Accedi per seguire   
Seguaci 0
Giacomo9910

Aiuto Urgente Per Virus Boo/tdss

44 messaggi in questa discussione

ecco il log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013

Ran by Jack at 2013-03-17 17:30:10 Run:4

Running from F:\

ATTENTION: THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==============================================

Operazione completata.

Operazione completata.

==== End of Fixlog ====

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Sí, windows si accende sia in modalitá provvisoria che in modalitá normale... ma se voglio seguire la procedura consigliata (Cliccare su Ripristina il computer tra le opzioni disponibili; Selezionare la lingua;Selezionare il proprio account;Selezionare Prompt Dei Comandi) dopo ripristina il computer c'é sempre il nero totale. Non mi appare nessuna lingua da selezionare, né alcun account, né nient'altro...

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

L'operazione era già stata eseguita con successo prima , avevo capito che non riuscivi ancora ad accedere.

Con il permesso di Mr 4011

Scarica OTL da qui

sul desktop.

tasto destro -> esegui come amministratore.

Sotto Output imposta minimal output

sotto file age imposta 60 days

spunta SCAN ALL USERS

sotto custom scans /fixes copia-incolla queste righe

/md5start

rundll32.exe

winlogon.exe

userinit.exe

wininit.exe

explorer.exe

user32.dll

/md5stop

clicca RUN SCAN

attendi pazientemente la scansione

al termine posta OTL.txt ed Extras.txt copia-incollandoli nella tua prossima risposta.

POI

scarica TDSS Killer da qui sul desktop.

tasto destro>esegui come amministratore

Clicca su "Change parameters"

spunta:

Loaded modules -> sulla finestra che ti appare clicca su Reboot now.

Attendi il riavvio del pc

Ricomparirà nuovamente TDSS Killer , clicca su "Change parameters" e spunta

Verify file digital signatures

Detect TDLFS file system

clicca su Start scan ed attendi la scansione

Se rileva qualche infezione , utilizza l'azione Cure di default (se non te la lascia utilizzare usa skip e non delete).

Al termine clicca su Close.

posta il suo report che si trova in C:\ .

Ricapitolando ,dovrai postare i due report di OTL più quello di TDSS Killer.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Allora ho fatto la scansione con OTL e ora allego i primi due... Tdsskiller non funziona, l'avevo scritto subito nel primo messaggio, perché l'avevo giá provato... Ci clicco sopra ma non parte, nemmeno facendo con Esegui come amministratore... Non succede assolutamente niente... Avevo provato pure a scaricarlo cambiandoci nome, ma non era servito. E anche stavolta non me lo apre.

Qui c'é OTL:

OTL logfile created on: 17/03/2013 22:13:36 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jack\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,91 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 76,86% Memory free

7,81 Gb Paging File | 6,97 Gb Available in Paging File | 89,22% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 281,16 Gb Total Space | 178,12 Gb Free Space | 63,35% Space Free | Partition Type: NTFS

Drive D: | 16,63 Gb Total Space | 2,40 Gb Free Space | 14,44% Space Free | Partition Type: NTFS

Computer Name: JACK-HP | User Name: Jack | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jack\Desktop\OTL.exe (OldTimer Tools)

========== Modules (No Company Name) ==========

MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()

========== Services (SafeList) ==========

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (PowerOffer Service) -- C:\Users\Jack\AppData\Local\PosService\Pos.exe (PowerOfferService)

SRV - (ServUpdater) -- C:\Users\Jack\AppData\Local\ServUpdater\ServiceUpd.exe (ServiceUpd)

SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)

SRV - (wlidsvc) -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()

SRV - (HP Wireless Assistant Service) -- C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)

SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe (Symantec Corporation)

SRV - (RtVOsdService) -- C:\Programmi\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (osppsvc) -- C:\Programmi\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)

SRV - (AERTFilters) -- C:\Programmi\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)

DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)

DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)

DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)

DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1200000.080\srtspx64.sys (Symantec Corporation)

DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1200000.080\srtsp64.sys (Symantec Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)

DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\EX64.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\ENG64.SYS (Symantec Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON/6

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9D41C1F0-3EC6-432B-A5FD-E4773B42F3C9}

IE:64bit: - HKLM\..\SearchScopes\{34A2C1A4-3EAA-4152-AB8B-C29D56EB16EB}: "URL" = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF

IE:64bit: - HKLM\..\SearchScopes\{590646DA-7D35-4F9F-B1D1-32548C2EF59F}: "URL" = http://it.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{9D41C1F0-3EC6-432B-A5FD-E4773B42F3C9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON/6

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

IE - HKLM\..\SearchScopes,DefaultScope = {9D41C1F0-3EC6-432B-A5FD-E4773B42F3C9}

IE - HKLM\..\SearchScopes\{34A2C1A4-3EAA-4152-AB8B-C29D56EB16EB}: "URL" = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF

IE - HKLM\..\SearchScopes\{590646DA-7D35-4F9F-B1D1-32548C2EF59F}: "URL" = http://it.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{9D41C1F0-3EC6-432B-A5FD-E4773B42F3C9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

IE - HKU\S-1-5-21-488496752-2776678865-3593269437-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON/6

IE - HKU\S-1-5-21-488496752-2776678865-3593269437-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/

IE - HKU\S-1-5-21-488496752-2776678865-3593269437-1000\..\SearchScopes,DefaultScope = {9D41C1F0-3EC6-432B-A5FD-E4773B42F3C9}

IE - HKU\S-1-5-21-488496752-2776678865-3593269437-1000\..\SearchScopes\{34A2C1A4-3EAA-4152-AB8B-C29D56EB16EB}: "URL" = http://it.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111250,16998,0,8,0

IE - HKU\S-1-5-21-488496752-2776678865-3593269437-1000\..\SearchScopes\{590646DA-7D35-4F9F-B1D1-32548C2EF59F}: "URL" = http://it.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKU\S-1-5-21-488496752-2776678865-3593269437-1000\..\SearchScopes\{9D41C1F0-3EC6-432B-A5FD-E4773B42F3C9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-488496752-2776678865-3593269437-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jack\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\

O1 HOSTS File: ([2012/11/02 20:50:38 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmi\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll File not found

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (VideoFileDownload) - {82EA3E77-7BD2-4744-A8F2-670770767EC5} - C:\Program Files (x86)\OApps\bho_project.dll File not found

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe (PLauncher)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-488496752-2776678865-3593269437-1000..\Run: [Facebook Update] C:\Users\Jack\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-488496752-2776678865-3593269437-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()

O4 - HKU\S-1-5-21-488496752-2776678865-3593269437-1000..\Run: [peapo] rundll32.exe ",CreateTempFile File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\My 190.lnk = File not found

O4 - Startup: C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Widget vodafone.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-21-488496752-2776678865-3593269437-1000\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-21-488496752-2776678865-3593269437-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-488496752-2776678865-3593269437-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present

O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found

O9:64bit: - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.89.123.231 193.210.19.190

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18CEE218-575F-4FAF-8EF0-59AC9B8A07DA}: DhcpNameServer = 62.101.93.101 83.103.25.250

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18CEE218-575F-4FAF-8EF0-59AC9B8A07DA}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A39787C-11FD-4937-9B83-4CE3629F1421}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AF12746-256E-4D5C-B4EE-6315AE198326}: DhcpNameServer = 192.89.123.231 193.210.19.190

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AF12746-256E-4D5C-B4EE-6315AE198326}: NameServer = 8.8.8.8,8.8.4.4

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter ext/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2013/02/25 00:55:54 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\.DEFAULT\...exe [@ = exefile] -- Reg Error: Key error. File not found

O37 - HKU\S-1-5-18\...exe [@ = exefile] -- Reg Error: Key error. File not found

O37 - HKU\S-1-5-21-488496752-2776678865-3593269437-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 60 Days ==========

[2013/03/17 22:09:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jack\Desktop\OTL.exe

[2013/03/15 19:44:23 | 000,000,000 | ---D | C] -- C:\FRST

[2013/03/12 10:46:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinCDEmu

[2013/03/11 21:59:30 | 280,161,016 | ---- | C] (Avira GmbH) -- C:\Users\Jack\Desktop\rescue_system-common-en.exe

[2013/03/10 15:06:44 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{4C6244ED-9BCE-40A1-9EB8-B0CAE49462AE}

[2013/03/06 12:34:38 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{07A2441D-0095-45E6-994E-E8B1AE489296}

[2013/03/06 11:25:34 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{4EB6C993-CDBD-4DDA-9D94-446576AEAD2F}

[2013/03/02 20:46:38 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{180F23B5-90D7-4E82-8E61-908EF8818695}

[2013/03/02 20:13:16 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{E77B2DF5-1EE2-4309-BE04-A6DF9BB319C1}

[2013/02/26 13:09:49 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Roaming\SUPERAntiSpyware.com

[2013/02/26 13:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2013/02/26 12:38:29 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{088132FD-5C49-45C0-BB84-FD166B769BC5}

[2013/02/25 21:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2013/02/25 21:41:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2

[2013/02/25 20:49:41 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\Threat Expert

[2013/02/25 20:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2013/02/25 20:39:06 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Roaming\TestApp

[2013/02/25 14:15:57 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{C366FDD3-17C9-4DAC-AA97-A3D13B38538B}

[2013/02/25 12:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!

[2013/02/25 12:48:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!

[2013/02/25 12:37:57 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{87F49528-DBEF-4EA3-AEEC-1DA9BC67145E}

[2013/02/25 00:54:52 | 000,000,000 | -H-D | C] -- C:\sh4ldr

[2013/02/25 00:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2013/02/25 00:12:23 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{7E596007-1E34-479B-95A2-E56B81AE64AF}

[2013/02/24 12:12:08 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{769CFD7B-69FF-4484-9CB5-FDC57745C7CC}

[2013/02/24 00:10:39 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{5E8457F0-CF4A-4E98-947E-E7753BE2A9FA}

[2013/02/23 10:52:09 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{E7C194DB-AD28-464F-A2C9-4989A0032468}

[2013/02/22 22:46:00 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{A493B2B5-7508-4A36-A674-1B8AC9463630}

[2013/02/22 10:45:45 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{BF2F2B62-5239-4001-8432-CF2B40A44F53}

[2013/02/21 22:45:23 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{22743600-5BFA-4B88-AFD0-7356F892B918}

[2013/02/21 10:44:52 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{7E993DE8-9920-4214-9B1F-F5FC3C97A153}

[2013/02/20 22:42:55 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{BF323527-D796-42AD-9A8D-E473AFD4B53F}

[2013/02/20 10:38:41 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{DE2FAE74-B211-4A94-BA16-428ED3A26538}

[2013/02/19 22:38:25 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{927566A8-FBCD-482F-BA91-F2E1A99FBF52}

[2013/02/19 10:36:43 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{99B78DA5-0CE9-460C-85BB-21E13A795609}

[2013/02/18 22:34:42 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{D58276F1-3824-4A5C-B4A0-D31E8FFC1751}

[2013/02/18 09:21:55 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{E0E6A3B7-463C-4E92-95F7-E52D502FBFCC}

[2013/02/17 18:57:02 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{54027ED9-7258-4869-8A5B-F3A072AEB453}

[2013/02/17 02:34:49 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{66F05F34-4A58-496E-AB9D-AB87BAFADFE6}

[2013/02/16 10:33:46 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{7BC841A7-2777-418A-B116-0F03B1853FFC}

[2013/02/15 14:40:49 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{03BC8A43-9EBC-4148-850A-3AA7AAA90BD8}

