www.MegaLab.it

da **peolex4** » mer apr 18, 2012 10:33 pm

tornanto dalle vacanze ho trovato il computer in stato pessimo,i sintomi iniziali sono stati di finestre di installazioni/opzioni/windows apparivano in grafica sgranata e senza scritte,le convenzionali soluzioni non sono risultate efficaci,ossia,antimalaware non trova niente e non è aggiornato perche i nuovi file di installazioni non partono,aprono solo finestre vuote,trasparenti,quindi ho provato ad installare doctor web,avira,ecc fino ad arrivare a combofix che ha effettutato l'analisi e mi ha restituito questo log,spero che mi possiate aiutare perche mi ritrovo senza poter utilizzare il mio pc che mi serve per lo studio [acc2]

da **Uomo_Senza_Sonno** » mer apr 18, 2012 10:40 pm

Innanzitutto benvenuto su MegaLab.it [std]

Potresti postare il log per cortesia? Utilizza il tag MEMO dopo aver copiato il log in questo modo

Codice: Seleziona tutto: [MEMO]incolla il testo qui[/MEMO]

per avere questo risultato

testo incollato

da **peolex4** » mer apr 18, 2012 10:46 pm

stavo scoprendo come riuscire a postare il report, comunque ecco qui:

ComboFix 12-04-16.02 - Paolo 17/04/2012 15:21:53.3.8 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.8104.7113 [GMT 2:00]
Eseguito da: c:\users\Paolo\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2012-03-17 al 2012-04-17 )))))))))))))))))))))))))))))))))))
.
.
2012-04-17 13:27 . 2012-04-17 13:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-17 13:27 . 2012-04-17 13:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-17 09:04 . 2011-09-06 00:40 174640 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-04-13 20:07 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{256477BE-6C1D-4E7A-8335-AC15C79E5963}\mpengine.dll
2012-04-11 09:07 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 09:07 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 09:07 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 09:07 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 09:07 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 09:07 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 09:07 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-05 11:49 . 2012-04-05 12:17 -------- d-----w- c:\program files (x86)\iTunes
2012-04-05 11:49 . 2012-04-05 11:49 -------- d-----w- c:\program files\iTunes
2012-04-05 11:49 . 2012-04-05 11:49 -------- d-----w- c:\program files\iPod
2012-04-05 11:46 . 2012-04-05 11:46 -------- d-----w- c:\program files\Bonjour
2012-04-05 11:46 . 2012-04-05 11:46 -------- d-----w- c:\program files (x86)\Bonjour
2012-03-26 19:45 . 2012-03-26 19:45 -------- d-----w- c:\users\Paolo\AppData\Roaming\NVIDIA
2012-03-26 19:45 . 2012-03-26 19:45 -------- d-----w- c:\programdata\EA Logs
2012-03-26 18:27 . 2012-03-26 18:27 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-03-26 18:24 . 2012-03-26 18:24 -------- d-----w- c:\program files (x86)\NirSoft
2012-03-19 03:06 . 2012-03-19 03:06 0 ----a-w- c:\windows\SysWow64\REN898E.tmp
2012-03-19 00:36 . 2012-03-19 00:36 0 ----a-w- c:\windows\SysWow64\REN64D2.tmp
2012-03-19 00:36 . 2012-03-19 00:36 0 ----a-w- c:\windows\SysWow64\REN64D1.tmp
2012-03-19 00:36 . 2012-03-19 00:36 0 ----a-w- c:\windows\SysWow64\REN64D0.tmp
2012-03-19 00:36 . 2012-03-19 00:36 0 ----a-w- c:\windows\SysWow64\REN60C.tmp
2012-03-19 00:36 . 2012-03-19 00:36 0 ----a-w- c:\windows\SysWow64\REN60B.tmp
2012-03-19 00:36 . 2012-03-19 00:36 0 ----a-w- c:\windows\SysWow64\REN60A.tmp
2012-03-19 00:35 . 2012-03-19 00:35 0 ----a-w- c:\windows\SysWow64\RENCE0C.tmp
2012-03-19 00:35 . 2012-03-19 00:35 0 ----a-w- c:\windows\SysWow64\RENCE0B.tmp
2012-03-19 00:35 . 2012-03-19 00:35 0 ----a-w- c:\windows\SysWow64\RENCE0A.tmp
2012-03-19 00:25 . 2012-03-19 00:25 -------- d-----w- c:\users\Paolo\AppData\Roaming\Babylon
2012-03-19 00:25 . 2012-03-19 00:25 -------- d-----w- c:\users\Paolo\AppData\Local\Babylon
2012-03-19 00:25 . 2012-03-19 00:25 -------- d-----w- c:\programdata\Babylon
2012-03-18 22:59 . 2012-03-18 22:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-18 22:57 . 2012-03-19 03:06 -------- d-----w- c:\program files (x86)\Java
2012-03-18 20:22 . 2012-03-19 03:06 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-19 03:06 . 2011-12-19 15:36 567696 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-05 15:19 . 2012-03-05 15:19 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 13:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 13:38 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 13:38 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 13:38 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 09:01 . 2012-02-15 09:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 09:01 . 2012-02-15 09:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 06:36 . 2012-03-14 13:40 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 13:40 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-08 08:57 . 2011-09-06 01:07 407040 ----a-w- c:\windows\HotfixChecker.exe
2012-02-08 08:56 . 2011-09-06 01:07 345600 ----a-w- c:\windows\SetLCDStretchMode.exe
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-14 13:40 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 13:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 13:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 13:38 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-16_23.56.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-04-17 00:03 50410 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-17 00:03 42248 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-06 19:28 . 2012-04-17 00:03 9896 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1739335617-45622530-1743251556-1001_UserData.bin
- 2012-04-16 23:39 . 2012-04-16 23:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-17 12:33 . 2012-04-17 12:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-17 12:33 . 2012-04-17 12:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-16 23:39 . 2012-04-16 23:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-06 05:15 . 2012-04-17 12:37 700468 c:\windows\system32\perfh010.dat
- 2011-09-06 05:15 . 2012-04-16 23:33 700468 c:\windows\system32\perfh010.dat
- 2009-07-14 02:36 . 2012-04-16 23:33 617946 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-17 12:37 617946 c:\windows\system32\perfh009.dat
+ 2011-09-06 05:15 . 2012-04-17 12:37 128356 c:\windows\system32\perfc010.dat
- 2011-09-06 05:15 . 2012-04-16 23:33 128356 c:\windows\system32\perfc010.dat
+ 2009-07-14 02:36 . 2012-04-17 12:37 106988 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-16 23:33 106988 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-16 23:38 429824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-17 00:07 429824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-07 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-04 2009704]
R2 PowerOffer Service;Pos Service;c:\users\Paolo\AppData\Local\PosService\Pos.exe [2011-12-16 164352]
R2 ServUpdater;Serv Updater;c:\users\Paolo\AppData\Local\ServUpdater\ServiceUpd.exe [2011-12-16 156160]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-05-05 2656536]
R3 AMPPAL;Scheda virtuale Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
R3 AMPPALP;Protocollo Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-07 136176]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-07 16:57]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-07 16:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?AF=109989&ba ... a971418de1
mStart Page = hxxp://search.findeer.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{15069DBC-44D7-4FA8-9252-A089DA70883D}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{2C70DF46-61CC-4655-8F21-1A840527105F}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{E02088E9-47F0-4D18-918A-941C271634D4}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\users\Paolo\AppData\Roaming\Mozilla\Firefox\Profiles\ctg1tijk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=grupo
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=grupo
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=grupo&q=
FF - user.js: extensions.funmoods_i.id - 9406dfc0000000000000dca971418de1
FF - user.js: extensions.funmoods_i.instlDay - 15411
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1618:44
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - grupo
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109989
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 9406dfc0000000000000dca971418de1
FF - user.js: extensions.BabylonToolbar_i.hardId - 9406dfc0000000000000dca971418de1
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15418
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:25
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\01\01\1e\0e%\00?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-04-17 15:29:24
ComboFix-quarantined-files.txt 2012-04-17 13:29
ComboFix2.txt 2012-04-16 23:59
.
Pre-Run: 155.455.352.832 byte disponibili
Post-Run: 155.125.391.360 byte disponibili
.
- - End Of File - - 96E2DE07B04E5BE43466EA188CB0BB30

confido in voi e gia ringrazio per l'efficenza e la cortesia

da **crazy.cat** » gio apr 19, 2012 4:50 am

Se hai attivi i punti di ripristino prova ad utilizzarne uno precedente alle vacenze e vedi se con quello risolvi.
Il log non mostra niente.

da **peolex4** » gio apr 19, 2012 2:54 pm

http://imageshack.us/photo/my-images/528/desktopda.png

questo è ciò che vedo quando apro il centro di ripristino,ad intuito e comparazione con quello di un pc funzionante l'ho fatto partire ma la situazione non è cambiata dopo questa procedura,e non so proprio che altro fare,spero in un altro consiglio...grazie [acc2]

da **peolex4** » gio apr 19, 2012 3:18 pm

non sono un esperto di virus,ma non è la prima volta che mi ritrovo a dover sistemare un computer,solo che questa volta il problema mi sembra insormontabile visto che non mi permette di installare nessun nuovo antivirus,ho cercato senza trovare un caso simile,penso che potrebbe avere qualcosa a che fare con rundll32 ma non ne sono sicuro,l'unica cosa certa è che i file di installazione di antivirus\malaware\spyrware subiscono lo stesso trattamento del pannello di ripristino nell'immagine ossia senza scritte,anzi spesso addirittura trasparenti impedendo anche di andare ad intuito...ora oltretutto non mi è concesso nemmeno effettuare una ulteriore scansione con antimalawarebytes perche mi da Run-time error 6 Overflow,il log di combofix era la mia unica speranza di risolvere velocemente il problema,adesso non so piu che pensare [V]

da **hashcat** » gio apr 19, 2012 4:57 pm

peolex4 ha scritto:non sono un esperto di virus,ma non è la prima volta che mi ritrovo a dover sistemare un computer,solo che questa volta il problema mi sembra insormontabile visto che non mi permette di installare nessun nuovo antivirus,ho cercato senza trovare un caso simile,penso che potrebbe avere qualcosa a che fare con rundll32 ma non ne sono sicuro,l'unica cosa certa è che i file di installazione di antivirus\malaware\spyrware subiscono lo stesso trattamento del pannello di ripristino nell'immagine ossia senza scritte,anzi spesso addirittura trasparenti impedendo anche di andare ad intuito...ora oltretutto non mi è concesso nemmeno effettuare una ulteriore scansione con antimalawarebytes perche mi da Run-time error 6 Overflow,il log di combofix era la mia unica speranza di risolvere velocemente il problema,adesso non so piu che pensare

Direi che la cosa migliore é tentare l'utilizzo di un Rescue Disk come Kaspersky e Bitdefender

da **peolex4** » ven apr 20, 2012 11:43 am

provato kaspersky ma la scansione ha rilevato solo due adware e un terzo qualcosa è venuto a mancare nella conclusione della scansione,ora sto scaricando bitdefender,visto che non saprei che altro fare.
qualche altra idea? visto che non penso sia un problema di hardware dato che molte funzioni impegnative come giochi e programmi pesanti sono ancora funzionanti.... [V]

da **hashcat** » ven apr 20, 2012 1:33 pm

peolex4 ha scritto:provato kaspersky ma la scansione ha rilevato solo due adware e un terzo qualcosa è venuto a mancare nella conclusione della scansione,ora sto scaricando bitdefender,visto che non saprei che altro fare.
qualche altra idea? visto che non penso sia un problema di hardware dato che molte funzioni impegnative come giochi e programmi pesanti sono ancora funzionanti....

