Accedi per seguire   
Seguaci 0
shampo

Il Pc Fa Fatica Ad Accendersi E Spengersi

Iniziato da shampo,

40 messaggi in questa discussione

Inviato

ciao,ho un pc fisso con installato windows 7, da poco tempo quando lo accendo non si avvia.le luci sn tutte accese ma la schermata non parte,dopo vari tentativi,accendi spegni allora a fatica parte,poi quando vado a chiudere si blocca su arresto del sistema,che succede? ho fatto la scansione con spy bot e mi ha trovato

SWETLM

WIN 32 ZURFACE BHO

li correggo e la volta dopo li ritrovo

allego il mio log

grazie

hijackthis.log

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao Shampo

Segui questi passi

OTL by Oldtimer

  • Scarica OTL sul desktop.
  • Fare doppio clic sull'icona per eseguirlo. Assicurarsi che tutte le finestre siano chiuse per farlo funzionare senza interruzioni.
  • Quando appare la schermata, portarsi in alto, sotto la voce Output modificare in minimal output.
  • Seleziona le caselle accanto a LOP e Purity Check.
  • Sotto, in Custom Scans/Fixes incolla questo script

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

explorer.exe

winlogon.exe

Userinit.exe

svchost.exe

services.exe

/md5stop

%systemroot%\*. /rp /s

%systemdrive%\$Recycle.Bin|@;true;true;true /fp

DRIVES

CREATERESTOREPOINT

  • Fare clic sul pulsante Run Scan. Non modificare le impostazioni se non diversamente detto di farlo. La scansione Durerà un po' di minuti, abbi pazienza.
  • Al termine della scansione, si apriranno due file di testo. OTL.Txt e Extras.Txt. Questi vengono salvati nella stessa posizione di OTL.
  • Copia (Edit-> Seleziona tutto, Modifica-> Copia), il contenuto di questi file, uno alla volta, e postali nella risposta successiva.
  • Potrebbero essere necessari due post per adattarli entrambi.

Scarica aswMBR.exe e salvalo sul tuo desktop.

  • Doppio click sua swMBR.exe per avviare il tool. (Vista/Windows 7 - click destro, Esegui come amministratore)
  • Click Scan
  • Al termine della scansione clicca su Save log salvalo sul tuo desktop, e postalo nella tua prossima risposta.
  • Attenzione: non eseguire nessun fix.
  • Noterete anche un altro file creato sul desktop denominatoMBR.dat. Tasto destro del mouse al file e selezionare Invia a> file compresso (zip) . Allega anche il file compresso nella tua prossima risposta .

Download Security Check di screen317 da qui.

  • Salvalo sul Desktop
  • Doppio click su Security.exe e seguire le istruzioni all'interno del box nero
  • Un file di Blocco note dovrebbe aprirsi automaticamente chiamato checkup.txt ,.. si prega di inviare il contenuto di tale documento

.

Attenzione non allegare i log, ma copia e incolla il loro contenuto. Potresti aver bisognio di piu' post

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ciao grazie,di avermi risposto,ho seguito con olt quello che mi hai detto,soltanto a fine scansione non mi apre nessun file e sotto viene scritto

manual file scan,getting folder structure,ma dove lo trovo? ora provo con

l altro

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

l unica file è questo,anche l altro mi dice ha smesso di funzionare,ti allego questo,ciao e grazie di nuovo

Results of screen317's Security Check version 0.99.57

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

MVPS Hosts File

Out of date HijackThis installed!

Spybot - Search & Destroy

Malwarebytes Anti-Malware versione 1.70.0.1100

HijackThis 2.0.2

JavaFX 2.1.1

Java 7 Update 7

Java version out of Date!

Adobe Reader XI

Google Chrome 24.0.1312.57

````````Process Check: objlist.exe by Laurent````````

Spybot Teatimer.exe is disabled!

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 4%

````````````````````End of Log``````````````````````

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao Shampo

OTL.txt e Extras.txt li trovi nella stessa directory di OTL, ossia dove hai salvato il programma

Scarica TDSSKiller.zip ed estrailo sul desktop.

  • Doppio click suTDSSKiller.exe per lanciarlo.
  • Se si usa Vista o Windows7, quando richiesto da UAC consentire la richiesta.

  • Click su Start Scan
  • La scansione verrà avviata.
  • Quando la scansione sarà terminata, se è stata trovata qualcosa, cliccare sul menu a tendina accanto aCure e selezionare Skip
  • Ora cliccare suReport per aprire il file di log creato da TDSSKiller in C:\
  • Postare il contenuto nella tua prossima risposta.
  • NON PROVARE A FIXARE NULLA A QUESTO PUNTO

Nella tua prossima risposta voglio

OTL ed Extras.txt

Il log di TDSSKiller

Non allegare nulla, copia/incolla il contenuto dei file di testo

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

riuscita

OTL logfile created on: 07/02/2013 19:21:24 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rosy\Desktop\Nuova cartella (3)

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 61,70% Memory free

8,00 Gb Paging File | 6,33 Gb Available in Paging File | 79,18% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 460,57 Gb Total Space | 297,95 Gb Free Space | 64,69% Space Free | Partition Type: NTFS

Computer Name: ROSY-PC | User Name: rosy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\rosy\Desktop\Nuova cartella (3)\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programmi\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\Users\rosy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (avast! Antivirus) -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (wlidsvc) -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (wlcrasvc) -- C:\Programmi\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (osppsvc) -- C:\Programmi\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)

DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)

DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (PAC207) -- C:\Windows\SysNative\drivers\PFC027.SYS (PixArt Imaging Inc.)

DRV:64bit: - (A5AGU) -- C:\Windows\SysNative\drivers\AGUx64.sys (Atheros Communications, Inc.)

DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com/

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://search.chatzum.com/?q={searchTerms}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it

IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes,DefaultScope = {0388404D-6072-4CEB-B521-8F090FEAEE57}

IE - HKCU\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=IT&install_date=20120603&user_guid=985E3F5A4D644327BD681BEF39B4761B&machine_id=423dba73537c70de0e33a7139f9c55ad&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source}

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110823&tt=120912_cpc_3712_2&babsrc=SP_ss&mntrId=78675a2c000000000000001b1101ebd0

IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.chatzum.com/?q={SearchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/18 10:53:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox

[2012/09/16 13:56:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com

CHR - default_search_provider: Yahoo! Italia (Enabled)

CHR - default_search_provider: search_url = http://it.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}

CHR - default_search_provider: suggest_url = http://it-sayt.ff.search.yahoo.com/gossip-it-sayt?output=fxjson&command={searchTerms}

CHR - homepage: http://www.google.com

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\gcswf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: Fancy Gaming Simplifier = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahcaniaehcjkignnobkmdgacafghkplh\2.0.0.1_0\

CHR - Extension: YouTube = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Ricerca Google = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: avast! WebRep = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Gmail = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

CHR - Extension: Fancy Gaming Simplifier = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahcaniaehcjkignnobkmdgacafghkplh\2.0.0.1_0\

CHR - Extension: YouTube = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Ricerca Google = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: avast! WebRep = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Gmail = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/02/05 12:17:38 | 000,445,399 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 www.123fporn.info

O1 - Hosts: 15295 more lines...

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmi\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found.

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 83.103.25.250

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37CE42BE-D122-4A8E-9CCD-BAB2D224A855}: DhcpNameServer = 62.101.93.101 83.103.25.250

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/07 19:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TimeLineRemove

[2013/02/07 18:51:02 | 000,450,659 | ---- | C] (TimeLineRemove ) -- C:\Users\rosy\Desktop\TimeLineRemove.exe

[2013/02/06 22:39:41 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\rosy\Desktop\aswMBR.exe

[2013/02/06 22:35:48 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\Nuova cartella (3)

[2013/02/05 12:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2013/02/05 12:38:24 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2013/02/05 12:38:23 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2013/02/05 12:37:33 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2013/02/05 12:37:29 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll

[2013/02/05 12:37:13 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs

[2013/02/05 12:37:12 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs

[2013/02/05 12:37:12 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs

[2013/02/05 12:37:12 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs

[2013/02/05 12:37:12 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs

[2013/02/05 12:37:12 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs

[2013/02/05 12:37:11 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs

[2013/02/05 12:37:11 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs

[2013/02/05 12:37:11 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs

[2013/02/05 12:37:11 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs

[2013/02/05 12:37:11 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs

[2013/02/05 12:37:10 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs

[2013/02/05 12:37:10 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs

[2013/02/05 12:37:10 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs

[2013/02/05 12:37:10 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs

[2013/02/05 12:37:10 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs

[2013/02/05 12:37:10 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs

[2013/02/05 12:37:09 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll

[2013/02/05 12:37:09 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs

[2013/02/05 12:37:09 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs

[2013/02/05 12:37:09 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs

[2013/02/05 12:37:08 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll

[2013/02/05 12:37:08 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll

[2013/02/05 12:37:07 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll

[2013/02/05 12:37:00 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs

[2013/02/05 12:36:59 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs

[2013/02/05 12:36:59 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs

[2013/02/05 12:36:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs

[2013/02/05 12:36:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs

[2013/02/05 12:36:58 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs

[2013/02/05 12:36:58 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs

[2013/02/05 12:36:58 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs

[2013/02/05 12:32:48 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2013/02/05 12:32:42 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2013/02/05 12:32:37 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2013/02/05 12:32:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2013/02/05 12:32:36 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2013/02/05 12:32:36 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2013/02/05 12:32:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2013/02/05 12:32:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2013/02/05 12:32:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013/02/05 12:32:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013/02/05 12:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2013/02/05 12:32:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2013/02/05 12:32:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2013/02/05 12:32:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/02/05 12:32:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2013/02/05 12:32:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2013/02/05 12:32:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2013/02/05 12:32:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2013/02/05 12:32:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2013/02/05 12:32:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2013/02/05 12:32:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/02/05 12:32:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/02/05 12:32:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2013/02/05 12:32:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2013/02/05 12:32:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2013/02/05 12:32:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2013/02/05 12:32:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/02/05 12:32:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2013/02/05 12:32:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2013/02/05 12:32:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2013/02/05 12:32:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/02/05 12:32:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/02/05 12:32:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/02/05 12:32:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2013/02/05 12:32:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/02/05 12:32:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2013/02/05 12:32:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2013/02/05 12:32:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2013/02/05 12:32:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2013/02/05 12:32:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2013/02/05 12:32:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/02/05 12:32:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/02/05 12:32:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2013/02/05 12:32:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2013/02/05 12:32:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2013/02/05 12:32:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2013/02/05 12:32:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2013/02/05 12:32:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2013/02/05 12:32:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2013/02/05 12:32:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2013/02/05 12:32:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2013/02/05 12:32:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2013/02/05 12:32:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/02/05 12:32:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2013/02/05 12:32:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2013/02/05 12:32:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2013/02/05 12:32:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2013/02/05 12:32:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2013/02/05 12:32:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2013/02/05 12:32:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2013/02/05 12:32:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2013/02/05 12:32:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/02/05 12:32:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013/02/05 12:32:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013/02/05 12:32:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2013/02/05 12:32:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2013/02/05 12:32:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2013/02/05 12:32:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2013/02/05 12:32:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013/02/05 12:26:20 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe

[2013/02/05 12:26:00 | 000,000,000 | ---D | C] -- C:\Users\rosy\AppData\Local\Apps

[2013/02/05 12:25:57 | 000,000,000 | ---D | C] -- C:\Users\rosy\AppData\Local\Deployment

[2013/02/05 12:12:51 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\Nuova cartella (2)

[2013/01/22 13:56:26 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\2013-01-22

[2013/01/18 22:49:00 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\2013-01-18

[2013/01/18 22:21:05 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\lepanto

[2013/01/17 19:34:29 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\2013-01-17

[2013/01/15 10:34:40 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\2013-01-15

[2013/01/12 19:45:19 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\2013-01-12

[2013/01/10 19:37:06 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\2013-01-10

========== Files - Modified Within 30 Days ==========

[2013/02/07 19:22:42 | 002,195,061 | ---- | M] () -- C:\Users\rosy\Desktop\tdsskiller.zip

[2013/02/07 19:22:01 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/02/07 18:51:09 | 000,000,478 | ---- | M] () -- C:\Users\rosy\AppData\Roaming\mainhst.zgh

[2013/02/07 18:43:14 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/02/07 18:43:14 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/02/07 18:35:47 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/02/07 18:35:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/02/07 18:35:29 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys

[2013/02/07 14:35:01 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/02/07 14:01:16 | 000,490,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/02/06 22:40:58 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\rosy\Desktop\aswMBR.exe

[2013/02/06 22:27:26 | 000,881,914 | ---- | M] () -- C:\Users\rosy\Desktop\SecurityCheck.exe

[2013/02/06 22:01:16 | 001,569,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/02/06 22:01:16 | 000,701,188 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat

[2013/02/06 22:01:16 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/02/06 22:01:16 | 000,128,534 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat

[2013/02/06 22:01:16 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/02/06 20:54:24 | 000,450,659 | ---- | M] (TimeLineRemove ) -- C:\Users\rosy\Desktop\TimeLineRemove.exe

[2013/02/05 14:06:08 | 000,205,892 | ---- | M] () -- C:\Users\rosy\Desktop\902086243.PDF

[2013/02/05 12:39:21 | 000,002,262 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/02/05 12:17:38 | 000,445,399 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/02/05 12:09:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2013/01/08 22:23:38 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/01/08 22:23:38 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013/02/07 19:22:35 | 002,195,061 | ---- | C] () -- C:\Users\rosy\Desktop\tdsskiller.zip

[2013/02/06 22:27:08 | 000,881,914 | ---- | C] () -- C:\Users\rosy\Desktop\SecurityCheck.exe

[2013/02/05 14:05:37 | 000,205,892 | ---- | C] () -- C:\Users\rosy\Desktop\902086243.PDF

[2013/02/05 12:39:21 | 000,002,262 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/01/06 19:37:50 | 000,000,522 | ---- | C] () -- C:\Windows\wininit.ini

[2012/11/11 16:44:02 | 000,000,543 | ---- | C] () -- C:\Windows\EvvivaRG.ini

[2012/11/11 16:43:56 | 000,000,598 | ---- | C] () -- C:\Windows\NEXTRG.INI

[2012/11/11 16:42:39 | 000,000,302 | ---- | C] () -- C:\Windows\FinsonLiveUpdate.ini

[2012/11/11 16:34:06 | 000,000,061 | ---- | C] () -- C:\Windows\FINSON.INI

[2012/09/16 13:15:12 | 000,000,001 | ---- | C] () -- C:\Users\rosy\AppData\Local\llftool.4.25.agreement

[2012/08/03 14:01:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2012/08/01 15:12:56 | 000,000,478 | ---- | C] () -- C:\Users\rosy\AppData\Roaming\mainhst.zgh

[2012/06/11 13:45:21 | 001,568,222 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/06/03 21:21:54 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini

[2012/06/03 20:26:35 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2012/06/03 00:26:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2012/06/27 11:13:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\PhotoSi\MyComposer\{1EDC5705-2662-4044-AA11-B295EBF28ED6}\Data\Products\ShirtRFull\L

[2012/06/27 11:13:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\PhotoSi\MyComposer\{1EDC5705-2662-4044-AA11-B295EBF28ED6}\Data\Products\ShirtVFull\L

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/10 13:59:09 | 000,000,000 | ---D | M] -- C:\Users\rosy\AppData\Roaming\Ashampoo

[2013/01/06 19:18:56 | 000,000,000 | ---D | M] -- C:\Users\rosy\AppData\Roaming\Azureus

[2012/08/31 14:03:44 | 000,000,000 | ---D | M] -- C:\Users\rosy\AppData\Roaming\Canon

[2012/11/11 14:34:19 | 000,000,000 | ---D | M] -- C:\Users\rosy\AppData\Roaming\Convivea

[2012/06/03 22:37:35 | 000,000,000 | ---D | M] -- C:\Users\rosy\AppData\Roaming\eMule AdunanzA

[2012/06/03 20:50:28 | 000,000,000 | ---D | M] -- C:\Users\rosy\AppData\Roaming\OfferBox

[2012/06/20 13:47:05 | 000,000,000 | ---D | M] -- C:\Users\rosy\AppData\Roaming\Opera

[2013/01/06 19:18:56 | 000,000,000 | ---D | M] -- C:\Users\rosy\AppData\Roaming\uTorrent

[2012/08/22 14:03:07 | 000,000,000 | ---D | M] -- C:\Users\rosy\AppData\Roaming\Windows Live Writer

[2012/08/01 15:13:37 | 000,000,000 | ---D | M] -- C:\Users\rosy\AppData\Roaming\ZipGenius

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

OTL Extras logfile created on: 07/02/2013 19:21:24 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rosy\Desktop\Nuova cartella (3)

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 61,70% Memory free

8,00 Gb Paging File | 6,33 Gb Available in Paging File | 79,18% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 460,57 Gb Total Space | 297,95 Gb Free Space | 64,69% Space Free | Partition Type: NTFS

Computer Name: ROSY-PC | User Name: rosy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00987A1D-F2B9-4212-A7EA-7C59E34381D2}" = rport=137 | protocol=17 | dir=out | app=system |

"{11B11611-AB5E-42B2-B018-BBC8F52C04EF}" = lport=137 | protocol=17 | dir=in | app=system |

"{173869AE-F34A-42AA-A5BD-B1F8A5903E14}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{239B79BF-F170-4CDB-A287-C342F55ADFD5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{28510F5B-5700-4BFE-97DB-FD0ADEEE2EC1}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3D22AA8E-6CFE-4DE3-8B4D-C2CE0AE87EC1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{41E58A06-9030-48E2-9FBF-31CF90F5C5A0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{50241922-65E7-43C8-9BE1-99E24878CD56}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{51086DFF-25C3-441C-9DC5-5E040FE4905A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{52D41B75-99CD-4550-80B0-7F4D4496CAAA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{5560FB7A-F7D5-4073-99ED-4F58646D0E07}" = lport=138 | protocol=17 | dir=in | app=system |

"{57B0AED4-2D1D-4532-8E5D-0D3C0C74D7CE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6A3DF1E8-8471-4ED2-98D9-215327426FC1}" = rport=10243 | protocol=6 | dir=out | app=system |

"{8353CF3E-6777-40BE-B7C6-8C1D5CA17AF3}" = rport=139 | protocol=6 | dir=out | app=system |

"{83A7E89A-4433-4DB4-8F69-5F49589D2867}" = rport=138 | protocol=17 | dir=out | app=system |

"{8C106072-18F2-47B9-92A7-E5DA7F9AF661}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{8D4DDC3A-E9D0-4337-8AE4-80CB04BB13BE}" = rport=445 | protocol=6 | dir=out | app=system |

"{B8B1498B-CAD0-44A6-97C5-0F39F1AA0566}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{BFC06245-DD0C-43B2-81BF-51854A118633}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{CCEDC339-CA4B-4F70-AAAE-26F0C5B0A276}" = lport=10243 | protocol=6 | dir=in | app=system |

"{D04F81C3-378C-4FC2-9DE8-612FE4FAA694}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D06CC6E0-9B87-4665-999B-0660202A0C15}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{E5523EE0-9F9D-44A4-B22B-E6BF5DEF70FA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F1F2B72D-9F1E-4F0D-BCF8-96BB6E75ACDC}" = lport=139 | protocol=6 | dir=in | app=system |

"{FA7713DE-94F0-4BAD-8533-BE8E46F528F4}" = lport=445 | protocol=6 | dir=in | app=system |

"{FBB8F19E-587B-463D-8D28-74EBA55A7EC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04CA1146-7E2C-4CCF-B6F3-E6D28C89817A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{107166A5-0D12-49BD-8D41-752909CE1D40}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{178367A2-ABB3-4BD7-9DE0-89AD044354C0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{193E11E3-2850-4B14-A2EE-B4E334A9543E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{19F9B202-0A66-4979-A63E-22C225CABA65}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1EBECBDD-4C49-41FD-AC2C-38A22652FE42}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |

"{232EA409-FEAD-4CC4-89D2-5C74D9D9FC40}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{268688FF-3C02-4FFE-B2BD-487588ABDDBE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{334FB308-84FC-481D-BBEE-C16F951351C9}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\studio.exe |

"{40259BD7-B33D-467B-B4E5-FCA1A98F5702}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{42F03ADC-B2BD-4463-BC70-E8795A62A3D0}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |

"{44D3D219-F7FE-4F25-86C2-13AF95D45620}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{472656CA-995D-4C7C-B87A-04BB2786F0E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{4B5E8424-F391-4BA1-B902-A958CD84A4FB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{55D65A18-A33F-4FDD-BA92-C3AB3815EDDB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{56E1631F-2183-4B40-A703-A60BE73E18C4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{5C94A239-D6CC-41AE-A544-54D91C5934B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{61E4D5CB-9E9A-40D9-B61F-D67EB4930662}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{644B132A-2C2D-4852-934E-880E4A503886}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{65D455DB-B372-473F-A415-02E9F80F1897}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |

"{6692C513-D647-4BE2-BBEC-1EE1C0FBDE16}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |

"{6A010C39-BAD7-486C-B094-B941467D0F87}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{6EAF2337-6FDC-45DA-B89E-3A13A9D4C9D4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{6FF4E6C5-72E9-4E53-BAC9-5B1EE8263D0D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{74DEF11D-0118-47EB-A7D3-D0015FDB082D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |

"{76EF8674-36BC-4FCB-A6A5-945F761C2BF9}" = protocol=6 | dir=out | app=system |

"{79BF850C-03BE-4FE3-8972-FA9BC38CDC43}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{85F1D703-BDDE-41D9-BB81-53844F7A3EDC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{8E9CE987-9CFC-4D13-9C32-3B0D4E02C695}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\umi.exe |

"{96A51768-055B-4B6D-866B-18CDC4D96265}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9AAA2DAB-1697-4FE5-B5FB-FED971EB36C4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{A94E449D-92FA-4C79-BE01-981AD3ED3F1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{ABAF8444-49B7-46BF-A821-092390DE1439}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\rm.exe |

"{B698761C-990B-4A9C-A63F-3FBA74CFF084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{BBECCB51-EC31-41DA-A3B0-362CE2E62122}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{CDED2C8B-4659-4534-AC1A-B851A7195DD4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{CECD6B9A-961F-4EF9-BDA3-0F283EE18682}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |

"{CF8E4E6C-EE06-4658-A261-A7C83A33FA7E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{D511BC8E-7584-4E88-804A-CB37A63E730D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D6151435-FAC1-4D48-AE0D-912CF88B3F55}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\studio.exe |

"{D69E509B-23DC-4CEB-9725-1ACECCD9D000}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D730F676-5F4A-42DB-AB45-796B693C8C3D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{DFDB77F6-2DA8-4701-9BC1-494597C36823}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{E0357592-5A71-4B62-9F67-33E23B8523C9}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\rm.exe |

"{EF3880DA-17FC-445D-BE88-8B5577FC4E0E}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\umi.exe |

"{F1558242-D8BF-49F3-9A38-0FF32892B989}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{F2E76BEC-B9F9-4AA1-9CCD-407DCC304011}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

"{F6A17C7A-0EFF-44AC-8983-A9830E239D4F}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |

"TCP Query User{13E1A081-7F3D-482C-BBDA-84E2C4BB0D83}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |

"TCP Query User{77048C63-3CDD-40DB-B576-F8623CA15E83}C:\program files (x86)\emule adunanza\emule_adnza.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule adunanza\emule_adnza.exe |

"TCP Query User{950AD9B1-371E-4A5F-B52A-DA8548A9DD43}C:\program files (x86)\emule adunanza\emule_adnza.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule adunanza\emule_adnza.exe |

"TCP Query User{B1E41993-2225-4FA5-9D36-C9B2F39A7E89}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

"TCP Query User{E6A1EB7E-EDF5-40F7-B7B6-20354C538551}C:\users\rosy\desktop\utorrent-3.0-latest.x64.exe" = protocol=6 | dir=in | app=c:\users\rosy\desktop\utorrent-3.0-latest.x64.exe |

"TCP Query User{FEBD59D9-BEC6-4FDC-8681-6FF0596758B5}C:\users\rosy\desktop\utorrent-3.0-latest.x64.exe" = protocol=6 | dir=in | app=c:\users\rosy\desktop\utorrent-3.0-latest.x64.exe |

"UDP Query User{1189D3C9-EE2D-44E7-91D4-2D2251899DD8}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

"UDP Query User{1E759DA0-2EEE-4923-84F5-783ADBC9DF55}C:\users\rosy\desktop\utorrent-3.0-latest.x64.exe" = protocol=17 | dir=in | app=c:\users\rosy\desktop\utorrent-3.0-latest.x64.exe |

"UDP Query User{4E90BF9A-1A85-4681-A6C0-A1EBB4B2BB47}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

"UDP Query User{5EDD27D6-E02C-40F8-AB59-7111E31204BF}C:\users\rosy\desktop\utorrent-3.0-latest.x64.exe" = protocol=17 | dir=in | app=c:\users\rosy\desktop\utorrent-3.0-latest.x64.exe |

"UDP Query User{AFE9F1D2-A183-4557-BDEB-76D8176465DE}C:\program files (x86)\emule adunanza\emule_adnza.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule adunanza\emule_adnza.exe |

"UDP Query User{B4D379BB-4C5C-40E0-945E-25CCEB771D2C}C:\program files (x86)\emule adunanza\emule_adnza.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule adunanza\emule_adnza.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack

"{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety

"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources

"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Driver Pinnacle Video

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"8461-7759-5462-8226" = Vuze

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)

"uTorrent" = µTorrent

"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{06925CEE-763F-4F0D-A40E-5FD383886055}" = Alice G-132

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{1362E602-9625-42D3-B57F-CDA9D26F9DA8}" = Pinnacle Studio 15

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7

"{2FEC5714-F642-4258-8336-E596A1494860}" = Messenger Plus! Community Smartbar

"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack

"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5E6EC4DD-7B1F-4E10-82B9-EA1B90791040}" = Nero 8

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Supporto applicazioni Apple

"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger

"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2010

"{90140000-0015-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2010

"{90140000-0016-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2010

"{90140000-0018-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2010

"{90140000-0019-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2010

"{90140000-001A-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2010

"{90140000-001B-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0410-1000-0000000FF1CE}_Office14.PROPLUS_{6664EABC-4985-4C45-925C-6E23AB142266}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2010

"{90140000-002C-0410-0000-0000000FF1CE}_Office14.PROPLUS_{711BC808-AC64-48E2-82B2-6B53BB802142}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2010

"{90140000-0044-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2010

"{90140000-006E-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C9172EE7-BDCA-4E57-9217-4C589947298B}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2010

"{90140000-00A1-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2010

"{90140000-00BA-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources

"{95140000-007A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1040-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Italiano

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections

"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = Trust 100K Series Webcam

"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1" = Bit Che

"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6.3

"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Ashampoo Music Studio 3_is1" = Ashampoo Music Studio 3 3.51

"avast" = avast! Free Antivirus

"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"DivX Setup" = DivX Setup

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"eMule AdunanzA" = AdunanzA

"FormatFactory" = FormatFactory 2.70

"Google Chrome" = Google Chrome

"HijackThis" = HijackThis 2.0.2

"InstallShield_{06925CEE-763F-4F0D-A40E-5FD383886055}" = Alice G-132

"KLiteCodecPack_is1" = K-Lite Codec Pack 8.8.0 (Full)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.70.0.1100

"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0

"MyComposer_is1" = PhotoSì MyComposer 5.0

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"Opera 12.00.1467" = Opera 12.00

"PARLA SUBITO! INGLESE BASE" = PARLA SUBITO! INGLESE BASE

"Picasa 3" = Picasa 3

"Registrazione utente Canon MP270 series" = Registrazione utente Canon MP270 series

"TimeLineRemove_is1" = TimeLineRemove

"VLC media player" = VLC media player 2.0.2

"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 02/02/2013 14:41:58 | Computer Name = rosy-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 02/02/2013 14:41:58 | Computer Name = rosy-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 182927

Error - 02/02/2013 14:41:58 | Computer Name = rosy-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 182927

Error - 03/02/2013 09:02:08 | Computer Name = rosy-PC | Source = Customer Experience Improvement Program | ID = 1008

Description =

Error - 04/02/2013 13:55:48 | Computer Name = rosy-PC | Source = Customer Experience Improvement Program | ID = 1008

Description =

Error - 05/02/2013 07:28:06 | Computer Name = rosy-PC | Source = Application Hang | ID = 1002

Description = Il programma SoftwareUpdate.exe versione 2.1.3.127 non interagisce

più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni

sul problema, verificare la cronologia del problema in Centro operativo nel Pannello

di controllo. ID processo: a44 Ora di avvio: 01ce0392c1f58ed9 Ora di chiusura: 15 Percorso

applicazione: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe ID

segnalazione: 0df4e17e-6f87-11e2-951a-0026185abb47

Error - 06/02/2013 17:10:25 | Computer Name = rosy-PC | Source = Application Hang | ID = 1002

Description = Il programma OTL.exe versione 3.2.69.0 non interagisce più con Windows

ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema,

verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID

processo: ec4 Ora di avvio: 01ce04ad95dda010 Ora di chiusura: 0 Percorso applicazione:

C:\Users\rosy\Desktop\OTL.exe ID segnalazione: 8c28f2ae-70a1-11e2-8c1f-0026185abb47

Error - 06/02/2013 17:25:32 | Computer Name = rosy-PC | Source = Application Hang | ID = 1002

Description = Il programma OTL.exe versione 3.2.69.0 non interagisce più con Windows

ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema,

verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID

processo: 9ac Ora di avvio: 01ce04ae6639cf06 Ora di chiusura: 6 Percorso applicazione:

C:\Users\rosy\Desktop\OTL.exe ID segnalazione:

Error - 06/02/2013 17:44:10 | Computer Name = rosy-PC | Source = Customer Experience Improvement Program | ID = 1008

Description =

Error - 06/02/2013 17:44:36 | Computer Name = rosy-PC | Source = Application Error | ID = 1000

Description = Nome dell'applicazione che ha generato l'errore: aswMBR.exe, versione:

0.9.9.1707, timestamp: 0x509be8bf Nome del modulo che ha generato l'errore: ntdll.dll,

versione: 6.1.7601.17725, timestamp: 0x4ec49b8f Codice eccezione: 0xc0000005 Offset

errore 0x0002e3be ID processo che ha generato l'errore: 0xe08 Ora di avvio dell'applicazione

che ha generato l'errore: 0x01ce04b2ca5664d1 Percorso dell'applicazione che ha generato

l'errore: C:\Users\rosy\Desktop\aswMBR.exe Percorso del modulo che ha generato l'errore:

C:\Windows\SysWOW64\ntdll.dll ID segnalazione: 664e526b-70a6-11e2-8c1f-0026185abb47

Error - 07/02/2013 09:56:29 | Computer Name = rosy-PC | Source = Customer Experience Improvement Program | ID = 1008

Description =

[ System Events ]

Error - 20/11/2012 07:10:23 | Computer Name = rosy-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

Error - 20/11/2012 07:10:23 | Computer Name = rosy-PC | Source = atikmdag | ID = 43029

Description = Display is not active

Error - 20/11/2012 15:38:14 | Computer Name = rosy-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

Error - 20/11/2012 15:38:14 | Computer Name = rosy-PC | Source = atikmdag | ID = 43029

Description = Display is not active

Error - 20/11/2012 15:38:30 | Computer Name = rosy-PC | Source = Disk | ID = 262155

Description = Il driver ha rilevato un errore del controller su \Device\Harddisk1\DR1.

Error - 20/11/2012 15:38:30 | Computer Name = rosy-PC | Source = Disk | ID = 262155

Description = Il driver ha rilevato un errore del controller su \Device\Harddisk1\DR1.

Error - 21/11/2012 08:44:17 | Computer Name = rosy-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

Error - 21/11/2012 08:44:17 | Computer Name = rosy-PC | Source = atikmdag | ID = 43029

Description = Display is not active

Error - 21/11/2012 12:38:49 | Computer Name = rosy-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

Error - 21/11/2012 12:38:49 | Computer Name = rosy-PC | Source = atikmdag | ID = 43029

Description = Display is not active

< End of report >

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

kaspersky,mi fa la scansione apro report lo evidenzio,ma nn mi apre per copiarlo e incollarlo

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

kaspersky,mi fa la scansione apro report lo evidenzio,ma nn mi apre per copiarlo e incollarlo

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao Shampo

Evidenzia il testo, fai CTRL C per copiare poi nel tuo post fai CTRL V per incollare.