[2013/02/14 23:31:40 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{D49230F3-DCE9-41E4-B076-A1A7103D865F}

[2013/02/14 10:45:30 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{A740B04A-BF38-4642-9480-93AB5EB53B9E}

[2013/02/13 10:50:43 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{986BA111-7355-4DFF-A88C-0ECCE6038AEB}

[2013/02/12 10:19:12 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{AD4EF110-BF83-4379-8C74-0A48E23277A6}

[2013/02/11 22:13:22 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{6D5967DA-CD3A-40BE-84D5-143EB2011526}

[2013/02/11 10:11:37 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{39E84A60-B44B-4C12-8879-FE61A73AADBF}

[2013/02/10 09:42:38 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{A2DC5F54-D663-4073-AD85-7EC684B4E1F6}

[2013/02/09 14:44:03 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{6E91F4AA-6D5B-41E4-A8B9-5FC3E6FE5301}

[2013/02/09 00:45:27 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{FF202240-DFE4-4B44-87DD-3264F8A39C52}

[2013/02/08 11:13:19 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{6CF0BCD1-ED89-46D2-97DA-2A675D56EE28}

[2013/02/08 10:14:13 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{B143BF97-0655-41E0-A94B-6A9BD4A1B943}

[2013/02/07 21:05:24 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{9DF1B670-CF4A-462A-A4AE-77ED0ECA6EAE}

[2013/02/07 09:03:32 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{B7EC1D80-2650-4687-A3B4-F74C5F6D94D3}

[2013/02/06 14:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2013/02/06 14:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2013/02/06 13:42:02 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{012BF4EB-50A2-4AC6-9C67-7B97D22A30BC}

[2013/02/05 23:10:33 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{66C94C09-5A5E-4BC0-994E-F0FF07766288}

[2013/02/05 11:10:10 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{287CAAA2-B3C9-43EB-A4A4-66B6570FE0CE}

[2013/02/04 23:08:29 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{C1E4F108-4B17-458D-B1A6-7AB4133DFB08}

[2013/02/04 09:02:20 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{580DAFAD-9F63-4D4F-A849-AB8E73A9C14A}

[2013/02/03 12:15:40 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{013D4242-91C6-48E4-86B7-1AD441D2B321}

[2013/02/02 21:37:50 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{32AD3028-1FD8-4375-A715-79E072FDB456}

[2013/02/02 08:59:46 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{3DD58C74-F8C6-4BD3-8CFC-AB22C3BBD588}

[2013/02/01 10:33:13 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{006B9099-076A-45B5-B120-CC2A665345C5}

[2013/01/31 22:32:58 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{785DF9B1-D7DF-4A36-A461-45E12092FB9B}

[2013/01/31 10:31:14 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{B5594AE3-D58F-4432-8D8E-6AB2749E6387}

[2013/01/30 14:31:11 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{D975B661-1136-41D0-BF6C-80F9397326C0}

[2013/01/30 10:39:38 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{A1E03C13-DB5A-4280-9732-BB82F840C45B}

[2013/01/29 20:19:13 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{8EDD8292-845F-404C-A9D1-E754D16DFF85}

[2013/01/29 09:05:55 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{C748A5CE-982E-40C1-AEAB-53117058F022}

[2013/01/28 10:30:38 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{945454F6-2923-40AA-BB58-830C81CF3521}

[2013/01/27 10:03:37 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{25FD0765-1F98-49CE-9093-B7889C292EEB}

[2013/01/26 11:25:09 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{576F0D42-B620-4626-8C93-71378118F4A4}

[2013/01/25 13:00:01 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{4641D975-5E17-41D8-ADFB-983F24338199}

[2013/01/24 23:09:51 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{2196D01E-9A81-47F9-B756-2245C4C8BE59}

[2013/01/24 09:59:43 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{4BC4894B-36B9-4373-A6AF-FC1BA62CBE80}

[2013/01/23 09:52:34 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{3F9A6BFF-63D0-4F26-BC7A-78F815E42DAF}

[2013/01/22 12:34:31 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{0FE9E57C-7AB1-49B1-9451-CAA3505B9E13}

[2013/01/22 10:26:46 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{B883E6DA-505A-47CF-8092-7CA8BBB3F05A}

[2013/01/21 23:54:28 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{FFC8D570-75EA-4F4C-A8BC-8FFAE374220B}

[2013/01/21 09:36:30 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{4EBF929F-10B9-47BD-8399-C6592DEFA7CB}

[2013/01/20 14:23:51 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{1E5DE7F7-1CEF-40CE-8FA3-543A842130E7}

[2013/01/20 00:23:56 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{3D3BD80C-905A-4F36-A428-3AC9D9DEF759}

[2013/01/19 12:21:55 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{B750625D-FD6F-4BB2-9427-0444A7617913}

[2013/01/18 22:25:37 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{F71C176E-36FE-4582-A698-6BA05E908389}

[2013/01/18 10:25:23 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{D524AAE3-9745-4383-9108-860916DD9261}

[2013/01/17 22:25:08 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{40579498-DF8C-4941-AE1A-BFC3CC030CCE}

[2013/01/17 10:23:08 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\{15E2A04C-BC6C-4C11-B9F3-49C2E87A6175}

========== Files - Modified Within 60 Days ==========

[2013/03/17 22:09:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jack\Desktop\OTL.exe

[2013/03/17 22:05:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/03/17 22:05:06 | 3144,871,936 | -HS- | M] () -- C:\hiberfil.sys

[2013/03/17 17:12:49 | 001,541,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/03/17 17:12:49 | 000,698,554 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat

[2013/03/17 17:12:49 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/03/17 17:12:49 | 000,127,780 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat

[2013/03/17 17:12:49 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/03/16 16:01:00 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/03/16 16:01:00 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/03/14 10:01:24 | 001,605,632 | ---- | M] () -- C:\Users\Jack\Desktop\bootwizard iso.iso

[2013/03/11 22:06:37 | 278,407,168 | ---- | M] () -- C:\Users\Jack\Desktop\rescue_system-common-en.iso

[2013/03/11 22:02:34 | 280,161,016 | ---- | M] (Avira GmbH) -- C:\Users\Jack\Desktop\rescue_system-common-en.exe

[2013/02/26 13:36:01 | 000,000,508 | ---- | M] () -- C:\Windows asks\SUPERAntiSpyware Scheduled Task 63ca8f96-361a-45c6-91a7-c26965370f0d.job

[2013/02/25 11:12:33 | 000,000,152 | -H-- | M] () -- C:\ProgramData\-KqqAuLXXXiuQHkW

[2013/02/25 11:12:31 | 000,000,168 | -H-- | M] () -- C:\ProgramData\-KqqAuLXXXiuQHkWr

[2013/02/25 11:12:24 | 000,000,088 | -H-- | M] () -- C:\ProgramData\KqqAuLXXXiuQHkW

[2013/02/25 00:55:54 | 000,000,000 | ---- | M] () -- C:\autoexec.bat

[2013/02/18 21:04:23 | 000,000,000 | -H-- | M] () -- C:\ProgramData\Ov7tr4Egx.dat

[2013/02/18 21:04:08 | 000,000,001 | -H-- | M] () -- C:\ProgramData 3FuAQhk.exe_.b

[2013/02/18 21:04:08 | 000,000,001 | -H-- | M] () -- C:\ProgramData 3FuAQhk.exe.b

[2013/02/14 00:03:00 | 000,000,258 | ---- | M] () -- C:\Windows asks\OfferBoxUpdate.job

[2013/02/13 23:41:01 | 000,000,978 | ---- | M] () -- C:\Windows asks\Adobe Flash Player Updater.job

[2013/02/13 22:43:01 | 000,001,174 | ---- | M] () -- C:\Windows asks\FacebookUpdateTaskUserS-1-5-21-488496752-2776678865-3593269437-1000UA.job

[2013/02/12 10:43:00 | 000,001,152 | ---- | M] () -- C:\Windows asks\FacebookUpdateTaskUserS-1-5-21-488496752-2776678865-3593269437-1000Core.job

[2013/02/11 21:12:05 | 000,000,328 | ---- | M] () -- C:\Windows asks\HPCeeScheduleForJack.job

[2013/02/07 23:42:03 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/02/07 23:42:03 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/02/06 14:49:35 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2013/03/14 10:01:24 | 001,605,632 | ---- | C] () -- C:\Users\Jack\Desktop\bootwizard iso.iso

[2013/03/11 22:03:01 | 278,407,168 | ---- | C] () -- C:\Users\Jack\Desktop\rescue_system-common-en.iso

[2013/02/26 13:10:37 | 000,000,508 | ---- | C] () -- C:\Windows asks\SUPERAntiSpyware Scheduled Task 63ca8f96-361a-45c6-91a7-c26965370f0d.job

[2013/02/25 00:56:11 | 000,000,287 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoJack Pro for HP ProtectTools.url

[2013/02/25 00:55:54 | 000,000,000 | ---- | C] () -- C:\autoexec.bat

[2013/02/25 00:05:23 | 000,000,168 | -H-- | C] () -- C:\ProgramData\-KqqAuLXXXiuQHkWr

[2013/02/25 00:05:23 | 000,000,152 | -H-- | C] () -- C:\ProgramData\-KqqAuLXXXiuQHkW

[2013/02/25 00:05:20 | 000,000,088 | -H-- | C] () -- C:\ProgramData\KqqAuLXXXiuQHkW

[2013/02/18 21:04:23 | 000,000,000 | -H-- | C] () -- C:\ProgramData\Ov7tr4Egx.dat

[2013/02/18 21:04:08 | 000,000,001 | -H-- | C] () -- C:\ProgramData 3FuAQhk.exe_.b

[2013/02/18 21:04:08 | 000,000,001 | -H-- | C] () -- C:\ProgramData 3FuAQhk.exe.b

[2013/02/06 14:49:35 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/11/12 13:03:49 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2012/11/12 13:03:49 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2012/11/12 13:03:49 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll

[2012/11/12 13:03:48 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2012/11/12 13:03:46 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2012/04/03 10:42:39 | 000,716,318 | ---- | C] () -- C:\Windows\unins000.exe

[2012/04/03 10:42:39 | 000,000,764 | ---- | C] () -- C:\Windows\unins000.dat

[2012/02/13 23:36:39 | 000,000,191 | ---- | C] () -- C:\Windows\KA.INI

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

"ThreadingModel" = Both

"" = C:\$Recycle.Bin\S-1-5-21-488496752-2776678865-3593269437-1000\$53008ddd04364e0673d82aad1dbaa582\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/07/12 08:49:16 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/07/12 08:49:17 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< >

< MD5 for: EXPLORER.EXE >

[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: RUNDLL32.EXE >

[2009/07/14 03:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=51138BEEA3E2C21EC44D0932C71762A8 -- C:\Windows\SysWOW64\rundll32.exe

[2009/07/14 03:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=51138BEEA3E2C21EC44D0932C71762A8 -- C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_d7dba7b30c3e2855\rundll32.exe

[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\rundll32.exe

[2009/07/14 03:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=DD81D91FF3B0763C392422865C9AC12E -- C:\Windows\SysNative\rundll32.exe

[2009/07/14 03:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=DD81D91FF3B0763C392422865C9AC12E -- C:\Windows\winsxs\amd64_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_33fa4336c49b998b\rundll32.exe

< MD5 for: USER32.DLL >

[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >

[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WININIT.EXE >

[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >

[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

...e qui c'é EXTRAS

OTL Extras logfile created on: 17/03/2013 22:13:36 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jack\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,91 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 76,86% Memory free