Hai aggiornato i rescue disk prima di scansionare?

da **hashcat** » ven apr 20, 2012 3:40 pm

Qualche anomalia nel log di Combofix è presente, ma nulla di particolarmente grave:

Passiamo a Combofix:

Scarica l'ultima versione di Combofix da qui e salvala sul Desktop
Disconnetti il computer da Internet
Termina ogni programma inutile
Chiudi/disabilita ogni Antivirus/Antispyware/Antimalware e qualunque programma di sicurezza in generale in modo che non
interferisca con Combofix
Premi WIN+R , digita notepad.exe e premi Invio
Assicurati che sotto la casella formato sia disablitata la funzione "A capo automatico"
Copia ed incolla nella finestra del Blocco Note il seguente script:

Codice: Seleziona tutto
KillAll:: ClearJavaCache:: File:: c:\windows\SysWow64\REN898E.tmp c:\windows\SysWow64\REN64D2.tmp c:\windows\SysWow64\REN64D1.tmp c:\windows\SysWow64\REN64D0.tmp c:\windows\SysWow64\REN60C.tmp c:\windows\SysWow64\REN60B.tmp c:\windows\SysWow64\REN60A.tmp c:\windows\SysWow64\RENCE0C.tmp c:\windows\SysWow64\RENCE0B.tmp c:\windows\SysWow64\RENCE0A.tmp Folder:: c:\users\Paolo\AppData\Roaming\Babylon c:\users\Paolo\AppData\Local\Babylon C:\Program Files (x86)\Microsoft\BingBar\ Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PosService"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"=- RegLock:: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\01\01\1e\0e%\00?" Reboot::
Salva il seguente script come CFScript.txt nello stesso percorso di Combofix
Trascina il file CFScript.txt sopra Combofix come mostrato nell'immagine sottostante:
Terminata la procedura Combofix produrrà un log che si troverà in C:\ComboFix[Numero più grande].txt
Il computer verrà riavviato
Includi il log nel tuo prossimo messaggio

Dopo aver riavviato il computer scarica questo fix.reg, salvalo sul Desktop ed eseguilo.
Scarica il seguente fix.bat, salvalo sul Desktop ed eseguilo come amministratore.

Elimina PUP e Toolbar indesiderate:

Utilizza Adwcleaner

Poi fai un po' di pulizia con OTL:

Scarica OTL da qui
Disattivare o terminare tutte le protezioni in tempo reale di programmi anti-spyware, antivirus, anti-malware, che possono influenzare OTL
Avviare OTL mediante doppio click
Inserisci questo script nella casella Custom Scans/Fixes di OTL e clicca Run Fix

Codice: Seleziona tutto
:Commands [PURITY] [EMPTYTEMP] [CLEARALLRESTOREPOINTS]
Il computer verrà riavviato.

Utilizza TDSSKiller per individuare la presenza di rootkit ed acquisire informazioni sui driver:

Scarica TDSSKiller da qui
Rinominalo in modo casuale
Esegui TDSSKiller e clicca su "Start Scan"
Al termine della scansione verrà mostrata una schermata con i rilevamenti
Seleziona l'opzione "Cure" per i rilevamenti "malicious" e l'opzione "Skip" per quelli "Suspicious"
Clicca su Next/Continue per applicare le azioni
Per portare a termine la disinfezione TDSSKiller potrebbe richiedere un riavvio del computer
Al termine della procedura posta il log di TDSSKiller che si trova in C:\

Al riavvio del computer genera un log completo con OTL:

Disattivare o terminare tutte le protezioni in tempo reale di programmi anti-spyware, antivirus, anti-malware, che possono influenzare OTL
Avviare OTL mediante doppio click
Quando apparirà la schermata di OTL regolare le impostazioni come segue:
Cliccare su Run Scan per avviare la scansione
Non utilizzare il computer durante l'esecuzione di OTL
Al termine della scansione verranno generati due log e appariranno due finestre del Blocco Note
Salva il log OTL come OTL.txt sul Desktop ed includilo nel tuo prossimo messaggio
Salva il log Extra come Extra.txt sul Desktop ed includilo nel tuo prossimo messaggio

MBRscan:

A questo punto scarica MBRscan, salvalo sul Desktop, eseguilo come amministratore clicca sul pulsante Report. Si aprirà una finestra del Blocco Note, copia il log ed inseriscilo nel tuo prossimo messaggio.

[weponed]

da **peolex4** » ven apr 20, 2012 8:18 pm

La scansione del rescue disk è avvenuta dopo aver aggiornato il database, ne ho effettuata una seconda e ho notato che comunque quei Adware non erano stati eliminati e non sono riuscito ad aeliminarli anche la seconda volta.
Ho scaricato combofix aggiornato, ho effettuato il programma tramite il testo da voi postato e mi ha generato:
http://www.legadispoli.altervista.org/reportcombo.txt
non mi faceva inserire il REPORT perché troppo lungo.

Alchè ho scaricato gli altri due file che però non posso eseguire a causa di un errore: è stata tentata un operazione non consentita su una chiave di registro di sistema segnata per l'eliminazione.
Purtroppo non è l'unico errore del genere che mi da al momento, ( stessa cosa se apro esplora risorse mi da errore in c:\\windows\explorer.exe )
Per ora grazie, spero a presto !
[applauso+]

da **peolex4** » ven apr 20, 2012 8:39 pm

riavviando il computer l'errore delle chiavi di registro non c'era più ho potuto avviare i due file e poi sono passato ad Adware, posto qui il report

# AdwCleaner v1.602 - Logfile created 04/20/2012 at 21:31:07
# Updated 19/04/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Paolo - PC
# Running from : C:\Users\Paolo\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Paolo\AppData\Local\Conduit
Folder Deleted : C:\Users\Paolo\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Paolo\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Paolo\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Paolo\AppData\Roaming\Mozilla\Firefox\Profiles\ctg1tijk.default\ConduitCommon
Folder Deleted : C:\Users\Paolo\AppData\Roaming\Mozilla\Firefox\Profiles\ctg1tijk.default\extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\Conduit
File Deleted : C:\Users\Paolo\AppData\Roaming\Mozilla\Firefox\Profiles\ctg1tijk.default\searchplugins\funmoods.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml

***** [H. Navipromo] *****

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2851640
Key Deleted : HKCU\Software\facemoods.com
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\facemoods.com
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [facemoods]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?AF=109989&ba ... a971418de1 -->

hxxp://www.google.fr

-\\ Mozilla Firefox v11.0 (it)

## File : C:\Users\Paolo\AppData\Roaming\Mozilla\Firefox\Profiles\ctg1tijk.default\prefs.js

C:\Users\Paolo\AppData\Roaming\Mozilla\Firefox\Profiles\ctg1tijk.default\user.js ... Deleted !