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ciao,grazie della tua pazienza ecco il reporter

21:47:15.0857 1868 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

21:47:16.0158 1868 ============================================================

21:47:16.0158 1868 Current date / time: 2013/02/08 21:47:16.0158

21:47:16.0158 1868 SystemInfo:

21:47:16.0158 1868

21:47:16.0158 1868 OS Version: 6.1.7601 ServicePack: 1.0

21:47:16.0158 1868 Product type: Workstation

21:47:16.0158 1868 ComputerName: ROSY-PC

21:47:16.0158 1868 UserName: rosy

21:47:16.0158 1868 Windows directory: C:\Windows

21:47:16.0158 1868 System windows directory: C:\Windows

21:47:16.0158 1868 Running under WOW64

21:47:16.0158 1868 Processor architecture: Intel x64

21:47:16.0158 1868 Number of processors: 2

21:47:16.0158 1868 Page size: 0x1000

21:47:16.0158 1868 Boot type: Normal boot

21:47:16.0158 1868 ============================================================

21:47:17.0419 1868 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:47:17.0426 1868 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

21:47:17.0428 1868 ============================================================

21:47:17.0428 1868 \Device\Harddisk0\DR0:

21:47:17.0428 1868 MBR partitions:

21:47:17.0428 1868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x98F67, BlocksNum 0x399257DC

21:47:17.0428 1868 \Device\Harddisk1\DR1:

21:47:17.0429 1868 MBR partitions:

21:47:17.0429 1868 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x12A18A82

21:47:17.0429 1868 ============================================================

21:47:17.0481 1868 C: <-> \Device\Harddisk0\DR0\Partition1

21:47:17.0481 1868 E: <-> \Device\Harddisk1\DR1\Partition1

21:47:17.0481 1868 ============================================================

21:47:17.0481 1868 Initialize success

21:47:17.0481 1868 ============================================================

21:47:19.0046 2184 ============================================================

21:47:19.0046 2184 Scan started

21:47:19.0046 2184 Mode: Manual;

21:47:19.0046 2184 ============================================================

21:47:19.0896 2184 ================ Scan system memory ========================

21:47:19.0896 2184 System memory - ok

21:47:19.0896 2184 ================ Scan services =============================

21:47:20.0029 2184 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

21:47:20.0031 2184 1394ohci - ok

21:47:20.0097 2184 [ 6C342CE58E8F4A847E407833D6536CE3 ] A5AGU C:\Windows\system32\DRIVERS\AGUx64.sys

21:47:20.0109 2184 A5AGU - ok

21:47:20.0141 2184 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

21:47:20.0145 2184 ACPI - ok

21:47:20.0167 2184 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

21:47:20.0168 2184 AcpiPmi - ok

21:47:20.0260 2184 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

21:47:20.0261 2184 AdobeARMservice - ok

21:47:20.0456 2184 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

21:47:20.0461 2184 AdobeFlashPlayerUpdateSvc - ok

21:47:20.0504 2184 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

21:47:20.0509 2184 adp94xx - ok

21:47:20.0534 2184 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

21:47:20.0537 2184 adpahci - ok

21:47:20.0551 2184 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

21:47:20.0554 2184 adpu320 - ok

21:47:20.0590 2184 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

21:47:20.0591 2184 AeLookupSvc - ok

21:47:20.0633 2184 [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc C:\Windows\syswow64\drivers\Afc.sys

21:47:20.0634 2184 Afc - ok

21:47:20.0686 2184 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

21:47:20.0692 2184 AFD - ok

21:47:20.0724 2184 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

21:47:20.0725 2184 agp440 - ok

21:47:20.0747 2184 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

21:47:20.0749 2184 ALG - ok

21:47:20.0769 2184 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

21:47:20.0770 2184 aliide - ok

21:47:20.0808 2184 [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

21:47:20.0811 2184 AMD External Events Utility - ok

21:47:20.0828 2184 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

21:47:20.0830 2184 amdide - ok

21:47:20.0857 2184 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

21:47:20.0859 2184 AmdK8 - ok

21:47:20.0877 2184 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

21:47:20.0879 2184 AmdPPM - ok

21:47:20.0900 2184 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

21:47:20.0903 2184 amdsata - ok

21:47:20.0929 2184 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

21:47:20.0932 2184 amdsbs - ok

21:47:20.0953 2184 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

21:47:20.0954 2184 amdxata - ok

21:47:21.0001 2184 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

21:47:21.0002 2184 AppID - ok

21:47:21.0022 2184 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

21:47:21.0023 2184 AppIDSvc - ok

21:47:21.0056 2184 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

21:47:21.0057 2184 Appinfo - ok

21:47:21.0117 2184 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

21:47:21.0119 2184 Apple Mobile Device - ok

21:47:21.0140 2184 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

21:47:21.0141 2184 arc - ok

21:47:21.0148 2184 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

21:47:21.0149 2184 arcsas - ok

21:47:21.0219 2184 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys

21:47:21.0219 2184 aswFsBlk - ok

21:47:21.0250 2184 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys

21:47:21.0251 2184 aswMonFlt - ok

21:47:21.0259 2184 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys

21:47:21.0260 2184 aswRdr - ok

21:47:21.0280 2184 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys

21:47:21.0285 2184 aswSnx - ok

21:47:21.0300 2184 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys

21:47:21.0302 2184 aswSP - ok

21:47:21.0328 2184 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys

21:47:21.0329 2184 aswTdi - ok

21:47:21.0358 2184 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

21:47:21.0359 2184 AsyncMac - ok

21:47:21.0391 2184 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

21:47:21.0391 2184 atapi - ok

21:47:21.0520 2184 [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

21:47:21.0598 2184 atikmdag - ok

21:47:21.0635 2184 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

21:47:21.0639 2184 AudioEndpointBuilder - ok

21:47:21.0650 2184 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

21:47:21.0653 2184 AudioSrv - ok

21:47:21.0738 2184 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

21:47:21.0740 2184 avast! Antivirus - ok

21:47:21.0794 2184 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

21:47:21.0797 2184 AxInstSV - ok

21:47:21.0817 2184 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

21:47:21.0822 2184 b06bdrv - ok

21:47:21.0863 2184 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

21:47:21.0867 2184 b57nd60a - ok

21:47:21.0897 2184 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

21:47:21.0899 2184 BDESVC - ok

21:47:21.0915 2184 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

21:47:21.0916 2184 Beep - ok

21:47:21.0972 2184 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

21:47:21.0981 2184 BFE - ok

21:47:22.0022 2184 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

21:47:22.0037 2184 BITS - ok

21:47:22.0051 2184 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

21:47:22.0053 2184 blbdrive - ok

21:47:22.0127 2184 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

21:47:22.0129 2184 Bonjour Service - ok

21:47:22.0175 2184 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

21:47:22.0177 2184 bowser - ok

21:47:22.0203 2184 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

21:47:22.0204 2184 BrFiltLo - ok

21:47:22.0216 2184 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

21:47:22.0217 2184 BrFiltUp - ok

21:47:22.0249 2184 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

21:47:22.0250 2184 Browser - ok

21:47:22.0266 2184 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

21:47:22.0270 2184 Brserid - ok

21:47:22.0279 2184 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

21:47:22.0280 2184 BrSerWdm - ok

21:47:22.0303 2184 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

21:47:22.0305 2184 BrUsbMdm - ok

21:47:22.0309 2184 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

21:47:22.0310 2184 BrUsbSer - ok

21:47:22.0316 2184 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

21:47:22.0318 2184 BTHMODEM - ok

21:47:22.0352 2184 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

21:47:22.0353 2184 bthserv - ok

21:47:22.0369 2184 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

21:47:22.0371 2184 cdfs - ok

21:47:22.0399 2184 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

21:47:22.0401 2184 cdrom - ok

21:47:22.0434 2184 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

21:47:22.0436 2184 CertPropSvc - ok

21:47:22.0452 2184 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

21:47:22.0453 2184 circlass - ok

21:47:22.0484 2184 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

21:47:22.0488 2184 CLFS - ok

21:47:22.0554 2184 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:47:22.0555 2184 clr_optimization_v2.0.50727_32 - ok

21:47:22.0595 2184 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

21:47:22.0597 2184 clr_optimization_v2.0.50727_64 - ok

21:47:22.0672 2184 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:47:22.0674 2184 clr_optimization_v4.0.30319_32 - ok

21:47:22.0697 2184 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

21:47:22.0699 2184 clr_optimization_v4.0.30319_64 - ok

21:47:22.0713 2184 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

21:47:22.0714 2184 CmBatt - ok

21:47:22.0751 2184 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

21:47:22.0752 2184 cmdide - ok

21:47:22.0781 2184 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

21:47:22.0786 2184 CNG - ok

21:47:22.0802 2184 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

21:47:22.0803 2184 Compbatt - ok

21:47:22.0816 2184 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

21:47:22.0818 2184 CompositeBus - ok

21:47:22.0822 2184 COMSysApp - ok

21:47:22.0839 2184 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

21:47:22.0840 2184 crcdisk - ok

21:47:22.0887 2184 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

21:47:22.0890 2184 CryptSvc - ok

21:47:22.0925 2184 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

21:47:22.0929 2184 DcomLaunch - ok

21:47:22.0965 2184 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

21:47:22.0969 2184 defragsvc - ok

21:47:22.0997 2184 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

21:47:22.0999 2184 DfsC - ok

21:47:23.0045 2184 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

21:47:23.0049 2184 Dhcp - ok

21:47:23.0068 2184 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

21:47:23.0069 2184 discache - ok

21:47:23.0079 2184 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

21:47:23.0080 2184 Disk - ok

21:47:23.0114 2184 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

21:47:23.0117 2184 Dnscache - ok

21:47:23.0143 2184 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

21:47:23.0147 2184 dot3svc - ok

21:47:23.0177 2184 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

21:47:23.0180 2184 DPS - ok

21:47:23.0233 2184 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

21:47:23.0234 2184 drmkaud - ok

21:47:23.0275 2184 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

21:47:23.0280 2184 DXGKrnl - ok

21:47:23.0329 2184 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

21:47:23.0332 2184 EapHost - ok

21:47:23.0395 2184 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

21:47:23.0445 2184 ebdrv - ok

21:47:23.0494 2184 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

21:47:23.0498 2184 EFS - ok

21:47:23.0571 2184 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

21:47:23.0580 2184 ehRecvr - ok

21:47:23.0619 2184 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

21:47:23.0621 2184 ehSched - ok

21:47:23.0650 2184 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

21:47:23.0657 2184 elxstor - ok

21:47:23.0673 2184 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

21:47:23.0703 2184 ErrDev - ok

21:47:23.0753 2184 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

21:47:23.0758 2184 EventSystem - ok

21:47:23.0776 2184 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

21:47:23.0821 2184 exfat - ok

21:47:23.0857 2184 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

21:47:23.0860 2184 fastfat - ok

21:47:24.0030 2184 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

21:47:24.0040 2184 Fax - ok

21:47:24.0055 2184 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

21:47:24.0056 2184 fdc - ok

21:47:24.0072 2184 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

21:47:24.0073 2184 fdPHost - ok

21:47:24.0078 2184 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

21:47:24.0080 2184 FDResPub - ok

21:47:24.0085 2184 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

21:47:24.0087 2184 FileInfo - ok

21:47:24.0099 2184 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

21:47:24.0100 2184 Filetrace - ok

21:47:24.0111 2184 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

21:47:24.0113 2184 flpydisk - ok

21:47:24.0160 2184 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

21:47:24.0163 2184 FltMgr - ok

21:47:24.0205 2184 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

21:47:24.0212 2184 FontCache - ok

21:47:24.0265 2184 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

21:47:24.0267 2184 FontCache3.0.0.0 - ok

21:47:24.0290 2184 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

21:47:24.0292 2184 FsDepends - ok

21:47:24.0335 2184 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

21:47:24.0336 2184 fssfltr - ok

21:47:24.0401 2184 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

21:47:24.0416 2184 fsssvc - ok

21:47:24.0444 2184 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

21:47:24.0445 2184 Fs_Rec - ok

21:47:24.0533 2184 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

21:47:24.0536 2184 fvevol - ok

21:47:24.0554 2184 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

21:47:24.0556 2184 gagp30kx - ok

21:47:24.0585 2184 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:47:24.0586 2184 GEARAspiWDM - ok

