 adpu160m - ok
18:56:12.0468 0x15e8 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:56:12.0484 0x15e8 aec - ok
18:56:12.0531 0x15e8 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:56:12.0578 0x15e8 AFD - ok
18:56:12.0578 0x15e8 Aha154x - ok
18:56:12.0578 0x15e8 aic78u2 - ok
18:56:12.0593 0x15e8 aic78xx - ok
18:56:12.0640 0x15e8 [ 14A077AD0CF6116D1102631D8E1EDEE8, 86F05D20687B2C1271CACDCD2BBE397AFB27A0FDA8EF27922D56AF1CCDF03C41 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:56:12.0640 0x15e8 Alerter - ok
18:56:12.0671 0x15e8 [ 79FE2E0D7859738225816658F0BB2A0D, CD9502C805756F4AAA1DCC535AC51DBD4D66EDCC00DC9BFE555BA33762905A5B ] ALG C:\WINDOWS\System32\alg.exe
18:56:12.0671 0x15e8 ALG - ok
18:56:12.0687 0x15e8 AliIde - ok
18:56:12.0875 0x15e8 [ 267FC636801EDC5AB28E14036349E3BE, CFEF5DF5F9BE820283376BB86DB3CF6609C02D316A742E17459A2BFA42E724E0 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
18:56:13.0031 0x15e8 Ambfilt - ok
18:56:13.0046 0x15e8 amsint - ok
18:56:13.0078 0x15e8 [ 9062ED05B7519324FD7F0D6AFB9D1147, 1DF6B70CDB74D5F91CB8FC88CD83FB351ED5FF79DA3283674CBD79463C66AFBC ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:56:13.0125 0x15e8 AppMgmt - ok
18:56:13.0171 0x15e8 [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:56:13.0171 0x15e8 Arp1394 - ok
18:56:13.0171 0x15e8 asc - ok
18:56:13.0187 0x15e8 asc3350p - ok
18:56:13.0187 0x15e8 asc3550 - ok
18:56:13.0296 0x15e8 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:56:13.0296 0x15e8 aspnet_state - ok
18:56:13.0343 0x15e8 [ BCAF603A4104A1626B73CF1D7C8CEA7F, 9EE37F3B05B8CC37C653C09F598C253BF27BAEB7BFD583148D006AF3A33F8A14 ] aswArPot C:\WINDOWS\system32\drivers\aswArPot.sys
18:56:13.0359 0x15e8 aswArPot - ok
18:56:13.0953 0x15e8 [ 7DE3E75CD2553F9C69CBBF505677EF2E, 66266D590D012231222BFAC42488F9118DE655A504CF43BF507C54D02315A2B7 ] aswbIDSAgent C:\Programmi\AVAST Software\Avast\aswidsagent.exe
18:56:14.0390 0x15e8 aswbIDSAgent - ok
18:56:14.0453 0x15e8 [ 0941F7D7F17F89757A114B4A99F6852F, 8D95823AD74A9F017285140FF569DCDE3988F99F56D91341667A2A31AE64FFB5 ] aswbidsdriver C:\WINDOWS\system32\drivers\aswbidsdriverx.sys
18:56:14.0484 0x15e8 aswbidsdriver - ok
18:56:14.0515 0x15e8 [ 5B706404B641F5460E552D3F50AAC59C, 59CBED3B8D34AC45586670725FFE41DBE7604E1E60741B3FAEA6C40752DD2792 ] aswbidsh C:\WINDOWS\system32\drivers\aswbidshx.sys
18:56:14.0531 0x15e8 aswbidsh - ok
18:56:14.0578 0x15e8 [ AC337CDFA52CF0812C603B1A386DAA28, 9963FD734DB0C78EC7D459C79E8DA3E7BA01150713C6D299CE2F9359E47B07F3 ] aswblog C:\WINDOWS\system32\drivers\aswblogx.sys
18:56:14.0609 0x15e8 aswblog - ok
18:56:14.0625 0x15e8 [ 05E42D87DE3F28B922B948B6CF31BC5B, E35F7DC2289175900007D90F7E0EC9B0F1C932AAA0880031B1A09E3B445F212D ] aswbuniv C:\WINDOWS\system32\drivers\aswbunivx.sys
18:56:14.0640 0x15e8 aswbuniv - ok
18:56:14.0671 0x15e8 [ F75628D3A0E7DD261C0ED91450DEBB6F, A8EF9EDA2BAD7689F0C8087010ABFD4AC3780AC003677603442885EE965FFD7A ] aswHwid C:\WINDOWS\system32\drivers\aswHwid.sys
18:56:14.0671 0x15e8 aswHwid - ok
18:56:14.0718 0x15e8 [ 5E636A146CF227A1C3B4EC13BA222A93, F0EDEC4F9A193DDD268941B05D01E3A9CDEE94EE4E9A1F53F3EBD568087D5202 ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
18:56:14.0718 0x15e8 aswKbd - ok
18:56:14.0750 0x15e8 [ EAB5A46421BD83BBBED4B8CB2DC3CBCC, 7D27ED25B201035054EA091544E62CC0B96B4B44A8D0950607EA5843D894435D ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
18:56:14.0765 0x15e8 aswMonFlt - ok
18:56:14.0812 0x15e8 [ EDF8568ABED6724CBDD72F57F9C61132, 6513CE7F308F9779ADB4679929C62F2A4D84972F9C523183897C3E6C8094A113 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
18:56:14.0812 0x15e8 aswRdr - ok
18:56:14.0859 0x15e8 [ D61330252BBEE9570821FCF1DBAE242C, 79B5CD523675ED1FD3D11753A82E18E72BD71806BC61CB890A46A67BC1FB912F ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
18:56:14.0875 0x15e8 aswRvrt - ok
18:56:14.0968 0x15e8 [ E2B72B29AB7394FB8140FCF7A3B35D47, 84B662A6E72F57A58282213B1431E850CBA9CE3D52FEEE7DAF799C5368834DF2 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
18:56:15.0062 0x15e8 aswSnx - ok
18:56:15.0125 0x15e8 [ D6FB58DEF4005919DEE093264B94317C, A8B32762FF65246D0A049E9237C964D512CA76580C8BFC6B5529B55A66FF38D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
18:56:15.0156 0x15e8 aswSP - ok
18:56:15.0203 0x15e8 [ 6EF22C1771DF27328888F9D7B702087F, 84D22D9B103D674AB89C78625A460B22B1876E188719AA383302E5CFA5B1507A ] aswStmXP C:\WINDOWS\system32\drivers\aswStmXP.sys
18:56:15.0234 0x15e8 aswStmXP - ok
18:56:15.0296 0x15e8 [ F2C3D0731F4A06CE42F8A08BDD0862AA, 68B5EB8C9B60C9A77D0205041904C91759B83A28FEDFC16CF9EC6F3E760CEA81 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
18:56:15.0328 0x15e8 aswVmm - ok
18:56:15.0375 0x15e8 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:56:15.0375 0x15e8 AsyncMac - ok
18:56:15.0437 0x15e8 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:56:15.0437 0x15e8 atapi - ok
18:56:15.0453 0x15e8 Atdisk - ok
18:56:15.0546 0x15e8 [ 2A27A3A8634FB9E29F539D6D3ED3646A, 08C5E28BB1A3DC856C6B7956F6F47EE0AEFEB82E7E9474848DDFAFD8A627A281 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
18:56:15.0609 0x15e8 Ati HotKey Poller - ok
18:56:15.0718 0x15e8 [ 72810C6A63076A480ABCE0E0BA0BC981, 8551F6394A64C1270A573C75BC6EF326300FBC3F8E0BCD6F8BDA58874D65C036 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
18:56:15.0781 0x15e8 ATI Smart - ok
18:56:16.0140 0x15e8 [ 8763EDE3E0CD40F5C3450571AC57F205, 8564071956609F679C511B87C0328578824A7C1ED08DE22CFC74DF589E6EEEF2 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:56:16.0406 0x15e8 ati2mtag - ok
18:56:16.0468 0x15e8 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:56:16.0468 0x15e8 Atmarpc - ok
18:56:16.0515 0x15e8 [ 1B58D118049304E88464BE614C6D0014, 4925C9EFF5B44706D654FDBD414F1BD121FD087F2405968C3DBB55AFF317B130 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:56:16.0515 0x15e8 AudioSrv - ok