Deleted : user_pref("CT2851640..clientLogIsEnabled", false);
Deleted : user_pref("CT2851640..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2851640..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2851640.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2851640.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2851640.CTID", "CT2851640");
Deleted : user_pref("CT2851640.CurrentServerDate", "30-1-2012");
Deleted : user_pref("CT2851640.DSInstall", false);
Deleted : user_pref("CT2851640.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2851640.DialogsGetterLastCheckTime", "Mon Jan 30 2012 16:53:07 GMT+0100 (ora solare Eur[...]
Deleted : user_pref("CT2851640.DownloadReferralCookieData", "");
Deleted : user_pref("CT2851640.EMailNotifierPollDate", "Mon Jan 30 2012 16:53:10 GMT+0100 (ora solare Europa o[...]
Deleted : user_pref("CT2851640.FeedLastCount6743962842994482530", 138);
Deleted : user_pref("CT2851640.FeedPollDate2429156812186649977", "Mon Jan 30 2012 16:53:10 GMT+0100 (ora solar[...]
Deleted : user_pref("CT2851640.FeedPollDate2429156813040823546", "Mon Jan 30 2012 16:53:10 GMT+0100 (ora solar[...]
Deleted : user_pref("CT2851640.FeedPollDate2429156813130095866", "Mon Jan 30 2012 16:53:10 GMT+0100 (ora solar[...]
Deleted : user_pref("CT2851640.FeedPollDate2429156813224203613", "Mon Jan 30 2012 16:53:10 GMT+0100 (ora solar[...]
Deleted : user_pref("CT2851640.FeedPollDate2429156813230837251", "Mon Jan 30 2012 16:53:10 GMT+0100 (ora solar[...]
Deleted : user_pref("CT2851640.FeedPollDate2429156813454291735", "Mon Jan 30 2012 16:53:10 GMT+0100 (ora solar[...]
Deleted : user_pref("CT2851640.FeedPollDate2429156813729834876", "Mon Jan 30 2012 16:53:10 GMT+0100 (ora solar[...]
Deleted : user_pref("CT2851640.FeedPollDate2429156813860870021", "Mon Jan 30 2012 16:53:11 GMT+0100 (ora solar[...]
Deleted : user_pref("CT2851640.FeedPollDate2429156814264681793", "Mon Jan 30 2012 16:53:10 GMT+0100 (ora solar[...]
Deleted : user_pref("CT2851640.FeedPollDate2429156814863075366", "Mon Jan 30 2012 16:53:10 GMT+0100 (ora solar[...]
Deleted : user_pref("CT2851640.FeedPollDate2429156815257761081", "Mon Jan 30 2012 16:53:10 GMT+0100 (ora solar[...]
Deleted : user_pref("CT2851640.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2851640.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2851640.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2851640.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2851640.FirstServerDate", "30-1-2012");
Deleted : user_pref("CT2851640.FirstTime", true);
Deleted : user_pref("CT2851640.FirstTimeFF3", true);
Deleted : user_pref("CT2851640.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2851640.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2851640.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2851640.HPInstall", false);
Deleted : user_pref("CT2851640.HasUserGlobalKeys", true);
Deleted : user_pref("CT2851640.Initialize", true);
Deleted : user_pref("CT2851640.InitializeCommonPrefs", true);
Deleted : user_pref("CT2851640.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2851640.InstallationId", "ConduitXPEIntegration");
Deleted : user_pref("CT2851640.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT2851640.InstalledDate", "Mon Jan 30 2012 16:53:10 GMT+0100 (ora solare Europa occidenta[...]
Deleted : user_pref("CT2851640.IsGrouping", false);
Deleted : user_pref("CT2851640.IsInitSetupIni", true);
Deleted : user_pref("CT2851640.IsMulticommunity", false);
Deleted : user_pref("CT2851640.IsOpenThankYouPage", true);
Deleted : user_pref("CT2851640.IsOpenUninstallPage", false);
Deleted : user_pref("CT2851640.LanguagePackLastCheckTime", "Mon Jan 30 2012 16:53:16 GMT+0100 (ora solare Euro[...]
Deleted : user_pref("CT2851640.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2851640.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2851640.LastLogin_3.9.0.3", "Mon Jan 30 2012 16:53:13 GMT+0100 (ora solare Europa occid[...]
Deleted : user_pref("CT2851640.LatestVersion", "3.9.0.3");
Deleted : user_pref("CT2851640.Locale", "it");
Deleted : user_pref("CT2851640.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2851640.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2851640.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2851640.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2851640.OriginalFirstVersion", "3.9.0.3");
Deleted : user_pref("CT2851640.SearchCaption", "uTorrentBar_IT Customized Web Search");
Deleted : user_pref("CT2851640.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2851640.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Deleted : user_pref("CT2851640.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2851640.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2851640.SearchInNewTabLastCheckTime", "Mon Jan 30 2012 16:53:13 GMT+0100 (ora solare Eu[...]
Deleted : user_pref("CT2851640.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2851640.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2851640.ServiceMapLastCheckTime", "Mon Jan 30 2012 16:53:04 GMT+0100 (ora solare Europa[...]
Deleted : user_pref("CT2851640.SettingsLastCheckTime", "Mon Jan 30 2012 16:53:04 GMT+0100 (ora solare Europa o[...]
Deleted : user_pref("CT2851640.SettingsLastUpdate", "1325072533");
Deleted : user_pref("CT2851640.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851640&SearchSource=13");
Deleted : user_pref("CT2851640.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2851640.ThirdPartyComponentsLastCheck", "Mon Jan 30 2012 16:53:04 GMT+0100 (ora solare [...]

Deleted : user_pref("CT2851640.ThirdPartyComponentsLastUpdate", "1291276238");
Deleted : user_pref("CT2851640.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2851640.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851640");
Deleted : user_pref("CT2851640.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2851640.UserID", "UN48187880359382139");
Deleted : user_pref("CT2851640.WeatherNetwork", "");
Deleted : user_pref("CT2851640.WeatherPollDate", "Mon Jan 30 2012 16:53:17 GMT+0100 (ora solare Europa occiden[...]
Deleted : user_pref("CT2851640.WeatherUnit", "C");
Deleted : user_pref("CT2851640.alertChannelId", "1243675");
Deleted : user_pref("CT2851640.autoDisableScopes", -1);
Deleted : user_pref("CT2851640.backendstorage.cbfirsttime", "4D6F6E204A616E20333020323031322031363A35333A31372[...]
Deleted : user_pref("CT2851640.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2851640.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2851640.globalFirstTimeInfoLastCheckTime", "Mon Jan 30 2012 16:53:06 GMT+0100 (ora sola[...]
Deleted : user_pref("CT2851640.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2851640.initDone", true);
Deleted : user_pref("CT2851640.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2851640.myStuffEnabled", true);
Deleted : user_pref("CT2851640.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2851640.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2851640.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2851640.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2851640.revertSettingsEnabled", true);
Deleted : user_pref("CT2851640.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2851640.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2851640.testingCtid", "");
Deleted : user_pref("CT2851640.toolbarAppMetaDataLastCheckTime", "Mon Jan 30 2012 16:53:09 GMT+0100 (ora solar[...]
Deleted : user_pref("CT2851640.toolbarContextMenuLastCheckTime", "Mon Jan 30 2012 16:53:13 GMT+0100 (ora solar[...]
Deleted : user_pref("CT2851640.usagesFlag", 1);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit. ... /CT2851640[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT2851640", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... tenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... erApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... redApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... lbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-ser ... rt/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... kg?ver=3.9. [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/ ... =CT2851640",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-serv ... ?locale=it", "\"dbb[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Paolo\\AppData\\Roaming\\Mozilla\\F[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2851640");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2851640");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2851640");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Jan 30 2012 16:53:19 GMT+0100 (ora[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "66dcec56-abe7-4ff5-9af9-fb9dafd04400");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851640");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jan 30 2012 16:53:2[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jan 30 2012 16:53:02 GMT+0100 (o[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "3aad98c8-6cd6-40c3-bbb8-75cb3a21e987");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.it/");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109989");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "9406dfc0000000000000dca971418de1");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "9406dfc0000000000000dca971418de1");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15418");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.171:25:57");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.facemoods.DNSErrUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=5");
Deleted : user_pref("extensions.facemoods.aflt", "ddrnw");
Deleted : user_pref("extensions.facemoods.dfltSrch", true);
Deleted : user_pref("extensions.facemoods.dfltSrchPrvdr", "Facemoods Search");
Deleted : user_pref("extensions.facemoods.dnsErr", true);
Deleted : user_pref("extensions.facemoods.firstRun", true);
Deleted : user_pref("extensions.facemoods.hmpg", true);
Deleted : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=ddrnw");
Deleted : user_pref("extensions.facemoods.id", "9406dfc0000000000000dca971418de0");
Deleted : user_pref("extensions.facemoods.instlDay", "15327");
Deleted : user_pref("extensions.facemoods.mntz", "");
Deleted : user_pref("extensions.facemoods.newTab", true);
Deleted : user_pref("extensions.facemoods.newTabUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=2");
Deleted : user_pref("extensions.facemoods.prtnrId", "facemoods.com");
Deleted : user_pref("extensions.facemoods.searchProviderAdded", true);
Deleted : user_pref("extensions.facemoods.sid", "c76f053a743443e7a85529c470eb467f");
Deleted : user_pref("extensions.facemoods.tlbrSrchUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=3");
Deleted : user_pref("extensions.facemoods.vrsn", "1.4.17.11");
Deleted : user_pref("extensions.funmoods_i.aflt", "grupo");
Deleted : user_pref("extensions.funmoods_i.dfltLng", "");
Deleted : user_pref("extensions.funmoods_i.dfltSrch", true);
Deleted : user_pref("extensions.funmoods_i.dnsErr", true);
Deleted : user_pref("extensions.funmoods_i.excTlbr", false);
Deleted : user_pref("extensions.funmoods_i.hmpg", true);
Deleted : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=grupo");
Deleted : user_pref("extensions.funmoods_i.id", "9406dfc0000000000000dca971418de1");
Deleted : user_pref("extensions.funmoods_i.instlDay", "15411");
Deleted : user_pref("extensions.funmoods_i.instlRef", "");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=grupo");
Deleted : user_pref("extensions.funmoods_i.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods_i.tlbrId", "base");
Deleted : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=grupo&q=[...]
Deleted : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1618:44:03");
Deleted : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851640&SearchSource=2&q=[...]

*************************

AdwCleaner[R1].txt - [25214 octets] - [20/04/2012 21:30:56]
AdwCleaner[S1].txt - [23880 octets] - [20/04/2012 21:31:07]

########## EOF - C:\AdwCleaner[S1].txt - [24009 octets] ##########

Purtroppo il problema di fondo nell'aprire file di installazione antivirus tra gli altre mille è perdurato,e quindi non posso nemmeno continuare la procedura con l'installazione di OTL perche il menu appaiono semi-trasparenti\senza-scritte!!!!
AIUTO

da **hashcat** » ven apr 20, 2012 9:10 pm

peolex4 ha scritto:riavviando il computer l'errore delle chiavi di registro non c'era più ho potuto avviare i due file e poi sono passato ad Adware, posto qui il report
[....]
Purtroppo il problema di fondo nell'aprire file di installazione antivirus tra gli altre mille è perdurato,e quindi non posso nemmeno continuare la procedura con l'installazione di OTL perche il menu appaiono semi-trasparenti\senza-scritte!!!!
AIUTO

Mi è venuta in mente quale può essere la causa del problema, domani faccio delle verifiche e ti faccio sapere meglio.
Per il log di ComboFix aggiornato saprò dirti qualcosa di più domani. Non sei riuscito ad utilizzare TDSSKiller per il problema della trasparenza?

Per quanto riguarda OTL prova a cliccare sul bottone Run Scan (anche se trasparente) per tentativi, la configurazione da me indicata non è indispensabile, il log invece è piuttosto utile.

