Condividi:        

pagine pubblicitarie che si aprono da sole

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

pagine pubblicitarie che si aprono da sole

Postdi langoliere » 20/07/12 19:56

Ciao a tutti, ho un problema (direi piuttosto comune) con il mio pc. Come da titolo mi si aprono di continuo pagine pubblicitarie. Ho già fatto scansioni con Super anti spyware e Malware Bytes ma niente. Ho installato Hijackthis e il log è il seguente.
Grazie a chiunque possa dirmi cosa fixare e come procedere.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19.05.18, on 20/07/2012
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Users\GRANOR~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis program\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=10
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: SearchToolbar.ShowToolbarBHO - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - mscoree.dll (file missing)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TBSB07458 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Registry Booster 2010 4.7.610\mybarnsyC3EC.tmp\tbcore3.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files\Registry Booster 2010 4.7.610\mybarnsyC3EC.tmp\tbcore3.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O3 - Toolbar: SearchToolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - mscoree.dll (file missing)
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files\Registry Booster 2010 4.7.610\mybarnsyC3EC.tmp\tbcore3.dll
O9 - Extra 'Tools' menuitem: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files\Registry Booster 2010 4.7.610\mybarnsyC3EC.tmp\tbcore3.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{3a539854-6a70-11db-887c-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{91F00359-D883-4FB7-B361-5A4E645F1313}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{94855534-3589-4CF9-B477-24660C1520A9}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{3a539854-6a70-11db-887c-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\granorosso\AppData\Local\PosService\Pos.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Inc. - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\granorosso\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\granorosso\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10406 bytes
langoliere
Newbie
 
Post: 7
Iscritto il: 20/07/12 19:11

Sponsor
 

Re: pagine pubblicitarie che si aprono da sole

Postdi FrancescoFDAC » 21/07/12 09:52

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un doppio click
● una volta avviato clicca il pulsante Accetto: conferma cliccando Ok due volte
● segui le istruzioni che verranno rilasciate per eseguire la scansione:
"Tipicamente non impiega più di 10 minuti
Su pc molto infetti il tempo di scansione può raddoppiare facilmente"
● nel caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare (clicca il pulsante No)
senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato dopo l'utilizzo del programma stesso.
Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette, Hard Disk Esterni, Lettori MP3...) per prevenire future minacce: quando inserisci una Pendrive, dovrai avviarla manualmente dalle Risorse del computer.
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 10:53

Re: pagine pubblicitarie che si aprono da sole

Postdi langoliere » 21/07/12 11:08

ok, fatto. Ecco il log di combofix.

ComboFix 12-07-21.01 - granorosso 21/07/2012 10.53.45.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.39.1040.18.3070.1802 [GMT 2:00]
Eseguito da: c:\users\granorosso\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-21 al 2012-07-21 )))))))))))))))))))))))))))))))))))
.
.
2012-07-21 09:01 . 2012-07-21 09:01 -------- d-----w- c:\users\granorosso\AppData\Local\temp
2012-07-21 09:01 . 2012-07-21 09:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-21 09:01 . 2012-07-21 09:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-20 16:59 . 2012-07-20 16:59 388096 ----a-r- c:\users\granorosso\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-20 16:58 . 2012-07-20 16:59 -------- d-----w- C:\hijackthis program
2012-07-20 07:07 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A48C2093-355D-4978-8F53-E6DC364A256F}\mpengine.dll
2012-07-14 14:36 . 2012-07-14 14:36 -------- d-----w- c:\program files\Common Files\Vbox
2012-07-14 14:10 . 2012-07-14 14:10 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2012-07-14 14:04 . 2012-07-14 14:04 20016 ------w- c:\windows\system32\drivers\pxhelp20.sys
2012-07-10 15:33 . 2012-07-10 15:33 -------- d-----w- c:\users\granorosso\AppData\Roaming\Sony
2012-06-26 17:06 . 2012-06-26 17:06 -------- d-----w- c:\users\granorosso\AppData\Roaming\XMedia Recode
2012-06-23 09:49 . 2012-06-23 09:49 -------- d-----w- c:\users\granorosso\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 16:29 . 2012-04-07 20:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 16:29 . 2011-05-26 17:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 10:25 . 2009-10-03 09:11 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-25 10:14 . 2012-05-23 20:27 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-18 18:41 . 2011-05-11 16:52 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}"= "c:\program files\Registry Booster 2010 4.7.610\mybarnsyC3EC.tmp\tbcore3.dll" [2010-06-18 2604032]
.
[HKEY_CLASSES_ROOT\clsid\{c86ff9fa-aeed-451b-a9cc-39a53173ae2e}]
[HKEY_CLASSES_ROOT\TBSB07458.TBSB07458.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB07458.TBSB07458]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}"= "c:\program files\Registry Booster 2010 4.7.610\mybarnsyC3EC.tmp\tbcore3.dll" [2010-06-18 2604032]
.
[HKEY_CLASSES_ROOT\clsid\{c86ff9fa-aeed-451b-a9cc-39a53173ae2e}]
[HKEY_CLASSES_ROOT\TBSB07458.TBSB07458.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB07458.TBSB07458]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="" [BU]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-07-02 1022352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-14 4702208]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-12-14 174616]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^granorosso^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\users\granorosso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-08-01 16:30 151552 ----a-w- c:\acer\AcerTour\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 14:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
2007-08-31 16:38 1286144 ----a-w- c:\acer\Empowering Technology\eAudio\eAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-14 08:54 8501792 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-14 08:55 81920 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-12-14 08:55 86016 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2007-12-05 09:32 200704 ------w- c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PosService]
2011-12-16 16:44 218624 ----a-w- c:\users\Public\Documents\AppData\PoApp\PLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-12-14 08:55 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 16:29]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000&st=10
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000&st=10
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - c:\program files\Registry Booster 2010 4.7.610\mybarnsyC3EC.tmp\tbcore3.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3a539854-6a70-11db-887c-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{91F00359-D883-4FB7-B361-5A4E645F1313}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{94855534-3589-4CF9-B477-24660C1520A9}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\users\granorosso\AppData\Roaming\Mozilla\Firefox\Profiles\oyu9kpo1.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - http://www.google.it
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109986 ... 831601f&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-21 11:01
Windows 6.0.6000 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(2920)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
Ora fine scansione: 2012-07-21 11:04:06
ComboFix-quarantined-files.txt 2012-07-21 09:04
ComboFix2.txt 2012-07-16 18:39
ComboFix3.txt 2012-07-14 09:27
ComboFix4.txt 2011-06-19 15:01
.
Pre-Run: 76.597.501.952 byte disponibili
Post-Run: 77.927.510.016 byte disponibili
.
- - End Of File - - EC1F3BFCDD1E10447AE1660E31F52200
langoliere
Newbie
 
Post: 7
Iscritto il: 20/07/12 19:11

Re: pagine pubblicitarie che si aprono da sole

Postdi FrancescoFDAC » 21/07/12 13:39

Disinstalla Registry Booster (non serve a nulla) e SpybotSD (hai già Avira, basta e avanza).


Script personalizzato di ComboFix

Avviso: non eseguire ComboFix di tua iniziativa; questo tool non è un giocattolo e non è adatto ad un uso quotidiano.

Apri il Block Note: Start> Tutti i programmi> Accessori> Blocco note
● all'interno del nuovo documento di testo, copia ed incolla le seguenti righe:


Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PosService"=-

File::
c:\users\Public\Documents\AppData\PoApp\PLauncher.exe

Folder::
c:\users\Public\Documents\AppData\PoApp

DDS::
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000&st=10
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000&st=10

● chiama questo file CFScript.txt, e posizionalo sul Desktop, affianco a ComboFix - se ComboFix non fosse sul Desktop provvedi a spostarlo li-

Molto importante! Disabilita temporaneamente il tuo antivirus e firewall prima di seguire la procedura indicata. Potrebbero infatti interferire con ComboFix o rimuovere alcuni dei suoi file incorporati che possono portare a risultati imprevedibili.
Facendo riferimento all'immagine presente qui sotto, trascina con il puntatore del mouse CFScript.txt sull'icona di ComboFix
ComboFix ora eseguirà una scansione del tuo sistema. Una volta terminata, potrebbe riavviare automaticamente il sistema: in caso contrario, procedi tu manualmente.
A questo punto, il programma produrrà un Report. Copia ed incolla il log nel tuo prossimo post.