18:56:16.0562 0x15e8 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:56:16.0562 0x15e8 audstub - ok
18:56:16.0625 0x15e8 [ 34652C171663396C26E8C1E15A710B36, 299A0E87A3098A04B4F3B7213C54DF31539416A4CFE093D618DE0F0E59F8057E ] avast! Antivirus C:\Programmi\AVAST Software\Avast\AvastSvc.exe
18:56:16.0640 0x15e8 avast! Antivirus - ok
18:56:16.0687 0x15e8 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:56:16.0687 0x15e8 Beep - ok
18:56:16.0765 0x15e8 [ 48C4763A9C8990FB48B73445BEB15D6A, 6D82346967D2D5F53FC6EF401C0187BB4D2EA304421C6FC5CB1E9F751FED2D80 ] BITS C:\WINDOWS\system32\qmgr.dll
18:56:16.0828 0x15e8 BITS - ok
18:56:16.0875 0x15e8 [ 076D11B52F066ED33E3A80F8070A3E2E, 4CC4A71D3CB790D2D28F60E8AB955677EB67BB7CE5B087DC21E4EE07EE1B0858 ] Browser C:\WINDOWS\System32\browser.dll
18:56:16.0890 0x15e8 Browser - ok
18:56:16.0937 0x15e8 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:56:16.0937 0x15e8 cbidf2k - ok
18:56:16.0953 0x15e8 cd20xrnt - ok
18:56:17.0015 0x15e8 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:56:17.0015 0x15e8 Cdaudio - ok
18:56:17.0062 0x15e8 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:56:17.0078 0x15e8 Cdfs - ok
18:56:17.0125 0x15e8 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:56:17.0140 0x15e8 Cdrom - ok
18:56:17.0140 0x15e8 Changer - ok
18:56:17.0171 0x15e8 [ D04F2BEB5EA63D0766E12E44AEF7C38D, 7D2F5173F4EC4BD27094F6E1D123D274EE0B9A9A8732F30F8057A14913A2E6A7 ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:56:17.0171 0x15e8 CiSvc - ok
18:56:17.0187 0x15e8 [ 48CB1DEFA1A6506C3CF09E4950F82EF6, FAF3A4636242DD51EB5806337C15A8735FE0D4DBA6797CA564EC5A87F35279FC ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:56:17.0203 0x15e8 ClipSrv - ok
18:56:17.0234 0x15e8 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:56:17.0250 0x15e8 clr_optimization_v2.0.50727_32 - ok
18:56:17.0296 0x15e8 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:56:17.0296 0x15e8 CmBatt - ok
18:56:17.0296 0x15e8 CmdIde - ok
18:56:17.0312 0x15e8 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:56:17.0312 0x15e8 Compbatt - ok
18:56:17.0312 0x15e8 COMSysApp - ok
18:56:17.0328 0x15e8 Cpqarray - ok
18:56:17.0390 0x15e8 [ B6FCBB157E9C8ABDCA4134C535535A8B, 03D8D24A277F22F81FC7294D626A1169AC862CD9DD45508FB9E13766B383482B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:56:17.0390 0x15e8 CryptSvc - ok
18:56:17.0406 0x15e8 dac2w2k - ok
18:56:17.0406 0x15e8 dac960nt - ok
18:56:17.0484 0x15e8 [ BC4E0226341AAEC1222336B3AED86BAB, CBE39840A484EC182133B18794BD5AAFCC25C306B5F497CA22BFC8321C12F88F ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:56:17.0546 0x15e8 DcomLaunch - ok
18:56:17.0609 0x15e8 [ 699EE7F752A25180AEB92C3A0EAEE440, 4AC5439470AD8481EB0C8AD82DAC6D39A520CB82DF5CCB2C422B7354DC290F4F ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:56:17.0609 0x15e8 Dhcp - ok
18:56:17.0640 0x15e8 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:56:17.0640 0x15e8 Disk - ok
18:56:17.0640 0x15e8 dmadmin - ok
18:56:17.0781 0x15e8 [ 82BC125A8ED33F5F0E75F2AAC1065323, D062D2FCBF3A29A543505060C0E8B8E9F13B07B3B4F9EB113DA374C6E0A41DB3 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:56:17.0875 0x15e8 dmboot - ok
18:56:17.0921 0x15e8 [ E959DDC0EA7AC11EE5E5602E2A364310, 49E8229E8695657D1E814C47D441E16BA354DA6DA21BCCC07DB707D06D5C6B2F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:56:17.0937 0x15e8 dmio - ok
18:56:17.0953 0x15e8 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:56:17.0953 0x15e8 dmload - ok
18:56:17.0984 0x15e8 [ A01858C50704B2D2EDEEBBF6BBBCED2A, 64C05CE32BBA5D38FADA1FC0EA10080F9B0286D399C9C4362BB574C89F36A13A ] dmserver C:\WINDOWS\System32\dmserver.dll
18:56:18.0000 0x15e8 dmserver - ok
18:56:18.0046 0x15e8 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:56:18.0046 0x15e8 DMusic - ok
18:56:18.0093 0x15e8 [ B7A1162B1A26DF7B60D5D9500006096C, CB008A400BB25B32095172E7F6B04AE83C90460308F784F3EF9BD9980496F7CE ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:56:18.0109 0x15e8 Dnscache - ok
18:56:18.0140 0x15e8 [ D580D77DFF316BD8C9D73B38695DE8DC, 87456B4B8644E1E19BFA929F216A45A13A13B7795829713203D2AC825473380B ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:56:18.0171 0x15e8 Dot3svc - ok
18:56:18.0171 0x15e8 dpti2o - ok
18:56:18.0218 0x15e8 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:56:18.0218 0x15e8 drmkaud - ok
18:56:18.0281 0x15e8 [ AC9CF17EE2AE003C98EB4F5336C38058, 40618641B6B2DD71A8C284EB25AF81CA219A82AE7AA91C4BB2B4A3D44A2B3BBF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:56:18.0296 0x15e8 E100B - ok
18:56:18.0343 0x15e8 [ 86B1F123BACD444E81960B339BAE3FF2, B00AA9ADB902B527C9694AD9CD12BE7F0C5385BA1F11A2BF878D0C37D7AF975A ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:56:18.0359 0x15e8 EapHost - ok
18:56:18.0375 0x15e8 [ B6599EDA9F3EBEF064504EE35BBECA1C, 85AED431255F65EF2F90557B59FD36C038E983EFE30388948657F3F3E6712AE0 ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:56:18.0390 0x15e8 ERSvc - ok
18:56:18.0437 0x15e8 [ CFAC254614C16CDF19349C8F34457A25, CF666CF2489A20CA303CAB6C6CF9FD1B1F67A64A9470A412B98EB3CE93D4A328 ] ESProtectionDriver C:\WINDOWS\system32\drivers\mbae.sys
18:56:18.0437 0x15e8 ESProtectionDriver - ok
18:56:18.0484 0x15e8 [ 26845F272435302E0F3322E660A24F7D, 3034AA4913525B0BB8761A3A1741DDB65E0B87DA6C90B481DD458B2253083DA3 ] Eventlog C:\WINDOWS\system32\services.exe
18:56:18.0500 0x15e8 Eventlog - ok
18:56:18.0578 0x15e8 [ 8360CB9756E598A5C6214EACFB3677C3, 6E63B47D1D9966C3880C88FEE78A2531A3533E29D9DACAABA14D0F1FA5C3961F ] EventSystem C:\WINDOWS\system32\es.dll
18:56:18.0609 0x15e8 EventSystem - ok
18:56:18.0671 0x15e8 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:56:18.0671 0x15e8 Fastfat - ok