[ciao]

da **peolex4** » sab apr 21, 2012 1:23 pm

sono riuscito ad utilizzare tdskiller,però le prime 2 volte mi sembrava (provando a cliccarci indicava che il programma non rispondeva piu), disattuvato samsung recory solution è partito e credo abbia portato a termine la scansione,ora posto tutti e tre i report:
primo:

13:59:14.0356 4816 TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31
13:59:14.0434 4816 ============================================================
13:59:14.0434 4816 Current date / time: 2012/04/21 13:59:14.0434
13:59:14.0434 4816 SystemInfo:
13:59:14.0434 4816
13:59:14.0434 4816 OS Version: 6.1.7601 ServicePack: 1.0
13:59:14.0434 4816 Product type: Workstation
13:59:14.0434 4816 ComputerName: PC
13:59:14.0434 4816 UserName: Paolo
13:59:14.0434 4816 Windows directory: C:\windows
13:59:14.0434 4816 System windows directory: C:\windows
13:59:14.0434 4816 Running under WOW64
13:59:14.0434 4816 Processor architecture: Intel x64
13:59:14.0434 4816 Number of processors: 8
13:59:14.0434 4816 Page size: 0x1000
13:59:14.0434 4816 Boot type: Normal boot
13:59:14.0434 4816 ============================================================
13:59:15.0495 4816 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:59:15.0510 4816 Drive \Device\Harddisk1\DR1 - Size: 0xE6939000 (3.60 Gb), SectorSize: 0x200, Cylinders: 0x1D6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:59:15.0510 4816 \Device\Harddisk0\DR0:
13:59:15.0510 4816 MBR partitions:
13:59:15.0510 4816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:59:15.0510 4816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x21E00000
13:59:15.0541 4816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x21E33000, BlocksNum 0x327BE800
13:59:15.0541 4816 \Device\Harddisk1\DR1:
13:59:15.0541 4816 MBR partitions:
13:59:15.0541 4816 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x734361
13:59:15.0573 4816 C: <-> \Device\Harddisk0\DR0\Partition1
13:59:15.0619 4816 D: <-> \Device\Harddisk0\DR0\Partition2
13:59:15.0619 4816 Initialize success
13:59:15.0619 4816 ============================================================
13:59:20.0175 4872 ============================================================
13:59:20.0175 4872 Scan started
13:59:20.0175 4872 Mode: Manual;
13:59:20.0175 4872 ============================================================
13:59:21.0781 4872 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
13:59:21.0813 4872 1394ohci - ok
13:59:42.0030 4872 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
13:59:42.0046 4872 ACPI - ok
14:00:02.0544 4872 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
14:00:02.0544 4872 AcpiPmi - ok
14:00:22.0871 4872 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
14:00:22.0871 4872 adp94xx - ok
14:00:43.0089 4872 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
14:00:43.0089 4872 adpahci - ok
14:01:03.0540 4872 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
14:01:03.0540 4872 adpu320 - ok
14:01:23.0961 4872 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
14:01:23.0961 4872 AeLookupSvc - ok
14:01:44.0678 4872 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
14:01:44.0693 4872 AFD - ok
14:02:05.0207 4872 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
14:02:05.0223 4872 agp440 - ok
14:02:26.0127 4872 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
14:02:26.0127 4872 ALG - ok
14:02:46.0657 4872 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
14:02:46.0657 4872 aliide - ok
14:03:06.0827 4872 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
14:03:06.0827 4872 amdide - ok

secondo:

14:04:26.0807 4920 TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31
14:04:26.0807 4920 ============================================================
14:04:26.0807 4920 Current date / time: 2012/04/21 14:04:26.0807
14:04:26.0807 4920 SystemInfo:
14:04:26.0807 4920
14:04:26.0807 4920 OS Version: 6.1.7601 ServicePack: 1.0
14:04:26.0807 4920 Product type: Workstation
14:04:26.0807 4920 ComputerName: PC
14:04:26.0807 4920 UserName: Paolo
14:04:26.0807 4920 Windows directory: C:\windows
14:04:26.0807 4920 System windows directory: C:\windows
14:04:26.0807 4920 Running under WOW64
14:04:26.0807 4920 Processor architecture: Intel x64
14:04:26.0807 4920 Number of processors: 8
14:04:26.0807 4920 Page size: 0x1000
14:04:26.0807 4920 Boot type: Normal boot
14:04:26.0807 4920 ============================================================
14:04:26.0979 4920 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:04:26.0979 4920 Drive \Device\Harddisk1\DR1 - Size: 0xE6939000 (3.60 Gb), SectorSize: 0x200, Cylinders: 0x1D6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:04:26.0979 4920 \Device\Harddisk0\DR0:
14:04:26.0979 4920 MBR partitions:
14:04:26.0979 4920 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:04:26.0979 4920 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x21E00000
14:04:26.0994 4920 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x21E33000, BlocksNum 0x327BE800
14:04:26.0994 4920 \Device\Harddisk1\DR1:
14:04:26.0994 4920 MBR partitions:
14:04:26.0994 4920 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x734361
14:04:27.0041 4920 C: <-> \Device\Harddisk0\DR0\Partition1
14:04:27.0072 4920 D: <-> \Device\Harddisk0\DR0\Partition2
14:04:27.0072 4920 Initialize success
14:04:27.0072 4920 ============================================================
14:04:32.0142 1156 ============================================================
14:04:32.0142 1156 Scan started
14:04:32.0142 1156 Mode: Manual;
14:04:32.0142 1156 ============================================================
14:04:33.0234 1156 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
14:04:33.0234 1156 1394ohci - ok
14:04:34.0139 1156 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
14:04:34.0139 1156 ACPI - ok
14:04:34.0966 1156 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
14:04:34.0966 1156 AcpiPmi - ok
14:04:35.0824 1156 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
14:04:35.0840 1156 adp94xx - ok
14:04:36.0152 1156 Scan interrupted by user!
14:04:36.0152 1156 Scan interrupted by user!
14:04:36.0152 1156 Scan interrupted by user!
14:04:36.0152 1156 ============================================================
14:04:36.0152 1156 Scan finished
14:04:36.0152 1156 ============================================================

posto il terzo nei prossimi messaggi perche è mezzo gigante e non entra.

per quanto riguarda otl è come se mi mancasse tutta la parte superiore con i pulanti quindi riesco a scrivere magari i comandi ma poi non posso far accadere nulla piu,invece per mbrscan sembra lo apra diciamo normalemtne anche se senza scritte quindi non so dove andare a cliccare,spero che questi report e quello di combofix possano portare luce sulla situazione,e grazie mille per l'aiuto!

da **hashcat** » sab apr 21, 2012 1:28 pm

Purtroppo il log di TDSSKiller è troncato, vedi se riesci a postarne uno intero.

EDIT: Il log di TDSSKiller è a posto.

A seguire posto le immagini dei programmi per aiutarti a capire dove cliccare (anche se non vedi il pulsante).

TDSSKiller:

Immagine

OTL (senza configurarlo, clicca solo su run scan):

Immagine

MBRscan:

da **peolex4** » sab apr 21, 2012 1:28 pm

prima parte del terzo report di TDSS :