7,81 Gb Paging File | 6,97 Gb Available in Paging File | 89,22% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 281,16 Gb Total Space | 178,12 Gb Free Space | 63,35% Space Free | Partition Type: NTFS

Drive D: | 16,63 Gb Total Space | 2,40 Gb Free Space | 14,44% Space Free | Partition Type: NTFS

Computer Name: JACK-HP | User Name: Jack | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-488496752-2776678865-3593269437-1000\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03E58067-3193-4061-88CF-6E0E68C05D10}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{04C4ACFC-3072-4B61-A229-B0D7B41AD8A6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{0B78B69C-9DED-4CBF-B9CB-ECECA05495F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{0B8F34F1-5DCC-4333-8E02-A73DD937E515}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{110C260A-B6B5-4EC0-A6BE-119271C4307C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{21257B78-B22B-4005-A631-A3F4DC67F618}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2F5EE4CF-29EB-4C47-87AE-2C29FF28EB59}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{33384E07-E70C-406A-99FE-B00FCE8A1D98}" = lport=2869 | protocol=6 | dir=in | app=system |

"{372CF7F0-2774-4DBA-A797-31A6615EB306}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{3BA0D89A-1559-4B73-BD29-4719B1CCF763}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{450868EE-7CDB-462D-9A25-3CEEBE8242C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{4AD05605-2CEF-4F8F-9AB3-4BEA5B86890A}" = rport=1723 | protocol=6 | dir=out | app=system |

"{4C788639-72BC-4C1F-A58D-BE6D6E97A66E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{4CEFE11B-4FC0-41F6-BE87-279579DDA947}" = lport=138 | protocol=17 | dir=in | app=system |

"{4DD5A8CD-24EF-4B3F-961F-13E962F8F39B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6254552C-ACC9-4C76-B01B-90B216C62F4C}" = rport=445 | protocol=6 | dir=out | app=system |

"{64565B6F-9FBE-4E58-B387-5F94747155B3}" = lport=137 | protocol=17 | dir=in | app=system |

"{6CEABFDA-EF82-4592-8530-BF049DFA52E3}" = lport=10243 | protocol=6 | dir=in | app=system |

"{6E81B55A-113D-43E7-AB42-37FEB48AF6B0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{71034E5E-C9B2-489C-8DDE-FB2697802BDF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{71E33983-5755-4816-B520-F27C5367EDD6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{72F6F80D-EC25-433E-A578-804977AA37CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{778CAD47-71EC-49EE-871A-14C480259492}" = rport=10243 | protocol=6 | dir=out | app=system |

"{7DEB05E6-AF3D-414F-924C-929CF4849DAD}" = rport=1701 | protocol=17 | dir=out | app=system |

"{874180EA-3D22-4C53-868B-6D84A6F16670}" = rport=139 | protocol=6 | dir=out | app=system |

"{87E4B1D7-F2C9-4EF1-8AA5-203F06659ED5}" = lport=445 | protocol=6 | dir=in | app=system |

"{89D6980E-4813-4E0E-BA93-361C12CE0375}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{8A9AE22A-CF08-4E4C-BBF0-8A69A4EC8309}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{90B8B1EE-B5B2-4644-A5D1-B20459B63F0A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{A667A71F-8873-4AB7-80C2-1505BCEA1327}" = rport=137 | protocol=17 | dir=out | app=system |

"{AC7B342B-FE30-4E4F-AB3B-C74FFF53C444}" = rport=138 | protocol=17 | dir=out | app=system |

"{B91273E0-E576-4368-A8A6-21079C46F1DE}" = lport=1723 | protocol=6 | dir=in | app=system |

"{BB03D361-A16E-47A5-8091-7C2567696543}" = lport=1701 | protocol=17 | dir=in | app=system |

"{BEF9DD4C-AAC7-40B8-8203-9A5B3136B82A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{C23C1D1D-4CCC-415D-AA08-02A1FF047366}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{C5D21C13-1BC1-4E73-B977-69390983EAA7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C64B9B03-ED60-45B7-B7D2-3F311A6688C5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{CA9C4079-FF3F-4A54-A545-C1B4A82663B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{CC018EF7-B122-4966-8C66-1938E25581B2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{CC5D5E10-2339-40AA-83BD-750686D4E239}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D3154C4A-6921-4F2D-BA43-D39062C54FFD}" = lport=445 | protocol=6 | dir=in | app=system |

"{D6F9A12B-ABFC-4BAA-BB38-CE11B8EE22F9}" = lport=139 | protocol=6 | dir=in | app=system |

"{DC1A9FFB-C7B3-463B-A575-50CB2F839C6E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{DC649523-4C83-4F4E-87B1-0891DECEAB7D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E5CA636E-7B3A-407B-9E4B-5631778CC14A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{EFCB3B5C-EA29-4485-9B73-3B19C5937364}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{FC6CCF39-46E9-44A7-9847-B3A1744E0B31}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{07BDD182-FE6D-43FD-83CB-D65C0463435B}" = protocol=47 | dir=in | app=system |

"{08F39A83-7AC4-4465-868E-8CDD39D5DBAC}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |

"{0A381B34-E76A-41B6-8620-950CA8ABC2DA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |

"{0F22A530-607A-483A-8BC2-F032DDAE4468}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{1336B00A-6DC5-4C96-878F-AE5C8936E7EA}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |

"{1B47C979-7A59-40D3-884C-7A1B41D7539A}" = protocol=6 | dir=out | app=system |

"{1B4A80DC-714A-42C8-A30E-918ED5E52B27}" = protocol=58 | dir=in | app=system |

"{1B574209-74DD-46DF-B950-D09413EEDF04}" = dir=in | app=c:\users\jack\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{1C4AFE0C-18E9-4A3C-BC15-4318D58399BF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{1D92C059-D292-48FB-865C-0529CD6E3797}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{272B9F15-62D6-4EFF-94B2-45403D6FFB6F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{3B455DFD-D337-4A35-B83A-8137E3BE744F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{3C5C2085-A642-42BB-98E3-B0FD2EE981D3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{3D84AAB7-9F37-413A-A3AE-6BB69449B6D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{3FC23709-8E28-499C-8226-1CBCFA66755D}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"{4157209F-371C-4DDB-838F-FCC475DA15F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{416C34E8-2E40-41EE-ABE5-D9AA8D6EB991}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{52E05145-6C90-4E91-8509-BC66378C27AC}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |

"{56A4C4F8-8C61-4699-9C6F-D4C353BD44BF}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{603EFECA-28FD-4E87-AC8E-FC130E3E4B5C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{60DFA7B0-3BB6-4B00-8E79-0E3F5919D122}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"{6B1E3040-34CE-4778-AC85-24819602EB6D}" = protocol=6 | dir=out | app=system |

"{7C1799AC-5989-4A6A-8609-5E5DE3182BF0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{7EAE7615-59B3-41C8-BEAC-DC66285A9262}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{7EFBAADB-3A60-410D-8316-776EDFA45E17}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{831B7ECE-E9F6-4137-96EA-01B5CCF16658}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{86660909-89F6-4687-B259-65C9BAF33DE0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{93CC143A-AECF-43CC-A300-B80F382E6CE4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{964158F9-06F7-4222-A555-C20CF108525B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{A215A548-49FA-42C8-BA75-AA24F5D67EC4}" = protocol=47 | dir=out | app=system |

"{A5714D50-FA1E-4BE2-B8DB-AB58EF0C964B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{ADDCCF4E-9F17-4959-B1A1-017758080C85}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{AEBED050-54F1-46C2-BFEC-0A90FEC50DC2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{B3E09E48-DA4F-4F40-AEBA-C6FB34151BB7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B801FE4F-F6D7-45BF-B6F7-2E618230D0A9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{B989E67F-32F4-4E66-A387-81BF8A5F79C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{DC0A518C-1B27-406F-8EEF-4FBFE01FDCD8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{DF7F8C18-D783-46C1-AA19-35BE34E47342}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E4B88CCC-68A1-401B-86B3-9C1A2915BCAE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{EC121C26-0819-4AFC-B4EE-2B4DA7E238B7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{ECEAD997-98DE-4685-81FC-3B9280E971B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{ED0024A4-540B-4E90-91E5-17D186F71AC2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{F45D5F1E-351B-40B3-AFBD-986FBDF7C46E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"TCP Query User{05FF3504-A579-420C-A20E-4F40E8267F57}C:\users\jack\appdata\roaming\epzuyc\oqqy.exe" = protocol=6 | dir=in | app=c:\users\jack\appdata\roaming\epzuyc\oqqy.exe |

"TCP Query User{1E8E9FFF-39FB-46FA-BECC-C0E93FF42432}C:\users\jack\appdata\roaming\suag\idov.exe" = protocol=6 | dir=in | app=c:\users\jack\appdata\roaming\suag\idov.exe |

"TCP Query User{2FD6A533-B966-4E5D-B58E-C274082CA0D3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{3F6D142D-B522-4025-A5A4-F4D8460815A9}C:\users\jack\appdata\roaming\arzue\veilpy.exe" = protocol=6 | dir=in | app=c:\users\jack\appdata\roaming\arzue\veilpy.exe |

"TCP Query User{5663EAFE-44E5-49F6-BC86-7BEB3B5A84F1}C:\users\jack\appdata\roaming\aryxy\yvor.exe" = protocol=6 | dir=in | app=c:\users\jack\appdata\roaming\aryxy\yvor.exe |

"TCP Query User{87130A27-55C4-48CC-A765-167CF846E8F7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{A7814752-E1E2-458E-8CA2-2D5D51A0D338}C:\users\jack\desktop\bittorrent-7.6.exe" = protocol=6 | dir=in | app=c:\users\jack\desktop\bittorrent-7.6.exe |

"TCP Query User{BF1E73E4-2820-40B6-8A43-F9006B35A191}C:\users\jack\appdata\roaming\apmo\liow.exe" = protocol=6 | dir=in | app=c:\users\jack\appdata\roaming\apmo\liow.exe |

"TCP Query User{CE963B3E-3035-4D43-AB11-0051069F6DED}C:\users\jack\appdata\roaming\xyule\ahxa.exe" = protocol=6 | dir=in | app=c:\users\jack\appdata\roaming\xyule\ahxa.exe |

"TCP Query User{D52D9FE8-F0E2-43E0-93C6-7D38B3AFDE9F}C:\users\jack\appdata\roaming\epzuyc\oqqy.exe" = protocol=6 | dir=in | app=c:\users\jack\appdata\roaming\epzuyc\oqqy.exe |

"TCP Query User{E18E9836-C9C6-4BBF-BF52-EAD260272FFC}C:\users\jack\desktop\bittorrent-7.6.exe" = protocol=6 | dir=in | app=c:\users\jack\desktop\bittorrent-7.6.exe |

"TCP Query User{F96CC239-9DC4-4816-B774-0269BB076413}C:\users\jack\appdata\roaming\arzue\veilpy.exe" = protocol=6 | dir=in | app=c:\users\jack\appdata\roaming\arzue\veilpy.exe |

"UDP Query User{21DAAF52-E15F-42DB-AFA8-43816B189C3F}C:\users\jack\desktop\bittorrent-7.6.exe" = protocol=17 | dir=in | app=c:\users\jack\desktop\bittorrent-7.6.exe |

"UDP Query User{2A89BB49-DCAB-45C0-AB6A-741C3D84E35A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{5229422C-6601-44C9-AC35-2BF145292DF9}C:\users\jack\desktop\bittorrent-7.6.exe" = protocol=17 | dir=in | app=c:\users\jack\desktop\bittorrent-7.6.exe |