18:56:18.0734 0x15e8 [ DCCC606FC144F6E44E497F9A906F1C30, 961D1A633BAE3634BA649BE4D7CD01836072A5956D3BD8F0AE3241DF55ED884C ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:56:18.0765 0x15e8 FastUserSwitchingCompatibility - ok
18:56:18.0812 0x15e8 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
18:56:18.0812 0x15e8 Fdc - ok
18:56:18.0875 0x15e8 [ 2CFEA3326981A18C6BAF2BD9BE76225B, 0D55F67AEA1F18E7C5C279C09B54B6360B6C01901BC0D6004D7C46784684BBFC ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:56:18.0875 0x15e8 Fips - ok
18:56:18.0890 0x15e8 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
18:56:18.0890 0x15e8 Flpydisk - ok
18:56:18.0953 0x15e8 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:56:18.0968 0x15e8 FltMgr - ok
18:56:19.0062 0x15e8 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:56:19.0062 0x15e8 FontCache3.0.0.0 - ok
18:56:19.0093 0x15e8 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:56:19.0093 0x15e8 Fs_Rec - ok
18:56:19.0109 0x15e8 [ F3269A6EE547EA87B949A1CEA4816B38, FD0D11864A1C89F2E6E765BFE7D395F65019C20A9AECDA0ED31AB17296F26A44 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:56:19.0125 0x15e8 Ftdisk - ok
18:56:19.0187 0x15e8 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:56:19.0187 0x15e8 Gpc - ok
18:56:19.0281 0x15e8 [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdate C:\Programmi\Google\Update\GoogleUpdate.exe
18:56:19.0296 0x15e8 gupdate - ok
18:56:19.0312 0x15e8 [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdatem C:\Programmi\Google\Update\GoogleUpdate.exe
18:56:19.0328 0x15e8 gupdatem - ok
18:56:19.0375 0x15e8 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:56:19.0406 0x15e8 HDAudBus - ok
18:56:19.0484 0x15e8 [ 6CE66B51B4EB23D9D073F92698C55C8D, 0E639A74CF876FF55965BB65469CFEB986522600D59F067E6FE3D33AE963C017 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:56:19.0484 0x15e8 helpsvc - ok
18:56:19.0531 0x15e8 [ 43D985A9A51E0295091B6EBE84C96B78, BF92D6F16D4EB2EE4BD2C9CFB4D47E7652A75680AEF59962DE008073EC430ABB ] HidServ C:\WINDOWS\System32\hidserv.dll
18:56:19.0546 0x15e8 HidServ - ok
18:56:19.0562 0x15e8 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:56:19.0562 0x15e8 hidusb - ok
18:56:19.0593 0x15e8 [ 00CAD842F48947887A972828ACA665F7, 5A139B5E303B4C87D21C7D7DA9CA07AE676A3B31D0DF80883E74960F3AE8F364 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:56:19.0609 0x15e8 hkmsvc - ok
18:56:19.0625 0x15e8 hpn - ok
18:56:19.0765 0x15e8 [ 58D4765AB87347DB835D5693ADF652C1, C82C844C29AC9041BEE7D02FB846AA9BC17D7DF0D8295AE31A485CC44B0CC7D7 ] hpqcxs08 C:\Programmi\HP\Digital Imaging\bin\hpqcxs08.dll
18:56:19.0781 0x15e8 hpqcxs08 - ok
18:56:19.0828 0x15e8 [ 99ED733F614660EB32199BF889DFB7E2, E96CD3DB09639DB9685AF20915BE9097E270D331A2516FA2929B4E2251B2FA61 ] hpqddsvc C:\Programmi\HP\Digital Imaging\bin\hpqddsvc.dll
18:56:19.0843 0x15e8 hpqddsvc - ok
18:56:19.0890 0x15e8 [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:56:19.0890 0x15e8 HPZid412 - ok
18:56:19.0906 0x15e8 [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:56:19.0906 0x15e8 HPZipr12 - ok
18:56:19.0953 0x15e8 [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:56:19.0953 0x15e8 HPZius12 - ok
18:56:20.0031 0x15e8 [ 14D33812459B114CDC9D13C7000EF4BA, 5C6C08BEEEB2018BF4A1C33B3FC46C852F602EEF0FFD7FAD3BB15FB19AB3722A ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
18:56:20.0046 0x15e8 HSFHWAZL - ok
18:56:20.0156 0x15e8 [ 60D45B3C61099F3814C9577D91B70B18, EE0ECEAE2C3C92B6473EA880E12AC8C2249A12E7EDF105338C0C6344C80C4B57 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
18:56:20.0265 0x15e8 HSF_DPV - ok
18:56:20.0328 0x15e8 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:56:20.0375 0x15e8 HTTP - ok
18:56:20.0421 0x15e8 [ 450091AEBFCD08E5858533EAB5B9A436, 523792DA923FEF2BD4EE93D66FDE0B0DD3B35B68B30388B63B10411951F78843 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:56:20.0437 0x15e8 HTTPFilter - ok
18:56:20.0500 0x15e8 [ 3A4D82FE26BF63EE41C20BD758CFAC94, ADC0C59C26E8D64FDEB44D628DF66EDD45380BAA128AA61FA01C0A08C8FD0EFD ] HuaweiHiSuiteService.exe C:\Programmi\HiSuite\HandSetService\HuaweiHiSuiteService.exe
18:56:20.0531 0x15e8 HuaweiHiSuiteService.exe - ok
18:56:20.0531 0x15e8 i2omgmt - ok
18:56:20.0546 0x15e8 i2omp - ok
18:56:20.0593 0x15e8 [ 610726E28AF55B95043C5C35A727E320, 795B1D388BB0EC2402F00AC023DBD194A569F11EF8EA239A2EAA1B9C712A9D05 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:56:20.0609 0x15e8 i8042prt - ok
18:56:20.0640 0x15e8 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:56:20.0656 0x15e8 Imapi - ok
18:56:20.0703 0x15e8 [ DB491237445F172FDDDF00541DE1A51D, C1D80CB3B6E610BBDFBE957D24CA3E398C4337A15C805CE81771E7E071ABAEE1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:56:20.0734 0x15e8 ImapiService - ok
18:56:20.0734 0x15e8 ini910u - ok
18:56:21.0281 0x15e8 [ 1F7C55FC32919644BA9124217A612A64, 7EEDB81C2C0205DE6908955A5E190FD2EE1469F8C966B040593120B7205EF41A ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:56:21.0656 0x15e8 IntcAzAudAddService - ok
18:56:21.0687 0x15e8 IntelIde - ok
18:56:21.0734 0x15e8 [ EBD830A0970C438047006A49C23E287F, C957E7E64D556D60218E761D9E1A2EA4B379739601937B25A50A5229A672A635 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:56:21.0734 0x15e8 intelppm - ok
18:56:21.0750 0x15e8 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:56:21.0750 0x15e8 Ip6Fw - ok
18:56:21.0812 0x15e8 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:56:21.0812 0x15e8 IpFilterDriver - ok
18:56:21.0828 0x15e8 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:56:21.0843 0x15e8 IpInIp - ok
18:56:21.0875 0x15e8 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:56:21.0890 0x15e8 IpNat - ok
18:56:21.0921 0x15e8 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec
danyela
Utente Junior
 