14:05:58.0955 4944 TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31
14:05:58.0955 4944 ============================================================
14:05:58.0955 4944 Current date / time: 2012/04/21 14:05:58.0955
14:05:58.0955 4944 SystemInfo:
14:05:58.0955 4944
14:05:58.0955 4944 OS Version: 6.1.7601 ServicePack: 1.0
14:05:58.0955 4944 Product type: Workstation
14:05:58.0955 4944 ComputerName: PC
14:05:58.0955 4944 UserName: Paolo
14:05:58.0955 4944 Windows directory: C:\windows
14:05:58.0955 4944 System windows directory: C:\windows
14:05:58.0955 4944 Running under WOW64
14:05:58.0955 4944 Processor architecture: Intel x64
14:05:58.0955 4944 Number of processors: 8
14:05:58.0955 4944 Page size: 0x1000
14:05:58.0955 4944 Boot type: Normal boot
14:05:58.0955 4944 ============================================================
14:05:59.0142 4944 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:05:59.0142 4944 Drive \Device\Harddisk1\DR1 - Size: 0xE6939000 (3.60 Gb), SectorSize: 0x200, Cylinders: 0x1D6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:05:59.0142 4944 \Device\Harddisk0\DR0:
14:05:59.0142 4944 MBR partitions:
14:05:59.0142 4944 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:05:59.0142 4944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x21E00000
14:05:59.0158 4944 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x21E33000, BlocksNum 0x327BE800
14:05:59.0158 4944 \Device\Harddisk1\DR1:
14:05:59.0158 4944 MBR partitions:
14:05:59.0158 4944 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x734361
14:05:59.0189 4944 C: <-> \Device\Harddisk0\DR0\Partition1
14:05:59.0236 4944 D: <-> \Device\Harddisk0\DR0\Partition2
14:05:59.0236 4944 Initialize success
14:05:59.0236 4944 ============================================================
14:06:01.0482 4852 ============================================================
14:06:01.0482 4852 Scan started
14:06:01.0482 4852 Mode: Manual;
14:06:01.0482 4852 ============================================================
14:06:01.0934 4852 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
14:06:01.0934 4852 1394ohci - ok
14:06:01.0966 4852 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
14:06:01.0981 4852 ACPI - ok
14:06:02.0153 4852 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
14:06:02.0153 4852 AcpiPmi - ok
14:06:02.0340 4852 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
14:06:02.0356 4852 adp94xx - ok
14:06:02.0465 4852 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
14:06:02.0465 4852 adpahci - ok
14:06:02.0714 4852 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
14:06:02.0714 4852 adpu320 - ok
14:06:02.0792 4852 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
14:06:02.0792 4852 AeLookupSvc - ok
14:06:02.0980 4852 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
14:06:02.0980 4852 AFD - ok
14:06:03.0182 4852 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
14:06:03.0182 4852 agp440 - ok
14:06:03.0260 4852 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
14:06:03.0260 4852 ALG - ok
14:06:03.0401 4852 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
14:06:03.0401 4852 aliide - ok
14:06:03.0494 4852 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
14:06:03.0494 4852 amdide - ok
14:06:03.0760 4852 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
14:06:03.0760 4852 AmdK8 - ok
14:06:03.0838 4852 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
14:06:03.0838 4852 AmdPPM - ok
14:06:03.0962 4852 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
14:06:03.0962 4852 amdsata - ok
14:06:04.0072 4852 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
14:06:04.0072 4852 amdsbs - ok
14:06:04.0243 4852 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
14:06:04.0243 4852 amdxata - ok
14:06:04.0337 4852 AMPPAL (9921e78bc29634235f4bf5809e7e8cde) C:\windows\system32\DRIVERS\AMPPAL.sys
14:06:04.0352 4852 AMPPAL - ok
14:06:04.0477 4852 AMPPALP (9921e78bc29634235f4bf5809e7e8cde) C:\windows\system32\DRIVERS\amppal.sys
14:06:04.0477 4852 AMPPALP - ok
14:06:04.0586 4852 AMPPALR3 (83a0e7ba4ae616d3654e700d9c5ff9db) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
14:06:04.0602 4852 AMPPALR3 - ok
14:06:04.0820 4852 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
14:06:04.0820 4852 AppID - ok
14:06:04.0898 4852 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
14:06:04.0898 4852 AppIDSvc - ok
14:06:05.0023 4852 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
14:06:05.0023 4852 Appinfo - ok
14:06:05.0195 4852 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:06:05.0195 4852 Apple Mobile Device - ok
14:06:05.0382 4852 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
14:06:05.0382 4852 arc - ok
14:06:05.0554 4852 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
14:06:05.0554 4852 arcsas - ok
14:06:05.0632 4852 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
14:06:05.0632 4852 AsyncMac - ok
14:06:05.0912 4852 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
14:06:05.0912 4852 atapi - ok
14:06:06.0022 4852 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
14:06:06.0022 4852 AudioEndpointBuilder - ok
14:06:06.0100 4852 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
14:06:06.0100 4852 AudioSrv - ok
14:06:06.0224 4852 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
14:06:06.0224 4852 AxInstSV - ok
14:06:06.0380 4852 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
14:06:06.0380 4852 b06bdrv - ok
14:06:06.0490 4852 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
14:06:06.0505 4852 b57nd60a - ok
14:06:06.0708 4852 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
14:06:06.0724 4852 BDESVC - ok
14:06:06.0895 4852 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
14:06:06.0895 4852 Beep - ok
14:06:07.0004 4852 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
14:06:07.0004 4852 BFE - ok
14:06:07.0176 4852 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
14:06:07.0176 4852 BITS - ok
14:06:07.0285 4852 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
14:06:07.0285 4852 blbdrive - ok
14:06:07.0457 4852 Bluetooth Device Monitor (55b0c8441de7d91a819a39d0351154a2) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
14:06:07.0457 4852 Bluetooth Device Monitor - ok
14:06:07.0566 4852 Bluetooth Media Service (7e262330df0c4be4ece853b59b9cbe4c) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
14:06:07.0582 4852 Bluetooth Media Service - ok
14:06:07.0831 4852 Bluetooth OBEX Service (8bf4b9956e13871a88a3810074e2e110) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
14:06:07.0847 4852 Bluetooth OBEX Service - ok
14:06:07.0940 4852 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:06:07.0956 4852 Bonjour Service - ok
14:06:08.0112 4852 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
14:06:08.0112 4852 bowser - ok
14:06:08.0221 4852 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
14:06:08.0221 4852 BrFiltLo - ok
14:06:08.0362 4852 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
14:06:08.0362 4852 BrFiltUp - ok
14:06:08.0455 4852 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
14:06:08.0471 4852 BridgeMP - ok
14:06:08.0674 4852 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
14:06:08.0674 4852 Browser - ok
14:06:08.0767 4852 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
14:06:08.0783 4852 Brserid - ok
14:06:08.0876 4852 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
14:06:08.0892 4852 BrSerWdm - ok
14:06:08.0986 4852 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
14:06:08.0986 4852 BrUsbMdm - ok
14:06:09.0157 4852 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
14:06:09.0157 4852 BrUsbSer - ok
14:06:09.0282 4852 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
14:06:09.0282 4852 BthEnum - ok
14:06:09.0391 4852 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
14:06:09.0391 4852 BTHMODEM - ok
14:06:09.0485 4852 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
14:06:09.0485 4852 BthPan - ok
14:06:09.0766 4852 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
14:06:09.0781 4852 BTHPORT - ok
14:06:09.0859 4852 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
14:06:09.0859 4852 bthserv - ok
14:06:09.0968 4852 BTHSSecurityMgr (a5b3e8b2b78c7b3da56a0de490e6718c) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
14:06:09.0968 4852 BTHSSecurityMgr - ok
14:06:10.0093 4852 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
14:06:10.0093 4852 BTHUSB - ok
14:06:10.0265 4852 btmaux (270fba230e78e25726d065a924589a72) C:\windows\system32\DRIVERS\btmaux.sys
14:06:10.0280 4852 btmaux - ok
14:06:10.0343 4852 btmhsf (0010a54571f525a97eed8c091e96eaa9) C:\windows\system32\DRIVERS\btmhsf.sys
14:06:10.0343 4852 btmhsf - ok
14:06:10.0390 4852 catchme - ok
14:06:10.0499 4852 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
14:06:10.0499 4852 cdfs - ok
14:06:10.0608 4852 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
14:06:10.0624 4852 cdrom - ok
14:06:10.0842 4852 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
14:06:10.0842 4852 CertPropSvc - ok
14:06:10.0936 4852 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
14:06:10.0936 4852 circlass - ok
14:06:11.0060 4852 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
14:06:11.0060 4852 CLFS - ok
14:06:11.0154 4852 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:06:11.0154 4852 clr_optimization_v2.0.50727_32 - ok
14:06:11.0326 4852 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:06:11.0326 4852 clr_optimization_v2.0.50727_64 - ok
14:06:11.0482 4852 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:06:11.0482 4852 clr_optimization_v4.0.30319_32 - ok
14:06:11.0638 4852 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:06:11.0638 4852 clr_optimization_v4.0.30319_64 - ok
14:06:11.0762 4852 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\windows\system32\DRIVERS\clwvd.sys
14:06:11.0762 4852 clwvd - ok
14:06:11.0840 4852 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
14:06:11.0840 4852 CmBatt - ok
14:06:11.0934 4852 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
14:06:11.0934 4852 cmdide - ok
14:06:12.0028 4852 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
14:06:12.0028 4852 CNG - ok
14:06:12.0246 4852 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
14:06:12.0246 4852 Compbatt - ok
14:06:12.0355 4852 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
14:06:12.0355 4852 CompositeBus - ok
14:06:12.0433 4852 COMSysApp - ok
14:06:12.0527 4852 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
14:06:12.0542 4852 crcdisk - ok
14:06:12.0745 4852 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
14:06:12.0745 4852 CryptSvc - ok
14:06:12.0901 4852 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
14:06:12.0917 4852 DcomLaunch - ok
14:06:12.0979 4852 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
14:06:12.0995 4852 defragsvc - ok
14:06:13.0198 4852 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
14:06:13.0198 4852 DfsC - ok
14:06:13.0291 4852 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
14:06:13.0307 4852 Dhcp - ok
14:06:13.0432 4852 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
14:06:13.0432 4852 discache - ok
14:06:13.0541 4852 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
14:06:13.0541 4852 Disk - ok
14:06:13.0759 4852 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
14:06:13.0775 4852 Dnscache - ok
14:06:13.0837 4852 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
14:06:13.0853 4852 dot3svc - ok
14:06:13.0962 4852 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
14:06:13.0962 4852 DPS - ok
14:06:14.0056 4852 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
14:06:14.0056 4852 drmkaud - ok
14:06:14.0321 4852 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\windows\system32\DRIVERS\dtsoftbus01.sys
14:06:14.0336 4852 dtsoftbus01 - ok
14:06:14.0446 4852 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
14:06:14.0461 4852 DXGKrnl - ok
14:06:14.0602 4852 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
14:06:14.0602 4852 EapHost - ok
14:06:14.0867 4852 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
14:06:14.0945 4852 ebdrv - ok
14:06:15.0101 4852 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
14:06:15.0101 4852 EFS - ok
14:06:15.0194 4852 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
14:06:15.0210 4852 ehRecvr - ok
14:06:15.0304 4852 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
14:06:15.0304 4852 ehSched - ok
14:06:15.0428 4852 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
14:06:15.0444 4852 elxstor - ok
14:06:15.0616 4852 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
14:06:15.0616 4852 ErrDev - ok
14:06:15.0740 4852 ETD (9d8739a2a2173c9d27c499a3fc6eda3f) C:\windows\system32\DRIVERS\ETD.sys
14:06:15.0740 4852 ETD - ok
14:06:15.0881 4852 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
14:06:15.0896 4852 EventSystem - ok
14:06:16.0021 4852 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
14:06:16.0021 4852 exfat - ok
14:06:16.0193 4852 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
14:06:16.0208 4852 fastfat - ok
14:06:16.0380 4852 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
14:06:16.0380 4852 Fax - ok
14:06:16.0489 4852 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