"UDP Query User{59CA3117-8E5E-48D7-8D2F-93B66659640D}C:\users\jack\appdata\roaming\arzue\veilpy.exe" = protocol=17 | dir=in | app=c:\users\jack\appdata\roaming\arzue\veilpy.exe |

"UDP Query User{706038EF-7145-479A-AD62-5E1E65B121F7}C:\users\jack\appdata\roaming\arzue\veilpy.exe" = protocol=17 | dir=in | app=c:\users\jack\appdata\roaming\arzue\veilpy.exe |

"UDP Query User{7181B353-AE75-4BA2-A3EF-A2FCC88B91F5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{A57DC547-182A-46A5-A112-7D5D59BFF5FE}C:\users\jack\appdata\roaming\aryxy\yvor.exe" = protocol=17 | dir=in | app=c:\users\jack\appdata\roaming\aryxy\yvor.exe |

"UDP Query User{AB2C22BC-F71D-49C2-B4F5-B74EBD1CA9CA}C:\users\jack\appdata\roaming\epzuyc\oqqy.exe" = protocol=17 | dir=in | app=c:\users\jack\appdata\roaming\epzuyc\oqqy.exe |

"UDP Query User{C7B0EDA9-9203-4913-B098-C9E1D0A04E5D}C:\users\jack\appdata\roaming\epzuyc\oqqy.exe" = protocol=17 | dir=in | app=c:\users\jack\appdata\roaming\epzuyc\oqqy.exe |

"UDP Query User{E1CF1F58-AEC7-49E0-9CE6-1601513CB444}C:\users\jack\appdata\roaming\suag\idov.exe" = protocol=17 | dir=in | app=c:\users\jack\appdata\roaming\suag\idov.exe |

"UDP Query User{E6EE7F88-7152-42CB-8532-24A80C7D792D}C:\users\jack\appdata\roaming\apmo\liow.exe" = protocol=17 | dir=in | app=c:\users\jack\appdata\roaming\apmo\liow.exe |

"UDP Query User{FBDD58B9-7F42-407D-BA9C-2B2F7CAA48F8}C:\users\jack\appdata\roaming\xyule\ahxa.exe" = protocol=17 | dir=in | app=c:\users\jack\appdata\roaming\xyule\ahxa.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack

"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java 6 Update 20 (64-bit)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F8C434E8-6DD0-496A-8B4C-22714B1DC6C1}" = HP Wireless Assistant

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1" = PowerOffer 2.0

"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{3E70F8B2-2ADE-4F83-8AD8-BDB602985E98}_is1" = Vlc versione 1.1.8

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack

"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0

"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup

"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7C36414C-DC87-4943-A525-BC1717BA17C9}" = HP Documentation

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2010

"{90140000-0015-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2010

"{90140000-0016-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2010

"{90140000-0018-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2010

"{90140000-0019-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2010

"{90140000-001A-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2010

"{90140000-001B-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0410-1000-0000000FF1CE}_Office14.PROPLUS_{6664EABC-4985-4C45-925C-6E23AB142266}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2010

"{90140000-002C-0410-0000-0000000FF1CE}_Office14.PROPLUS_{711BC808-AC64-48E2-82B2-6B53BB802142}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2010

"{90140000-0044-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2010

"{90140000-006E-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C9172EE7-BDCA-4E57-9217-4C589947298B}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2010

"{90140000-00A1-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2010

"{90140000-00BA-0410-0000-0000000FF1CE}_Office14.PROPLUS_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5

"{A690270E-4A01-4BD6-8C23-C4413477EE2D}" = Simple Adblock

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287

"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo

"{C4A101B4-5D76-4508-93C9-BF799A2A2BA3}" = HP Software Framework

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion

"{C89F2092-B9E4-46FD-83BB-C6F2D7838CED}" = Windows Live Sync

"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer

"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Avira AntiVir Desktop" = Avira Free Antivirus

"BitTorrent" = BitTorrent

"EasyBits Magic Desktop" = Magic Desktop

"FG_2.4" = Alkupolku Ekaluokka v2.4

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.4.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.65.1.1000

"NIS" = Norton Internet Security

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"vfd-ob" = VideoFileDownload

"VLC media player" = VLC media player 1.1.8

"WildTangent hp Master Uninstall" = HP Games

"WinDjView" = WinDjView 1.0.3

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.01 (32-bit)

"WT087394" = Penguins!

"WT087501" = Plants vs. Zombies

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 10/03/2013 09:15:00 | Computer Name = Jack-HP | Source = Application Error | ID = 1000

Description = Nome dell'applicazione che ha generato l'errore: pctsSvc.exe, versione:

9.1.0.2894, timestamp: 0x509054e5 Nome del modulo che ha generato l'errore: rtl100.bpl,

versione: 11.0.2902.10471, timestamp: 0x475fc385 Codice eccezione: 0xc0000005 Offset

errore 0x0000a264 ID processo che ha generato l'errore: 0x834 Ora di avvio dell'applicazione

che ha generato l'errore: 0x01ce1d8ff6661aa0 Percorso dell'applicazione che ha generato

l'errore: C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe Percorso

del modulo che ha generato l'errore: C:\Program Files (x86)\PC Tools\PC Tools Security\rtl100.bpl

ID

segnalazione: 825fe8dd-8984-11e2-836a-78acc04d488c

Error - 10/03/2013 12:00:34 | Computer Name = Jack-HP | Source = PowerOffer Service | ID = 0

Description = Impossibile avviare il servizio. System.ArgumentException: Nessun

valore con il nome specificato. in System.ThrowHelper.ThrowArgumentException(ExceptionResource

resource) in Microsoft.Win32.RegistryKey.DeleteValue(String name, Boolean throwOnMissingValue)

in Microsoft.Win32.RegistryKey.DeleteValue(String name) in PowerOfferService.Helper.RegistryHelper.SetRunRegistry()

in PowerOfferService.Service1.OnStart(String[] args) in System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object

state)

Error - 10/03/2013 13:27:29 | Computer Name = Jack-HP | Source = Microsoft-Windows-CAPI2 | ID = 512

Description = Servizi di crittografia: impossibile inizializzare l'oggetto writer

del sistema per il backup del servizio Copia Shadow del volume. Details: Could not

query the status of the EventSystem service. System Error: Arresto del sistema in

corso... .

Error - 12/03/2013 04:46:40 | Computer Name = Jack-HP | Source = System Restore | ID = 8193

Description =

Error - 12/03/2013 04:46:43 | Computer Name = Jack-HP | Source = Application Error | ID = 1000

Description = Nome dell'applicazione che ha generato l'errore: regsvr32.exe, versione:

6.1.7600.16385, timestamp: 0x4a5bca28 Nome del modulo che ha generato l'errore:

WinCDEmuContextMenu.dll_unloaded, versione: 0.0.0.0, timestamp: 0x4e402656 Codice

eccezione: 0xc0000005 Offset errore 0x7208eb75 ID processo che ha generato l'errore:

0x358 Ora di avvio dell'applicazione che ha generato l'errore: 0x01ce1efe16113a55

Percorso

dell'applicazione che ha generato l'errore: C:\Windows\SysWOW64\regsvr32.exe Percorso

del modulo che ha generato l'errore: WinCDEmuContextMenu.dll ID segnalazione: 5d0a2547-8af1-11e2-a3fb-78acc04d488c

Error - 12/03/2013 04:47:43 | Computer Name = Jack-HP | Source = Application Error | ID = 1000

Description = Nome dell'applicazione che ha generato l'errore: regsvr32.exe, versione:

6.1.7600.16385, timestamp: 0x4a5bca28 Nome del modulo che ha generato l'errore:

WinCDEmuContextMenu.dll_unloaded, versione: 0.0.0.0, timestamp: 0x4e402656 Codice

eccezione: 0xc0000005 Offset errore 0x720deb75 ID processo che ha generato l'errore:

0x784 Ora di avvio dell'applicazione che ha generato l'errore: 0x01ce1efe3a29d83d

Percorso

dell'applicazione che ha generato l'errore: C:\Windows\SysWOW64\regsvr32.exe Percorso

del modulo che ha generato l'errore: WinCDEmuContextMenu.dll ID segnalazione: 80cab045-8af1-11e2-a3fb-78acc04d488c

Error - 15/03/2013 13:38:07 | Computer Name = Jack-HP | Source = PowerOffer Service | ID = 0

Description = Impossibile avviare il servizio. System.ArgumentException: Nessun

valore con il nome specificato. in System.ThrowHelper.ThrowArgumentException(ExceptionResource

resource) in Microsoft.Win32.RegistryKey.DeleteValue(String name, Boolean throwOnMissingValue)

in Microsoft.Win32.RegistryKey.DeleteValue(String name) in PowerOfferService.Helper.RegistryHelper.SetRunRegistry()

in PowerOfferService.Service1.OnStart(String[] args) in System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object

state)

Error - 15/03/2013 17:09:02 | Computer Name = Jack-HP | Source = PowerOffer Service | ID = 0

Description = Impossibile avviare il servizio. System.ArgumentException: Nessun

valore con il nome specificato. in System.ThrowHelper.ThrowArgumentException(ExceptionResource

resource) in Microsoft.Win32.RegistryKey.DeleteValue(String name, Boolean throwOnMissingValue)

in Microsoft.Win32.RegistryKey.DeleteValue(String name) in PowerOfferService.Helper.RegistryHelper.SetRunRegistry()

in PowerOfferService.Service1.OnStart(String[] args) in System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object

state)

Error - 16/03/2013 10:29:36 | Computer Name = Jack-HP | Source = SideBySide | ID = 16842832

Description = Generazione del contesto di attivazione non riuscita per "C:\Users\Jack\Desktop\Set-Up\bittorrent.exe".

Errore nel file manifesto o dei criteri "", alla riga . Una versione del componente

richiesta dall'applicazione è in conflitto con un'altra versione del componente

già attiva. Componenti in conflitto:. Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Componente

2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 16/03/2013 10:30:16 | Computer Name = Jack-HP | Source = System Restore | ID = 8193

Description =

Error - 17/03/2013 11:22:35 | Computer Name = Jack-HP | Source = Avira Antivirus | ID = 4109

Description = Il motore è stato modificato o danneggiato! Codice errore: 0x9

Error - 17/03/2013 11:22:49 | Computer Name = Jack-HP | Source = PowerOffer Service | ID = 0

Description = Impossibile avviare il servizio. System.ArgumentException: Nessun

valore con il nome specificato. in System.ThrowHelper.ThrowArgumentException(ExceptionResource

resource) in Microsoft.Win32.RegistryKey.DeleteValue(String name, Boolean throwOnMissingValue)

in Microsoft.Win32.RegistryKey.DeleteValue(String name) in PowerOfferService.Helper.RegistryHelper.SetRunRegistry()

in PowerOfferService.Service1.OnStart(String[] args) in System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object

state)

[ Hewlett-Packard Events ]

Error - 03/02/2012 14:34:15 | Computer Name = Jack-HP | Source = Hewlett-Packard | ID = 0

Description = it-IT Impossibile trovare una parte del percorso 'C:\ProgramData\Hewlett-Packard\HP

Support Framework\Logs\Temp\HPSA\HPSASession_201202032034.xml'. mscorlib in System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath) in System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy) in System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) in

System.IO.StreamWriter.CreateFile(String path, Boolean append) in System.IO.StreamWriter..ctor(String

path, Boolean append, Encoding encoding, Int32 bufferSize) in System.IO.StreamWriter..ctor(String

path, Boolean append, Encoding encoding) in System.IO.File.WriteAllText(String

path, String contents, Encoding encoding) in HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