Post: 84
Iscritto il: 28/06/07 09:20
Località: torino

Re: FORSE PC INFETTATO???

Postdi danyela » 11/11/17 19:52

C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:56:21.0921 0x15e8 IPSec - ok
18:56:21.0953 0x15e8 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:56:21.0953 0x15e8 IRENUM - ok
18:56:21.0984 0x15e8 [ 0953594BEB81CC72FCC62D37921B25A6, 8E4912C4714ADA04D1A75032DC5932695021139846A6085950D195517F7D3180 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:56:21.0984 0x15e8 isapnp - ok
18:56:22.0031 0x15e8 [ 28B6EACE513CA7EABA3B809AD4BC274D, 8079FE59F681070D67AE51D259BFF2C651AFECE182AE10E604B3BB6B2DBD81AD ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:56:22.0046 0x15e8 Kbdclass - ok
18:56:22.0062 0x15e8 [ 4C61C226BDDA2EF1672B2C5F4E56625E, 81B229974C9059C3901E84AF54B84E22BCDC6FA163F14EC41204D4FEB5601F1D ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:56:22.0062 0x15e8 kbdhid - ok
18:56:22.0125 0x15e8 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:56:22.0125 0x15e8 kmixer - ok
18:56:22.0171 0x15e8 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:56:22.0187 0x15e8 KSecDD - ok
18:56:22.0218 0x15e8 [ 0F726D49C0B19E5A506A1CDFCE0EE42F, 5896344C186EC478F88AC4189B4636EAB686466E2E6D7E9ECD72147CF84892CE ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
18:56:22.0234 0x15e8 LanmanServer - ok
18:56:22.0312 0x15e8 [ E13B0181DDA60B93E3253EFF52A79CBE, C9204D714B3BA54C0793E57B95419BDE2D88A6C510B7622F6CA0788F7E88D435 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:56:22.0343 0x15e8 lanmanworkstation - ok
18:56:22.0343 0x15e8 lbrtfdc - ok
18:56:22.0390 0x15e8 [ E01255727D0B158538D7C2B469B533A8, D56D004BA2381232AD4FAEBABAA6245DF62C1C69397F2533686515FBE7836310 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:56:22.0406 0x15e8 LmHosts - ok
18:56:22.0453 0x15e8 [ BA4DD9D6BFB973918734FCEBB13DB43D, 26C9BBDF65507CA61F6BC43AB1DD636D11A279B50F7F61E78BA33F45F8982722 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
18:56:22.0468 0x15e8 mbamchameleon - ok
18:56:22.0484 0x15e8 [ 2B0C9D7E596BBA7CB7D176AED9DD5BA7, B3B27A1DFF5BF4375ECA63CAF7E5B44F0D117DBEFF97637602552B496E8134E1 ] MBAMProtection C:\WINDOWS\system32\drivers\mbam.sys
18:56:22.0500 0x15e8 MBAMProtection - ok
18:56:22.0937 0x15e8 [ D5C121A4E02B9474DF2AE5FBCE99D19D, 99AAFA60597F3A71659FD719ABA2CDBD1E62594F4DAAE7E28DCF3B3D81750427 ] MBAMService C:\Programmi\Malwarebytes\Anti-Malware\mbamservice.exe
18:56:23.0109 0x15e8 MBAMService - ok
18:56:23.0203 0x15e8 [ 4E901FA7B37CA45A79EFC6C699ED0914, 0922A1F92BF73C13B2EA89696BAAB892DBAFFB951937A958800DFB032333B685 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
18:56:23.0218 0x15e8 MBAMSwissArmy - ok
18:56:23.0312 0x15e8 [ 13DAF2C6C842983C93D86B3FDB51F3BD, BD3013B51E18BA6F8DCAC3096D1F7861409CC51921C8CB5BDFA9CE305C7DA1B5 ] MDM C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
18:56:23.0343 0x15e8 MDM - ok
18:56:23.0375 0x15e8 [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:56:23.0375 0x15e8 mdmxsdk - ok
18:56:23.0421 0x15e8 [ 3B32F662C8607E891F325E41F7EE225C, 6118AF8D82FEA98AE29718DD60391337F7B027622A8F7EEAF0B60EAB8814FAAA ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:56:23.0437 0x15e8 Messenger - ok
18:56:23.0468 0x15e8 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:56:23.0468 0x15e8 mnmdd - ok
18:56:23.0515 0x15e8 [ 514A299EC926BAADA3C718B171476AA4, B546297504C120FDB56A059E4E93D3E0B21381128629A60ED9171E76FFBA7B2A ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:56:23.0515 0x15e8 mnmsrvc - ok
18:56:23.0546 0x15e8 [ 8CB6636806D76B85FAFAEE94D75F5129, 7233A4832A97C2BEF6951676533AE157632B88C7CDD3BE74B810B6501A66D894 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:56:23.0546 0x15e8 Modem - ok
18:56:23.0671 0x15e8 [ C7D9F9717916B34C1B00DD4834AF485C, A9512A03E8142C83534189963F90ADA6FA425BD606928C40C3D724177105A658 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
18:56:23.0781 0x15e8 Monfilt - ok
18:56:23.0812 0x15e8 [ E904EBED608055A2BFB824C07F59766C, 032AB7397FD6B269EB4C6A71AF26284736AAD17E9EAA85A470A52FAA6FA48486 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:56:23.0812 0x15e8 Mouclass - ok
18:56:23.0843 0x15e8 [ D7662F0CF5B77BBBE3202716F5BD5318, F5B352F6A618CA125C587342296AB257115CE7ABC8B7098CDF83A73BDFC221C8 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:56:23.0859 0x15e8 mouhid - ok
18:56:23.0875 0x15e8 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:56:23.0875 0x15e8 MountMgr - ok
18:56:23.0875 0x15e8 mraid35x - ok
18:56:23.0906 0x15e8 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:56:23.0921 0x15e8 MRxDAV - ok
18:56:24.0000 0x15e8 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:56:24.0031 0x15e8 MRxSmb - ok
18:56:24.0078 0x15e8 [ 01F77E9E473235C31796ADE46107B0AD, 89CE41DF55751C016E61F8C625B4050B86A01F7ED3D48B8BD01E82F3B8261C9F ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:56:24.0078 0x15e8 MSDTC - ok
18:56:24.0093 0x15e8 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:56:24.0109 0x15e8 Msfs - ok
18:56:24.0109 0x15e8 MSIServer - ok
18:56:24.0140 0x15e8 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:56:24.0140 0x15e8 MSKSSRV - ok
18:56:24.0171 0x15e8 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:56:24.0187 0x15e8 MSPCLOCK - ok
18:56:24.0203 0x15e8 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:56:24.0203 0x15e8 MSPQM - ok
18:56:24.0234 0x15e8 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:56:24.0250 0x15e8 mssmbios - ok
18:56:24.0281 0x15e8 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:56:24.0296 0x15e8 Mup - ok
18:56:24.0343 0x15e8 [ 911587FD303C9690A428BB4B04732B61, D4E207C0F2D2A59F81BA681D564BA62E27DFDF902E14E7AFEA2E57A893D96C08 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:56:24.0375 0x15e8 napagent - ok
18:56:24.0437 0x15e8 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:56:24.0453 0x15e8 NDIS - ok
18:56:24.0500 0x15e8 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:56:24.0515 0x15e8 NdisTapi - ok
18:56:24.0546 0x15e8 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:56:24.0546 0x15e8 Ndisuio - ok
18:56:24.0562 0x15e8 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:56:24.0562 0x15e8 NdisWan - ok
18:56:24.0593 0x15e8 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:56:24.0593 0x15e8 NDProxy - ok
18:56:24.0640 0x15e8 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3, 29ACA9D8A5426333F75858D9D3960A4DCDDA4ACC986B3E9E37D255E4FAECDB7C ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
18:56:24.0640 0x15e8 Net Driver HPZ12 - ok
18:56:24.0656 0x15e8 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:56:24.0656 0x15e8 NetBIOS - ok
18:56:24.0687 0x15e8 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:56:24.0687 0x15e8 NetBT - ok
18:56:24.0734 0x15e8 [ 1B09227E41F414A93DBC0BAF80C4D527, 78726FFA0AD600BF915DAE524A4C72847DE399F68087A288D0FB05C4AB490724 ] NetDDE C:\WINDOWS\system32\netdde.exe
18:56:24.0734 0x15e8 NetDDE - ok
18:56:24.0750 0x15e8 [ 1B09227E41F414A93DBC0BAF80C4D527, 78726FFA0AD600BF915DAE524A4C72847DE399F68087A288D0FB05C4AB490724 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:56:24.0765 0x15e8 NetDDEdsdm - ok
18:56:24.0796 0x15e8 [ 0FBA335727905DE8E4CB5A2CF438ABF5, 7D7C9D34C590C0F46EEA600C5185F266B66A972F3D9F535CABAADF622E97A67C ] Netlogon C:\WINDOWS\system32\lsass.exe
18:56:24.0796 0x15e8 Netlogon - ok
18:56:24.0828 0x15e8 [ 02815B70FC4CA8611A926176F1C39FC2, D2B78A93584AB59252280ADAC942B65B80EFBE13DFADEC56650E12475CAA3D3B ] Netman C:\WINDOWS\System32\netman.dll