Immagine

Nota - riguardo alla procedura:
● non toccare assolutamente il mouse e la tastiera durante la scansione: potrebbe interrompersi
N.B :
● se viene visualizzato l'errore: Operazione non valida tentata su una chiave di registro che è stato contrassegnato per l'eliminazione, dovrai semplicemente riavviare il sistema e ripetere lo Script
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 10:53

Re: pagine pubblicitarie che si aprono da sole

Postdi langoliere » 21/07/12 16:01

Fatto. Ecco il log:


ComboFix 12-07-21.01 - granorosso 21/07/2012 15.49.49.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.39.1040.18.3070.2153 [GMT 2:00]
Eseguito da: c:\users\granorosso\Desktop\ComboFix.exe
Opzioni usate :: c:\users\granorosso\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
.
FILE ::
"c:\users\Public\Documents\AppData\PoApp\PLauncher.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\Documents\AppData\PoApp
c:\users\Public\Documents\AppData\PoApp\7z.dll
c:\users\Public\Documents\AppData\PoApp\AppLib.Zip.dll
c:\users\Public\Documents\AppData\PoApp\kw.sdb
c:\users\Public\Documents\AppData\PoApp\PLauncher.exe
c:\users\Public\Documents\AppData\PoApp\PService.exe
c:\users\Public\Documents\AppData\PoApp\RegHandlerDll.dll
c:\users\Public\Documents\AppData\PoApp\settings\settings.ini
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-21 al 2012-07-21 )))))))))))))))))))))))))))))))))))
.
.
2012-07-21 13:56 . 2012-07-21 13:56 -------- d-----w- c:\users\granorosso\AppData\Local\temp
2012-07-21 13:56 . 2012-07-21 13:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-21 13:56 . 2012-07-21 13:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-20 16:59 . 2012-07-20 16:59 388096 ----a-r- c:\users\granorosso\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-20 16:58 . 2012-07-20 16:59 -------- d-----w- C:\hijackthis program
2012-07-20 07:07 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A48C2093-355D-4978-8F53-E6DC364A256F}\mpengine.dll
2012-07-14 14:36 . 2012-07-14 14:36 -------- d-----w- c:\program files\Common Files\Vbox
2012-07-14 14:10 . 2012-07-14 14:10 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2012-07-14 14:04 . 2012-07-14 14:04 20016 ------w- c:\windows\system32\drivers\pxhelp20.sys
2012-07-10 15:33 . 2012-07-10 15:33 -------- d-----w- c:\users\granorosso\AppData\Roaming\Sony
2012-06-26 17:06 . 2012-06-26 17:06 -------- d-----w- c:\users\granorosso\AppData\Roaming\XMedia Recode
2012-06-23 09:49 . 2012-06-23 09:49 -------- d-----w- c:\users\granorosso\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 16:29 . 2012-04-07 20:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 16:29 . 2011-05-26 17:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 10:25 . 2009-10-03 09:11 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-25 10:14 . 2012-05-23 20:27 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-18 18:41 . 2011-05-11 16:52 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="" [BU]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-07-02 1022352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-14 4702208]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-12-14 174616]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^granorosso^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\users\granorosso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-08-01 16:30 151552 ----a-w- c:\acer\AcerTour\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 14:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
2007-08-31 16:38 1286144 ----a-w- c:\acer\Empowering Technology\eAudio\eAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-14 08:54 8501792 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-14 08:55 81920 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-12-14 08:55 86016 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2007-12-05 09:32 200704 ------w- c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-12-14 08:55 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 16:29]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - c:\program files\Registry Booster 2010 4.7.610\mybarnsyC3EC.tmp\tbcore3.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3a539854-6a70-11db-887c-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{91F00359-D883-4FB7-B361-5A4E645F1313}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{94855534-3589-4CF9-B477-24660C1520A9}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\users\granorosso\AppData\Roaming\Mozilla\Firefox\Profiles\oyu9kpo1.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109986 ... 831601f&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - c:\program files\Registry Booster 2010 4.7.610\mybarnsyC3EC.tmp\tbcore3.dll
WebBrowser-{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - c:\program files\Registry Booster 2010 4.7.610\mybarnsyC3EC.tmp\tbcore3.dll
MSConfigStartUp-PosService - c:\users\Public\Documents\AppData\PoApp\PLauncher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-21 15:56
Windows 6.0.6000 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(1864)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
Ora fine scansione: 2012-07-21 15:58:15
ComboFix-quarantined-files.txt 2012-07-21 13:58
ComboFix2.txt 2012-07-21 09:04
ComboFix3.txt 2012-07-16 18:39
ComboFix4.txt 2012-07-14 09:27
ComboFix5.txt 2012-07-21 13:48
.
Pre-Run: 78.029.058.048 byte disponibili
Post-Run: 78.006.628.352 byte disponibili
.
- - End Of File - - C2902C92A22DAA5F785C1CD0A9E59614
langoliere
Newbie
 
Post: 7
Iscritto il: 20/07/12 19:11

Re: pagine pubblicitarie che si aprono da sole

Postdi FrancescoFDAC » 21/07/12 16:41

Il PC è a posto.
Riscontri ancora i soliti problemi?

Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe
● posiziona il tool sul Desktop
termina tutti i programmi attivi, comprese le pagine Internet
● avvia il tool con un doppio click
● clicca, in basso a sinistra, sul pulsante Start
scomparirà, per qualche istante, il Desktop: nulla di cui preoccuparsi
● attendi pazientemente il termine delle operazioni
● clicca, in basso a destra, sul pulsante Exit
● una volta terminate le operazioni, chiudi il programma

Nota - riguardo al programma:
TFC by OldTimer serve ad eliminare i file temporeanei di tutti gli utenti, con facilità e velocemente

Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
● posiziona il tool sul Desktop
● chiudi tutti i programmi attivi
● avvia il tool con un doppio click
● clicca sul pulsante CleanUp!
● il programma chiede di riavviare il sistema: consenti, cliccando su Yes per due volte

Nota - riguardo al programma:
OTC by OldTimer serve ad eliminare i programmi che abbiamo utilizzato per la pulizia (ComboFix in particolare) in modo automatico e preciso: al riavvio non noterai più l'icona di ComboFix, è del tutto normale
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 10:53

Re: pagine pubblicitarie che si aprono da sole

Postdi langoliere » 21/07/12 16:48

Grazie mille, il problema si è risolto!
Ciao e grazie ancora
langoliere
Newbie
 
Post: 7
Iscritto il: 20/07/12 19:11

Re: pagine pubblicitarie che si aprono da sole

Postdi stefy87 » 26/07/12 08:49

ciao ragazzi.. ho lo stesso problema anche io.. uso firefox come browser e si aprono pagine pubblicitarie da sole.. ho fatto una scansione con combofix (ci ha impiegato quasi 4ore).. mi aiutate a risolvere il problema?? Grazie.

Ecco il log:



ComboFix 12-07-25.04 - Fra87 25/07/2012 13:45:11.10.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.3039.2340 [GMT 2:00]
Eseguito da: c:\users\Fra87\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB62037$
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-25 al 2012-07-25 )))))))))))))))))))))))))))))))))))
.
.
2012-07-25 13:48 . 2012-07-25 13:49 -------- d-----w- c:\users\Fra87\AppData\Local\temp
2012-07-25 13:48 . 2012-07-25 13:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-25 13:48 . 2012-07-25 13:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 07:25 . 2012-07-15 07:25 -------- d-----w- c:\program files\KaraFun Player
2012-07-15 07:25 . 2012-07-15 07:25 -------- d-----w- c:\programdata\Recisio
2012-07-13 13:31 . 2012-07-13 13:31 -------- d-----w- c:\program files\Common Files\Java
2012-07-13 13:30 . 2012-07-13 13:30 -------- d-----w- c:\program files\Oracle
2012-07-13 13:29 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-11 06:49 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 09:12 . 2012-07-06 09:12 -------- d-----w- c:\program files\SolidDocuments
2012-06-29 05:14 . 2012-06-29 05:14 -------- d-----w- c:\users\Fra87\AppData\Local\Macromedia
2012-06-28 21:27 . 2012-07-15 07:48 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 07:48 . 2011-05-13 09:58 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 20:06 . 2010-10-14 18:44 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 22:19 . 2012-06-21 05:29 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 05:29 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 05:29 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 05:29 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 05:29 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 05:29 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 05:29 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 05:29 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 05:29 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-04 09:59 . 2012-06-13 09:40 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-05-01 04:44 . 2012-06-13 09:40 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 04:41 . 2012-06-13 09:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:17 . 2012-06-13 09:41 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2010-11-26 11:07 . 2003-05-01 08:36 114688 ----a-w- c:\program files\internet explorer\plugins\LV7ActiveXControl.dll
2012-07-18 23:49 . 2012-02-19 18:55 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Fra87\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Fra87\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Fra87\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Fra87^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Fra87\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Fra87^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^My 190.lnk]
path=c:\users\Fra87\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\My 190.lnk
backup=c:\windows\pss\My 190.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Fra87^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\users\Fra87\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Fra87^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Widget vodafone.lnk]
path=c:\users\Fra87\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Widget vodafone.lnk
backup=c:\windows\pss\Widget vodafone.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-11 21:23 138096 ----atw- c:\users\Fra87\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 14:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2011-08-22 09:01 593920 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2010-11-26 11:03 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-10-03 09:40 13826664 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService]
2012-02-27 12:43 801792 ----a-w- c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-11-26 11:14 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-24 09:07 323640 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2011-10-14 02:36 2299176 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2010-03-23 12:53 495708 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 netw5v32;Driver scheda Intel(R) Wireless WiFi Link serie 5000 per Windows Vista a 32 bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI67C1.tmp [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [x]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s32;Driver scheda Intel(R) Wireless WiFi Link per Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 07:48]
.
2012-07-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4021717487-4071312244-3791817859-1000Core.job
- c:\users\Fra87\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-15 21:23]
.
2012-07-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4021717487-4071312244-3791817859-1000UA.job
- c:\users\Fra87\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-15 21:23]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-09 10:30]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-09 10:30]
.
.
------- Scansione supplementare -------
.
uStart Page = https://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Fra87\AppData\Roaming\Mozilla\Firefox\Profiles\mpesrg13.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - user.js: extentions.y2layers.installId - 64ccd781-9e90-4c6f-8568-8ee41191ad11
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI67C1.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,f8,24,b8,60,3d,af,4b,a3,04,ff,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,f8,24,b8,60,3d,af,4b,a3,04,ff,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-07-25 15:51:32
ComboFix-quarantined-files.txt 2012-07-25 13:51
.
Pre-Run: 27.134.668.800 byte disponibili
Post-Run: 26.837.180.416 byte disponibili
.
- - End Of File - - 266C28F31C8BC3DFB6B6AAE466E0D8C3
stefy87
Utente Junior
 