21:47:24.0626 2184 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

21:47:24.0635 2184 gpsvc - ok

21:47:24.0715 2184 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:47:24.0717 2184 gupdate - ok

21:47:24.0741 2184 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:47:24.0743 2184 gupdatem - ok

21:47:24.0932 2184 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

21:47:24.0985 2184 gusvc - ok

21:47:25.0009 2184 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

21:47:25.0128 2184 hcw85cir - ok

21:47:25.0204 2184 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

21:47:25.0209 2184 HdAudAddService - ok

21:47:25.0252 2184 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

21:47:25.0254 2184 HDAudBus - ok

21:47:25.0260 2184 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

21:47:25.0262 2184 HidBatt - ok

21:47:25.0281 2184 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

21:47:25.0283 2184 HidBth - ok

21:47:25.0330 2184 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

21:47:25.0332 2184 HidIr - ok

21:47:25.0363 2184 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

21:47:25.0366 2184 hidserv - ok

21:47:25.0375 2184 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

21:47:25.0377 2184 HidUsb - ok

21:47:25.0405 2184 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

21:47:25.0409 2184 hkmsvc - ok

21:47:25.0468 2184 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

21:47:25.0471 2184 HomeGroupListener - ok

21:47:25.0508 2184 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

21:47:25.0512 2184 HomeGroupProvider - ok

21:47:25.0548 2184 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

21:47:25.0549 2184 HpSAMD - ok

21:47:25.0598 2184 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

21:47:25.0606 2184 HTTP - ok

21:47:25.0638 2184 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

21:47:25.0638 2184 hwpolicy - ok

21:47:25.0655 2184 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

21:47:25.0656 2184 i8042prt - ok

21:47:25.0695 2184 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

21:47:25.0700 2184 iaStorV - ok

21:47:25.0745 2184 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

21:47:25.0756 2184 idsvc - ok

21:47:25.0773 2184 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

21:47:25.0775 2184 iirsp - ok

21:47:25.0832 2184 [ A06EFD4965F8A3F97A8C9A291D032678 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

21:47:25.0833 2184 IJPLMSVC - ok

21:47:25.0864 2184 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

21:47:25.0876 2184 IKEEXT - ok

21:47:25.0894 2184 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

21:47:25.0895 2184 intelide - ok

21:47:25.0907 2184 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

21:47:25.0908 2184 intelppm - ok

21:47:25.0934 2184 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

21:47:25.0937 2184 IPBusEnum - ok

21:47:25.0965 2184 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:47:25.0966 2184 IpFilterDriver - ok

21:47:26.0004 2184 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

21:47:26.0011 2184 iphlpsvc - ok

21:47:26.0029 2184 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

21:47:26.0031 2184 IPMIDRV - ok

21:47:26.0046 2184 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

21:47:26.0048 2184 IPNAT - ok

21:47:26.0121 2184 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

21:47:26.0133 2184 iPod Service - ok

21:47:26.0163 2184 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

21:47:26.0164 2184 IRENUM - ok

21:47:26.0179 2184 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

21:47:26.0220 2184 isapnp - ok

21:47:26.0269 2184 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

21:47:26.0280 2184 iScsiPrt - ok

21:47:26.0341 2184 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

21:47:26.0342 2184 kbdclass - ok

21:47:26.0376 2184 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

21:47:26.0378 2184 kbdhid - ok

21:47:26.0387 2184 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

21:47:26.0390 2184 KeyIso - ok

21:47:26.0421 2184 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

21:47:26.0423 2184 KSecDD - ok

21:47:26.0471 2184 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

21:47:26.0474 2184 KSecPkg - ok

21:47:26.0492 2184 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

21:47:26.0494 2184 ksthunk - ok

21:47:26.0531 2184 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

21:47:26.0540 2184 KtmRm - ok

21:47:26.0598 2184 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys

21:47:26.0599 2184 L1E - ok

21:47:26.0630 2184 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

21:47:26.0635 2184 LanmanServer - ok

21:47:26.0666 2184 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

21:47:26.0671 2184 LanmanWorkstation - ok

21:47:26.0703 2184 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

21:47:26.0705 2184 lltdio - ok

21:47:26.0722 2184 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

21:47:26.0727 2184 lltdsvc - ok

21:47:26.0744 2184 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

21:47:26.0746 2184 lmhosts - ok

21:47:26.0781 2184 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

21:47:26.0783 2184 LSI_FC - ok

21:47:26.0788 2184 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

21:47:26.0790 2184 LSI_SAS - ok

21:47:26.0795 2184 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

21:47:26.0796 2184 LSI_SAS2 - ok

21:47:26.0815 2184 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

21:47:26.0817 2184 LSI_SCSI - ok

21:47:26.0822 2184 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

21:47:26.0825 2184 luafv - ok

21:47:26.0867 2184 [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus64.sys

21:47:26.0869 2184 MarvinBus - ok

21:47:26.0898 2184 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

21:47:26.0901 2184 Mcx2Svc - ok

21:47:26.0922 2184 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

21:47:26.0924 2184 megasas - ok

21:47:26.0941 2184 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

21:47:26.0944 2184 MegaSR - ok

21:47:27.0012 2184 Microsoft SharePoint Workspace Audit Service - ok

21:47:27.0058 2184 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

21:47:27.0061 2184 MMCSS - ok

21:47:27.0067 2184 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

21:47:27.0069 2184 Modem - ok

21:47:27.0074 2184 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

21:47:27.0075 2184 monitor - ok

21:47:27.0110 2184 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

21:47:27.0111 2184 mouclass - ok

21:47:27.0140 2184 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

21:47:27.0142 2184 mouhid - ok

21:47:27.0171 2184 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

21:47:27.0173 2184 mountmgr - ok

21:47:27.0203 2184 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

21:47:27.0205 2184 mpio - ok

21:47:27.0211 2184 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

21:47:27.0213 2184 mpsdrv - ok

21:47:27.0247 2184 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

21:47:27.0256 2184 MpsSvc - ok

21:47:27.0289 2184 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

21:47:27.0292 2184 MRxDAV - ok

21:47:27.0322 2184 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

21:47:27.0325 2184 mrxsmb - ok

21:47:27.0337 2184 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:47:27.0341 2184 mrxsmb10 - ok

21:47:27.0365 2184 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:47:27.0367 2184 mrxsmb20 - ok

21:47:27.0380 2184 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

21:47:27.0381 2184 msahci - ok

21:47:27.0397 2184 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

21:47:27.0399 2184 msdsm - ok

21:47:27.0419 2184 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

21:47:27.0422 2184 MSDTC - ok

21:47:27.0431 2184 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

21:47:27.0432 2184 Msfs - ok

21:47:27.0450 2184 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

21:47:27.0451 2184 mshidkmdf - ok

21:47:27.0486 2184 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

21:47:27.0487 2184 msisadrv - ok

21:47:27.0519 2184 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

21:47:27.0523 2184 MSiSCSI - ok

21:47:27.0527 2184 msiserver - ok

21:47:27.0555 2184 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

21:47:27.0556 2184 MSKSSRV - ok

21:47:27.0586 2184 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

21:47:27.0587 2184 MSPCLOCK - ok

21:47:27.0600 2184 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

21:47:27.0601 2184 MSPQM - ok

21:47:27.0639 2184 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

21:47:27.0643 2184 MsRPC - ok

21:47:27.0669 2184 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

21:47:27.0670 2184 mssmbios - ok

21:47:27.0690 2184 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

21:47:27.0691 2184 MSTEE - ok

21:47:27.0707 2184 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

21:47:27.0708 2184 MTConfig - ok

21:47:27.0761 2184 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys

21:47:27.0762 2184 MTsensor - ok

21:47:27.0780 2184 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

21:47:27.0781 2184 Mup - ok

21:47:27.0820 2184 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

21:47:27.0827 2184 napagent - ok

21:47:27.0845 2184 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

21:47:27.0849 2184 NativeWifiP - ok

21:47:27.0890 2184 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

21:47:27.0899 2184 NDIS - ok

21:47:27.0932 2184 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

21:47:27.0933 2184 NdisCap - ok

21:47:27.0952 2184 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

21:47:27.0954 2184 NdisTapi - ok

21:47:27.0990 2184 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

21:47:27.0992 2184 Ndisuio - ok

21:47:28.0019 2184 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

21:47:28.0022 2184 NdisWan - ok

21:47:28.0049 2184 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

21:47:28.0051 2184 NDProxy - ok

21:47:28.0168 2184 [ 6D4028D458EAAA1782099750790DC8C9 ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

21:47:28.0176 2184 Nero BackItUp Scheduler 3 - ok

21:47:28.0183 2184 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

21:47:28.0185 2184 NetBIOS - ok

21:47:28.0233 2184 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

21:47:28.0236 2184 NetBT - ok

21:47:28.0245 2184 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

21:47:28.0248 2184 Netlogon - ok

21:47:28.0297 2184 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

21:47:28.0305 2184 Netman - ok

21:47:28.0317 2184 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

21:47:28.0325 2184 netprofm - ok

21:47:28.0348 2184 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:47:28.0350 2184 NetTcpPortSharing - ok

21:47:28.0385 2184 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

21:47:28.0386 2184 nfrd960 - ok

21:47:28.0417 2184 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

21:47:28.0421 2184 NlaSvc - ok

21:47:28.0528 2184 [ 1BEF5464C06F4AF0C704378824C52ADB ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

21:47:28.0534 2184 NMIndexingService - ok

21:47:28.0539 2184 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

21:47:28.0541 2184 Npfs - ok

21:47:28.0567 2184 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

21:47:28.0570 2184 nsi - ok

21:47:28.0575 2184 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

21:47:28.0577 2184 nsiproxy - ok

21:47:28.0636 2184 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

21:47:28.0661 2184 Ntfs - ok

21:47:28.0686 2184 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

21:47:28.0687 2184 Null - ok

21:47:28.0721 2184 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

21:47:28.0724 2184 nvraid - ok

21:47:28.0744 2184 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

21:47:28.0748 2184 nvstor - ok

21:47:28.0773 2184 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

21:47:28.0776 2184 nv_agp - ok

21:47:28.0803 2184 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

21:47:28.0804 2184 ohci1394 - ok

21:47:28.0831 2184 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:47:28.0833 2184 ose - ok

21:47:28.0964 2184 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

21:47:29.0045 2184 osppsvc - ok

21:47:29.0078 2184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

21:47:29.0082 2184 p2pimsvc - ok

21:47:29.0095 2184 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

21:47:29.0099 2184 p2psvc - ok

21:47:29.0143 2184 [ E55FDEDB0AC89B41970AAE0F44FC2DCA ] PAC207 C:\Windows\system32\DRIVERS\PFC027.SYS