18:56:24.0843 0x15e8 Netman - ok
18:56:25.0281 0x15e8 [ 91F027C242D3FF6E5C09F92A0518297F, FD15B9820D31686D60E57056FEADBEA1CC7A95A9A743941699BB3D90D6F1B456 ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
18:56:25.0656 0x15e8 NETw5x32 - ok
18:56:25.0718 0x15e8 [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:56:25.0734 0x15e8 NIC1394 - ok
18:56:25.0765 0x15e8 [ C6B69A18D39744725FB73AC85E46032B, 5C33151152126A557F0C7C30646D169E00674F03CF5E187E540AAA22EB2DBF58 ] Nla C:\WINDOWS\System32\mswsock.dll
18:56:25.0781 0x15e8 Nla - ok
18:56:25.0796 0x15e8 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:56:25.0796 0x15e8 Npfs - ok
18:56:25.0843 0x15e8 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:56:25.0890 0x15e8 Ntfs - ok
18:56:25.0921 0x15e8 [ 0FBA335727905DE8E4CB5A2CF438ABF5, 7D7C9D34C590C0F46EEA600C5185F266B66A972F3D9F535CABAADF622E97A67C ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:56:25.0937 0x15e8 NtLmSsp - ok
18:56:26.0031 0x15e8 [ 89DB90B5F35D2795D9FC56D933CC72B8, D2B337F648BDE65ACA5DF1277766784283FFC7DD231E7A66D3DF1DCFD0CB7564 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:56:26.0062 0x15e8 NtmsSvc - ok
18:56:26.0093 0x15e8 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
18:56:26.0093 0x15e8 Null - ok
18:56:26.0140 0x15e8 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:56:26.0140 0x15e8 NwlnkFlt - ok
18:56:26.0156 0x15e8 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:56:26.0156 0x15e8 NwlnkFwd - ok
18:56:26.0187 0x15e8 [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:56:26.0187 0x15e8 ohci1394 - ok
18:56:26.0203 0x15e8 [ 4E9408A178B2D955871C2CDD278DE3C3, 0D0C9A9F7281F13DED6AB0BEA3779380D1FBF7442461DE20869E744DE810328C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
18:56:26.0203 0x15e8 Parport - ok
18:56:26.0234 0x15e8 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:56:26.0250 0x15e8 PartMgr - ok
18:56:26.0281 0x15e8 [ 0DABEF655A444CB1E193626FB1D24B9F, 3B9923363E3B7A01FEA882E1BD2148F70ECD5106FC2F174548269F50E2E5F7D1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:56:26.0281 0x15e8 ParVdm - ok
18:56:26.0281 0x15e8 [ F40A46892AFEBB0314536B849D57C11E, FB6EBF422CE1B71DD39103223851D36149B2D159B90903E553033BCDB244A091 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:56:26.0281 0x15e8 PCI - ok
18:56:26.0296 0x15e8 PCIDump - ok
18:56:26.0328 0x15e8 [ B2DF00D650FD6C4EE781740ED3C8E67F, 204D3825143EDBF56BB819E7AA1CDD06AF2180F3E7A43B01065D7698919AE065 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:56:26.0343 0x15e8 PCIIde - ok
18:56:26.0359 0x15e8 [ 815C50F2B1D1562800BDCE8BE895000E, 4DE07E8A1390DF1A411F2813064888F457C229A7FA510159BA4D488031771F41 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:56:26.0375 0x15e8 Pcmcia - ok
18:56:26.0375 0x15e8 PDCOMP - ok
18:56:26.0375 0x15e8 PDFRAME - ok
18:56:26.0390 0x15e8 PDRELI - ok
18:56:26.0390 0x15e8 PDRFRAME - ok
18:56:26.0390 0x15e8 perc2 - ok
18:56:26.0406 0x15e8 perc2hib - ok
18:56:26.0453 0x15e8 [ 26845F272435302E0F3322E660A24F7D, 3034AA4913525B0BB8761A3A1741DDB65E0B87DA6C90B481DD458B2253083DA3 ] PlugPlay C:\WINDOWS\system32\services.exe
18:56:26.0453 0x15e8 PlugPlay - ok
18:56:26.0484 0x15e8 [ 79834AA2FBF9FE81EEBB229024F6F7FC, 4E243765C11AE9B5D003C3220B8AA0C4671B2627221D2323F80189CA3A307FEF ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
18:56:26.0484 0x15e8 Pml Driver HPZ12 - ok
18:56:26.0500 0x15e8 [ 0FBA335727905DE8E4CB5A2CF438ABF5, 7D7C9D34C590C0F46EEA600C5185F266B66A972F3D9F535CABAADF622E97A67C ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:56:26.0500 0x15e8 PolicyAgent - ok
18:56:26.0531 0x15e8 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:56:26.0531 0x15e8 PptpMiniport - ok
18:56:26.0531 0x15e8 [ 0FBA335727905DE8E4CB5A2CF438ABF5, 7D7C9D34C590C0F46EEA600C5185F266B66A972F3D9F535CABAADF622E97A67C ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:56:26.0531 0x15e8 ProtectedStorage - ok
18:56:26.0546 0x15e8 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:56:26.0562 0x15e8 PSched - ok
18:56:26.0578 0x15e8 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:56:26.0578 0x15e8 Ptilink - ok
18:56:26.0578 0x15e8 ql1080 - ok
18:56:26.0578 0x15e8 Ql10wnt - ok
18:56:26.0593 0x15e8 ql12160 - ok
18:56:26.0593 0x15e8 ql1240 - ok
18:56:26.0593 0x15e8 ql1280 - ok
18:56:26.0609 0x15e8 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:56:26.0609 0x15e8 RasAcd - ok
18:56:26.0656 0x15e8 [ 9839B418343D6E6E52659BDF3FF1FE67, 8B3FDA61B82836D79DBC3C7B92538E5A921A4A9BFC0B60411D307150A0FBCFED ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:56:26.0671 0x15e8 RasAuto - ok
18:56:26.0703 0x15e8 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:56:26.0703 0x15e8 Rasl2tp - ok
18:56:26.0734 0x15e8 [ 62AD41548E720DB4763B86F95E44F3FA, D9349F6192134434362E602CA6B35AF1212B8CE413F02CDEDA8A644238F37DA4 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:56:26.0765 0x15e8 RasMan - ok
18:56:26.0781 0x15e8 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:56:26.0781 0x15e8 RasPppoe - ok
18:56:26.0796 0x15e8 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:56:26.0796 0x15e8 Raspti - ok
18:56:26.0828 0x15e8 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:56:26.0843 0x15e8 Rdbss - ok
18:56:26.0875 0x15e8 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:56:26.0875 0x15e8 RDPCDD - ok
18:56:26.0937 0x15e8 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:56:26.0953 0x15e8 rdpdr - ok
18:56:27.0015 0x15e8 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:56:27.0031 0x15e8 RDPWD - ok
18:56:27.0078 0x15e8 [ CC72E6AE90245F0AE48BF1236A7E1F9C, 17CF8F174DCC3B07379716C4532A4F875AE8E4010AA61E4C7B2EA24E29BF5ABD ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:56:27.0109 0x15e8 RDSessMgr - ok
18:56:27.0125 0x15e8 [ 393FC252593323B624B230ECA6B85E63, 77030C7E4847859704B0E6CD404D7B00CE89036157883052A61101EDAE4B375B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:56:27.0140 0x15e8 redbook - ok
18:56:27.0171 0x15e8 [ 7EBBF16FBD3E0E34F084FA635C1844E3, 6149B4FE725D8016932EEDF1A47288A5066046FF833EE5DCD7344A9077450690 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:56:27.0187 0x15e8 RemoteAccess - ok
18:56:27.0218 0x15e8 [ F667A41BCED959988E53FEECC8BF5DA0, 8F6C7FB408BD83F19F7582D92BDD84C582B5EC0DFA8EC894005F6E33A291C85E ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:56:27.0218 0x15e8 RemoteRegistry - ok
18:56:27.0265 0x15e8 [ DC97F6C8A94691834439872B9E8FF2B3, 6F751308F08D5B890FE49C67D4643EB7BD83566C9BA03CAF203EF431B23B7129 ] RpcLocator C:\WINDOWS\system32\locator.exe
18:56:27.0265 0x15e8 RpcLocator - ok
18:56:27.0343 0x15e8 [ BC4E0226341AAEC1222336B3AED86BAB, CBE39840A484EC182133B18794BD5AAFCC25C306B5F497CA22BFC8321C12F88F ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:56:27.0359 0x15e8 RpcSs - ok
18:56:27.0421 0x15e8 [ DCE0D20F8FB66DF41D53734BFF9D66F0, 78B858710DAD33A2BDEFE538299339D94CC932648F329D974B0A2A3BFB75CA27 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:56:27.0437 0x15e8 RSVP - ok
18:56:27.0468 0x15e8 [ 0FBA335727905DE8E4CB5A2CF438ABF5, 7D7C9D34C590C0F46EEA600C5185F266B66A972F3D9F535CABAADF622E97A67C ] SamSs C:\WINDOWS\system32\lsass.exe
18:56:27.0484 0x15e8 SamSs - ok
18:56:27.0531 0x15e8 [ 1D456F1CD76A80793C07BA52CF3A7455, 34E878C24A28D67395D8ABA0DACF5FD73F2F4F6F6314D436D287CA1D75BF974B ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:56:27.0546 0x15e8 SCardSvr - ok