14:06:16.0489 4852 fdc - ok
14:06:16.0661 4852 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
14:06:16.0661 4852 fdPHost - ok
14:06:16.0739 4852 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
14:06:16.0739 4852 FDResPub - ok
14:06:16.0895 4852 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
14:06:16.0895 4852 FileInfo - ok
14:06:16.0973 4852 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
14:06:16.0973 4852 Filetrace - ok
14:06:17.0176 4852 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
14:06:17.0176 4852 flpydisk - ok
14:06:17.0269 4852 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
14:06:17.0269 4852 FltMgr - ok
14:06:17.0456 4852 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
14:06:17.0456 4852 FontCache - ok
14:06:17.0566 4852 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:06:17.0566 4852 FontCache3.0.0.0 - ok
14:06:17.0768 4852 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
14:06:17.0768 4852 FsDepends - ok
14:06:17.0987 4852 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
14:06:17.0987 4852 Fs_Rec - ok
14:06:18.0080 4852 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
14:06:18.0080 4852 fvevol - ok
14:06:18.0205 4852 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
14:06:18.0205 4852 gagp30kx - ok
14:06:18.0283 4852 GameConsoleService (521a469caf61f00e1de081cc2099c1d6) C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
14:06:18.0283 4852 GameConsoleService - ok
14:06:18.0502 4852 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
14:06:18.0502 4852 GEARAspiWDM - ok
14:06:18.0611 4852 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
14:06:18.0626 4852 gpsvc - ok
14:06:18.0814 4852 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:06:18.0814 4852 gupdate - ok
14:06:18.0845 4852 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:06:18.0845 4852 gupdatem - ok
14:06:19.0032 4852 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
14:06:19.0032 4852 hcw85cir - ok
14:06:19.0141 4852 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
14:06:19.0141 4852 HdAudAddService - ok
14:06:19.0282 4852 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
14:06:19.0282 4852 HDAudBus - ok
14:06:19.0375 4852 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
14:06:19.0375 4852 HidBatt - ok
14:06:19.0547 4852 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
14:06:19.0547 4852 HidBth - ok
14:06:19.0640 4852 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
14:06:19.0640 4852 HidIr - ok
14:06:19.0718 4852 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
14:06:19.0718 4852 hidserv - ok
14:06:19.0859 4852 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
14:06:19.0859 4852 HidUsb - ok
14:06:19.0999 4852 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
14:06:19.0999 4852 hkmsvc - ok
14:06:20.0108 4852 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
14:06:20.0108 4852 HomeGroupListener - ok
14:06:20.0202 4852 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
14:06:20.0202 4852 HomeGroupProvider - ok
14:06:20.0389 4852 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
14:06:20.0389 4852 HpSAMD - ok
14:06:20.0514 4852 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
14:06:20.0514 4852 HTTP - ok
14:06:20.0686 4852 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
14:06:20.0686 4852 hwpolicy - ok
14:06:20.0810 4852 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
14:06:20.0810 4852 i8042prt - ok
14:06:20.0982 4852 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\windows\system32\DRIVERS\iaStor.sys
14:06:20.0998 4852 iaStor - ok
14:06:21.0216 4852 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
14:06:21.0216 4852 iaStorV - ok
14:06:21.0310 4852 iBtFltCoex (de9e40baee2e48fd1e3eb423074c014c) C:\windows\system32\DRIVERS\iBtFltCoex.sys
14:06:21.0325 4852 iBtFltCoex - ok
14:06:21.0450 4852 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:06:21.0450 4852 idsvc - ok
14:06:21.0731 4852 igfx (8cb8667f5a3b5515f2585f3254f3aaf7) C:\windows\system32\DRIVERS\igdkmd64.sys
14:06:21.0949 4852 igfx - ok
14:06:22.0058 4852 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
14:06:22.0058 4852 iirsp - ok
14:06:22.0277 4852 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
14:06:22.0277 4852 IKEEXT - ok
14:06:22.0433 4852 IntcAzAudAddService (65f70696be5abc11634fcf96af7d7896) C:\windows\system32\drivers\RTKVHD64.sys
14:06:22.0464 4852 IntcAzAudAddService - ok
14:06:22.0604 4852 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
14:06:22.0620 4852 IntcDAud - ok
14:06:22.0870 4852 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
14:06:22.0870 4852 intelide - ok
14:06:22.0963 4852 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
14:06:22.0963 4852 intelppm - ok
14:06:23.0072 4852 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
14:06:23.0072 4852 IPBusEnum - ok
14:06:23.0166 4852 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
14:06:23.0166 4852 IpFilterDriver - ok
14:06:23.0369 4852 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
14:06:23.0369 4852 iphlpsvc - ok
14:06:23.0462 4852 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
14:06:23.0462 4852 IPMIDRV - ok
14:06:23.0634 4852 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
14:06:23.0650 4852 IPNAT - ok
14:06:23.0728 4852 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
14:06:23.0728 4852 iPod Service - ok
14:06:23.0852 4852 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
14:06:23.0852 4852 IRENUM - ok
14:06:23.0962 4852 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
14:06:23.0962 4852 isapnp - ok
14:06:24.0087 4852 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
14:06:24.0087 4852 iScsiPrt - ok
14:06:24.0211 4852 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
14:06:24.0211 4852 kbdclass - ok
14:06:24.0414 4852 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
14:06:24.0414 4852 kbdhid - ok
14:06:24.0492 4852 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
14:06:24.0492 4852 KeyIso - ok
14:06:24.0711 4852 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
14:06:24.0711 4852 KSecDD - ok
14:06:24.0820 4852 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
14:06:24.0820 4852 KSecPkg - ok
14:06:24.0929 4852 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
14:06:24.0929 4852 ksthunk - ok
14:06:25.0038 4852 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
14:06:25.0054 4852 KtmRm - ok
14:06:25.0241 4852 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
14:06:25.0241 4852 LanmanServer - ok
14:06:25.0335 4852 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
14:06:25.0335 4852 LanmanWorkstation - ok
14:06:25.0459 4852 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
14:06:25.0459 4852 lltdio - ok
14:06:25.0553 4852 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
14:06:25.0553 4852 lltdsvc - ok
14:06:25.0818 4852 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
14:06:25.0818 4852 lmhosts - ok
14:06:25.0912 4852 LMS (f4a17dcab576267c85663e64f3ace5a4) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:06:25.0927 4852 LMS - ok
14:06:26.0037 4852 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
14:06:26.0052 4852 LSI_FC - ok
14:06:26.0177 4852 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
14:06:26.0177 4852 LSI_SAS - ok
14:06:26.0302 4852 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
14:06:26.0302 4852 LSI_SAS2 - ok
14:06:26.0395 4852 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
14:06:26.0395 4852 LSI_SCSI - ok
14:06:26.0614 4852 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
14:06:26.0614 4852 luafv - ok
14:06:26.0692 4852 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
14:06:26.0707 4852 Mcx2Svc - ok
14:06:26.0832 4852 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
14:06:26.0832 4852 megasas - ok
14:06:26.0973 4852 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
14:06:26.0988 4852 MegaSR - ok
14:06:27.0097 4852 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
14:06:27.0097 4852 MEIx64 - ok
14:06:27.0253 4852 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:06:27.0269 4852 Microsoft Office Groove Audit Service - ok
14:06:27.0394 4852 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
14:06:27.0394 4852 MMCSS - ok
14:06:27.0487 4852 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
14:06:27.0503 4852 Modem - ok
14:06:27.0706 4852 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
14:06:27.0706 4852 monitor - ok
14:06:27.0831 4852 MotioninJoyXFilter (5fec1ff5bb9a1fa5c9cf4544d19d6d5d) C:\windows\system32\DRIVERS\MijXfilt.sys
14:06:27.0831 4852 MotioninJoyXFilter - ok
14:06:27.0940 4852 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
14:06:27.0955 4852 mouclass - ok
14:06:28.0111 4852 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
14:06:28.0111 4852 mouhid - ok
14:06:28.0236 4852 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
14:06:28.0236 4852 mountmgr - ok
14:06:28.0330 4852 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
14:06:28.0345 4852 mpio - ok
14:06:28.0455 4852 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
14:06:28.0455 4852 mpsdrv - ok
14:06:28.0595 4852 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
14:06:28.0595 4852 MpsSvc - ok
14:06:28.0673 4852 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
14:06:28.0689 4852 MRxDAV - ok
14:06:28.0923 4852 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
14:06:28.0923 4852 mrxsmb - ok
14:06:29.0032 4852 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
14:06:29.0047 4852 mrxsmb10 - ok
14:06:29.0157 4852 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
14:06:29.0157 4852 mrxsmb20 - ok
14:06:29.0266 4852 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
14:06:29.0266 4852 msahci - ok
14:06:29.0359 4852 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
14:06:29.0375 4852 msdsm - ok
14:06:29.0453 4852 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
14:06:29.0469 4852 MSDTC - ok
14:06:29.0687 4852 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
14:06:29.0687 4852 Msfs - ok
14:06:29.0827 4852 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
14:06:29.0827 4852 mshidkmdf - ok
14:06:29.0921 4852 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
14:06:29.0921 4852 msisadrv - ok
14:06:30.0171 4852 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
14:06:30.0171 4852 MSiSCSI - ok
14:06:30.0217 4852 msiserver - ok
14:06:30.0389 4852 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
14:06:30.0389 4852 MSKSSRV - ok
14:06:30.0483 4852 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
14:06:30.0498 4852 MSPCLOCK - ok
14:06:30.0623 4852 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
14:06:30.0623 4852 MSPQM - ok
14:06:30.0732 4852 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
14:06:30.0748 4852 MsRPC - ok
14:06:30.0919 4852 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
14:06:30.0919 4852 mssmbios - ok
14:06:31.0044 4852 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
14:06:31.0044 4852 MSTEE - ok
14:06:31.0153 4852 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
14:06:31.0153 4852 MTConfig - ok
14:06:31.0294 4852 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
14:06:31.0294 4852 Mup - ok
14:06:31.0403 4852 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
14:06:31.0419 4852 napagent - ok
14:06:31.0512 4852 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
14:06:31.0528 4852 NativeWifiP - ok
14:06:31.0762 4852 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
14:06:31.0762 4852 NDIS - ok
14:06:31.0855 4852 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
14:06:31.0871 4852 NdisCap - ok
14:06:31.0980 4852 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
14:06:31.0980 4852 NdisTapi - ok
14:06:32.0074 4852 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
14:06:32.0074 4852 Ndisuio - ok
14:06:32.0261 4852 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
14:06:32.0261 4852 NdisWan - ok
14:06:32.0355 4852 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
14:06:32.0355 4852 NDProxy - ok
14:06:32.0464 4852 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
14:06:32.0479 4852 NetBIOS - ok
14:06:32.0604 4852 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
14:06:32.0604 4852 NetBT - ok
14:06:32.0838 4852 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
14:06:32.0838 4852 Netlogon - ok
14:06:32.0932 4852 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
14:06:32.0932 4852 Netman - ok
14:06:33.0041 4852 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
14:06:33.0057 4852 netprofm - ok
14:06:33.0150 4852 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:06:33.0166 4852 NetTcpPortSharing - ok
14:06:33.0462 4852 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\windows\system32\DRIVERS\NETwNs64.sys
14:06:33.0587 4852 NETwNs64 - ok
14:06:33.0681 4852 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
14:06:33.0696 4852 nfrd960 - ok
14:06:33.0852 4852 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
14:06:33.0868 4852 NlaSvc - ok
14:06:33.0961 4852 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
14:06:33.0961 4852 Npfs - ok
14:06:34.0071 4852 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
14:06:34.0071 4852 nsi - ok