21:47:29.0152 2184 PAC207 - ok

21:47:29.0185 2184 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

21:47:29.0188 2184 Parport - ok

21:47:29.0220 2184 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

21:47:29.0222 2184 partmgr - ok

21:47:29.0231 2184 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

21:47:29.0237 2184 PcaSvc - ok

21:47:29.0254 2184 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

21:47:29.0257 2184 pci - ok

21:47:29.0282 2184 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

21:47:29.0283 2184 pciide - ok

21:47:29.0297 2184 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

21:47:29.0300 2184 pcmcia - ok

21:47:29.0304 2184 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

21:47:29.0305 2184 pcw - ok

21:47:29.0331 2184 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

21:47:29.0338 2184 PEAUTH - ok

21:47:29.0414 2184 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

21:47:29.0417 2184 PerfHost - ok

21:47:29.0485 2184 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

21:47:29.0517 2184 pla - ok

21:47:29.0564 2184 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

21:47:29.0572 2184 PlugPlay - ok

21:47:29.0585 2184 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

21:47:29.0590 2184 PNRPAutoReg - ok

21:47:29.0612 2184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

21:47:29.0618 2184 PNRPsvc - ok

21:47:29.0640 2184 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

21:47:29.0648 2184 PolicyAgent - ok

21:47:29.0681 2184 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

21:47:29.0688 2184 Power - ok

21:47:29.0730 2184 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

21:47:29.0732 2184 PptpMiniport - ok

21:47:29.0759 2184 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

21:47:29.0761 2184 Processor - ok

21:47:29.0812 2184 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

21:47:29.0818 2184 ProfSvc - ok

21:47:29.0828 2184 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

21:47:29.0831 2184 ProtectedStorage - ok

21:47:29.0878 2184 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

21:47:29.0881 2184 Psched - ok

21:47:29.0932 2184 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

21:47:29.0963 2184 ql2300 - ok

21:47:29.0969 2184 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

21:47:29.0971 2184 ql40xx - ok

21:47:30.0008 2184 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

21:47:30.0013 2184 QWAVE - ok

21:47:30.0023 2184 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

21:47:30.0024 2184 QWAVEdrv - ok

21:47:30.0041 2184 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

21:47:30.0042 2184 RasAcd - ok

21:47:30.0091 2184 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

21:47:30.0093 2184 RasAgileVpn - ok

21:47:30.0105 2184 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

21:47:30.0109 2184 RasAuto - ok

21:47:30.0138 2184 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

21:47:30.0140 2184 Rasl2tp - ok

21:47:30.0172 2184 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

21:47:30.0180 2184 RasMan - ok

21:47:30.0198 2184 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

21:47:30.0200 2184 RasPppoe - ok

21:47:30.0231 2184 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

21:47:30.0234 2184 RasSstp - ok

21:47:30.0267 2184 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

21:47:30.0271 2184 rdbss - ok

21:47:30.0294 2184 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

21:47:30.0296 2184 rdpbus - ok

21:47:30.0314 2184 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

21:47:30.0315 2184 RDPCDD - ok

21:47:30.0327 2184 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

21:47:30.0328 2184 RDPENCDD - ok

21:47:30.0352 2184 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

21:47:30.0353 2184 RDPREFMP - ok

21:47:30.0389 2184 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

21:47:30.0392 2184 RDPWD - ok

21:47:30.0430 2184 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

21:47:30.0433 2184 rdyboost - ok

21:47:30.0463 2184 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

21:47:30.0476 2184 RemoteAccess - ok

21:47:30.0605 2184 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

21:47:30.0638 2184 RemoteRegistry - ok

21:47:30.0717 2184 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

21:47:30.0743 2184 RpcEptMapper - ok

21:47:30.0771 2184 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

21:47:30.0774 2184 RpcLocator - ok

21:47:30.0809 2184 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

21:47:30.0818 2184 RpcSs - ok

21:47:30.0826 2184 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

21:47:30.0829 2184 rspndr - ok

21:47:30.0845 2184 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

21:47:30.0847 2184 SamSs - ok

21:47:30.0880 2184 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

21:47:30.0881 2184 sbp2port - ok

21:47:30.0932 2184 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

21:47:30.0938 2184 SBSDWSCService - ok

21:47:30.0976 2184 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

21:47:30.0982 2184 SCardSvr - ok

21:47:31.0011 2184 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

21:47:31.0013 2184 scfilter - ok

21:47:31.0060 2184 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

21:47:31.0073 2184 Schedule - ok

21:47:31.0101 2184 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

21:47:31.0102 2184 SCPolicySvc - ok

21:47:31.0128 2184 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

21:47:31.0133 2184 SDRSVC - ok

21:47:31.0148 2184 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

21:47:31.0149 2184 secdrv - ok

21:47:31.0183 2184 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

21:47:31.0221 2184 seclogon - ok

21:47:31.0229 2184 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

21:47:31.0232 2184 SENS - ok

21:47:31.0242 2184 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

21:47:31.0245 2184 SensrSvc - ok

21:47:31.0281 2184 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

21:47:31.0282 2184 Serenum - ok

21:47:31.0301 2184 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

21:47:31.0303 2184 Serial - ok

21:47:31.0323 2184 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

21:47:31.0324 2184 sermouse - ok

21:47:31.0359 2184 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

21:47:31.0363 2184 SessionEnv - ok

21:47:31.0385 2184 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

21:47:31.0387 2184 sffdisk - ok

21:47:31.0394 2184 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

21:47:31.0396 2184 sffp_mmc - ok

21:47:31.0409 2184 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

21:47:31.0410 2184 sffp_sd - ok

21:47:31.0430 2184 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

21:47:31.0432 2184 sfloppy - ok

21:47:31.0468 2184 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

21:47:31.0477 2184 SharedAccess - ok

21:47:31.0506 2184 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

21:47:31.0512 2184 ShellHWDetection - ok

21:47:31.0528 2184 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

21:47:31.0530 2184 SiSRaid2 - ok

21:47:31.0535 2184 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

21:47:31.0536 2184 SiSRaid4 - ok

21:47:31.0547 2184 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

21:47:31.0549 2184 Smb - ok

21:47:31.0578 2184 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

21:47:31.0582 2184 SNMPTRAP - ok

21:47:31.0586 2184 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

21:47:31.0587 2184 spldr - ok

21:47:31.0629 2184 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

21:47:31.0635 2184 Spooler - ok

21:47:31.0712 2184 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

21:47:31.0774 2184 sppsvc - ok

21:47:31.0791 2184 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

21:47:31.0795 2184 sppuinotify - ok

21:47:31.0833 2184 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

21:47:31.0838 2184 srv - ok

21:47:31.0855 2184 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

21:47:31.0859 2184 srv2 - ok

21:47:31.0892 2184 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

21:47:31.0894 2184 srvnet - ok

21:47:31.0932 2184 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

21:47:31.0939 2184 SSDPSRV - ok

21:47:31.0946 2184 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

21:47:31.0952 2184 SstpSvc - ok

21:47:31.0973 2184 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

21:47:31.0974 2184 stexstor - ok

21:47:32.0014 2184 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

21:47:32.0023 2184 stisvc - ok

21:47:32.0052 2184 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

21:47:32.0052 2184 swenum - ok

21:47:32.0087 2184 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

21:47:32.0095 2184 swprv - ok

21:47:32.0145 2184 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

21:47:32.0179 2184 SysMain - ok

21:47:32.0206 2184 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

21:47:32.0210 2184 TabletInputService - ok

21:47:32.0240 2184 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

21:47:32.0246 2184 TapiSrv - ok

21:47:32.0278 2184 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

21:47:32.0281 2184 TBS - ok

21:47:32.0338 2184 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

21:47:32.0360 2184 Tcpip - ok

21:47:32.0416 2184 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

21:47:32.0425 2184 TCPIP6 - ok

21:47:32.0456 2184 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

21:47:32.0469 2184 tcpipreg - ok

21:47:32.0489 2184 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

21:47:32.0490 2184 TDPIPE - ok

21:47:32.0513 2184 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

21:47:32.0514 2184 TDTCP - ok

21:47:32.0560 2184 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

21:47:32.0563 2184 tdx - ok

21:47:32.0573 2184 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

21:47:32.0575 2184 TermDD - ok

21:47:32.0607 2184 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

21:47:32.0617 2184 TermService - ok

21:47:32.0637 2184 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

21:47:32.0640 2184 Themes - ok

21:47:32.0665 2184 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

21:47:32.0668 2184 THREADORDER - ok

21:47:32.0686 2184 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

21:47:32.0691 2184 TrkWks - ok

21:47:32.0745 2184 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

21:47:32.0748 2184 TrustedInstaller - ok

21:47:32.0785 2184 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

21:47:32.0786 2184 tssecsrv - ok

21:47:32.0828 2184 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

21:47:32.0830 2184 TsUsbFlt - ok

21:47:32.0888 2184 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

21:47:32.0890 2184 tunnel - ok

21:47:32.0913 2184 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

21:47:32.0915 2184 uagp35 - ok

21:47:32.0952 2184 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

21:47:32.0957 2184 udfs - ok

21:47:32.0985 2184 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

21:47:32.0989 2184 UI0Detect - ok

21:47:33.0012 2184 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

21:47:33.0014 2184 uliagpkx - ok

21:47:33.0063 2184 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

21:47:33.0064 2184 umbus - ok

21:47:33.0084 2184 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

21:47:33.0086 2184 UmPass - ok

21:47:33.0122 2184 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

21:47:33.0129 2184 upnphost - ok

21:47:33.0173 2184 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

21:47:33.0174 2184 USBAAPL64 - ok

21:47:33.0225 2184 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

21:47:33.0227 2184 usbaudio - ok

21:47:33.0252 2184 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

21:47:33.0254 2184 usbccgp - ok

21:47:33.0292 2184 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

21:47:33.0294 2184 usbcir - ok

21:47:33.0299 2184 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

21:47:33.0301 2184 usbehci - ok

21:47:33.0325 2184 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

21:47:33.0329 2184 usbhub - ok

21:47:33.0350 2184 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

21:47:33.0351 2184 usbohci - ok

21:47:33.0379 2184 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

21:47:33.0380 2184 usbprint - ok

21:47:33.0406 2184 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

21:47:33.0407 2184 usbscan - ok

21:47:33.0442 2184 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:47:33.0444 2184 USBSTOR - ok