18:56:27.0578 0x15e8 [ 511886E5BD060046CCE8373E92E62EDF, 3BA4AEBE00474DA71C0A5EFBEC216C585A314D5F4F0C4E603D1EEBB9B6991343 ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:56:27.0593 0x15e8 Schedule - ok
18:56:27.0609 0x15e8 [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:56:27.0625 0x15e8 sdbus - ok
18:56:27.0625 0x15e8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:56:27.0640 0x15e8 Secdrv - ok
18:56:27.0671 0x15e8 [ 17C6354CA08E7C7972E12C67478AE134, BA0C6EC30FF345840435C16DB30BD08047EF54455057104FEAB03657CFF5EB41 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:56:27.0687 0x15e8 seclogon - ok
18:56:27.0703 0x15e8 [ A0ECA1CE0FCCB29C5E4E1F416E95E73E, 36DB8E0D89255CCC7369A50542065E3661652D650130CAC22EBA3691512C6B81 ] SENS C:\WINDOWS\system32\sens.dll
18:56:27.0703 0x15e8 SENS - ok
18:56:27.0718 0x15e8 [ FDBD9D64E2E03270021D424F0DCCF79D, F818B9355B6965FA4D8847AA2A54AC950381C914D96EB7E94B8DEE6CF820CFD5 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
18:56:27.0718 0x15e8 Serial - ok
18:56:27.0734 0x15e8 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:56:27.0734 0x15e8 Sfloppy - ok
18:56:27.0796 0x15e8 [ 152C0555925DFE028E3148FD215146BB, B34D6363CAD693FBF0354450A749A3F82BD1AA80CE719862D6C85854C7254D78 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:56:27.0828 0x15e8 SharedAccess - ok
18:56:27.0859 0x15e8 [ DCCC606FC144F6E44E497F9A906F1C30, 961D1A633BAE3634BA649BE4D7CD01836072A5956D3BD8F0AE3241DF55ED884C ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:56:27.0859 0x15e8 ShellHWDetection - ok
18:56:27.0875 0x15e8 Simbad - ok
18:56:27.0875 0x15e8 Sparrow - ok
18:56:27.0921 0x15e8 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:56:27.0921 0x15e8 splitter - ok
18:56:27.0968 0x15e8 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:56:27.0984 0x15e8 Spooler - ok
18:56:28.0046 0x15e8 [ 618718CAE288BF7CBD8FCBAB2577D932, 51C5B937909884214CEE257505B5925D7089222E8B37B5D10DC6A7460C9D7546 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:56:28.0046 0x15e8 sr - ok
18:56:28.0078 0x15e8 [ B3E3DA70A7A76E69B872DE3D06D32C19, 3398D5375077EBAAD5CDBCD3D5E0BE25AE78CCC13EE17CFC03723A8BA7CBD0D2 ] srservice C:\WINDOWS\system32\srsvc.dll
18:56:28.0093 0x15e8 srservice - ok
18:56:28.0156 0x15e8 [ C2CF42F08701ACA501150CA48C2CF4C5, 65804FFC2579F567CCE9C5E23397CFCC581443801E8557A2FE3C15B12C946B23 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:56:28.0203 0x15e8 Srv - ok
18:56:28.0250 0x15e8 [ 5215569DD3A8FBC65A85E85F3C12258B, C6AD200F740BB0586520AD90C7D532AA167F2E63199801E7D07E6F6AE594BC73 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:56:28.0265 0x15e8 SSDPSRV - ok
18:56:28.0328 0x15e8 [ 3B9263E137896E4D303494F116E00608, B0979242ABDADD4CB12617B8D8715DBD97B8B0A64B3640774A32E0D7DAE02741 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:56:28.0359 0x15e8 stisvc - ok
18:56:28.0375 0x15e8 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:56:28.0375 0x15e8 swenum - ok
18:56:28.0421 0x15e8 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:56:28.0421 0x15e8 swmidi - ok
18:56:28.0437 0x15e8 SwPrv - ok
18:56:28.0437 0x15e8 symc810 - ok
18:56:28.0437 0x15e8 symc8xx - ok
18:56:28.0453 0x15e8 sym_hi - ok
18:56:28.0453 0x15e8 sym_u3 - ok
18:56:28.0484 0x15e8 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:56:28.0484 0x15e8 sysaudio - ok
18:56:28.0531 0x15e8 [ A34A9A872EEC4C026FD542AC7156FE0B, D71D365E8F7C8F7BF347C06FB687B8E976D3CF5B319211009223D16638F8521A ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:56:28.0546 0x15e8 SysmonLog - ok
18:56:28.0593 0x15e8 [ 6B85F1A9DCE45D45BFFAD3222C21F297, 4285B0929162CE3497B89C31CA769547300FF920E3F264F4C7E06C2DB780C8B4 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:56:28.0625 0x15e8 TapiSrv - ok
18:56:28.0687 0x15e8 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:56:28.0718 0x15e8 Tcpip - ok
18:56:28.0765 0x15e8 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:56:28.0765 0x15e8 TDPIPE - ok
18:56:28.0781 0x15e8 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:56:28.0796 0x15e8 TDTCP - ok
18:56:29.0265 0x15e8 [ E99CD4524662A2DA7C73372C626669D8, 694DF29BF6CFF8CA06B8C701BBD148DCF58D6A6ECE3CF6CC900B0D0E5A3DFDF2 ] TeamViewer9 C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe
18:56:29.0640 0x15e8 TeamViewer9 - ok
18:56:29.0687 0x15e8 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:56:29.0687 0x15e8 TermDD - ok
18:56:29.0734 0x15e8 [ FE5A5329CCFC33D645C33077FF04F052, 5B8F641C1F94CD9BAB0CB632F80E707F01118D77CF754C0DCE9E813F789ABCC3 ] TermService C:\WINDOWS\System32\termsrv.dll
18:56:29.0765 0x15e8 TermService - ok
18:56:29.0781 0x15e8 [ DCCC606FC144F6E44E497F9A906F1C30, 961D1A633BAE3634BA649BE4D7CD01836072A5956D3BD8F0AE3241DF55ED884C ] Themes C:\WINDOWS\System32\shsvcs.dll
18:56:29.0796 0x15e8 Themes - ok
18:56:29.0843 0x15e8 [ 2FFF150EA4396956F10B66211687F335, BB62A1E675D155FBB1FF91958370728436C3608CFF09C9B4FA239BAFAC272DEB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:56:29.0859 0x15e8 TlntSvr - ok
18:56:29.0859 0x15e8 TosIde - ok
18:56:29.0890 0x15e8 [ 690294999DF1248FAF85D95B31955D0C, 74072BCBD543FC7FECCD4F54EA9D016BE10D1F00B5D3F90A7AB651DD9DCF276E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:56:29.0921 0x15e8 TrkWks - ok
18:56:29.0937 0x15e8 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:56:29.0953 0x15e8 Udfs - ok
18:56:29.0953 0x15e8 ultra - ok
18:56:30.0046 0x15e8 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:56:30.0078 0x15e8 Update - ok
18:56:30.0125 0x15e8 [ 8057B0744D9842A090E51D2845861D5F, E226DFF48FB766CC36273FAA631140254F9C339891C9EE7D6F2FA2B2E5372FDF ] upnphost C:\WINDOWS\System32\upnphost.dll
18:56:30.0156 0x15e8 upnphost - ok
18:56:30.0187 0x15e8 [ F5E8B846EC10E1DF8DCA64119E2EB709, D0475F2A2EF5C2DBCC64E27B548560F19124C4EC3BEA3B776A690A61B36E5A9A ] UPS C:\WINDOWS\System32\ups.exe
18:56:30.0203 0x15e8 UPS - ok
18:56:30.0250 0x15e8 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:56:30.0250 0x15e8 usbccgp - ok
18:56:30.0265 0x15e8 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:56:30.0281 0x15e8 usbehci - ok
18:56:30.0296 0x15e8 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:56:30.0312 0x15e8 usbhub - ok
18:56:30.0343 0x15e8 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:56:30.0343 0x15e8 usbprint - ok
18:56:30.0390 0x15e8 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:56:30.0406 0x15e8 usbscan - ok
18:56:30.0437 0x15e8 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:56:30.0453 0x15e8 USBSTOR - ok
18:56:30.0453 0x15e8 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:56:30.0453 0x15e8 usbuhci - ok
18:56:30.0484 0x15e8 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:56:30.0484 0x15e8 VgaSave - ok
18:56:30.0484 0x15e8 ViaIde - ok
18:56:30.0500 0x15e8 [ E46C1B5A56DA7DA603D09DFCC79EC59E, E16CC03DE648AC9B79F6833A0771C4A5D3E85D331537CB2D442B48094B7AFB7B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:56:30.0515 0x15e8 VolSnap - ok
18:56:30.0593 0x15e8 [ C2FE17125256102F5B44194D5DB0A799, 30C8B2788E552082E5672E6976D9665949D125E32491C59E7633101FD0E76C92 ] VSS C:\WINDOWS\System32\vssvc.exe
18:56:30.0640 0x15e8 VSS - ok
18:56:30.0718 0x15e8 [ 2969DD84B584A6BB541A5273103957A3, 31D30251CEC9E165624AA4787384A44345996A785158B96EDA234D46B9999D3F ] W32Time C:\WINDOWS\system32\w32time.dll
18:56:30.0750 0x15e8 W32Time - ok
18:56:30.0796 0x15e8 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:56:30.0796 0x15e8 Wanarp - ok