Post: 70
Iscritto il: 26/07/12 08:44

Re: pagine pubblicitarie che si aprono da sole

Postdi FrancescoFDAC » 26/07/12 10:55

Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● clicca due volte sul file TDSSKiller.exe per avviare l'applicazione
● successivamente premi il pulsante Start scan

Nota - riguardo al programma:
● non cliccare sul pulsante Stop scan per nessun motivo, la scansione si interromperebbe

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure: clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip: clicca quindi su Continua
● se non viene rilevato nulla, chiudi semplicemente il programma al termine della scansione

Una volta terminata la scansione, si presenterà una di queste due opzioni:
non è necessario il riavvio del sistema: allega il Report situato nel Disco Locale C:\, di nome TDSSKiller.[Version]_[Date]_[Time]_log.txt
● è necessario riavviare il sistema: clicca su Riavvia ora, infine allega il risultato della scansione (si trova nello stesso percorso menzionato poco fa')
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 10:53

Re: pagine pubblicitarie che si aprono da sole

Postdi stefy87 » 26/07/12 13:15

ti ringrazio per la disponibilità e la rapidità nella risposta..
Terminata la scansione non mi è uscita nessuna delle 2frasi.. è semplicemente uscito scritto "suspicious objects were found" e close.. comunque ti allego il risultato della scansione che però è troppo lunga quindi la divido in 2messaggi.. Non riesco ad allegare un file esterno :(