da **peolex4** » sab apr 21, 2012 1:30 pm

seconda parte del terzo report

14:06:34.0258 4852 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
14:06:34.0258 4852 nsiproxy - ok
14:06:34.0414 4852 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
14:06:34.0429 4852 Ntfs - ok
14:06:34.0507 4852 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
14:06:34.0507 4852 Null - ok
14:06:34.0866 4852 nvlddmkm (fbe6ac1c3591cb67543fad15abd26bcb) C:\windows\system32\DRIVERS\nvlddmkm.sys
14:06:34.0929 4852 nvlddmkm - ok
14:06:35.0022 4852 nvpciflt (680c5baf7d0190b1485068fc4ba75f1c) C:\windows\system32\DRIVERS\nvpciflt.sys
14:06:35.0022 4852 nvpciflt - ok
14:06:35.0163 4852 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
14:06:35.0178 4852 nvraid - ok
14:06:35.0272 4852 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
14:06:35.0287 4852 nvstor - ok
14:06:35.0412 4852 NVSvc (147b0d17255fd796f990cc6f745605c5) C:\windows\system32\nvvsvc.exe
14:06:35.0428 4852 NVSvc - ok
14:06:35.0506 4852 nvUpdatusService (812bf9531c827e1d8029843cddb2b5d6) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
14:06:35.0521 4852 nvUpdatusService - ok
14:06:35.0709 4852 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
14:06:35.0709 4852 nv_agp - ok
14:06:35.0818 4852 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:06:35.0818 4852 odserv - ok
14:06:35.0989 4852 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
14:06:35.0989 4852 ohci1394 - ok
14:06:36.0083 4852 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:06:36.0083 4852 ose - ok
14:06:36.0192 4852 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
14:06:36.0208 4852 p2pimsvc - ok
14:06:36.0301 4852 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
14:06:36.0317 4852 p2psvc - ok
14:06:36.0520 4852 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
14:06:36.0520 4852 Parport - ok
14:06:36.0598 4852 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
14:06:36.0613 4852 partmgr - ok
14:06:36.0769 4852 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
14:06:36.0769 4852 PcaSvc - ok
14:06:36.0863 4852 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
14:06:36.0863 4852 pci - ok
14:06:36.0988 4852 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
14:06:37.0003 4852 pciide - ok
14:06:37.0113 4852 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
14:06:37.0113 4852 pcmcia - ok
14:06:37.0222 4852 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
14:06:37.0222 4852 pcw - ok
14:06:37.0347 4852 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
14:06:37.0362 4852 PEAUTH - ok
14:06:37.0440 4852 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
14:06:37.0440 4852 PerfHost - ok
14:06:37.0705 4852 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
14:06:37.0721 4852 pla - ok
14:06:37.0830 4852 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
14:06:37.0830 4852 PlugPlay - ok
14:06:37.0908 4852 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
14:06:37.0908 4852 PNRPAutoReg - ok
14:06:38.0033 4852 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
14:06:38.0033 4852 PNRPsvc - ok
14:06:38.0142 4852 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
14:06:38.0158 4852 PolicyAgent - ok
14:06:38.0236 4852 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
14:06:38.0251 4852 Power - ok
14:06:38.0329 4852 PowerOffer Service (f10c0207890534e92c49f0279f97522d) C:\Users\Paolo\AppData\Local\PosService\Pos.exe
14:06:38.0329 4852 PowerOffer Service - ok
14:06:38.0423 4852 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
14:06:38.0423 4852 PptpMiniport - ok
14:06:38.0532 4852 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
14:06:38.0548 4852 Processor - ok
14:06:38.0719 4852 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
14:06:38.0735 4852 ProfSvc - ok
14:06:38.0907 4852 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
14:06:38.0907 4852 ProtectedStorage - ok
14:06:39.0016 4852 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
14:06:39.0016 4852 Psched - ok
14:06:39.0172 4852 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
14:06:39.0187 4852 ql2300 - ok
14:06:39.0281 4852 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
14:06:39.0281 4852 ql40xx - ok
14:06:39.0406 4852 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
14:06:39.0406 4852 QWAVE - ok
14:06:39.0499 4852 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
14:06:39.0499 4852 QWAVEdrv - ok
14:06:39.0702 4852 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
14:06:39.0702 4852 RasAcd - ok
14:06:39.0780 4852 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
14:06:39.0796 4852 RasAgileVpn - ok
14:06:39.0889 4852 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
14:06:39.0905 4852 RasAuto - ok
14:06:39.0983 4852 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
14:06:39.0999 4852 Rasl2tp - ok
14:06:40.0108 4852 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
14:06:40.0108 4852 RasMan - ok
14:06:40.0233 4852 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
14:06:40.0233 4852 RasPppoe - ok
14:06:40.0326 4852 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
14:06:40.0326 4852 RasSstp - ok
14:06:40.0451 4852 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
14:06:40.0451 4852 rdbss - ok
14:06:40.0545 4852 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
14:06:40.0545 4852 rdpbus - ok
14:06:40.0654 4852 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
14:06:40.0654 4852 RDPCDD - ok
14:06:40.0841 4852 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
14:06:40.0841 4852 RDPENCDD - ok
14:06:41.0028 4852 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
14:06:41.0028 4852 RDPREFMP - ok
14:06:41.0122 4852 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
14:06:41.0122 4852 RDPWD - ok
14:06:41.0231 4852 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
14:06:41.0247 4852 rdyboost - ok
14:06:41.0356 4852 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
14:06:41.0356 4852 RemoteAccess - ok
14:06:41.0559 4852 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
14:06:41.0559 4852 RemoteRegistry - ok
14:06:41.0668 4852 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
14:06:41.0668 4852 RFCOMM - ok
14:06:41.0793 4852 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
14:06:41.0793 4852 RichVideo - ok
14:06:41.0871 4852 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
14:06:41.0871 4852 RpcEptMapper - ok
14:06:41.0980 4852 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
14:06:41.0980 4852 RpcLocator - ok
14:06:42.0089 4852 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
14:06:42.0105 4852 RpcSs - ok
14:06:42.0214 4852 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
14:06:42.0214 4852 rspndr - ok
14:06:42.0354 4852 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\windows\system32\DRIVERS\Rt64win7.sys
14:06:42.0354 4852 RTL8167 - ok
14:06:42.0463 4852 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys
14:06:42.0463 4852 rtport - ok
14:06:42.0682 4852 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
14:06:42.0682 4852 SABI - ok
14:06:42.0760 4852 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
14:06:42.0760 4852 SamSs - ok
14:06:42.0900 4852 Samsung UPD Service (d641337b75b9a9d5ae10687aa1097755) C:\windows\System32\SUPDSvc.exe
14:06:42.0900 4852 Samsung UPD Service - ok
14:06:42.0994 4852 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
14:06:42.0994 4852 sbp2port - ok
14:06:43.0119 4852 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
14:06:43.0119 4852 SCardSvr - ok
14:06:43.0212 4852 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
14:06:43.0212 4852 scfilter - ok
14:06:43.0321 4852 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
14:06:43.0337 4852 Schedule - ok
14:06:43.0462 4852 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
14:06:43.0462 4852 SCPolicySvc - ok
14:06:43.0571 4852 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
14:06:43.0587 4852 SDRSVC - ok
14:06:43.0680 4852 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
14:06:43.0680 4852 secdrv - ok
14:06:43.0774 4852 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
14:06:43.0774 4852 seclogon - ok
14:06:43.0992 4852 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
14:06:43.0992 4852 SENS - ok
14:06:44.0086 4852 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
14:06:44.0086 4852 SensrSvc - ok
14:06:44.0273 4852 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
14:06:44.0273 4852 Serenum - ok
14:06:44.0382 4852 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
14:06:44.0382 4852 Serial - ok
14:06:44.0507 4852 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
14:06:44.0507 4852 sermouse - ok
14:06:44.0616 4852 ServUpdater (cbc75f00c322fd53d096a104619dedba) C:\Users\Paolo\AppData\Local\ServUpdater\ServiceUpd.exe
14:06:44.0616 4852 ServUpdater - ok
14:06:44.0819 4852 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
14:06:44.0835 4852 SessionEnv - ok
14:06:44.0913 4852 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
14:06:44.0913 4852 sffdisk - ok
14:06:45.0022 4852 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
14:06:45.0022 4852 sffp_mmc - ok
14:06:45.0131 4852 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
14:06:45.0147 4852 sffp_sd - ok
14:06:45.0256 4852 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
14:06:45.0256 4852 sfloppy - ok
14:06:45.0381 4852 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
14:06:45.0381 4852 SharedAccess - ok
14:06:45.0474 4852 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
14:06:45.0490 4852 ShellHWDetection - ok
14:06:45.0724 4852 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
14:06:45.0724 4852 SiSRaid2 - ok
14:06:45.0833 4852 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
14:06:45.0833 4852 SiSRaid4 - ok
14:06:45.0989 4852 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
14:06:45.0989 4852 Smb - ok
14:06:46.0098 4852 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
14:06:46.0098 4852 SNMPTRAP - ok
14:06:46.0270 4852 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
14:06:46.0270 4852 spldr - ok
14:06:46.0348 4852 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
14:06:46.0363 4852 Spooler - ok
14:06:46.0613 4852 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
14:06:46.0675 4852 sppsvc - ok
14:06:46.0785 4852 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
14:06:46.0785 4852 sppuinotify - ok
14:06:46.0894 4852 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
14:06:46.0894 4852 srv - ok
14:06:47.0003 4852 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
14:06:47.0003 4852 srv2 - ok
14:06:47.0128 4852 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
14:06:47.0128 4852 srvnet - ok
14:06:47.0221 4852 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
14:06:47.0237 4852 SSDPSRV - ok
14:06:47.0346 4852 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
14:06:47.0346 4852 SstpSvc - ok
14:06:47.0471 4852 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
14:06:47.0471 4852 stexstor - ok
14:06:47.0596 4852 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
14:06:47.0596 4852 StillCam - ok
14:06:47.0705 4852 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
14:06:47.0721 4852 stisvc - ok
14:06:47.0861 4852 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
14:06:47.0861 4852 swenum - ok
14:06:47.0923 4852 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
14:06:47.0939 4852 swprv - ok
14:06:48.0064 4852 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
14:06:48.0079 4852 SysMain - ok
14:06:48.0173 4852 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
14:06:48.0189 4852 TabletInputService - ok
14:06:48.0282 4852 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
14:06:48.0298 4852 TapiSrv - ok
14:06:48.0423 4852 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
14:06:48.0423 4852 TBS - ok
14:06:48.0563 4852 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
14:06:48.0579 4852 Tcpip - ok
14:06:48.0750 4852 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
14:06:48.0766 4852 TCPIP6 - ok
14:06:48.0859 4852 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
14:06:48.0859 4852 tcpipreg - ok
14:06:48.0969 4852 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
14:06:48.0969 4852 TDPIPE - ok
14:06:49.0093 4852 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
14:06:49.0093 4852 TDTCP - ok
14:06:49.0203 4852 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
14:06:49.0203 4852 tdx - ok
14:06:49.0327 4852 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
14:06:49.0327 4852 TermDD - ok
14:06:49.0452 4852 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
14:06:49.0468 4852 TermService - ok
14:06:49.0530 4852 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
14:06:49.0530 4852 Themes - ok
14:06:49.0624 4852 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
14:06:49.0624 4852 THREADORDER - ok
14:06:49.0749 4852 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
14:06:49.0749 4852 TrkWks - ok
14:06:49.0811 4852 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
14:06:49.0811 4852 TrustedInstaller - ok
14:06:49.0920 4852 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
14:06:49.0920 4852 tssecsrv - ok
14:06:50.0045 4852 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
14:06:50.0045 4852 TsUsbFlt - ok
14:06:50.0139 4852 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
14:06:50.0139 4852 TsUsbGD - ok
14:06:50.0279 4852 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
14:06:50.0279 4852 tunnel - ok
14:06:50.0435 4852 TurboB (48743b69ea47c020a792d8649f753f44) C:\windows\system32\DRIVERS\TurboB.sys
14:06:50.0435 4852 TurboB - ok
14:06:50.0575 4852 TurboBoost (759f59e3ea3802ff23f93dcdb6fe9171) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
14:06:50.0575 4852 TurboBoost - ok
14:06:50.0653 4852 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
14:06:50.0669 4852 uagp35 - ok
14:06:50.0794 4852 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
14:06:50.0809 4852 udfs - ok
14:06:50.0903 4852 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
14:06:50.0903 4852 UI0Detect - ok
14:06:51.0137 4852 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
14:06:51.0137 4852 uliagpkx - ok
14:06:51.0215 4852 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
14:06:51.0215 4852 umbus - ok
14:06:51.0355 4852 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
14:06:51.0355 4852 UmPass - ok
14:06:51.0480 4852 UNS (db641944f7e4b14c13c3fefc89843f69) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:06:51.0496 4852 UNS - ok
14:06:51.0652 4852 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
14:06:51.0652 4852 upnphost - ok
14:06:51.0745 4852 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
14:06:51.0745 4852 USBAAPL64 - ok
14:06:51.0870 4852 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
14:06:51.0886 4852 usbccgp - ok
14:06:51.0995 4852 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
14:06:51.0995 4852 usbcir - ok
14:06:52.0120 4852 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
14:06:52.0120 4852 usbehci - ok
14:06:52.0260 4852 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
14:06:52.0276 4852 usbhub - ok
14:06:52.0385 4852 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
14:06:52.0385 4852 usbohci - ok
14:06:52.0479 4852 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
14:06:52.0479 4852 usbprint - ok
14:06:52.0603 4852 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
14:06:52.0603 4852 USBSTOR - ok
14:06:52.0775 4852 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
14:06:52.0775 4852 usbuhci - ok
14:06:52.0869 4852 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
14:06:52.0869 4852 usbvideo - ok
14:06:52.0962 4852 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
14:06:52.0962 4852 UxSms - ok
14:06:53.0087 4852 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
14:06:53.0087 4852 VaultSvc - ok
14:06:53.0196 4852 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
14:06:53.0196 4852 vdrvroot - ok
14:06:53.0290 4852 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
14:06:53.0305 4852 vds - ok
14:06:53.0383 4852 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
14:06:53.0399 4852 vga - ok
14:06:53.0508 4852 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
14:06:53.0508 4852 VgaSave - ok
14:06:53.0633 4852 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
14:06:53.0649 4852 vhdmp - ok
14:06:53.0836 4852 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
14:06:53.0836 4852 viaide - ok
14:06:53.0929 4852 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
14:06:53.0929 4852 volmgr - ok
14:06:54.0054 4852 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
14:06:54.0054 4852 volmgrx - ok
14:06:54.0195 4852 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
14:06:54.0195 4852 volsnap - ok
14:06:54.0304 4852 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
14:06:54.0304 4852 vsmraid - ok
14:06:54.0413 4852 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
14:06:54.0429 4852 VSS - ok
14:06:54.0616 4852 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
14:06:54.0616 4852 vwifibus - ok
14:06:54.0694 4852 vwififlt (13a0decd1794de60a8427862c8669d27) C:\windows\system32\DRIVERS\vwififlt.sys
14:06:54.0694 4852 vwififlt - ok
14:06:54.0834 4852 vwifimp (49003b357d101cdc474937437ecf5abc) C:\windows\system32\DRIVERS\vwifimp.sys
14:06:54.0850 4852 vwifimp - ok
14:06:54.0959 4852 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
14:06:54.0975 4852 W32Time - ok
14:06:55.0068 4852 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
14:06:55.0068 4852 WacomPen - ok
14:06:55.0193 4852 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
14:06:55.0193 4852 WANARP - ok
14:06:55.0240 4852 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
14:06:55.0240 4852 Wanarpv6 - ok
14:06:55.0411 4852 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
14:06:55.0427 4852 WatAdminSvc - ok
14:06:55.0521 4852 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
14:06:55.0536 4852 wbengine - ok
14:06:55.0630 4852 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
14:06:55.0645 4852 WbioSrvc - ok
14:06:55.0723 4852 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
14:06:55.0739 4852 wcncsvc - ok
14:06:55.0817 4852 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
14:06:55.0817 4852 WcsPlugInService - ok
14:06:55.0911 4852 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
14:06:55.0911 4852 Wd - ok
14:06:56.0035 4852 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
14:06:56.0051 4852 Wdf01000 - ok
14:06:56.0160 4852 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
14:06:56.0160 4852 WdiServiceHost - ok
14:06:56.0191 4852 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
14:06:56.0191 4852 WdiSystemHost - ok
14:06:56.0269 4852 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
14:06:56.0269 4852 WebClient - ok
14:06:56.0347 4852 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
14:06:56.0363 4852 Wecsvc - ok
14:06:56.0472 4852 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
14:06:56.0472 4852 wercplsupport - ok
14:06:56.0550 4852 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
14:06:56.0550 4852 WerSvc - ok
14:06:56.0769 4852 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
14:06:56.0769 4852 WfpLwf - ok
14:06:56.0847 4852 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
14:06:56.0847 4852 WIMMount - ok
14:06:56.0987 4852 WinDefend - ok
14:06:57.0003 4852 WinHttpAutoProxySvc - ok
14:06:57.0112 4852 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
14:06:57.0112 4852 Winmgmt - ok
14:06:57.0237 4852 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
14:06:57.0252 4852 WinRM - ok
14:06:57.0361 4852 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
14:06:57.0361 4852 WinUsb - ok
14:06:57.0486 4852 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
14:06:57.0502 4852 Wlansvc - ok
14:06:57.0580 4852 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:06:57.0595 4852 wlcrasvc - ok
14:06:57.0720 4852 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:06:57.0720 4852 wlidsvc - ok
14:06:57.0923 4852 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
14:06:57.0923 4852 WmiAcpi - ok
14:06:58.0048 4852 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
14:06:58.0063 4852 wmiApSrv - ok
14:06:58.0126 4852 WMPNetworkSvc - ok
14:06:58.0204 4852 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
14:06:58.0204 4852 WPCSvc - ok
14:06:58.0313 4852 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
14:06:58.0313 4852 WPDBusEnum - ok
14:06:58.0407 4852 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
14:06:58.0407 4852 ws2ifsl - ok
14:06:58.0656 4852 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
14:06:58.0656 4852 wscsvc - ok
14:06:58.0719 4852 WSearch - ok
14:06:58.0875 4852 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
14:06:58.0906 4852 wuauserv - ok
14:06:58.0999 4852 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
14:06:59.0015 4852 WudfPf - ok
14:06:59.0140 4852 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
14:06:59.0140 4852 WUDFRd - ok
14:06:59.0233 4852 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
14:06:59.0249 4852 wudfsvc - ok
14:06:59.0374 4852 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
14:06:59.0374 4852 WwanSvc - ok
14:06:59.0483 4852 xusb21 (9176c0822faa649e45121875be32f5d2) C:\windows\system32\DRIVERS\xusb21.sys
14:06:59.0483 4852 xusb21 - ok
14:06:59.0561 4852 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
14:06:59.0826 4852 \Device\Harddisk0\DR0 - ok
14:06:59.0873 4852 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
14:07:09.0592 4852 \Device\Harddisk1\DR1 - ok
14:07:09.0670 4852 Boot (0x1200) (125a4f5fccfd66a460eb4c345416eb97) \Device\Harddisk0\DR0\Partition0
14:07:09.0670 4852 \Device\Harddisk0\DR0\Partition0 - ok
14:07:09.0763 4852 Boot (0x1200) (ddb98565620b4f5de276a060c3cf3041) \Device\Harddisk0\DR0\Partition1
14:07:09.0763 4852 \Device\Harddisk0\DR0\Partition1 - ok
14:07:09.0795 4852 Boot (0x1200) (725c0d801852022dcc3d3bf097b15fc0) \Device\Harddisk0\DR0\Partition2
14:07:09.0795 4852 \Device\Harddisk0\DR0\Partition2 - ok
14:07:09.0810 4852 Boot (0x1200) (0e92d4f3ab54815375ee247302aa49e3) \Device\Harddisk1\DR1\Partition0
14:07:09.0810 4852 \Device\Harddisk1\DR1\Partition0 - ok
14:07:09.0810 4852 ============================================================
14:07:09.0810 4852 Scan finished
14:07:09.0810 4852 ============================================================
14:07:09.0810 5056 Detected object count: 0
14:07:09.0810 5056 Actual detected object count: 0
14:08:45.0626 0828 Deinitialize success