21:47:33.0450 2184 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

21:47:33.0452 2184 usbuhci - ok

21:47:33.0466 2184 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

21:47:33.0472 2184 UxSms - ok

21:47:33.0486 2184 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

21:47:33.0488 2184 VaultSvc - ok

21:47:33.0500 2184 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

21:47:33.0501 2184 vdrvroot - ok

21:47:33.0538 2184 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

21:47:33.0546 2184 vds - ok

21:47:33.0563 2184 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

21:47:33.0564 2184 vga - ok

21:47:33.0583 2184 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

21:47:33.0585 2184 VgaSave - ok

21:47:33.0606 2184 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

21:47:33.0609 2184 vhdmp - ok

21:47:33.0635 2184 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

21:47:33.0636 2184 viaide - ok

21:47:33.0657 2184 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

21:47:33.0658 2184 volmgr - ok

21:47:33.0698 2184 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

21:47:33.0703 2184 volmgrx - ok

21:47:33.0720 2184 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

21:47:33.0725 2184 volsnap - ok

21:47:33.0757 2184 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

21:47:33.0760 2184 vsmraid - ok

21:47:33.0808 2184 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

21:47:33.0832 2184 VSS - ok

21:47:33.0861 2184 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

21:47:33.0862 2184 vwifibus - ok

21:47:33.0884 2184 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

21:47:33.0892 2184 W32Time - ok

21:47:33.0910 2184 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

21:47:33.0912 2184 WacomPen - ok

21:47:33.0945 2184 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

21:47:33.0947 2184 WANARP - ok

21:47:33.0961 2184 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

21:47:33.0963 2184 Wanarpv6 - ok

21:47:34.0035 2184 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

21:47:34.0057 2184 WatAdminSvc - ok

21:47:34.0104 2184 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

21:47:34.0129 2184 wbengine - ok

21:47:34.0147 2184 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

21:47:34.0154 2184 WbioSrvc - ok

21:47:34.0185 2184 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

21:47:34.0193 2184 wcncsvc - ok

21:47:34.0210 2184 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

21:47:34.0215 2184 WcsPlugInService - ok

21:47:34.0231 2184 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

21:47:34.0232 2184 Wd - ok

21:47:34.0277 2184 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

21:47:34.0286 2184 Wdf01000 - ok

21:47:34.0304 2184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

21:47:34.0308 2184 WdiServiceHost - ok

21:47:34.0312 2184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

21:47:34.0316 2184 WdiSystemHost - ok

21:47:34.0352 2184 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

21:47:34.0358 2184 WebClient - ok

21:47:34.0376 2184 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

21:47:34.0381 2184 Wecsvc - ok

21:47:34.0387 2184 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

21:47:34.0390 2184 wercplsupport - ok

21:47:34.0421 2184 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

21:47:34.0425 2184 WerSvc - ok

21:47:34.0460 2184 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

21:47:34.0473 2184 WfpLwf - ok

21:47:34.0477 2184 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

21:47:34.0479 2184 WIMMount - ok

21:47:34.0494 2184 WinDefend - ok

21:47:34.0499 2184 WinHttpAutoProxySvc - ok

21:47:34.0675 2184 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

21:47:34.0679 2184 Winmgmt - ok

21:47:34.0738 2184 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

21:47:34.0782 2184 WinRM - ok

21:47:34.0842 2184 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

21:47:34.0844 2184 WinUsb - ok

21:47:34.0878 2184 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

21:47:34.0893 2184 Wlansvc - ok

21:47:34.0953 2184 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

21:47:34.0955 2184 wlcrasvc - ok

21:47:35.0048 2184 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

21:47:35.0073 2184 wlidsvc - ok

21:47:35.0096 2184 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

21:47:35.0097 2184 WmiAcpi - ok

21:47:35.0130 2184 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

21:47:35.0133 2184 wmiApSrv - ok

21:47:35.0162 2184 WMPNetworkSvc - ok

21:47:35.0183 2184 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

21:47:35.0187 2184 WPCSvc - ok

21:47:35.0208 2184 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

21:47:35.0213 2184 WPDBusEnum - ok

21:47:35.0245 2184 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

21:47:35.0246 2184 ws2ifsl - ok

21:47:35.0257 2184 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

21:47:35.0261 2184 wscsvc - ok

21:47:35.0267 2184 WSearch - ok

21:47:35.0331 2184 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

21:47:35.0345 2184 wuauserv - ok

21:47:35.0377 2184 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

21:47:35.0379 2184 WudfPf - ok

21:47:35.0419 2184 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

21:47:35.0422 2184 WUDFRd - ok

21:47:35.0455 2184 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

21:47:35.0463 2184 wudfsvc - ok

21:47:35.0488 2184 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

21:47:35.0493 2184 WwanSvc - ok

21:47:35.0500 2184 ================ Scan global ===============================

21:47:35.0525 2184 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

21:47:35.0554 2184 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll

21:47:35.0564 2184 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll

21:47:35.0589 2184 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

21:47:35.0623 2184 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

21:47:35.0627 2184 [Global] - ok

21:47:35.0628 2184 ================ Scan MBR ==================================

21:47:35.0636 2184 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

21:47:35.0822 2184 \Device\Harddisk0\DR0 - ok

21:47:35.0827 2184 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1

21:47:35.0832 2184 \Device\Harddisk1\DR1 - ok

21:47:35.0832 2184 ================ Scan VBR ==================================

21:47:35.0843 2184 [ B779E78B4DD229FA1F00B344CC124EDD ] \Device\Harddisk0\DR0\Partition1

21:47:35.0845 2184 \Device\Harddisk0\DR0\Partition1 - ok

21:47:35.0852 2184 [ 155D46ECE667BC85E06FA839493C2D02 ] \Device\Harddisk1\DR1\Partition1

21:47:35.0853 2184 \Device\Harddisk1\DR1\Partition1 - ok

21:47:35.0854 2184 ============================================================

21:47:35.0854 2184 Scan finished

21:47:35.0854 2184 ============================================================

21:47:35.0865 3120 Detected object count: 0

21:47:35.0865 3120 Actual detected object count: 0

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao shampo

Ok prova adesso ad eseguire aswMBR come spiegato in questo post.

poi

Scarica Combofix da uno di questi due link:

Link 1

Link 2

 

* IMPORTANTE- Salva ComboFix.exe sul tuo Desktop

====================================================

 

Disattiva AntiVirus e AntiSpyware, di solito tramite un click destro del mouse sull'icona di notifica situata sulla system tray. Essi possono interferire con questi tools. Nota: Se si ha difficolta' a disabilitare correttamente i programmi di protezione, o non si e' sicuri su quali programmi devono essere disabilitati, fare riferimento alle informazioni (in Inglese) disponibili a questo link : Come disabilitare i programmi di sicurezza

====================================================

 

Doppio click su combofix.exe & seguire le istruzioni

Quando finito, il programma produrra' un log. Includi C:\ComboFix.txt nella tua prossima risposta, per ulteriori revisioni

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-02-10 19:29:52

-----------------------------

19:29:52.255 OS Version: Windows x64 6.1.7601 Service Pack 1

19:29:52.255 Number of processors: 2 586 0x170A

19:29:52.255 ComputerName: ROSY-PC UserName: rosy

19:29:52.941 Initialize success

19:29:52.988 AVAST engine defs: 13021000

19:30:06.435 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

19:30:06.435 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3

19:30:06.451 Disk 0 MBR read successfully

19:30:06.467 Disk 0 MBR scan

19:30:06.467 Disk 0 Windows 7 default MBR code

19:30:06.467 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 305 MB offset 63

19:30:06.482 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 471626 MB offset 626535

19:30:06.513 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 5006 MB offset 966518784

19:30:06.545 Disk 0 scanning C:\Windows\system32\drivers

19:30:13.892 Service scanning

19:30:27.137 Modules scanning

19:30:27.137 Disk 0 trace - called modules:

19:30:27.152 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys

19:30:27.168 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800460c5e0]

19:30:27.168 3 CLASSPNP.SYS[fffff880019c343f] -> nt!IofCallDriver -> [0xfffffa80044d1520]

19:30:27.168 5 ACPI.sys[fffff88000d647a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004198680]

19:30:27.792 AVAST engine scan C:\

19:32:40.969 Disk 0 MBR has been saved successfully to "C:\Users\rosy\Documents\MBR.dat"

19:32:40.985 The log file has been saved successfully to "C:\Users\rosy\Documents\aswMBR.txt"

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-02-10 19:29:52

-----------------------------

19:29:52.255 OS Version: Windows x64 6.1.7601 Service Pack 1

19:29:52.255 Number of processors: 2 586 0x170A

19:29:52.255 ComputerName: ROSY-PC UserName: rosy

19:29:52.941 Initialize success

19:29:52.988 AVAST engine defs: 13021000

19:30:06.435 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

19:30:06.435 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3

19:30:06.451 Disk 0 MBR read successfully

19:30:06.467 Disk 0 MBR scan

19:30:06.467 Disk 0 Windows 7 default MBR code

19:30:06.467 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 305 MB offset 63

19:30:06.482 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 471626 MB offset 626535

19:30:06.513 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 5006 MB offset 966518784

19:30:06.545 Disk 0 scanning C:\Windows\system32\drivers

19:30:13.892 Service scanning

19:30:27.137 Modules scanning

19:30:27.137 Disk 0 trace - called modules:

19:30:27.152 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys

19:30:27.168 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800460c5e0]

19:30:27.168 3 CLASSPNP.SYS[fffff880019c343f] -> nt!IofCallDriver -> [0xfffffa80044d1520]

19:30:27.168 5 ACPI.sys[fffff88000d647a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004198680]

19:30:27.792 AVAST engine scan C:\

19:32:40.969 Disk 0 MBR has been saved successfully to "C:\Users\rosy\Documents\MBR.dat"

19:32:40.985 The log file has been saved successfully to "C:\Users\rosy\Documents\aswMBR.txt"

19:42:22.034 Disk 0 MBR has been saved successfully to "C:\Users\rosy\Documents\MBR.dat"

19:42:22.050 The log file has been saved successfully to "C:\Users\rosy\Documents\aswMBR.txt"

ComboFix 13-02-07.02 - rosy 10/02/2013 19:55:48.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4095.2526 [GMT 1:00]

Eseguito da: c:\users\rosy\Desktop\Nuova cartella (7)\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Creato nuovo punto di ripristino

.

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\OfferBox

c:\program files (x86)\OfferBox\OfferBox.exe

c:\users\rosy\AppData\Roaming\OfferBox

c:\users\rosy\AppData\Roaming\OfferBox\config.xml

c:\users\rosy\AppData\Roaming\OfferBox\http_app.offerbox.com\country.sxe

c:\users\rosy\AppData\Roaming\OfferBox\http_app.offerbox.com\history.db

c:\users\rosy\AppData\Roaming\OfferBox\http_app.offerbox.com\profile.sxe

c:\users\rosy\AppData\Roaming\OfferBox\http_app.offerbox.com\sdch\1338755323

c:\users\rosy\AppData\Roaming\OfferBox\http_app.offerbox.com\update.sxe

c:\users\rosy\AppData\Roaming\OfferBox\http_app.offerbox.com\update.xml

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((( Files Creati Da 2013-01-10 al 2013-02-10 )))))))))))))))))))))))))))))))))))

.

.