13:08:07.0004 0972 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:08:07.0332 0972 ============================================================
13:08:07.0332 0972 Current date / time: 2012/07/26 13:08:07.0332
13:08:07.0347 0972 SystemInfo:
13:08:07.0347 0972
13:08:07.0347 0972 OS Version: 6.1.7601 ServicePack: 1.0
13:08:07.0347 0972 Product type: Workstation
13:08:07.0347 0972 ComputerName: FRA87-PC
13:08:07.0347 0972 UserName: Fra87
13:08:07.0347 0972 Windows directory: C:\Windows
13:08:07.0347 0972 System windows directory: C:\Windows
13:08:07.0347 0972 Processor architecture: Intel x86
13:08:07.0347 0972 Number of processors: 2
13:08:07.0347 0972 Page size: 0x1000
13:08:07.0347 0972 Boot type: Normal boot
13:08:07.0347 0972 ============================================================
13:08:09.0952 0972 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:08:09.0952 0972 ============================================================
13:08:09.0952 0972 \Device\Harddisk0\DR0:
13:08:09.0952 0972 MBR partitions:
13:08:09.0952 0972 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC350000
13:08:09.0952 0972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x10E74800
13:08:09.0952 0972 ============================================================
13:08:09.0999 0972 C: <-> \Device\Harddisk0\DR0\Partition0
13:08:10.0093 0972 D: <-> \Device\Harddisk0\DR0\Partition1
13:08:10.0093 0972 ============================================================
13:08:10.0093 0972 Initialize success
13:08:10.0093 0972 ============================================================
13:08:12.0526 4660 ============================================================
13:08:12.0526 4660 Scan started
13:08:12.0526 4660 Mode: Manual;
13:08:12.0526 4660 ============================================================
13:08:13.0993 4660 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:08:13.0993 4660 1394ohci - ok
13:08:14.0024 4660 Accelerometer (cc1f1d3d70dc13c2c281488d347d4415) C:\Windows\system32\DRIVERS\Accelerometer.sys
13:08:14.0024 4660 Accelerometer - ok
13:08:14.0055 4660 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:08:14.0055 4660 ACPI - ok
13:08:14.0071 4660 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:08:14.0071 4660 AcpiPmi - ok
13:08:14.0196 4660 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:08:14.0196 4660 AdobeFlashPlayerUpdateSvc - ok
13:08:14.0242 4660 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:08:14.0258 4660 adp94xx - ok
13:08:14.0258 4660 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:08:14.0274 4660 adpahci - ok
13:08:14.0274 4660 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:08:14.0289 4660 adpu320 - ok
13:08:14.0320 4660 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
13:08:14.0320 4660 AeLookupSvc - ok
13:08:14.0445 4660 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
13:08:14.0445 4660 AESTFilters - ok
13:08:14.0508 4660 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:08:14.0523 4660 AFD - ok
13:08:14.0570 4660 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:08:14.0570 4660 agp440 - ok
13:08:14.0601 4660 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:08:14.0601 4660 aic78xx - ok
13:08:14.0617 4660 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
13:08:14.0617 4660 ALG - ok
13:08:14.0632 4660 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:08:14.0632 4660 aliide - ok
13:08:14.0664 4660 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:08:14.0664 4660 amdagp - ok
13:08:14.0679 4660 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:08:14.0679 4660 amdide - ok
13:08:14.0695 4660 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:08:14.0695 4660 AmdK8 - ok
13:08:14.0726 4660 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:08:14.0726 4660 AmdPPM - ok
13:08:14.0757 4660 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:08:14.0757 4660 amdsata - ok
13:08:14.0788 4660 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:08:14.0788 4660 amdsbs - ok
13:08:14.0820 4660 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:08:14.0820 4660 amdxata - ok
13:08:14.0835 4660 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:08:14.0851 4660 AppID - ok
13:08:14.0866 4660 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
13:08:14.0882 4660 AppIDSvc - ok
13:08:14.0913 4660 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
13:08:14.0913 4660 Appinfo - ok
13:08:14.0944 4660 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
13:08:14.0944 4660 AppMgmt - ok
13:08:14.0976 4660 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:08:14.0976 4660 arc - ok
13:08:14.0976 4660 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:08:14.0976 4660 arcsas - ok
13:08:14.0991 4660 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:08:14.0991 4660 AsyncMac - ok
13:08:15.0022 4660 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:08:15.0022 4660 atapi - ok
13:08:15.0069 4660 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:08:15.0085 4660 AudioEndpointBuilder - ok
13:08:15.0085 4660 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:08:15.0100 4660 Audiosrv - ok
13:08:15.0147 4660 AVerAF15 (631a90a5ee45f77cfcdf3e9296e29628) C:\Windows\system32\Drivers\AVerAF15.sys
13:08:15.0178 4660 AVerAF15 - ok
13:08:15.0506 4660 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\avgidsagent.exe
13:08:15.0537 4660 AVGIDSAgent - ok
13:08:15.0693 4660 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
13:08:15.0693 4660 AVGIDSDriver - ok
13:08:15.0724 4660 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
13:08:15.0724 4660 AVGIDSFilter - ok
13:08:15.0771 4660 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
13:08:15.0771 4660 AVGIDSHX - ok
13:08:15.0802 4660 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
13:08:15.0802 4660 AVGIDSShim - ok
13:08:15.0865 4660 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
13:08:15.0880 4660 Avgldx86 - ok
13:08:15.0912 4660 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
13:08:15.0912 4660 Avgmfx86 - ok
13:08:15.0990 4660 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
13:08:15.0990 4660 Avgrkx86 - ok
13:08:16.0052 4660 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
13:08:16.0052 4660 Avgtdix - ok
13:08:16.0083 4660 avgtp (684de9d6e62bfb177aabed3c62fdeab3) C:\Windows\system32\drivers\avgtpx86.sys
13:08:16.0099 4660 avgtp - ok
13:08:16.0208 4660 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
13:08:16.0208 4660 avgwd - ok
13:08:16.0239 4660 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
13:08:16.0255 4660 AxInstSV - ok
13:08:16.0302 4660 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:08:16.0302 4660 b06bdrv - ok
13:08:16.0333 4660 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:08:16.0348 4660 b57nd60x - ok
13:08:16.0395 4660 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
13:08:16.0395 4660 BDESVC - ok
13:08:16.0426 4660 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:08:16.0426 4660 Beep - ok
13:08:16.0473 4660 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
13:08:16.0473 4660 BFE - ok
13:08:16.0536 4660 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
13:08:16.0551 4660 BITS - ok
13:08:16.0582 4660 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:08:16.0582 4660 blbdrive - ok
13:08:16.0629 4660 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:08:16.0629 4660 bowser - ok
13:08:16.0645 4660 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:08:16.0645 4660 BrFiltLo - ok
13:08:16.0660 4660 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:08:16.0660 4660 BrFiltUp - ok
13:08:16.0738 4660 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
13:08:16.0738 4660 BridgeMP - ok
13:08:16.0770 4660 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
13:08:16.0770 4660 Browser - ok
13:08:16.0816 4660 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:08:16.0816 4660 Brserid - ok
13:08:16.0832 4660 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:08:16.0848 4660 BrSerWdm - ok
13:08:16.0863 4660 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:08:16.0863 4660 BrUsbMdm - ok
13:08:16.0879 4660 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:08:16.0879 4660 BrUsbSer - ok
13:08:16.0926 4660 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
13:08:16.0926 4660 BthEnum - ok
13:08:16.0957 4660 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:08:16.0957 4660 BTHMODEM - ok
13:08:16.0988 4660 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
13:08:17.0004 4660 BthPan - ok
13:08:17.0035 4660 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
13:08:17.0050 4660 BTHPORT - ok
13:08:17.0097 4660 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
13:08:17.0097 4660 bthserv - ok
13:08:17.0113 4660 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
13:08:17.0113 4660 BTHUSB - ok
13:08:17.0253 4660 catchme - ok
13:08:17.0284 4660 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:08:17.0284 4660 cdfs - ok
13:08:17.0316 4660 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
13:08:17.0331 4660 cdrom - ok
13:08:17.0362 4660 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:08:17.0362 4660 CertPropSvc - ok
13:08:17.0378 4660 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:08:17.0394 4660 circlass - ok
13:08:17.0425 4660 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:08:17.0425 4660 CLFS - ok
13:08:17.0503 4660 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:08:17.0503 4660 clr_optimization_v2.0.50727_32 - ok
13:08:17.0565 4660 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:08:17.0596 4660 clr_optimization_v4.0.30319_32 - ok
13:08:17.0628 4660 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:08:17.0628 4660 CmBatt - ok
13:08:17.0659 4660 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:08:17.0659 4660 cmdide - ok
13:08:17.0721 4660 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
13:08:17.0721 4660 CNG - ok
13:08:17.0737 4660 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:08:17.0737 4660 Compbatt - ok
13:08:17.0768 4660 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:08:17.0768 4660 CompositeBus - ok
13:08:17.0768 4660 COMSysApp - ok
13:08:17.0784 4660 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:08:17.0784 4660 crcdisk - ok
13:08:17.0815 4660 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
13:08:17.0830 4660 CryptSvc - ok
13:08:17.0877 4660 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
13:08:17.0877 4660 CSC - ok
13:08:17.0924 4660 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
13:08:17.0924 4660 CscService - ok
13:08:17.0955 4660 cvintdrv (310c5ec0b4278211089f0a5e915d025f) C:\Windows\system32\drivers\cvintdrv.sys
13:08:17.0955 4660 cvintdrv - ok
13:08:18.0002 4660 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:08:18.0002 4660 DcomLaunch - ok
13:08:18.0064 4660 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
13:08:18.0064 4660 defragsvc - ok
13:08:18.0096 4660 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:08:18.0096 4660 DfsC - ok
13:08:18.0111 4660 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
13:08:18.0127 4660 Dhcp - ok
13:08:18.0142 4660 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:08:18.0158 4660 discache - ok
13:08:18.0174 4660 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:08:18.0174 4660 Disk - ok
13:08:18.0205 4660 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
13:08:18.0205 4660 Dnscache - ok
13:08:18.0236 4660 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
13:08:18.0236 4660 dot3svc - ok
13:08:18.0283 4660 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
13:08:18.0283 4660 Dot4 - ok
13:08:18.0330 4660 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:08:18.0330 4660 Dot4Print - ok
13:08:18.0345 4660 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
13:08:18.0361 4660 dot4usb - ok
13:08:18.0392 4660 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
13:08:18.0392 4660 DPS - ok
13:08:18.0423 4660 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:08:18.0423 4660 drmkaud - ok
13:08:18.0486 4660 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:08:18.0486 4660 DXGKrnl - ok
13:08:18.0532 4660 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
13:08:18.0532 4660 EapHost - ok
13:08:18.0688 4660 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:08:18.0720 4660 ebdrv - ok
13:08:18.0844 4660 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
13:08:18.0844 4660 EFS - ok
13:08:18.0922 4660 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
13:08:18.0938 4660 ehRecvr - ok
13:08:18.0969 4660 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
13:08:18.0969 4660 ehSched - ok
13:08:19.0047 4660 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:08:19.0063 4660 elxstor - ok
13:08:19.0094 4660 enecir (f13c945115b8a8c7c4427d5925f88f23) C:\Windows\system32\DRIVERS\enecir.sys
13:08:19.0094 4660 enecir - ok
13:08:19.0125 4660 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:08:19.0125 4660 ErrDev - ok
13:08:19.0172 4660 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
13:08:19.0172 4660 EventSystem - ok
13:08:19.0188 4660 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:08:19.0203 4660 exfat - ok
13:08:19.0234 4660 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:08:19.0234 4660 fastfat - ok
13:08:19.0281 4660 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
13:08:19.0281 4660 Fax - ok
13:08:19.0312 4660 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:08:19.0312 4660 fdc - ok
13:08:19.0328 4660 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
13:08:19.0328 4660 fdPHost - ok
13:08:19.0359 4660 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
13:08:19.0359 4660 FDResPub - ok
13:08:19.0375 4660 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:08:19.0375 4660 FileInfo - ok
13:08:19.0390 4660 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:08:19.0390 4660 Filetrace - ok
13:08:19.0422 4660 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:08:19.0437 4660 flpydisk - ok
13:08:19.0453 4660 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:08:19.0453 4660 FltMgr - ok
13:08:19.0531 4660 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
13:08:19.0531 4660 FontCache - ok
13:08:19.0640 4660 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:08:19.0640 4660 FontCache3.0.0.0 - ok
13:08:19.0671 4660 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:08:19.0671 4660 FsDepends - ok
13:08:19.0718 4660 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