Error - 10/02/2012 14:21:26 | Computer Name = Jack-HP | Source = Hewlett-Packard | ID = 0

Description = it-IT Impossibile trovare una parte del percorso 'C:\ProgramData\Hewlett-Packard\HP

Support Framework\Logs\Temp\HPSA\HPSASession_201202102021.xml'. mscorlib in System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath) in System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy) in System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) in

System.IO.StreamWriter.CreateFile(String path, Boolean append) in System.IO.StreamWriter..ctor(String

path, Boolean append, Encoding encoding, Int32 bufferSize) in System.IO.StreamWriter..ctor(String

path, Boolean append, Encoding encoding) in System.IO.File.WriteAllText(String

path, String contents, Encoding encoding) in HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

Error - 17/02/2012 15:04:14 | Computer Name = Jack-HP | Source = Hewlett-Packard | ID = 0

Description = it-IT Impossibile trovare una parte del percorso 'C:\ProgramData\Hewlett-Packard\HP

Support Framework\Logs\Temp\HPSA\HPSASession_201202172104.xml'. mscorlib in System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath) in System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy) in System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) in

System.IO.StreamWriter.CreateFile(String path, Boolean append) in System.IO.StreamWriter..ctor(String

path, Boolean append, Encoding encoding, Int32 bufferSize) in System.IO.StreamWriter..ctor(String

path, Boolean append, Encoding encoding) in System.IO.File.WriteAllText(String

path, String contents, Encoding encoding) in HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

Error - 24/02/2012 14:14:30 | Computer Name = Jack-HP | Source = Hewlett-Packard | ID = 0

Description = it-IT Impossibile trovare una parte del percorso 'C:\ProgramData\Hewlett-Packard\HP

Support Framework\Logs\Temp\HPSA\HPSASession_201202242014.xml'. mscorlib in System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath) in System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy) in System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) in

System.IO.StreamWriter.CreateFile(String path, Boolean append) in System.IO.StreamWriter..ctor(String

path, Boolean append, Encoding encoding, Int32 bufferSize) in System.IO.StreamWriter..ctor(String

path, Boolean append, Encoding encoding) in System.IO.File.WriteAllText(String

path, String contents, Encoding encoding) in HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

Error - 25/05/2012 05:22:21 | Computer Name = Jack-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 06/07/2012 06:42:53 | Computer Name = Jack-HP | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2146233088 in HPSFConfigReader.ConfigHelper.loadXML()

in HPSFConfigReader.ConfigHelper..ctor() in HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean

isOnAppLoad) Message: Generata eccezione di tipo 'System.Exception'. StackTrace:

in HPSFConfigReader.ConfigHelper.loadXML() in HPSFConfigReader.ConfigHelper..ctor()

in HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean

isOnAppLoad) Source: HPSFConfigReader Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program

Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: it-IT RAM: 3998

Ram

Utilization: 40 TargetSite: Void loadXML()

Error - 10/03/2013 09:32:03 | Computer Name = Jack-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 10/03/2013 09:34:22 | Computer Name = Jack-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 10/03/2013 09:34:50 | Computer Name = Jack-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 10/03/2013 09:40:36 | Computer Name = Jack-HP | Source = HPSF.exe | ID = 4000

Description =

[ HP Wireless Assistant Events ]

Error - 10/10/2011 03:38:10 | Computer Name = Jack-HP | Source = HP WA Application | ID = 0

Description = System.Exception HardwareAccess hasn't been instantiated properly.

in PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 23/06/2012 02:30:47 | Computer Name = Jack-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Chiamata annullata dal

filtro messaggi. (Eccezione da HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) in System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) in System.Management.ManagementScope.InitializeGuts(Object

o) in System.Management.ManagementScope.Initialize() in System.Management.ManagementObjectSearcher.Initialize()

in System.Management.ManagementObjectSearcher.Get() in HPPA_Service.CurrentConfiguration.FindDevice(String

hostPath, String portName) in HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1

radios) in HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 23/09/2012 04:46:23 | Computer Name = Jack-HP | Source = HP WA Application | ID = 0

Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;

failed to create hardware layer Errore dell'applicazione. in HardwareAccess.Hardware..ctor(Dispatcher

dispatcher, ServicePort port, Int32 timeout) in HardwareAccess.Hardware.Create(Dispatcher

dispatcher, ServicePort port, Int32 timeout) in HPWA_Main.App.ApplicationStartup(Object

sender, StartupEventArgs args)

Error - 23/09/2012 04:46:33 | Computer Name = Jack-HP | Source = HP WA Application | ID = 0

Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 03/11/2012 11:58:10 | Computer Name = Jack-HP | Source = HP WA Application | ID = 0

Description = System.Exception HardwareAccess hasn't been instantiated properly.

in PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 24/02/2013 18:37:12 | Computer Name = Jack-HP | Source = HP WA Application | ID = 0

Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;

failed to create hardware layer Errore dell'applicazione. in HardwareAccess.Hardware..ctor(Dispatcher

dispatcher, ServicePort port, Int32 timeout) in HardwareAccess.Hardware.Create(Dispatcher

dispatcher, ServicePort port, Int32 timeout) in HPWA_Main.App.ApplicationStartup(Object

sender, StartupEventArgs args)

Error - 24/02/2013 18:37:19 | Computer Name = Jack-HP | Source = HP WA Application | ID = 0

Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 25/02/2013 08:34:29 | Computer Name = Jack-HP | Source = HP WA Application | ID = 0

Description = System.Exception HardwareAccess hasn't been instantiated properly.

in PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 25/02/2013 16:08:27 | Computer Name = Jack-HP | Source = HP WA Application | ID = 0

Description = System.Exception HardwareAccess hasn't been instantiated properly.

in PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 02/03/2013 14:17:14 | Computer Name = Jack-HP | Source = HP WA Application | ID = 0

Description = System.Exception HardwareAccess hasn't been instantiated properly.

in PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

[ System Events ]

Error - 17/03/2013 16:19:35 | Computer Name = Jack-HP | Source = Service Control Manager | ID = 7001

Description = Il servizio Browser di computer dipende dal servizio Server che non

è stato avviato per il seguente errore: %%1068

Error - 17/03/2013 16:19:59 | Computer Name = Jack-HP | Source = Service Control Manager | ID = 7001

Description = Il servizio Browser di computer dipende dal servizio Server che non

è stato avviato per il seguente errore: %%1068

Error - 17/03/2013 16:19:59 | Computer Name = Jack-HP | Source = Service Control Manager | ID = 7001

Description = Il servizio Browser di computer dipende dal servizio Server che non

è stato avviato per il seguente errore: %%1068

Error - 17/03/2013 16:19:59 | Computer Name = Jack-HP | Source = Service Control Manager | ID = 7001

Description = Il servizio Browser di computer dipende dal servizio Server che non

è stato avviato per il seguente errore: %%1068

Error - 17/03/2013 16:21:41 | Computer Name = Jack-HP | Source = Service Control Manager | ID = 7001

Description = Il servizio Browser di computer dipende dal servizio Server che non

è stato avviato per il seguente errore: %%1068

Error - 17/03/2013 16:21:41 | Computer Name = Jack-HP | Source = Service Control Manager | ID = 7001

Description = Il servizio Browser di computer dipende dal servizio Server che non

è stato avviato per il seguente errore: %%1068

Error - 17/03/2013 16:21:41 | Computer Name = Jack-HP | Source = Service Control Manager | ID = 7001

Description = Il servizio Browser di computer dipende dal servizio Server che non

è stato avviato per il seguente errore: %%1068

Error - 17/03/2013 16:21:59 | Computer Name = Jack-HP | Source = Service Control Manager | ID = 7001

Description = Il servizio Browser di computer dipende dal servizio Server che non

è stato avviato per il seguente errore: %%1068

Error - 17/03/2013 16:21:59 | Computer Name = Jack-HP | Source = Service Control Manager | ID = 7001

Description = Il servizio Browser di computer dipende dal servizio Server che non

è stato avviato per il seguente errore: %%1068

Error - 17/03/2013 16:21:59 | Computer Name = Jack-HP | Source = Service Control Manager | ID = 7001

Description = Il servizio Browser di computer dipende dal servizio Server che non

è stato avviato per il seguente errore: %%1068

< End of report >

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Inviato (modificato)

Ciao.

Il pc è messo maluccio , anche perchè c'è un misto tra rootkit Zeroaccess , bootkit e spyware.

Seguimi attentamente alla lettera.

PREMESSA:non utilizzare/aprire nessun software in fase di pulizia , ciò comporterebbe un rischio sia in ambito di sicurezza che di stabilità , attieniti SOLO alle istruzioni.

Apri OTL

sotto custom scans/fixes

copia-incolla questo codice:

:OTL

SRV - (PowerOffer Service) -- C:\Users\Jack\AppData\Local\PosService\Pos.exe (PowerOfferService)

SRV - (ServUpdater) -- C:\Users\Jack\AppData\Local\ServUpdater\ServiceUpd.exe (ServiceUpd)

O4 - HKLM..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe (PLauncher)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18CEE218-575F-4FAF-8EF0-59AC9B8A07DA}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A39787C-11FD-4937-9B83-4CE3629F1421}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AF12746-256E-4D5C-B4EE-6315AE198326}: NameServer = 8.8.8.8,8.8.4.4

[2013/02/18 21:04:23 | 000,000,000 | -H-- | M] () -- C:\ProgramData\Ov7tr4Egx.dat

[2013/02/18 21:04:08 | 000,000,001 | -H-- | M] () -- C:\ProgramData 3FuAQhk.exe_.b

[2013/02/18 21:04:08 | 000,000,001 | -H-- | M] () -- C:\ProgramData 3FuAQhk.exe.b

[2012/04/03 10:42:39 | 000,716,318 | ---- | C] () -- C:\Windows\unins000.exe

[2012/04/03 10:42:39 | 000,000,764 | ---- | C] () -- C:\Windows\unins000.dat

:Files

ipconfig /flushdns /c

C:\ProgramData\-KqqAuLXXXiuQHkWr

C:\ProgramData\-KqqAuLXXXiuQHkW

C:\ProgramData\KqqAuLXXXiuQHkW

:Commands

[EMPTYTEMP]

[REBOOT]

Clicca in alto sul pulsante 2eejtxj.jpg

Aspetta le operazioni senza interferire

posta il resoconto nella tua prossima risposta.

2)Scarica RogueKiller sul desktop.

Tasto destro -> esegui come amministratore

Attendi il caricamento

accetta i termini di utilizzo

clicca su "scansiona" a destra.

dopo la scansione sul desktop troverai il log di RogueKiller , postalo qui copia-incollandolo.

Seguiranno altre istruzioni.

Modificato da tecnico24

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Anzitutto, grazie mille per il supporto. Comunque, la situazione é leggermente migliorata, ora le cartelle sono ricomparse sul desktop. Roguekiller é partito e ha trovato una decina di infezioni. Ora posto i due resoconti.

report di OTL:

All processes killed

========== OTL ==========

Service PowerOffer Service stopped successfully!

Service PowerOffer Service deleted successfully!

C:\Users\Jack\AppData\Local\PosService\Pos.exe moved successfully.

Service ServUpdater stopped successfully!

Service ServUpdater deleted successfully!

C:\Users\Jack\AppData\Local\ServUpdater\ServiceUpd.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PosService deleted successfully.

C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe moved successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{18CEE218-575F-4FAF-8EF0-59AC9B8A07DA}\\NameServer| /E : value set successfully!