18:56:30.0890 0x15e8 [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
18:56:30.0937 0x15e8 Wdf01000 - ok
18:56:30.0937 0x15e8 WDICA - ok
18:56:30.0984 0x15e8 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:56:31.0000 0x15e8 wdmaud - ok
18:56:31.0046 0x15e8 [ 2EC50EE79B65F60C8E8B4A03BBB3A42F, D71F2AA601B71F16657E3B2F28EE89CE8A3DD99D77CCD63A2AFBE85F15501CB7 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:56:31.0078 0x15e8 WebClient - ok
18:56:31.0156 0x15e8 [ 97FA8F7F2E9168E3A4F02DEE76709A29, D8502329E0B5BED0184C30A712E03248E12CA3176A8351298EFDEB35FC1396D6 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:56:31.0234 0x15e8 winachsf - ok
18:56:31.0343 0x15e8 [ 40911E98D0F1CBB1015F2101982F1DDF, C4AF11AF406BA59FB9EFDB6CBE1F2005454CD3B9EEE19A8F4095D6EB2420EE6D ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:56:31.0359 0x15e8 winmgmt - ok
18:56:31.0421 0x15e8 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE, 04374450882504D9031951F4E9317E5A128EBA5A22A3555ACD28BC742861AF9C ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
18:56:31.0437 0x15e8 WinUSB - ok
18:56:31.0468 0x15e8 [ 051B1BDECD6DEE18C771B5D5EC7F044D, E9D4870C7E4E6119B274CF788D564BE9C48EA63790F5D6A2E987EB6DF7C93200 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:56:31.0484 0x15e8 WmdmPmSN - ok
18:56:31.0562 0x15e8 [ F63CB6DBE268EA0620C67A90CF43885E, 4F41FE17730D9A11D4B3323060DAEA45A6392BFC1193C6FE68F0D272280B7382 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:56:31.0640 0x15e8 Wmi - ok
18:56:31.0687 0x15e8 [ 81FD02839FDB10ACF0EC40B809B9F8CC, 18917E10CEB48B3FE51D3C0AFD8FB27306646CE357EE10AE07BB14B4BDA5278A ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:56:31.0703 0x15e8 WmiApSrv - ok
18:56:31.0906 0x15e8 [ 65CFC2386487AA1FB08133AE10220A14, FB648EDB4426D3173F4613C42D5EDA6DBBC447C97463416EFF930662EB642411 ] WMPNetworkSvc C:\Programmi\Windows Media Player\WMPNetwk.exe
18:56:32.0015 0x15e8 WMPNetworkSvc - ok
18:56:32.0093 0x15e8 [ C60DC16D4E406810FAD54B98DC92D5EC, 43E7DF323BBD7C889CAD078176E239319A40EE4BEBC7BD753012B94CF5E48551 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:56:32.0109 0x15e8 WpdUsb - ok
18:56:32.0156 0x15e8 [ 926D921C93CFF1E19EF4DE3E4C8368CA, 0DD2273872F77DA2A6A935E3EA25F3A8F48AF13D1317D51BA76D735A99D656EE ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:56:32.0187 0x15e8 wscsvc - ok
18:56:32.0234 0x15e8 [ CC48415E6C7CBAA441A3D6A6DCCBCFA6, 97CFB57AD1F30A690D032297019FB3A8A1664896AF0C310AB799C93EA18F98F8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:56:32.0250 0x15e8 wuauserv - ok
18:56:32.0296 0x15e8 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:56:32.0296 0x15e8 WudfPf - ok
18:56:32.0343 0x15e8 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:56:32.0359 0x15e8 WudfRd - ok
18:56:32.0406 0x15e8 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:56:32.0421 0x15e8 WudfSvc - ok
18:56:32.0531 0x15e8 [ 053E0307A08CAC60793E27E921B46B3E, D886609D17F322075C644C2C9934437026349EA65CC4ED41E1FEA0D89556257E ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:56:32.0593 0x15e8 WZCSVC - ok
18:56:32.0640 0x15e8 [ 5526482DCBA6047641B13BF9C75A74E0, 446EEF008FC5055D8C3640BE57058914D078573883FA3BB7815F847C638FD881 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:56:32.0656 0x15e8 xmlprov - ok
18:56:32.0671 0x15e8 ================ Scan global ===============================
18:56:32.0703 0x15e8 [ 17DDFE6A0B5404C5EF4C03AD996D0562, 4E806713F5F86F60FB6204028321AEBE26195EE99A537B52D9627F2659C4A77A ] C:\WINDOWS\system32\basesrv.dll
18:56:32.0781 0x15e8 [ 63A5456E7C4E7771A8B39F82217E7825, 38DF4B5D94D6186835AF8464C8090E0DBECE302A6125A228081D641C0C10D9D9 ] C:\WINDOWS\system32\winsrv.dll
18:56:32.0843 0x15e8 [ 63A5456E7C4E7771A8B39F82217E7825, 38DF4B5D94D6186835AF8464C8090E0DBECE302A6125A228081D641C0C10D9D9 ] C:\WINDOWS\system32\winsrv.dll
18:56:32.0890 0x15e8 [ 26845F272435302E0F3322E660A24F7D, 3034AA4913525B0BB8761A3A1741DDB65E0B87DA6C90B481DD458B2253083DA3 ] C:\WINDOWS\system32\services.exe
18:56:32.0921 0x15e8 [ Global ] - ok
18:56:32.0921 0x15e8 ================ Scan MBR ==================================
18:56:32.0937 0x15e8 [ 828E02D5C4A4FBE53441EE9DBEE51F43 ] \Device\Harddisk0\DR0
18:56:33.0203 0x15e8 \Device\Harddisk0\DR0 - ok
18:56:33.0203 0x15e8 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR2
18:56:33.0218 0x15e8 \Device\Harddisk1\DR2 - ok
18:56:33.0218 0x15e8 ================ Scan VBR ==================================
18:56:33.0218 0x15e8 [ 77152678AF7ACE993B8228AA201356D7 ] \Device\Harddisk0\DR0\Partition1
18:56:33.0218 0x15e8 \Device\Harddisk0\DR0\Partition1 - ok
18:56:33.0218 0x15e8 [ F4549AD5734C16FF964F2A5C5AD74A40 ] \Device\Harddisk1\DR2\Partition1
18:56:33.0234 0x15e8 \Device\Harddisk1\DR2\Partition1 - ok
18:56:33.0234 0x15e8 ================ Scan generic autorun ======================
18:56:33.0359 0x15e8 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
18:56:33.0453 0x15e8 Adobe ARM - ok
18:56:33.0562 0x15e8 [ A00F240E6B250E91536CE18BFE0A350C, 338DD25039D4BA97DF669493F6ED59D8E3448BE1F9E954E98B46B188B6359D45 ] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
18:56:33.0562 0x15e8 StartCCC - ok
18:56:33.0640 0x15e8 [ 5D05A8954FFCE5C0610EF07A78905EDD, 6DE5153E510B2E9BC70600AA72B846AAC531A1FCE53DC6F439AF3D552A73E4AA ] C:\Programmi\AVAST Software\Avast\AvLaunch.exe
18:56:33.0671 0x15e8 AvastUI.exe - ok
18:56:33.0734 0x15e8 [ 7AF5A466CF4AECA28E3DCBCF5B6FD220, 9A295A781883A5BE29F05CB22DEBEC29495528FE17787C53A7F51BA1038FDCE8 ] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
18:56:33.0734 0x15e8 HP Software Update - ok
18:56:35.0281 0x15e8 [ 529ABF7BC07F5688EF22B8F7FE2C76BF, 7EEBCFE1F77F80600073D7812AEB7AB9C66C0E2A042C4F5F3812C91704F7A12E ] C:\WINDOWS\RTHDCPL.EXE
18:56:36.0750 0x15e8 RTHDCPL - ok
18:56:36.0890 0x15e8 [ F53CDDEF33A4C41336A782BE3D170158, 935DB29473BEC2EDB91035BCD94633D87E18017898C65269E2376BC311043753 ] C:\WINDOWS\system32\CTFMON.EXE
18:56:36.0906 0x15e8 CTFMON.EXE - ok
18:56:36.0906 0x15e8 [ F53CDDEF33A4C41336A782BE3D170158, 935DB29473BEC2EDB91035BCD94633D87E18017898C65269E2376BC311043753 ] C:\WINDOWS\system32\CTFMON.EXE
18:56:36.0906 0x15e8 CTFMON.EXE - ok
18:56:36.0906 0x15e8 [ F53CDDEF33A4C41336A782BE3D170158, 935DB29473BEC2EDB91035BCD94633D87E18017898C65269E2376BC311043753 ] C:\WINDOWS\system32\ctfmon.exe
18:56:36.0906 0x15e8 CTFMON.EXE - ok
18:56:37.0609 0x15e8 [ CB1B3F1A1C268609344ADD54A0586633, EAE67B1CB15BA359B9B686C3B728F5BD47D73C4716234E8E2471FEE8CF563905 ] C:\Programmi\CCleaner\CCleaner.exe
18:56:37.0875 0x15e8 CCleaner Monitoring - ok
18:56:37.0890 0x15e8 [ F53CDDEF33A4C41336A782BE3D170158, 935DB29473BEC2EDB91035BCD94633D87E18017898C65269E2376BC311043753 ] C:\WINDOWS\system32\CTFMON.EXE
18:56:37.0906 0x15e8 CTFMON.EXE - ok
18:56:37.0906 0x15e8 Waiting for KSN requests completion. In queue: 209
18:56:38.0906 0x15e8 Waiting for KSN requests completion. In queue: 209
18:56:39.0906 0x15e8 Waiting for KSN requests completion. In queue: 6
18:56:40.0968 0x15e8 AV detected via SS1: Malwarebytes, 3.0.0.143, enabled, updated
18:56:40.0968 0x15e8 AV detected via SS1: Avast Antivirus, 17.8.3705.0, enabled, updated
18:56:40.0984 0x15e8 Win FW state via NFM: disabled
18:56:43.0437 0x15e8 ============================================================
18:56:43.0437 0x15e8 Scan finished
18:56:43.0437 0x15e8 ============================================================
18:56:43.0437 0x16c0 Detected object count: 0
18:56:43.0437 0x16c0 Actual detected object count: 0
danyela
Utente Junior
 