13:08:19.0718 4660 Fs_Rec - ok
13:08:19.0765 4660 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:08:19.0765 4660 fvevol - ok
13:08:19.0796 4660 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:08:19.0796 4660 gagp30kx - ok
13:08:19.0858 4660 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
13:08:19.0858 4660 gpsvc - ok
13:08:19.0999 4660 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:08:19.0999 4660 gupdate - ok
13:08:20.0030 4660 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:08:20.0030 4660 gupdatem - ok
13:08:20.0061 4660 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:08:20.0061 4660 hcw85cir - ok
13:08:20.0124 4660 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
13:08:20.0124 4660 HdAudAddService - ok
13:08:20.0139 4660 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:08:20.0155 4660 HDAudBus - ok
13:08:20.0170 4660 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:08:20.0170 4660 HidBatt - ok
13:08:20.0186 4660 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:08:20.0186 4660 HidBth - ok
13:08:20.0217 4660 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:08:20.0217 4660 HidIr - ok
13:08:20.0248 4660 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
13:08:20.0248 4660 hidserv - ok
13:08:20.0264 4660 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
13:08:20.0264 4660 HidUsb - ok
13:08:20.0311 4660 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
13:08:20.0311 4660 hkmsvc - ok
13:08:20.0358 4660 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
13:08:20.0373 4660 HomeGroupListener - ok
13:08:20.0404 4660 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
13:08:20.0404 4660 HomeGroupProvider - ok
13:08:20.0451 4660 hpdskflt (4ef10b866c62abbeaf7511cdd05a19be) C:\Windows\system32\DRIVERS\hpdskflt.sys
13:08:20.0451 4660 hpdskflt - ok
13:08:20.0576 4660 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:08:20.0576 4660 hpqcxs08 - ok
13:08:20.0592 4660 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:08:20.0592 4660 hpqddsvc - ok
13:08:20.0623 4660 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
13:08:20.0638 4660 HpqKbFiltr - ok
13:08:20.0716 4660 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
13:08:20.0716 4660 hpqwmiex - ok
13:08:20.0763 4660 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:08:20.0763 4660 HpSAMD - ok
13:08:20.0810 4660 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
13:08:20.0810 4660 HPSLPSVC - ok
13:08:20.0857 4660 hpsrv (c0beb56ed79b59b7b33d0aa6c38a0ba6) C:\Windows\system32\Hpservice.exe
13:08:20.0857 4660 hpsrv - ok
13:08:20.0872 4660 HTCAND32 - ok
13:08:20.0919 4660 htcnprot (d083ed6444a4b86c1dbc19911b8a066f) C:\Windows\system32\DRIVERS\htcnprot.sys
13:08:20.0919 4660 Suspicious file (Forged): C:\Windows\system32\DRIVERS\htcnprot.sys. Real md5: d083ed6444a4b86c1dbc19911b8a066f, Fake md5: bc2432b0c085142ad707ed2ef20d3d0f
13:08:20.0919 4660 htcnprot ( ForgedFile.Multi.Generic ) - warning
13:08:20.0919 4660 htcnprot - detected ForgedFile.Multi.Generic (1)
13:08:20.0982 4660 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:08:20.0982 4660 HTTP - ok
13:08:21.0013 4660 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:08:21.0013 4660 hwpolicy - ok
13:08:21.0060 4660 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
13:08:21.0060 4660 i8042prt - ok
13:08:21.0106 4660 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
13:08:21.0106 4660 iaStorV - ok
13:08:21.0247 4660 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:08:21.0262 4660 idsvc - ok
13:08:21.0356 4660 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:08:21.0356 4660 iirsp - ok
13:08:21.0418 4660 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
13:08:21.0434 4660 IKEEXT - ok
13:08:21.0465 4660 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:08:21.0465 4660 intelide - ok
13:08:21.0481 4660 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:08:21.0481 4660 intelppm - ok
13:08:21.0512 4660 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
13:08:21.0528 4660 IPBusEnum - ok
13:08:21.0528 4660 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:08:21.0528 4660 IpFilterDriver - ok
13:08:21.0590 4660 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
13:08:21.0606 4660 iphlpsvc - ok
13:08:21.0637 4660 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:08:21.0637 4660 IPMIDRV - ok
13:08:21.0652 4660 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:08:21.0652 4660 IPNAT - ok
13:08:21.0668 4660 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:08:21.0684 4660 IRENUM - ok
13:08:21.0699 4660 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:08:21.0699 4660 isapnp - ok
13:08:21.0730 4660 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:08:21.0730 4660 iScsiPrt - ok
13:08:21.0762 4660 JMCR (a69a1b991824b98f744913555f665893) C:\Windows\system32\DRIVERS\jmcr.sys
13:08:21.0777 4660 JMCR - ok
13:08:21.0777 4660 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:08:21.0777 4660 kbdclass - ok
13:08:21.0824 4660 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
13:08:21.0824 4660 kbdhid - ok
13:08:21.0855 4660 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:08:21.0855 4660 KeyIso - ok
13:08:21.0902 4660 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
13:08:21.0902 4660 KSecDD - ok
13:08:21.0933 4660 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
13:08:21.0933 4660 KSecPkg - ok
13:08:21.0980 4660 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
13:08:21.0980 4660 KtmRm - ok
13:08:22.0027 4660 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
13:08:22.0027 4660 LanmanServer - ok
13:08:22.0074 4660 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
13:08:22.0074 4660 LanmanWorkstation - ok
13:08:22.0183 4660 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
13:08:22.0198 4660 LightScribeService - ok
13:08:22.0245 4660 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:08:22.0245 4660 lltdio - ok
13:08:22.0292 4660 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
13:08:22.0292 4660 lltdsvc - ok
13:08:22.0323 4660 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
13:08:22.0323 4660 lmhosts - ok
13:08:22.0354 4660 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:08:22.0370 4660 LSI_FC - ok
13:08:22.0386 4660 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:08:22.0386 4660 LSI_SAS - ok
13:08:22.0386 4660 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:08:22.0386 4660 LSI_SAS2 - ok
13:08:22.0417 4660 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:08:22.0417 4660 LSI_SCSI - ok
13:08:22.0432 4660 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:08:22.0448 4660 luafv - ok
13:08:22.0479 4660 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
13:08:22.0479 4660 Mcx2Svc - ok
13:08:22.0495 4660 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:08:22.0495 4660 megasas - ok
13:08:22.0526 4660 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:08:22.0526 4660 MegaSR - ok
13:08:22.0635 4660 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:08:22.0651 4660 Microsoft Office Groove Audit Service - ok
13:08:22.0682 4660 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:08:22.0682 4660 MMCSS - ok
13:08:22.0698 4660 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:08:22.0713 4660 Modem - ok
13:08:22.0744 4660 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:08:22.0744 4660 monitor - ok
13:08:22.0776 4660 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
13:08:22.0791 4660 mouclass - ok
13:08:22.0791 4660 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:08:22.0791 4660 mouhid - ok
13:08:22.0822 4660 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:08:22.0822 4660 mountmgr - ok
13:08:22.0869 4660 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:08:22.0869 4660 mpio - ok
13:08:22.0885 4660 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:08:22.0900 4660 mpsdrv - ok
13:08:22.0947 4660 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
13:08:22.0963 4660 MpsSvc - ok
13:08:22.0994 4660 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:08:22.0994 4660 MRxDAV - ok
13:08:23.0041 4660 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:08:23.0056 4660 mrxsmb - ok
13:08:23.0103 4660 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:08:23.0103 4660 mrxsmb10 - ok
13:08:23.0134 4660 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:08:23.0134 4660 mrxsmb20 - ok
13:08:23.0166 4660 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:08:23.0166 4660 msahci - ok
13:08:23.0212 4660 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:08:23.0212 4660 msdsm - ok
13:08:23.0259 4660 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
13:08:23.0259 4660 MSDTC - ok
13:08:23.0306 4660 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:08:23.0306 4660 Msfs - ok
13:08:23.0322 4660 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:08:23.0322 4660 mshidkmdf - ok
13:08:23.0353 4660 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:08:23.0353 4660 msisadrv - ok
13:08:23.0368 4660 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
13:08:23.0384 4660 MSiSCSI - ok
13:08:23.0384 4660 msiserver - ok
13:08:23.0400 4660 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:08:23.0400 4660 MSKSSRV - ok
13:08:23.0431 4660 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:08:23.0431 4660 MSPCLOCK - ok
13:08:23.0446 4660 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:08:23.0446 4660 MSPQM - ok
13:08:23.0478 4660 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:08:23.0478 4660 MsRPC - ok
13:08:23.0509 4660 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:08:23.0509 4660 mssmbios - ok
13:08:23.0540 4660 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:08:23.0540 4660 MSTEE - ok
13:08:23.0556 4660 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:08:23.0556 4660 MTConfig - ok
13:08:23.0587 4660 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:08:23.0587 4660 Mup - ok
13:08:23.0634 4660 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
13:08:23.0634 4660 napagent - ok
13:08:23.0665 4660 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:08:23.0665 4660 NativeWifiP - ok
13:08:23.0727 4660 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:08:23.0743 4660 NDIS - ok
13:08:23.0774 4660 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:08:23.0774 4660 NdisCap - ok
13:08:23.0805 4660 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:08:23.0805 4660 NdisTapi - ok
13:08:23.0805 4660 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:08:23.0805 4660 Ndisuio - ok
13:08:23.0852 4660 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:08:23.0852 4660 NdisWan - ok
13:08:23.0868 4660 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:08:23.0868 4660 NDProxy - ok
13:08:24.0008 4660 Nero BackItUp Scheduler 4.0 (c7f5c284b6f46fcaf6910ea4e644700b) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
13:08:24.0008 4660 Nero BackItUp Scheduler 4.0 - ok
13:08:24.0055 4660 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
13:08:24.0070 4660 Net Driver HPZ12 - ok
13:08:24.0086 4660 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:08:24.0086 4660 NetBIOS - ok
13:08:24.0133 4660 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:08:24.0133 4660 NetBT - ok
13:08:24.0164 4660 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:08:24.0164 4660 Netlogon - ok
13:08:24.0211 4660 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
13:08:24.0211 4660 Netman - ok
13:08:24.0242 4660 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
13:08:24.0242 4660 netprofm - ok
13:08:24.0367 4660 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:08:24.0367 4660 NetTcpPortSharing - ok
13:08:24.0679 4660 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
13:08:24.0850 4660 NETw5s32 - ok
13:08:25.0147 4660 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
13:08:25.0240 4660 netw5v32 - ok
13:08:25.0365 4660 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:08:25.0365 4660 nfrd960 - ok
13:08:25.0506 4660 NILM License manager (4f41dfdd2f7537ae3c37988d8bc81976) C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
13:08:25.0599 4660 NILM License manager - ok
13:08:25.0599 4660 niSvcLoc - ok
13:08:25.0646 4660 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
13:08:25.0646 4660 NlaSvc - ok
13:08:25.0662 4660 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:08:25.0677 4660 Npfs - ok
13:08:25.0693 4660 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
13:08:25.0693 4660 nsi - ok
13:08:25.0724 4660 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:08:25.0740 4660 nsiproxy - ok
13:08:25.0818 4660 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
13:08:25.0833 4660 Ntfs - ok
13:08:25.0974 4660 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:08:25.0974 4660 Null - ok
13:08:26.0395 4660 nvlddmkm (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:08:26.0457 4660 nvlddmkm - ok
13:08:26.0582 4660 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:08:26.0582 4660 nvraid - ok
13:08:26.0598 4660 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:08:26.0598 4660 nvstor - ok
13:08:26.0660 4660 nvsvc (c4d17f11526f87bc762f31da5bd2580b) C:\Windows\system32\nvvsvc.exe
13:08:26.0660 4660 nvsvc - ok
13:08:26.0691 4660 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:08:26.0707 4660 nv_agp - ok
13:08:26.0847 4660 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:08:26.0847 4660 odserv - ok
13:08:26.0878 4660 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:08:26.0878 4660 ohci1394 - ok
13:08:26.0925 4660 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:08:26.0925 4660 ose - ok
13:08:26.0972 4660 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:08:26.0972 4660 p2pimsvc - ok
13:08:27.0003 4660 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
13:08:27.0019 4660 p2psvc - ok
13:08:27.0050 4660 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:08:27.0050 4660 Parport - ok
13:08:27.0097 4660 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
13:08:27.0097 4660 partmgr - ok
13:08:27.0128 4660 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:08:27.0128 4660 Parvdm - ok
13:08:27.0206 4660 PassThru Service (68139940b5ac84affb7eb1b713be66e7) C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
13:08:27.0222 4660 PassThru Service - ok
13:08:27.0268 4660 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
13:08:27.0268 4660 PcaSvc - ok
13:08:27.0315 4660 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:08:27.0315 4660 pci - ok