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5A39787C-11FD-4937-9B83-4CE3629F1421}\\NameServer| /E : value set successfully!

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\\NameServer| /E : value set successfully!

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9AF12746-256E-4D5C-B4EE-6315AE198326}\\NameServer| /E : value set successfully!

C:\ProgramData\Ov7tr4Egx.dat moved successfully.

File C:\ProgramData 3FuAQhk.exe_.b not found.

File C:\ProgramData 3FuAQhk.exe.b not found.

C:\Windows\unins000.exe moved successfully.

C:\Windows\unins000.dat moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Configurazione IP di Windows

Cache del resolver DNS svuotata.

C:\Users\Jack\Desktop\cmd.bat deleted successfully.

C:\Users\Jack\Desktop\cmd.txt deleted successfully.

C:\ProgramData\-KqqAuLXXXiuQHkWr moved successfully.

C:\ProgramData\-KqqAuLXXXiuQHkW moved successfully.

C:\ProgramData\KqqAuLXXXiuQHkW moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 58264 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Jack

->Temp folder emptied: 55915654 bytes

->Temporary Internet Files folder emptied: 324109921 bytes

->Java cache emptied: 510198 bytes

->Flash cache emptied: 73605 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 215361876 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33402 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 568,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 03182013_095013

Files\Folders moved on Reboot...

File move failed. C:\Users\Jack\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

File move failed. C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat scheduled to be moved on reboot.

File move failed. C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat scheduled to be moved on reboot.

C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XAE4U80W\xd_arbiter[2].htm moved successfully.

C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XAE4U80W\zrt_lookup[2].htm moved successfully.

C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SD5TR5CZ\like[1].htm moved successfully.

C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPBM21HD\ads[1].htm moved successfully.

File\Folder C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPBM21HD\fastbutton[4].htm not found!

C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPBM21HD\xd_arbiter[1].htm moved successfully.

C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLVULRXC\page__st__20[1].htm moved successfully.

C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M94JRJ4C\g1381613-pmem[1].htm moved successfully.

File\Folder C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M94JRJ4C\oauth[1].htm not found!

C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M94JRJ4C ubexxxvid_com[1].htm moved successfully.

C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LP7V7A2E\ads[2].htm moved successfully.

C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ER3M30PG\privacy[1].htm moved successfully.

C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\601RTG1R\fastbutton[3].htm moved successfully.

C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1WIRUKF5\ads[1].htm moved successfully.

C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1WIRUKF5\xd_arbiter[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Report di ROGUE KILLER:

RogueKiller V8.5.3 [Mar 16 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User : Jack [Admin rights]

Mode : Scan -- Date : 03/18/2013 10:18:03

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[RUN][bLACKLISTDLL] HKCU\[...]\Run : peapo (rundll32.exe ",CreateTempFile) -> Trovato

[RUN][bLACKLISTDLL] HKUS\S-1-5-21-488496752-2776678865-3593269437-1000[...]\Run : peapo (rundll32.exe ",CreateTempFile) -> Trovato

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> Trovato

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Trovato

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Trovato

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-488496752-2776678865-3593269437-1000\$53008ddd04364e0673d82aad1dbaa582\n.) [x] -> Trovato

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-488496752-2776678865-3593269437-1000\$53008ddd04364e0673d82aad1dbaa582\@ [-] --> Trovato

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-488496752-2776678865-3593269437-1000\$53008ddd04364e0673d82aad1dbaa582\U --> Trovato

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-488496752-2776678865-3593269437-1000\$53008ddd04364e0673d82aad1dbaa582\L --> Trovato

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++

--- User ---

[MBR] 98121767a70c85fbbfcc8c22dad37809

[bSP] 7490bf78e379dcf8d50577327b9909ef : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 287907 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 590043136 | Size: 17034 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] 22b4bc6e0afd44f231684c8601daeb81

[bSP] 7a8e9095e8ddb5e55c5da64a5f8a4c7e : MaxSS MBR Code!

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 287907 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 590043136 | Size: 17034 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] 22b4bc6e0afd44f231684c8601daeb81

[bSP] 7a8e9095e8ddb5e55c5da64a5f8a4c7e : MaxSS MBR Code!

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 287907 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 590043136 | Size: 17034 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo

Finished : << RKreport[1]_S_03182013_02d1018.txt >>

RKreport[1]_S_03182013_02d1018.txt

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Inviato (modificato)

Ciao.

Apri RogueKiller :tasto destro -> esegui come amministratore

Spunta SOLO queste voci (il restante dovrai deselezionarlo tu stesso):

[RUN][bLACKLISTDLL] HKCU\[...]\Run : peapo (rundll32.exe ",CreateTempFile) -> Trovato

[RUN][bLACKLISTDLL] HKUS\S-1-5-21-488496752-2776678865-3593269437-1000[...]\Run : peapo (rundll32.exe ",CreateTempFile) -> Trovato

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-488496752-2776678865-3593269437-1000\$53008ddd04364e0673d82aad1dbaa582\@ [-] --> Trovato

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-488496752-2776678865-3593269437-1000\$53008ddd04364e0673d82aad1dbaa582\U --> Trovato

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-488496752-2776678865-3593269437-1000\$53008ddd04364e0673d82aad1dbaa582\L --> Trovato

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-488496752-2776678865-3593269437-1000\$53008ddd04364e0673d82aad1dbaa582\n.) [x] -> Trovato

Clicca a destra su "Cancella".

Riapri RogueKiller con i diritti amministrativi

attendi il caricamento

Portati nella scheda MBR

In phsycal drive seleziona a destra 0

clicca a destra su RIPARA MBR

attendi le operazioni e confermami che siano state completate correttamente.

2)Scarica Mbam anti-rootkit sul desktop.

scompatta la cartella .zip sul desktop

tasto destro su mbar.exe -> esegui come amministratore

Alla richiesta che ti appare Registry value"AppIniT_Dlls" has been found..." clicca su No

Premi Next

clicca su Update per fare l'aggiornamento

Lascia stare la spunta a

Drivers - Sector - System

Premi Scan per far partire la scansione

Se rileva minaccie , assicurati che siano selezionate

Clicca su Cleanup

Se necessario , ti richiederà il riavvio , acconsenti

Al termine di tutto , nella cartella di Mbar 1.0.1.0.1009 c'è il file system-log.txt

postalo copia-incollandolo .

Dopo le varie operazioni , posta:

un nuovo report di RogueKiller , per verificare le corrette eliminazioni delle infezioni

il log di malwarebytes anti-rootkit

e la conferma della riparazione dell'MBR .

Modificato da tecnico24

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Allora, roguekiller continua a rilevarmi un'infezione... Il MBR non risulta riparato, anche se pure malwarebytes l'aveva individuato e avevo cliccato cleanup e poi riavviato. Comunque, qua ci sono i due log

ROGUEKILLER

RogueKiller V8.5.3 [Mar 16 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode

User : Jack [Admin rights]

Mode : Scan -- Date : 03/18/2013 14:15:00

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : Z1 (cmd /c "C:\Users\Jack\Desktop\mbar-1.01.0.1021\mbar\mbar.exe" /cleanup /s) [7] -> Trovato

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++

--- User ---

[MBR] 98121767a70c85fbbfcc8c22dad37809

[bSP] 7490bf78e379dcf8d50577327b9909ef : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 287907 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 590043136 | Size: 17034 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_03182013_02d1415.txt >>

RKreport[1]_S_03182013_02d1415.txt

MALWAREBYTES

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1021

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.094000 GHz

Memory total: 4193165312, free: 3210813440

------------ Kernel report ------------

03/18/2013 14:08:00

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers cpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS dx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS unnel.sys

\SystemRoot\system32\drivers\usbuhci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\rtl8192se.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers ermdd.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\framebuf.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\advapi32.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8005930790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa80046db050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

Initialization returned 0x0

Load Function returned 0x0

Downloaded database version: v2013.03.18.07

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8005930790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80059302c0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005930790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80046db050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a003763920, 0xfffffa8005930790, 0xfffffa8004900090

Lower DeviceData: 0xfffff8a0033855d0, 0xfffffa80046db050, 0xfffffa800490d940

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Drive 0

Scanning MBR on drive 0...

MBR buffers are not equal

MBR is forged! [589dc7ed71be31344fb32a3cd5d0005e]

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: FEE7FFC8

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 407552

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 409600 Numsec = 589633536

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 590043136 Numsec = 34885632

Partition 3 type is Other (0xc)

Partition is NOT ACTIVE.

Partition starts at LBA: 624928768 Numsec = 211632

Infected: MBR on Drive 0 --> [bootkit.TDL4.A.MBR]

Replacement MBR for a drive 0 found

MBR infection found on drive 0

Disk Size: 320072933376 bytes

Sector size: 512 bytes

Done!

Scan finished

Creating System Restore point...

Could not create restore point...

Scheduling clean up...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ottimo lavoro.

Elimina la copia di TDSS Killer corrotta sul desktop , riscaricala seguendo le istruzioni riportate sopra (eseguendo tutti i passaggi).

posta il resoconto.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Allora, adesso tdss é partito! ha rilevato 4infezioni e mi dava come opzione skip e ho lasciato quella. qui ci sono i due log che c'erano su C.

TDSSKILLER LOG

15:00:54.0714 0976 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

15:00:56.0742 0976 ============================================================

15:00:56.0742 0976 Current date / time: 2013/03/18 15:00:56.0742

15:00:56.0742 0976 SystemInfo:

15:00:56.0742 0976

15:00:56.0742 0976 OS Version: 6.1.7601 ServicePack: 1.0

15:00:56.0742 0976 Product type: Workstation

15:00:56.0742 0976 ComputerName: JACK-HP

15:00:56.0742 0976 UserName: Jack

15:00:56.0742 0976 Windows directory: C:\Windows

15:00:56.0742 0976 System windows directory: C:\Windows

15:00:56.0742 0976 Running under WOW64

15:00:56.0742 0976 Processor architecture: Intel x64

15:00:56.0742 0976 Number of processors: 2

15:00:56.0742 0976 Page size: 0x1000

15:00:56.0742 0976 Boot type: Safe boot with network

15:00:56.0742 0976 ============================================================

15:00:57.0725 0976 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:00:57.0725 0976 ============================================================

15:00:57.0725 0976 \Device\Harddisk0\DR0:

15:00:57.0725 0976 MBR partitions:

15:00:57.0725 0976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

15:00:57.0725 0976 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23251800

15:00:57.0725 0976 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x232B5800, BlocksNum 0x2145000

15:00:57.0725 0976 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0

15:00:57.0725 0976 ============================================================

15:00:57.0756 0976 C: <-> \Device\Harddisk0\DR0\Partition2

15:00:57.0803 0976 D: <-> \Device\Harddisk0\DR0\Partition3

15:00:57.0803 0976 ============================================================

15:00:57.0803 0976 Initialize success

15:00:57.0803 0976 ============================================================

15:02:30.0327 0108 Deinitialize success

Secondo TDSSKILLER LOG

15:04:13.0705 1148 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

15:04:13.0892 1148 ============================================================

15:04:13.0892 1148 Current date / time: 2013/03/18 15:04:13.0892

15:04:13.0892 1148 SystemInfo:

15:04:13.0892 1148

15:04:13.0892 1148 OS Version: 6.1.7601 ServicePack: 1.0

15:04:13.0892 1148 Product type: Workstation

15:04:13.0892 1148 ComputerName: JACK-HP

15:04:13.0892 1148 UserName: Jack

15:04:13.0892 1148 Windows directory: C:\Windows

15:04:13.0892 1148 System windows directory: C:\Windows

15:04:13.0892 1148 Running under WOW64

15:04:13.0908 1148 Processor architecture: Intel x64

15:04:13.0908 1148 Number of processors: 2

15:04:13.0908 1148 Page size: 0x1000

15:04:13.0908 1148 Boot type: Safe boot

15:04:13.0908 1148 ============================================================

15:04:14.0282 1148 BG loaded

15:04:14.0953 1148 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:04:14.0953 1148 ============================================================

15:04:14.0953 1148 \Device\Harddisk0\DR0:

15:04:14.0953 1148 MBR partitions:

15:04:14.0953 1148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

15:04:14.0953 1148 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23251800

15:04:14.0953 1148 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x232B5800, BlocksNum 0x2145000

15:04:14.0953 1148 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0

15:04:14.0953 1148 ============================================================

15:04:14.0984 1148 C: <-> \Device\Harddisk0\DR0\Partition2

15:04:15.0031 1148 D: <-> \Device\Harddisk0\DR0\Partition3

15:04:15.0031 1148 ============================================================

15:04:15.0031 1148 Initialize success

15:04:15.0031 1148 ============================================================

15:04:37.0838 1184 ============================================================

15:04:37.0838 1184 Scan started

15:04:37.0838 1184 Mode: Manual; SigCheck; TDLFS;

15:04:37.0838 1184 ============================================================

15:04:38.0338 1184 ================ Scan system memory ========================

15:04:38.0338 1184 System memory - ok

15:04:38.0338 1184 ================ Scan services =============================

15:04:38.0525 1184 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

15:04:39.0742 1184 1394ohci - ok

15:04:39.0820 1184 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

15:04:39.0835 1184 ACPI - ok

15:04:39.0898 1184 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

15:04:39.0976 1184 AcpiPmi - ok

15:04:40.0116 1184 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

15:04:40.0132 1184 AdobeFlashPlayerUpdateSvc - ok

15:04:40.0225 1184 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

15:04:40.0256 1184 adp94xx - ok

15:04:40.0319 1184 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

15:04:40.0334 1184 adpahci - ok

15:04:40.0397 1184 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

15:04:40.0412 1184 adpu320 - ok

15:04:40.0459 1184 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

15:04:40.0631 1184 AeLookupSvc - ok

15:04:40.0709 1184 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

15:04:40.0724 1184 AERTFilters - ok

15:04:40.0787 1184 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

15:04:40.0849 1184 AFD - ok

15:04:40.0896 1184 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

15:04:40.0912 1184 agp440 - ok

15:04:40.0958 1184 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

15:04:41.0021 1184 ALG - ok

15:04:41.0068 1184 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

15:04:41.0083 1184 aliide - ok

15:04:41.0083 1184 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

15:04:41.0114 1184 amdide - ok

15:04:41.0130 1184 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

15:04:41.0177 1184 AmdK8 - ok

15:04:41.0208 1184 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

15:04:41.0239 1184 AmdPPM - ok

15:04:41.0270 1184 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

15:04:41.0286 1184 amdsata - ok

15:04:41.0333 1184 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

15:04:41.0349 1184 amdsbs - ok

15:04:41.0364 1184 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

15:04:41.0364 1184 amdxata - ok

15:04:41.0411 1184 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys

15:04:41.0520 1184 androidusb - ok

15:04:41.0645 1184 [ 5AA6E050F4E099B11E2E8FE2B12BF7BA ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

15:04:41.0707 1184 AntiVirSchedulerService - ok

15:04:41.0754 1184 [ B1F2970979C84367529F42FA0FBBA559 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

15:04:41.0770 1184 AntiVirService - ok

15:04:41.0848 1184 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

15:04:42.0051 1184 AppID - ok

15:04:42.0082 1184 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

15:04:42.0144 1184 AppIDSvc - ok

15:04:42.0207 1184 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

15:04:42.0253 1184 Appinfo - ok

15:04:42.0316 1184 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

15:04:42.0331 1184 arc - ok

15:04:42.0347 1184 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

15:04:42.0363 1184 arcsas - ok

15:04:42.0425 1184 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

15:04:42.0487 1184 AsyncMac - ok

15:04:42.0534 1184 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

15:04:42.0550 1184 atapi - ok

15:04:42.0612 1184 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

15:04:42.0690 1184 AudioEndpointBuilder - ok

15:04:42.0706 1184 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

15:04:42.0753 1184 AudioSrv - ok

15:04:42.0831 1184 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys

15:04:42.0831 1184 avgntflt - ok

15:04:42.0862 1184 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys

15:04:42.0877 1184 avipbb - ok

15:04:42.0893 1184 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys

15:04:42.0893 1184 avkmgr - ok

15:04:42.0955 1184 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

15:04:43.0065 1184 AxInstSV - ok

15:04:43.0111 1184 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

15:04:43.0174 1184 b06bdrv - ok

15:04:43.0221 1184 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

15:04:43.0267 1184 b57nd60a - ok

15:04:43.0314 1184 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

15:04:43.0361 1184 BDESVC - ok

15:04:43.0377 1184 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

15:04:43.0439 1184 Beep - ok

15:04:43.0517 1184 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

15:04:43.0579 1184 BFE - ok

15:04:43.0657 1184 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

15:04:43.0782 1184 BITS - ok

15:04:43.0813 1184 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

15:04:43.0845 1184 blbdrive - ok

15:04:43.0907 1184 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

15:04:43.0954 1184 bowser - ok

15:04:43.0985 1184 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:04:44.0016 1184 BrFiltLo - ok

15:04:44.0047 1184 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:04:44.0063 1184 BrFiltUp - ok

15:04:44.0094 1184 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

15:04:44.0141 1184 Browser - ok

15:04:44.0172 1184 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

15:04:44.0235 1184 Brserid - ok

15:04:44.0250 1184 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

15:04:44.0297 1184 BrSerWdm - ok

15:04:44.0375 1184 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

15:04:44.0406 1184 BrUsbMdm - ok

15:04:44.0422 1184 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

15:04:44.0469 1184 BrUsbSer - ok

15:04:44.0484 1184 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

15:04:44.0515 1184 BTHMODEM - ok

15:04:44.0562 1184 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

15:04:44.0625 1184 bthserv - ok

15:04:44.0671 1184 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

15:04:44.0703 1184 cdfs - ok

15:04:44.0781 1184 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

15:04:44.0812 1184 cdrom - ok

15:04:44.0874 1184 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

15:04:44.0921 1184 CertPropSvc - ok

15:04:44.0968 1184 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

15:04:44.0983 1184 circlass - ok

15:04:45.0015 1184 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

15:04:45.0030 1184 CLFS - ok

15:04:45.0093 1184 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:04:45.0108 1184 clr_optimization_v2.0.50727_32 - ok

15:04:45.0155 1184 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:04:45.0155 1184 clr_optimization_v2.0.50727_64 - ok

15:04:45.0233 1184 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:04:45.0280 1184 clr_optimization_v4.0.30319_32 - ok

15:04:45.0342 1184 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:04:45.0342 1184 clr_optimization_v4.0.30319_64 - ok

15:04:45.0389 1184 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

15:04:45.0436 1184 CmBatt - ok

15:04:45.0451 1184 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

15:04:45.0467 1184 cmdide - ok

15:04:45.0498 1184 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

15:04:45.0514 1184 CNG - ok

15:04:45.0576 1184 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

15:04:45.0592 1184 Compbatt - ok

15:04:45.0654 1184 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

15:04:45.0685 1184 CompositeBus - ok

15:04:45.0701 1184 COMSysApp - ok

15:04:45.0748 1184 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

15:04:45.0748 1184 crcdisk - ok

15:04:45.0810 1184 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

15:04:45.0857 1184 CryptSvc - ok

15:04:45.0904 1184 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

15:04:45.0982 1184 DcomLaunch - ok

15:04:46.0013 1184 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

15:04:46.0075 1184 defragsvc - ok

15:04:46.0122 1184 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

15:04:46.0185 1184 DfsC - ok

15:04:46.0231 1184 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

15:04:46.0278 1184 Dhcp - ok

15:04:46.0325 1184 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

15:04:46.0387 1184 discache - ok

15:04:46.0434 1184 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

15:04:46.0450 1184 Disk - ok

15:04:46.0465 1184 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

15:04:46.0512 1184 Dnscache - ok

15:04:46.0559 1184 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

15:04:46.0606 1184 dot3svc - ok

15:04:46.0653 1184 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

15:04:46.0715 1184 DPS - ok

15:04:46.0762 1184 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

15:04:46.0793 1184 drmkaud - ok

15:04:46.0855 1184 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

15:04:46.0887 1184 DXGKrnl - ok

15:04:46.0949 1184 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

15:04:46.0996 1184 EapHost - ok

15:04:47.0074 1184 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

15:04:47.0152 1184 ebdrv - ok

15:04:47.0199 1184 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

15:04:47.0245 1184 EFS - ok

15:04:47.0433 1184 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

15:04:47.0557 1184 ehRecvr - ok

15:04:47.0620 1184 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

15:04:47.0667 1184 ehSched - ok

15:04:47.0838 1184 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

15:04:47.0901 1184 elxstor - ok

15:04:47.0932 1184 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

15:04:47.0963 1184 ErrDev - ok

15:04:48.0103 1184 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

15:04:48.0166 1184 EventSystem - ok

15:04:48.0197 1184 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

15:04:48.0275 1184 exfat - ok

15:04:48.0291 1184 ezSharedSvc - ok

15:04:48.0337 1184 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

15:04:48.0400 1184 fastfat - ok

15:04:48.0478 1184 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

15:04:48.0525 1184 Fax - ok

15:04:48.0571 1184 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

15:04:48.0587 1184 fdc - ok

15:04:48.0618 1184 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

15:04:48.0681 1184 fdPHost - ok

15:04:48.0696 1184 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

15:04:48.0759 1184 FDResPub - ok

15:04:48.0805 1184 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

15:04:48.0805 1184 FileInfo - ok

15:04:48.0837 1184 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

15:04:48.0883 1184 Filetrace - ok

15:04:48.0915 1184 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

15:04:48.0930 1184 flpydisk - ok

15:04:48.0977 1184 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

15:04:49.0008 1184 FltMgr - ok

15:04:49.0071 1184 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

15:04:49.0133 1184 FontCache - ok

15:04:49.0180 1184 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:04:49.0195 1184 FontCache3.0.0.0 - ok

15:04:49.0211 1184 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

15:04:49.0227 1184 FsDepends - ok

15:04:49.0242 1184 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

15:04:49.0258 1184 Fs_Rec - ok

15:04:49.0320 1184 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

15:04:49.0336 1184 fvevol - ok

15:04:49.0367 1184 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

15:04:49.0367 1184 gagp30kx - ok

15:04:49.0429 1184 GameConsoleService - ok

15:04:49.0476 1184 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

15:04:49.0539 1184 gpsvc - ok

15:04:49.0585 1184 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

15:04:49.0617 1184 hcw85cir - ok

15:04:49.0663 1184 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

15:04:49.0710 1184 HdAudAddService - ok

15:04:49.0757 1184 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

15:04:49.0788 1184 HDAudBus - ok

15:04:49.0819 1184 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

15:04:49.0851 1184 HidBatt - ok

15:04:49.0882 1184 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

15:04:49.0929 1184 HidBth - ok

15:04:49.0944 1184 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

15:04:49.0960 1184 HidIr - ok

15:04:49.0991 1184 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

15:04:50.0053 1184 hidserv - ok

15:04:50.0100 1184 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

15:04:50.0116 1184 HidUsb - ok

15:04:50.0131 1184 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

15:04:50.0178 1184 hkmsvc - ok

15:04:50.0225 1184 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

15:04:50.0272 1184 HomeGroupListener - ok

15:04:50.0303 1184 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

15:04:50.0334 1184 HomeGroupProvider - ok

15:04:50.0428 1184 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

15:04:50.0443 1184 HP Support Assistant Service - ok

15:04:50.0506 1184 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

15:04:50.0521 1184 HP Wireless Assistant Service - ok

15:04:50.0553 1184 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

15:04:50.0568 1184 HPDrvMntSvc.exe - ok

15:04:50.0599 1184 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

15:04:50.0615 1184 hpqwmiex - ok

15:04:50.0662 1184 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

15:04:50.0677 1184 HpSAMD - ok

15:04:50.0771 1184 [ 5AA89E152634954E15E9DB265C6A8557 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