Post: 84
Iscritto il: 28/06/07 09:20
Località: torino

Re: FORSE PC INFETTATO???

Postdi danyela » 11/11/17 19:53

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
main: v2017.11.11.06
rootkit: v2017.10.14.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: PC [administrator]

11/11/2017 19.02.34
mbar-log-2017-11-11 (19-02-34).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 254218
Time elapsed: 21 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
danyela
Utente Junior
 
Post: 84
Iscritto il: 28/06/07 09:20
Località: torino

Re: FORSE PC INFETTATO???

Postdi danyela » 11/11/17 19:55

Io ccleaner lo adopero da anni. Faccio regolarmente gli aggiornamenti (manuali). Ora ho la versione 5.36.6278
Se mi consigli di formattare facciamolo. Ma posso farlo io? In tal caso però devi aiutarmi. Oppure devo portare il notebook da qualcuno?

Grazie ancora
danyela
Utente Junior
 
Post: 84
Iscritto il: 28/06/07 09:20
Località: torino

Re: FORSE PC INFETTATO???

Postdi dany79 » 11/11/17 21:36

Ciao
Se lo adoperi da anni ,ti posso dire che fai piu che bene...anche dopo il.fatto del malware...purtroppo il virus ha interessato la versione 5.33 a 32bit, ,e chiunque tra quel periodo di tempo che ti ho detto li ha scaricato è stato infettato...in primis bastava eliminare quella chiave che ha eliminato malwarebyte, ma poi si è scoperto che il virus era molto sofisticato e vhe era a piu stadi...ciò vuol dire che il primo era quella chiave e se il virus veniva attivato da remoto partiva il secondo stadio, il.quale non è rintracciabile mediante i software di sicurezza,questo perche il virus non lascia traccia nell hd ,ma va direttamente ad insediarsi on memoria e non viene piu rilevato dagli antivirus o antimalware...
Questo è il motivo per il quale consiglio di formattare, perche non si puo essere sicuri di non essere infettati...

Dopo questa premessa adesso ccleaner è ok e si puo utilizzare regolarmente...

Per formattare, anzitutto hai il cd di win xp con relativa chiave di attivazione??
Poi prima di formattare dovrai salvare su un suppurto esterno i dati vhe ti interedssano, perche con la formattazione cancelliamo tutto...

Dopo dovrai reperire i driver dell tuo pc..
https://www.aranzulla.it/programmi-per- ... 24866.html

Poi si formatta...
https://www.aranzulla.it/come-formattar ... 52574.html

Se hai dubbi domanda...
Ciao
--DARRILL79--
Avatar utente
dany79
Utente Junior
 
Post: 46
Iscritto il: 26/10/13 11:51
Località: Barchi (pu)

Re: FORSE PC INFETTATO???

Postdi danyela » 13/11/17 09:47

Ciao.
Cerco se ho il cd di XP.
Domanda: e cambiare sistema operativo? Senza dover cambiare notebook?
danyela
Utente Junior
 
Post: 84
Iscritto il: 28/06/07 09:20
Località: torino

Re: FORSE PC INFETTATO???

Postdi dany79 » 13/11/17 10:33

Bisogna vedere le caratteristiche del pc:
RAM:
CPU:
etc

Si ,potresti installare un win7 penso, pero bisogna vedere se il pc subisce rallentamenti...
Se vuoi eseguire Windows 7 sul tuo PC, ecco cosa devi verificare:
1.Processore a 32 bit (x86) o a 64 bit (x64) da 1 GHz o superiore*
2.1 gigabyte (GB) di RAM (32 bit) o 2 GB di RAM (64 bit) (te dovresti averne 2gb)
3.16 GB di spazio disponibile su disco (32 bit) o 20 GB (64 bit)
4.Dispositivo grafico DirectX 9 con driver WDDM 1.0 o versione successiva.
Te dovresti avere un pc a 32 bit...
--DARRILL79--
Avatar utente
dany79
Utente Junior
 
Post: 46
Iscritto il: 26/10/13 11:51
Località: Barchi (pu)

Re: FORSE PC INFETTATO???

Postdi danyela » 14/11/17 17:29

Il mio pc è Genuine Intel CPU T2300, 1,66 GHz 2GB RAM ATI MOBILITY RADEON X1600 28,8 GB di spazio disponibile ma non dirti i bit
Purtroppo non ho grosse possibilità economiche e vorrei trovare la soluzione più adatta che mi permetta di usare il pc per quel poco che lo uso io in modo accettabile.
Se posso passare a windows 7 non sarebbe male.
danyela
Utente Junior
 
Post: 84
Iscritto il: 28/06/07 09:20
Località: torino

Re: FORSE PC INFETTATO???

Postdi dany79 » 15/11/17 07:27

Si dovrebbe andare win7....
Hai win7 con relativa licenza??
Se si procediamo...se no bisogna fare quello che ti ho detto per xp...
In caso di win7 fare beckup dei dati che ti interessano...
Ciao
--DARRILL79--
Avatar utente
dany79
Utente Junior
 
Post: 46
Iscritto il: 26/10/13 11:51
Località: Barchi (pu)

Re: FORSE PC INFETTATO???

Postdi dany79 » 15/11/17 08:09

Poi per vedere se hai un Sistema operativo a 32 BIT , fai cosi:

1.Fai clic sul pulsante Start. , quindi fai clic con il pulsante destro del mouse su Computer e quindi scegli Proprietà.
2.In Sistema è visualizzato il tipo di sistema Operativo
--DARRILL79--
Avatar utente
dany79
Utente Junior
 
Post: 46
Iscritto il: 26/10/13 11:51
Località: Barchi (pu)


Torna a Sicurezza e Privacy


Topic correlati a "FORSE PC INFETTATO???":

Pc infettato?
Autore: rino86
Forum: Sicurezza e Privacy
Risposte: 15
Pc infettato?
Autore: franco11
Forum: Sicurezza e Privacy
Risposte: 2

Chi c’è in linea

Visitano il forum: Nessuno e 11 ospiti