13:08:27.0331 4660 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:08:27.0331 4660 pciide - ok
13:08:27.0362 4660 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:08:27.0378 4660 pcmcia - ok
13:08:27.0393 4660 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:08:27.0393 4660 pcw - ok
13:08:27.0440 4660 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:08:27.0440 4660 PEAUTH - ok
13:08:27.0518 4660 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
13:08:27.0534 4660 PeerDistSvc - ok
13:08:27.0627 4660 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
13:08:27.0658 4660 pla - ok
13:08:27.0799 4660 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
13:08:27.0799 4660 PlugPlay - ok
13:08:27.0830 4660 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
13:08:27.0846 4660 Pml Driver HPZ12 - ok
13:08:27.0861 4660 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
13:08:27.0861 4660 PNRPAutoReg - ok
13:08:27.0892 4660 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:08:27.0892 4660 PNRPsvc - ok
13:08:27.0955 4660 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
13:08:27.0955 4660 PolicyAgent - ok
13:08:27.0986 4660 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
13:08:28.0002 4660 Power - ok
13:08:28.0064 4660 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:08:28.0064 4660 PptpMiniport - ok
13:08:28.0080 4660 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:08:28.0080 4660 Processor - ok
13:08:28.0126 4660 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
13:08:28.0126 4660 ProfSvc - ok
13:08:28.0158 4660 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:08:28.0158 4660 ProtectedStorage - ok
13:08:28.0173 4660 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:08:28.0189 4660 Psched - ok
13:08:28.0251 4660 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:08:28.0267 4660 ql2300 - ok
13:08:28.0407 4660 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:08:28.0407 4660 ql40xx - ok
13:08:28.0454 4660 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
13:08:28.0470 4660 QWAVE - ok
13:08:28.0501 4660 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:08:28.0501 4660 QWAVEdrv - ok
13:08:28.0516 4660 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:08:28.0516 4660 RasAcd - ok
13:08:28.0563 4660 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:08:28.0563 4660 RasAgileVpn - ok
13:08:28.0594 4660 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
13:08:28.0594 4660 RasAuto - ok
13:08:28.0610 4660 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:08:28.0610 4660 Rasl2tp - ok
13:08:28.0672 4660 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
13:08:28.0672 4660 RasMan - ok
13:08:28.0750 4660 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:08:28.0750 4660 RasPppoe - ok
13:08:28.0766 4660 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:08:28.0782 4660 RasSstp - ok
13:08:28.0797 4660 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:08:28.0797 4660 rdbss - ok
13:08:28.0828 4660 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:08:28.0844 4660 rdpbus - ok
13:08:28.0891 4660 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:08:28.0891 4660 RDPCDD - ok
13:08:28.0938 4660 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
13:08:28.0938 4660 RDPDR - ok
13:08:28.0969 4660 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:08:28.0969 4660 RDPENCDD - ok
13:08:28.0984 4660 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:08:28.0984 4660 RDPREFMP - ok
13:08:29.0078 4660 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
13:08:29.0094 4660 RdpVideoMiniport - ok
13:08:29.0125 4660 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
13:08:29.0140 4660 RDPWD - ok
13:08:29.0156 4660 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:08:29.0156 4660 rdyboost - ok
13:08:29.0203 4660 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
13:08:29.0203 4660 RemoteAccess - ok
13:08:29.0265 4660 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
13:08:29.0265 4660 RemoteRegistry - ok
13:08:29.0312 4660 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
13:08:29.0312 4660 RFCOMM - ok
13:08:29.0328 4660 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
13:08:29.0343 4660 RpcEptMapper - ok
13:08:29.0374 4660 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
13:08:29.0374 4660 RpcLocator - ok
13:08:29.0421 4660 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:08:29.0421 4660 RpcSs - ok
13:08:29.0452 4660 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:08:29.0468 4660 rspndr - ok
13:08:29.0515 4660 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys
13:08:29.0530 4660 RTL8167 - ok
13:08:29.0546 4660 RTL8187 - ok
13:08:29.0577 4660 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
13:08:29.0577 4660 s3cap - ok
13:08:29.0608 4660 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:08:29.0608 4660 SamSs - ok
13:08:29.0655 4660 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:08:29.0655 4660 sbp2port - ok
13:08:29.0686 4660 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
13:08:29.0686 4660 SCardSvr - ok
13:08:29.0733 4660 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys
13:08:29.0733 4660 SCDEmu - ok
13:08:29.0764 4660 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:08:29.0764 4660 scfilter - ok
13:08:29.0842 4660 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
13:08:29.0858 4660 Schedule - ok
13:08:29.0920 4660 SCPDFReadSpool (3ec5f6051f8e678b42c2ea2ed903d503) C:\Windows\Installer\MSI67C1.tmp
13:08:29.0920 4660 SCPDFReadSpool - ok
13:08:29.0936 4660 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:08:29.0952 4660 SCPolicySvc - ok
13:08:29.0983 4660 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
13:08:29.0983 4660 sdbus - ok
13:08:30.0030 4660 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
13:08:30.0030 4660 SDRSVC - ok
13:08:30.0061 4660 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:08:30.0061 4660 secdrv - ok
13:08:30.0092 4660 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
13:08:30.0108 4660 seclogon - ok
13:08:30.0123 4660 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
13:08:30.0123 4660 SENS - ok
13:08:30.0154 4660 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
13:08:30.0154 4660 SensrSvc - ok
13:08:30.0186 4660 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:08:30.0186 4660 Serenum - ok
13:08:30.0201 4660 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:08:30.0201 4660 Serial - ok
13:08:30.0248 4660 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:08:30.0248 4660 sermouse - ok
13:08:30.0295 4660 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
13:08:30.0295 4660 SessionEnv - ok
13:08:30.0342 4660 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:08:30.0342 4660 sffdisk - ok
13:08:30.0373 4660 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:08:30.0373 4660 sffp_mmc - ok
13:08:30.0435 4660 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:08:30.0451 4660 sffp_sd - ok
13:08:30.0513 4660 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:08:30.0513 4660 sfloppy - ok
13:08:30.0638 4660 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
13:08:30.0638 4660 SharedAccess - ok
13:08:30.0763 4660 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
13:08:30.0778 4660 ShellHWDetection - ok
13:08:30.0841 4660 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:08:30.0841 4660 sisagp - ok
13:08:30.0872 4660 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:08:30.0872 4660 SiSRaid2 - ok
13:08:30.0903 4660 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:08:30.0919 4660 SiSRaid4 - ok
13:08:31.0028 4660 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files\Skype\Updater\Updater.exe
13:08:31.0028 4660 SkypeUpdate - ok
13:08:31.0075 4660 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:08:31.0075 4660 Smb - ok
13:08:31.0153 4660 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
13:08:31.0153 4660 SNMPTRAP - ok
13:08:31.0200 4660 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:08:31.0200 4660 spldr - ok
13:08:31.0246 4660 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
13:08:31.0246 4660 Spooler - ok
13:08:31.0449 4660 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
13:08:31.0496 4660 sppsvc - ok
13:08:31.0683 4660 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
13:08:31.0699 4660 sppuinotify - ok
13:08:31.0761 4660 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:08:31.0761 4660 srv - ok
13:08:31.0824 4660 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:08:31.0839 4660 srv2 - ok
13:08:31.0870 4660 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:08:31.0870 4660 srvnet - ok
13:08:31.0917 4660 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
13:08:31.0933 4660 SSDPSRV - ok
13:08:31.0948 4660 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
13:08:31.0948 4660 SstpSvc - ok
13:08:32.0089 4660 STacSV (fe7f776f2590c8331123bda3a3a21de6) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
13:08:32.0104 4660 STacSV - ok
13:08:32.0136 4660 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:08:32.0136 4660 stexstor - ok
13:08:32.0198 4660 STHDA (dadb74bf26766757dbba9c5912969ebf) C:\Windows\system32\DRIVERS\stwrt.sys
13:08:32.0214 4660 STHDA - ok
13:08:32.0245 4660 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
13:08:32.0245 4660 StillCam - ok
13:08:32.0307 4660 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
13:08:32.0323 4660 StiSvc - ok
13:08:32.0354 4660 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
13:08:32.0370 4660 storflt - ok
13:08:32.0385 4660 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
13:08:32.0385 4660 storvsc - ok
13:08:32.0416 4660 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:08:32.0416 4660 swenum - ok
13:08:32.0479 4660 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
13:08:32.0479 4660 swprv - ok
13:08:32.0541 4660 Synth3dVsc - ok
13:08:32.0588 4660 SynTP (6dd49e1a5fa0f01824652f1a0a8866fb) C:\Windows\system32\DRIVERS\SynTP.sys
13:08:32.0588 4660 SynTP - ok
13:08:32.0728 4660 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
13:08:32.0728 4660 SysMain - ok
13:08:32.0775 4660 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
13:08:32.0775 4660 TabletInputService - ok
13:08:32.0853 4660 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
13:08:32.0853 4660 TapiSrv - ok
13:08:32.0931 4660 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
13:08:32.0931 4660 TBS - ok
13:08:33.0056 4660 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
13:08:33.0072 4660 Tcpip - ok
13:08:33.0243 4660 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
13:08:33.0243 4660 TCPIP6 - ok
13:08:33.0399 4660 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:08:33.0399 4660 tcpipreg - ok
13:08:33.0446 4660 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:08:33.0446 4660 TDPIPE - ok
13:08:33.0477 4660 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
13:08:33.0477 4660 TDTCP - ok
13:08:33.0508 4660 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:08:33.0524 4660 tdx - ok
13:08:33.0555 4660 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:08:33.0555 4660 TermDD - ok
13:08:33.0633 4660 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
13:08:33.0649 4660 TermService - ok
13:08:33.0680 4660 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
13:08:33.0680 4660 Themes - ok
13:08:33.0711 4660 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:08:33.0727 4660 THREADORDER - ok
13:08:33.0820 4660 TomTomHOMEService (efef22b9577e5051057fde1ae381b50c) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
13:08:33.0820 4660 TomTomHOMEService - ok
13:08:33.0852 4660 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
13:08:33.0852 4660 TrkWks - ok
13:08:33.0930 4660 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
13:08:33.0930 4660 TrustedInstaller - ok
13:08:33.0976 4660 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:08:33.0976 4660 tssecsrv - ok
13:08:34.0054 4660 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:08:34.0054 4660 TsUsbFlt - ok
13:08:34.0070 4660 tsusbhub - ok
13:08:34.0101 4660 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:08:34.0101 4660 tunnel - ok
13:08:34.0210 4660 TVCapSvc (304a296901461f8dacfb3172cf6103bc) C:\Program Files\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
13:08:34.0226 4660 TVCapSvc - ok
13:08:34.0257 4660 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:08:34.0257 4660 uagp35 - ok
13:08:34.0304 4660 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:08:34.0304 4660 udfs - ok
13:08:34.0351 4660 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
13:08:34.0351 4660 UI0Detect - ok
13:08:34.0398 4660 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:08:34.0398 4660 uliagpkx - ok
13:08:34.0429 4660 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
13:08:34.0444 4660 umbus - ok
13:08:34.0460 4660 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:08:34.0460 4660 UmPass - ok
13:08:34.0507 4660 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
13:08:34.0507 4660 UmRdpService - ok
13:08:34.0538 4660 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
13:08:34.0554 4660 upnphost - ok
13:08:34.0585 4660 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
13:08:34.0600 4660 usbccgp - ok
13:08:34.0616 4660 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:08:34.0616 4660 usbcir - ok
13:08:34.0632 4660 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
13:08:34.0632 4660 usbehci - ok
13:08:34.0663 4660 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:08:34.0663 4660 usbhub - ok
13:08:34.0694 4660 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
13:08:34.0694 4660 usbohci - ok
13:08:34.0741 4660 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:08:34.0741 4660 usbprint - ok
13:08:34.0788 4660 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
13:08:34.0788 4660 usbscan - ok
13:08:34.0819 4660 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:08:34.0834 4660 USBSTOR - ok
13:08:34.0866 4660 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
13:08:34.0866 4660 usbuhci - ok
13:08:34.0912 4660 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
13:08:34.0912 4660 usbvideo - ok
13:08:34.0944 4660 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
13:08:34.0959 4660 UxSms - ok
13:08:34.0990 4660 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:08:34.0990 4660 VaultSvc - ok
stefy87
Utente Junior
 