da **peolex4** » sab apr 21, 2012 1:35 pm

cliccando sul tasto da te gentilmente indicato purtroppo mi passa semplicemente ad un'altra schermata con delle opzioni da spuntare,precisamente 8 con questa situazione di default:
prime tre non spuntate,seconde tre spuntate e ultime due non spuntate,solo che non ci sono altri tasti oltre a quelli in alto quindi niente report [cry]

da **hashcat** » sab apr 21, 2012 1:39 pm

peolex4 ha scritto:cliccando sul tasto da te gentilmente indicato purtroppo mi passa semplicemente ad un'altra schermata con delle opzioni da spuntare,precisamente 8 con questa situazione di default:
prime tre non spuntate,seconde tre spuntate e ultime due non spuntate,solo che non ci sono altri tasti oltre a quelli in alto quindi niente report

Questo per quanto riguarda MBRscan?

Dal log di TDSSKiller emerge che sono presenti due partizioni: oltre alla partizione C un'altra D di pochi mb di dimensione, ti risulta?

da **peolex4** » sab apr 21, 2012 1:43 pm

si scusami,il report che non si produce era riguardo mbrscan,per quanto riguarda il disco fissi,si è partizionato in 2 pero la partizione d a dir la verita è piu grande della c.
c 270 gb,d 400 gb +o-

www.MegaLab.it

[LOG] combofix aiuto per favore :)

[LOG] combofix aiuto per favore :)

Re: [LOG] combofix aiuto per favore :)

Re: [LOG] combofix aiuto per favore :)

Re: [LOG] combofix aiuto per favore :)

Re: [LOG] combofix aiuto per favore :)

Re: [LOG] combofix aiuto per favore :)

R: [LOG] combofix aiuto per favore :)

Re: [LOG] combofix aiuto per favore :)

R: [LOG] combofix aiuto per favore :)

Re: [LOG] combofix aiuto per favore :)

Re: [LOG] combofix aiuto per favore :)

Re: [LOG] combofix aiuto per favore :)

Re: [LOG] combofix aiuto per favore :)

Re: [LOG] combofix aiuto per favore :)

Re: [LOG] combofix aiuto per favore :)

Re: [LOG] combofix aiuto per favore :)

Re: [LOG] combofix aiuto per favore :)

Re: [LOG] combofix aiuto per favore :)

Re: [LOG] combofix aiuto per favore :)

Re: [LOG] combofix aiuto per favore :)

Chi c’è in linea