2013-02-10 19:01 . 2013-02-10 19:01 -------- d-----w- c:\users\Default\AppData\Local emp

2013-02-10 18:53 . 2013-02-10 18:53 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB2FFA28-5E09-4374-B48E-4C69399F170C}\offreg.dll

2013-02-08 20:38 . 2013-01-18 11:15 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB2FFA28-5E09-4374-B48E-4C69399F170C}\mpengine.dll

2013-02-07 18:28 . 2013-02-07 18:56 -------- d-----w- c:\program files (x86)\TimeLineRemove

2013-02-05 11:38 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll

2013-02-05 11:38 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-02-05 11:36 . 2012-12-07 11:20 20480 ----a-w- c:\windows\system32\pegi-fi.rs

2013-02-05 11:36 . 2012-12-07 10:46 23552 ----a-w- c:\windows\SysWow64\oflc.rs

2013-02-05 11:36 . 2012-12-07 10:46 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs

2013-02-05 11:36 . 2012-12-07 10:46 51712 ----a-w- c:\windows\SysWow64\esrb.rs

2013-02-05 11:36 . 2012-12-07 11:20 23552 ----a-w- c:\windows\system32\oflc.rs

2013-02-05 11:36 . 2012-12-07 11:19 55296 ----a-w- c:\windows\system32\cero.rs

2013-02-05 11:36 . 2012-12-07 10:46 55296 ----a-w- c:\windows\SysWow64\cero.rs

2013-02-05 11:26 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32 askhost.exe

2013-02-05 11:26 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2013-02-05 11:26 . 2013-02-05 11:26 -------- d-----w- c:\users\rosy\AppData\Local\Apps

2013-02-05 11:25 . 2013-02-05 11:37 -------- d-----w- c:\users\rosy\AppData\Local\Deployment

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-06 20:57 . 2012-06-03 22:19 67599240 ----a-w- c:\windows\system32\MRT.exe

2013-01-17 00:28 . 2012-06-03 09:49 273840 ------w- c:\windows\system32\MpSigStub.exe

2013-01-08 21:23 . 2012-06-03 19:18 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-08 21:23 . 2012-06-03 19:18 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-16 17:11 . 2012-12-20 19:06 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-20 19:06 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-20 19:06 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-20 19:06 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-14 15:49 . 2012-06-03 21:30 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-30 04:45 . 2013-02-05 11:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-14 07:06 . 2012-12-12 15:42 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-14 06:32 . 2012-12-12 15:42 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-14 06:11 . 2012-12-12 15:42 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 06:04 . 2012-12-12 15:42 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-11-14 06:04 . 2012-12-12 15:42 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 06:02 . 2012-12-12 15:42 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 06:02 . 2012-12-12 15:42 237056 ----a-w- c:\windows\system32\url.dll

2012-11-14 05:59 . 2012-12-12 15:42 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-11-14 05:58 . 2012-12-12 15:42 816640 ----a-w- c:\windows\system32\jscript.dll

2012-11-14 05:57 . 2012-12-12 15:42 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 05:57 . 2012-12-12 15:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 05:55 . 2012-12-12 15:42 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-11-14 05:55 . 2012-12-12 15:42 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-11-14 05:53 . 2012-12-12 15:42 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-11-14 05:52 . 2012-12-12 15:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-14 05:46 . 2012-12-12 15:42 248320 ----a-w- c:\windows\system32\ieui.dll

2012-11-14 02:09 . 2012-12-12 15:42 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-11-14 01:58 . 2012-12-12 15:42 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57 . 2012-12-12 15:42 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-11-14 01:49 . 2012-12-12 15:42 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48 . 2012-12-12 15:42 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-11-14 01:44 . 2012-12-12 15:42 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx64.sys [2007-03-27 1021440]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers susbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-03 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 686592]

.

.

--- Altri Servizi/Drivers In Memoria ---

.

*Deregistered* - aswMBR

.

Contenuto della cartella 'Scheduled Tasks'

.

2013-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 21:23]

.

2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 10:00]

.

2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 10:00]

.

2013-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000Core.job

- c:\users\rosy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07 13:30]

.

2013-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000UA.job

- c:\users\rosy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07 13:30]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]

2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

------- Scansione supplementare -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = hxxp://search.chatzum.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 62.101.93.101 83.103.25.250

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

.

Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - (no file)

.

.

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Ora fine scansione: 2013-02-10 20:03:50

ComboFix-quarantined-files.txt 2013-02-10 19:03

.

Pre-Run: 322.569.670.656 byte disponibili

Post-Run: 321.927.094.272 byte disponibili

.

- - End Of File - - 07E9400EFEC54A6BB896DF715189225F

ciao e grazie di nuovo

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao Shampo

apri il blocco note copia il testo seguente e salvalo , chiamandolo CFScript

DDS::
mStart Page = hxxp://search.chatzum.com/

col mouse trascina il file CFScript.txt sull'icona rossa di combofix

cfscript08oy6.gif

lascia lavorare il programma

finito verrà creato un nuovo log combofix.txt, postalo

ESET on-line scan

Eseguire una scansione con ESET Online Scanner

Nota: Sarà necessario utilizzare Internet Explorer per questa scansione .

  • Selezionare la casella accanto a Yes, I accept the Terms of Use.
  • Cliccare su Start
  • Quando richiesto consentire il controllo ActiveX per installare
  • Cliccare su Start
  • Assicurarsi che le opzioni Rimuovi minacce trovate e Scansione delle applicazioni indesiderate siano selezionate
  • Cliccare su Scan
    Attendere il termine della scansione
  • Usa Notepad per aprire il file di log situato in C:\Program Files\EsetOnlineScanner\log.txt
  • Copia/Incolla il log nella tua risposta successiva

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ComboFix 13-02-13.01 - rosy 13/02/2013 19:43:27.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4095.2908 [GMT 1:00]

Eseguito da: c:\users\rosy\Desktop\Nuova cartella (7)\ComboFix.exe

Opzioni usate :: c:\users\rosy\Desktop\Nuova cartella (7)\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Creato nuovo punto di ripristino

.

.

((((((((((((((((((((((((( Files Creati Da 2013-01-13 al 2013-02-13 )))))))))))))))))))))))))))))))))))

.

.

2013-02-13 18:49 . 2013-02-13 18:49 -------- d-----w- c:\users\Default\AppData\Local emp

2013-02-08 20:38 . 2013-01-18 11:15 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB2FFA28-5E09-4374-B48E-4C69399F170C}\mpengine.dll

2013-02-07 18:28 . 2013-02-07 18:56 -------- d-----w- c:\program files (x86)\TimeLineRemove

2013-02-05 11:38 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll

2013-02-05 11:38 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-02-05 11:36 . 2012-12-07 11:20 20480 ----a-w- c:\windows\system32\pegi-fi.rs

2013-02-05 11:36 . 2012-12-07 10:46 23552 ----a-w- c:\windows\SysWow64\oflc.rs

2013-02-05 11:36 . 2012-12-07 10:46 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs

2013-02-05 11:36 . 2012-12-07 10:46 51712 ----a-w- c:\windows\SysWow64\esrb.rs

2013-02-05 11:36 . 2012-12-07 11:20 23552 ----a-w- c:\windows\system32\oflc.rs

2013-02-05 11:36 . 2012-12-07 11:19 55296 ----a-w- c:\windows\system32\cero.rs

2013-02-05 11:36 . 2012-12-07 10:46 55296 ----a-w- c:\windows\SysWow64\cero.rs

2013-02-05 11:26 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32 askhost.exe

2013-02-05 11:26 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2013-02-05 11:26 . 2013-02-05 11:26 -------- d-----w- c:\users\rosy\AppData\Local\Apps

2013-02-05 11:25 . 2013-02-05 11:37 -------- d-----w- c:\users\rosy\AppData\Local\Deployment

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-06 20:57 . 2012-06-03 22:19 67599240 ----a-w- c:\windows\system32\MRT.exe

2013-01-17 00:28 . 2012-06-03 09:49 273840 ------w- c:\windows\system32\MpSigStub.exe

2013-01-08 21:23 . 2012-06-03 19:18 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-08 21:23 . 2012-06-03 19:18 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-16 17:11 . 2012-12-20 19:06 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-20 19:06 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-20 19:06 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-20 19:06 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-14 15:49 . 2012-06-03 21:30 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-30 04:45 . 2013-02-05 11:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 PAC207;Trust 100K Series Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 686592]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers susbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-03 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx64.sys [2007-03-27 1021440]

.

.

--- Altri Servizi/Drivers In Memoria ---

.

*NewlyCreated* - WS2IFSL

.

Contenuto della cartella 'Scheduled Tasks'

.

2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 21:23]

.

2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 10:00]

.

2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 10:00]

.

2013-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000Core.job

- c:\users\rosy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07 13:30]

.

2013-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000UA.job

- c:\users\rosy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07 13:30]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]

2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

------- Scansione supplementare -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = hxxp://search.chatzum.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 62.101.93.101 83.103.25.250

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

.

Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - (no file)

.

.

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Ora fine scansione: 2013-02-13 19:51:05

ComboFix-quarantined-files.txt 2013-02-13 18:51

ComboFix2.txt 2013-02-10 19:03

.

Pre-Run: 321.750.712.320 byte disponibili

Post-Run: 321.167.876.096 byte disponibili

.

- - End Of File - - D8B1CD03C50CDA3D21C37823863F191B

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

mi ha trovato 7 virus,ma non so come mandarti la scansione.ho fatto come mi hai detto ma,mi ci perdo,aiuto,,,,grazie

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao Shampo :)

Vai in C:\Program Files\EsetOnlineScanner, trova il file log.txt e aprilo con notepad, seleziona il testo, copialo e incollalo nella tua prossima risposta.

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ciao

ho fatto quello che m hai detto,ma mi viene questo ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

dove sbaglio?

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao shampo :ciao:

Quello è tutto cio' che riesci a visualizzare sul file di testo? Strano.

Mi sa che devi ripetere la scansione, se dici che ESET ha trovato delle minacce.

Quando termina la scansione e ti appare il file di testo, seleziona il contenuto e fai copia incolla qui'

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

scusami,ma mi ci sta buttando di fuori,mi si apre il file e non mi fa fare il copia incolla,se vado nella cartella mi copia quello che ti ho inviato,rifaccio un altra prova,grrrrrrrrrrr

ciao grazie

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao shampo

Seleziona tutto il testo e fai CTRL C per copiare, poi sul post fai CTRL V per incollare

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=08cbe1fc40d8a94eb665e42672aa88c7

# engine=13187

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-02-18 10:26:19

# local_time=2013-02-18 11:26:19 (+0100, ora solare Europa occidentale)

# country="Italy"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=774 16777213 100 94 8761857 137939851 0 0

# compatibility_mode=5893 16776573 100 94 11231 112856229 0 0

# scanned=268330

# found=0

# cleaned=0

# scan_time=5857

questa è l ultima scansione e nn ci sono virus

ma perchè continua a volte a non accendersi?

ciao e grazie

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao shampo

Prova questo

thisisujrt.gif Scarica Junkware Removal Tool sul desktop.

  • Arrestare il software di protezione ora per evitare potenziali conflitti
  • Eseguire lo strumento facendo doppio clic. Se si utilizza Windows Vista, 7, o 8, invece di doppio clic, destro del mouse su JRT.exe clic e selezionare "Esegui come amministratore".
  • Lo strumento si apre e avvia la scansione del sistema.
  • Si prega di essere pazienti in quanto ciò potrebbe richiedere del tempo per completare a seconda delle specifiche del sistema.
  • Al termine, un log (JRT.txt) viene salvato sul desktop, si apre automaticamente
  • Post i contenuti di JRT.txt nel messaggio successivo

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=08cbe1fc40d8a94eb665e42672aa88c7

# engine=13187

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-02-18 10:26:19

# local_time=2013-02-18 11:26:19 (+0100, ora solare Europa occidentale)

# country="Italy"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=774 16777213 100 94 8761857 137939851 0 0

# compatibility_mode=5893 16776573 100 94 11231 112856229 0 0

# scanned=268330

# found=0

# cleaned=0

# scan_time=5857

questa volta niente viirus

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

a scusa ho postato 2 volte nn mi funzionava,ok seguo il suggerimento,grazie

ciao

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora
Accedi per seguire   
Seguaci 0
Vai alla lista Discussioni HiJackThis - Posta qui i Log