Post: 70
Iscritto il: 26/07/12 08:44

Re: pagine pubblicitarie che si aprono da sole

Postdi stefy87 » 26/07/12 13:16

13:08:35.0006 4660 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:08:35.0022 4660 vdrvroot - ok
13:08:35.0068 4660 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
13:08:35.0084 4660 vds - ok
13:08:35.0115 4660 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:08:35.0131 4660 vga - ok
13:08:35.0146 4660 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:08:35.0146 4660 VgaSave - ok
13:08:35.0193 4660 VGPU - ok
13:08:35.0240 4660 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:08:35.0240 4660 vhdmp - ok
13:08:35.0271 4660 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:08:35.0271 4660 viaagp - ok
13:08:35.0287 4660 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:08:35.0287 4660 ViaC7 - ok
13:08:35.0318 4660 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:08:35.0318 4660 viaide - ok
13:08:35.0349 4660 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
13:08:35.0349 4660 vmbus - ok
13:08:35.0365 4660 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
13:08:35.0365 4660 VMBusHID - ok
13:08:35.0396 4660 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:08:35.0396 4660 volmgr - ok
13:08:35.0458 4660 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:08:35.0458 4660 volmgrx - ok
13:08:35.0505 4660 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:08:35.0505 4660 volsnap - ok
13:08:35.0536 4660 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:08:35.0536 4660 vsmraid - ok
13:08:35.0599 4660 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
13:08:35.0614 4660 VSS - ok
13:08:35.0739 4660 vToolbarUpdater12.1.5 (3da649c6ec481d8f36b54f33fc01dd1e) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
13:08:35.0755 4660 vToolbarUpdater12.1.5 - ok
13:08:35.0880 4660 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
13:08:35.0880 4660 vwifibus - ok
13:08:35.0895 4660 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
13:08:35.0895 4660 vwififlt - ok
13:08:35.0926 4660 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
13:08:35.0942 4660 vwifimp - ok
13:08:35.0973 4660 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
13:08:35.0989 4660 W32Time - ok
13:08:36.0020 4660 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:08:36.0020 4660 WacomPen - ok
13:08:36.0051 4660 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:08:36.0067 4660 WANARP - ok
13:08:36.0067 4660 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:08:36.0067 4660 Wanarpv6 - ok
13:08:36.0145 4660 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
13:08:36.0160 4660 wbengine - ok
13:08:36.0207 4660 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
13:08:36.0207 4660 WbioSrvc - ok
13:08:36.0254 4660 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
13:08:36.0270 4660 wcncsvc - ok
13:08:36.0285 4660 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
13:08:36.0285 4660 WcsPlugInService - ok
13:08:36.0363 4660 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:08:36.0363 4660 Wd - ok
13:08:36.0410 4660 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:08:36.0410 4660 Wdf01000 - ok
13:08:36.0441 4660 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:08:36.0457 4660 WdiServiceHost - ok
13:08:36.0457 4660 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:08:36.0457 4660 WdiSystemHost - ok
13:08:36.0504 4660 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
13:08:36.0519 4660 WebClient - ok
13:08:36.0550 4660 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
13:08:36.0566 4660 Wecsvc - ok
13:08:36.0582 4660 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
13:08:36.0597 4660 wercplsupport - ok
13:08:36.0613 4660 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
13:08:36.0613 4660 WerSvc - ok
13:08:36.0644 4660 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:08:36.0644 4660 WfpLwf - ok
13:08:36.0660 4660 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:08:36.0660 4660 WIMMount - ok
13:08:36.0769 4660 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
13:08:36.0769 4660 WinDefend - ok
13:08:36.0784 4660 WinHttpAutoProxySvc - ok
13:08:36.0862 4660 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
13:08:36.0862 4660 Winmgmt - ok
13:08:36.0956 4660 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
13:08:36.0972 4660 WinRM - ok
13:08:37.0050 4660 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
13:08:37.0065 4660 Wlansvc - ok
13:08:37.0252 4660 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:08:37.0268 4660 wlidsvc - ok
13:08:37.0393 4660 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:08:37.0393 4660 WmiAcpi - ok
13:08:37.0471 4660 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
13:08:37.0471 4660 wmiApSrv - ok
13:08:37.0611 4660 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:08:37.0611 4660 WMPNetworkSvc - ok
13:08:37.0720 4660 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
13:08:37.0720 4660 WPCSvc - ok
13:08:37.0767 4660 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
13:08:37.0767 4660 WPDBusEnum - ok
13:08:37.0814 4660 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:08:37.0814 4660 ws2ifsl - ok
13:08:37.0861 4660 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
13:08:37.0861 4660 wscsvc - ok
13:08:37.0876 4660 WSearch - ok
13:08:37.0986 4660 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
13:08:38.0017 4660 wuauserv - ok
13:08:38.0157 4660 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:08:38.0157 4660 WudfPf - ok
13:08:38.0173 4660 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:08:38.0173 4660 WUDFRd - ok
13:08:38.0204 4660 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
13:08:38.0204 4660 wudfsvc - ok
13:08:38.0251 4660 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
13:08:38.0251 4660 WwanSvc - ok
13:08:38.0329 4660 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:08:38.0766 4660 \Device\Harddisk0\DR0 - ok
13:08:38.0813 4660 Boot (0x1200) (1c32f8fcbb1cf3f038257f387d6a0710) \Device\Harddisk0\DR0\Partition0
13:08:38.0813 4660 \Device\Harddisk0\DR0\Partition0 - ok
13:08:38.0828 4660 Boot (0x1200) (2c4c36a3a99eb25102af4dbf08b417e9) \Device\Harddisk0\DR0\Partition1
13:08:38.0828 4660 \Device\Harddisk0\DR0\Partition1 - ok
13:08:38.0828 4660 ============================================================
13:08:38.0828 4660 Scan finished
13:08:38.0828 4660 ============================================================
13:08:38.0844 4652 Detected object count: 1
13:08:38.0844 4652 Actual detected object count: 1
13:09:20.0162 4652 htcnprot ( ForgedFile.Multi.Generic ) - skipped by user
13:09:20.0162 4652 htcnprot ( ForgedFile.Multi.Generic ) - User select action: Skip
13:09:49.0666 1444 Deinitialize success
stefy87
Utente Junior
 
Post: 70
Iscritto il: 26/07/12 08:44

Re: pagine pubblicitarie che si aprono da sole

Postdi FrancescoFDAC » 26/07/12 13:52

Riscontri sempre il solito problema?
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 10:53

Re: pagine pubblicitarie che si aprono da sole

Postdi stefy87 » 27/07/12 11:17

si.. anche se non sempre!
stefy87
Utente Junior
 
Post: 70
Iscritto il: 26/07/12 08:44

Re: pagine pubblicitarie che si aprono da sole

Postdi FrancescoFDAC » 27/07/12 13:04

A me non risultano infezioni attive.

Prova a installare AdBlock e NoScript, e vedrai che non compariranno più.

Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe
● posiziona il tool sul Desktop
termina tutti i programmi attivi, comprese le pagine Internet
● avvia il tool con un doppio click
● clicca, in basso a sinistra, sul pulsante Start
scomparirà, per qualche istante, il Desktop: nulla di cui preoccuparsi
● attendi pazientemente il termine delle operazioni
● clicca, in basso a destra, sul pulsante Exit
● una volta terminate le operazioni, chiudi il programma

Nota - riguardo al programma:
TFC by OldTimer serve ad eliminare i file temporeanei di tutti gli utenti, con facilità e velocemente

Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
● posiziona il tool sul Desktop
● chiudi tutti i programmi attivi
● avvia il tool con un doppio click
● clicca sul pulsante CleanUp!
● il programma chiede di riavviare il sistema: consenti, cliccando su Yes per due volte

Nota - riguardo al programma:
OTC by OldTimer serve ad eliminare i programmi che abbiamo utilizzato per la pulizia (ComboFix in particolare) in modo automatico e preciso: al riavvio non noterai più l'icona di ComboFix, è del tutto normale
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 10:53

Re: pagine pubblicitarie che si aprono da sole

Postdi stefy87 » 30/07/12 09:26

ri ringrazio!
stefy87
Utente Junior
 
Post: 70
Iscritto il: 26/07/12 08:44

Re: pagine pubblicitarie che si aprono da sole

Postdi banturi » 19/12/12 13:58

Ciao!
Ho lo stesso problema e vorrei risolvere....avvio ComboFix e ti posto il LOG? è che ho un problema in più....se avvio il pc in modalità normale mi si rallenta un sacco e non riesco a fare nulla di nulla!
Posso avviare ComboFix dalla modalità provvisoria...ma poi quando si riavvia?...
Attendo consigli!
Grazie
banturi
Newbie
 
Post: 3
Iscritto il: 19/12/12 13:56

Re: pagine pubblicitarie che si aprono da sole

Postdi Luke57 » 19/12/12 14:46

Ciao, combofi alcune eliminazioni le effettua al riavvio; prova a utilizzare Otl.exe dalla modalità normale e, se non è possibile, dalla provvisoria

http://oldtimer.geekstogo.com/OTL.exe

Esegui il file OTL.exe
(Dopo aver eseguito OTL, sui sistemi Windows 7 e Windows Vista si dovrà rispondere in modo affermativo alla comparsa del messaggio di avviso di UAC.)

Metti la spunta nelle caselle:
"Scan all users"
Processes ---->Use safe list
Services ----> Use safe list
Standard Registry ----> All
Modules ----> All
Drivers ----> All
Clicca sulla freccettina di File Age e seleziona 60 Days
Seleziona All alle voci "Files created within" e "File modified within"

Clicca su Run scan
Finita la scansione che potrebbe impiegare diverso tempo, OTL produrrà due file di log (OTL.txt ed Extras.txt), memorizzati nella medesima cartella del programma.

Inserisci il fle otl.txt qui:
http://wikisend.com/
Luke57
Moderatore
 
Post: 6223
Iscritto il: 11/08/05 20:10

Re: pagine pubblicitarie che si aprono da sole

Postdi banturi » 19/12/12 17:09

ecco il link del file OTL.txt:
OTL.Txt

allego anche il file Extras.txt:
Extras.Txt

Questo è il log di ComboFix lanciato prima di OTL:
log ComboFix.txt

Non ne ho più! :)
Grazie!
banturi
Newbie
 
Post: 3
Iscritto il: 19/12/12 13:56

Re: pagine pubblicitarie che si aprono da sole

Postdi Luke57 » 19/12/12 23:32

Ciao, combofix ha fatto un buon lavoro, copia il seguente script:


:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
FF - prefs.js..browser.startup.homepage: ' http://search.findeer.com'
FF - prefs.js..browser.startup.homepage: "http://search.findeer.com/"
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19DDD242-0209-4E7D-A29E-34E740DA74BE}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D2EAB8B-1DAA-42E3-BCA1-1749E1EC8044}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2245108C-6F0D-41CE-BD43-B84BCD0F6A5E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{224A4361-D1C6-4690-A032-EE9518996BA2}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C788EE0-A446-4AEA-8B7A-641B85596CC0}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5724F1BE-70A3-4229-8D59-3BBB3BBAE119}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{765A39C1-13AE-4E84-8BBB-028463A5D609}: DhcpNameServer = 198.18.3.3 213.174.160.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{765A39C1-13AE-4E84-8BBB-028463A5D609}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86AB137B-3948-433B-A68A-DC8FC4078940}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB78E034-7CE7-470B-B530-FD72AFD1797E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACDF07CF-AD42-4D36-A409-B5B0B39AE453}: DhcpNameServer = 198.18.3.3 213.174.160.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACDF07CF-AD42-4D36-A409-B5B0B39AE453}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE6621F9-080F-4B88-997F-CEED7991CE17}: NameServer = 176.31.229.24,176.31.229.25

:commands
[purity]
[Reboot]


apri otl.exe e incolla lo script sul box biancol

premi Runfix; al rivvio allega il risultato.
Luke57
Moderatore
 
Post: 6223
Iscritto il: 11/08/05 20:10

Re: pagine pubblicitarie che si aprono da sole

Postdi banturi » 20/12/12 10:34

Ciao,
grazie per l'aiuto!
Al riavvio non mi ha creato nessun log...se lo dovrei trovare sul desktop (è da lì' che l'ho lanciato) non c'è...c'è ancora quello vecchio!...lo rilancio come la prima volta?
Grazie.
banturi
Newbie
 
Post: 3
Iscritto il: 19/12/12 13:56

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "pagine pubblicitarie che si aprono da sole":


Chi c’è in linea

Visitano il forum: Nessuno e 10 ospiti