15:04:50.0787 1184 HPWMISVC - ok

15:04:50.0849 1184 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

15:04:50.0911 1184 HTTP - ok

15:04:50.0958 1184 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

15:04:50.0974 1184 hwpolicy - ok

15:04:51.0021 1184 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

15:04:51.0036 1184 i8042prt - ok

15:04:51.0099 1184 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

15:04:51.0114 1184 iaStor - ok

15:04:51.0161 1184 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

15:04:51.0177 1184 iaStorV - ok

15:04:51.0239 1184 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:04:51.0270 1184 idsvc - ok

15:04:51.0473 1184 [ 898AB5BFED7040D7AB07AF01885EB944 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

15:04:51.0754 1184 igfx - ok

15:04:51.0801 1184 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

15:04:51.0801 1184 iirsp - ok

15:04:51.0847 1184 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

15:04:51.0910 1184 IKEEXT - ok

15:04:51.0988 1184 [ B88E24BD77A0CE2CFFEE2FACF1151BE0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

15:04:52.0066 1184 IntcAzAudAddService - ok

15:04:52.0097 1184 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

15:04:52.0097 1184 intelide - ok

15:04:52.0144 1184 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

15:04:52.0191 1184 intelppm - ok

15:04:52.0222 1184 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

15:04:52.0284 1184 IPBusEnum - ok

15:04:52.0300 1184 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:04:52.0362 1184 IpFilterDriver - ok

15:04:52.0425 1184 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

15:04:52.0471 1184 iphlpsvc - ok

15:04:52.0503 1184 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

15:04:52.0549 1184 IPMIDRV - ok

15:04:52.0596 1184 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

15:04:52.0659 1184 IPNAT - ok

15:04:52.0690 1184 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

15:04:52.0737 1184 IRENUM - ok

15:04:52.0768 1184 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

15:04:52.0783 1184 isapnp - ok

15:04:52.0799 1184 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

15:04:52.0830 1184 iScsiPrt - ok

15:04:52.0861 1184 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

15:04:52.0877 1184 kbdclass - ok

15:04:52.0939 1184 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

15:04:52.0971 1184 kbdhid - ok

15:04:52.0986 1184 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

15:04:53.0002 1184 KeyIso - ok

15:04:53.0033 1184 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

15:04:53.0049 1184 KSecDD - ok

15:04:53.0080 1184 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

15:04:53.0095 1184 KSecPkg - ok

15:04:53.0142 1184 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

15:04:53.0189 1184 ksthunk - ok

15:04:53.0236 1184 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

15:04:53.0298 1184 KtmRm - ok

15:04:53.0345 1184 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

15:04:53.0392 1184 LanmanServer - ok

15:04:53.0439 1184 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

15:04:53.0501 1184 LanmanWorkstation - ok

15:04:53.0579 1184 [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

15:04:53.0595 1184 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

15:04:53.0595 1184 LightScribeService - detected UnsignedFile.Multi.Generic (1)

15:04:53.0641 1184 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

15:04:53.0704 1184 lltdio - ok

15:04:53.0735 1184 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

15:04:53.0782 1184 lltdsvc - ok

15:04:53.0797 1184 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

15:04:53.0829 1184 lmhosts - ok

15:04:53.0891 1184 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

15:04:53.0907 1184 LSI_FC - ok

15:04:53.0938 1184 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

15:04:53.0953 1184 LSI_SAS - ok

15:04:53.0969 1184 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:04:53.0969 1184 LSI_SAS2 - ok

15:04:54.0000 1184 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:04:54.0016 1184 LSI_SCSI - ok

15:04:54.0078 1184 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

15:04:54.0141 1184 luafv - ok

15:04:54.0187 1184 [ 31C6AFFFAD7C733A65F888929548BC22 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys

15:04:54.0203 1184 mbamchameleon - ok

15:04:54.0250 1184 [ 29E2DEF9F442C6E63CC45160E58EA50F ] mbamswissarmy C:\Windows\system32\drivers\mbamswissarmy.sys

15:04:54.0250 1184 mbamswissarmy - ok

15:04:54.0297 1184 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

15:04:54.0343 1184 Mcx2Svc - ok

15:04:54.0375 1184 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

15:04:54.0390 1184 megasas - ok

15:04:54.0421 1184 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

15:04:54.0437 1184 MegaSR - ok

15:04:54.0562 1184 Microsoft SharePoint Workspace Audit Service - ok

15:04:54.0609 1184 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

15:04:54.0671 1184 MMCSS - ok

15:04:54.0718 1184 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

15:04:54.0780 1184 Modem - ok

15:04:54.0811 1184 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

15:04:54.0843 1184 monitor - ok

15:04:54.0905 1184 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

15:04:54.0905 1184 mouclass - ok

15:04:54.0952 1184 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

15:04:54.0967 1184 mouhid - ok

15:04:54.0999 1184 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

15:04:55.0014 1184 mountmgr - ok

15:04:55.0030 1184 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

15:04:55.0045 1184 mpio - ok

15:04:55.0077 1184 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

15:04:55.0108 1184 mpsdrv - ok

15:04:55.0170 1184 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

15:04:55.0233 1184 MpsSvc - ok

15:04:55.0279 1184 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

15:04:55.0311 1184 MRxDAV - ok

15:04:55.0342 1184 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

15:04:55.0389 1184 mrxsmb - ok

15:04:55.0420 1184 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:04:55.0451 1184 mrxsmb10 - ok

15:04:55.0482 1184 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:04:55.0513 1184 mrxsmb20 - ok

15:04:55.0545 1184 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

15:04:55.0560 1184 msahci - ok

15:04:55.0591 1184 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

15:04:55.0607 1184 msdsm - ok

15:04:55.0623 1184 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

15:04:55.0654 1184 MSDTC - ok

15:04:55.0701 1184 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

15:04:55.0747 1184 Msfs - ok

15:04:55.0779 1184 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

15:04:55.0810 1184 mshidkmdf - ok

15:04:55.0825 1184 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

15:04:55.0841 1184 msisadrv - ok

15:04:55.0903 1184 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

15:04:55.0966 1184 MSiSCSI - ok

15:04:55.0966 1184 msiserver - ok

15:04:55.0997 1184 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

15:04:56.0059 1184 MSKSSRV - ok

15:04:56.0091 1184 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

15:04:56.0122 1184 MSPCLOCK - ok

15:04:56.0137 1184 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

15:04:56.0184 1184 MSPQM - ok

15:04:56.0231 1184 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

15:04:56.0247 1184 MsRPC - ok

15:04:56.0278 1184 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

15:04:56.0278 1184 mssmbios - ok

15:04:56.0325 1184 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

15:04:56.0387 1184 MSTEE - ok

15:04:56.0418 1184 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

15:04:56.0434 1184 MTConfig - ok

15:04:56.0481 1184 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

15:04:56.0496 1184 Mup - ok

15:04:56.0527 1184 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

15:04:56.0605 1184 napagent - ok

15:04:56.0668 1184 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

15:04:56.0699 1184 NativeWifiP - ok

15:04:56.0793 1184 [ 5F20C5AB2F3CDC1700A1013902398E5C ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\ENG64.SYS

15:04:56.0808 1184 NAVENG - ok

15:04:56.0871 1184 [ 386578E94E66302136288B349DEB1E92 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\EX64.SYS

15:04:56.0917 1184 NAVEX15 - ok

15:04:56.0949 1184 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

15:04:56.0980 1184 NDIS - ok

15:04:57.0027 1184 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

15:04:57.0089 1184 NdisCap - ok

15:04:57.0105 1184 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

15:04:57.0167 1184 NdisTapi - ok

15:04:57.0214 1184 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

15:04:57.0276 1184 Ndisuio - ok

15:04:57.0307 1184 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

15:04:57.0370 1184 NdisWan - ok

15:04:57.0401 1184 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

15:04:57.0448 1184 NDProxy - ok

15:04:57.0479 1184 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

15:04:57.0541 1184 NetBIOS - ok

15:04:57.0573 1184 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

15:04:57.0604 1184 NetBT - ok

15:04:57.0619 1184 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

15:04:57.0619 1184 Netlogon - ok

15:04:57.0682 1184 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

15:04:57.0760 1184 Netman - ok

15:04:57.0791 1184 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

15:04:57.0853 1184 netprofm - ok

15:04:57.0885 1184 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:04:57.0900 1184 NetTcpPortSharing - ok

15:04:58.0025 1184 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys

15:04:58.0165 1184 netw5v64 - ok

15:04:58.0197 1184 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

15:04:58.0212 1184 nfrd960 - ok

15:04:58.0321 1184 [ 436E7B2E6F42C2717C1D670220D03336 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe

15:04:58.0337 1184 NIS - ok

15:04:58.0399 1184 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

15:04:58.0431 1184 NlaSvc - ok

15:04:58.0462 1184 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

15:04:58.0493 1184 Npfs - ok

15:04:58.0524 1184 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

15:04:58.0571 1184 nsi - ok

15:04:58.0602 1184 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

15:04:58.0665 1184 nsiproxy - ok

15:04:58.0711 1184 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

15:04:58.0758 1184 Ntfs - ok

15:04:58.0789 1184 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

15:04:58.0836 1184 Null - ok

15:04:58.0883 1184 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

15:04:58.0899 1184 nvraid - ok

15:04:58.0914 1184 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

15:04:58.0930 1184 nvstor - ok

15:04:58.0930 1184 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

15:04:58.0945 1184 nv_agp - ok

15:04:58.0977 1184 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

15:04:58.0992 1184 ohci1394 - ok

15:04:59.0086 1184 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:04:59.0101 1184 ose - ok

15:04:59.0273 1184 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

15:04:59.0445 1184 osppsvc - ok

15:04:59.0476 1184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

15:04:59.0538 1184 p2pimsvc - ok

15:04:59.0569 1184 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

15:04:59.0585 1184 p2psvc - ok

15:04:59.0616 1184 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

15:04:59.0647 1184 Parport - ok

15:04:59.0679 1184 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

15:04:59.0694 1184 partmgr - ok

15:04:59.0725 1184 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

15:04:59.0772 1184 PcaSvc - ok

15:04:59.0803 1184 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

15:04:59.0819 1184 pci - ok

15:04:59.0835 1184 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

15:04:59.0850 1184 pciide - ok

15:04:59.0897 1184 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

15:04:59.0913 1184 pcmcia - ok

15:04:59.0928 1184 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

15:04:59.0944 1184 pcw - ok

15:04:59.0959 1184 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

15:05:00.0037 1184 PEAUTH - ok

15:05:00.0100 1184 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

15:05:00.0162 1184 PerfHost - ok

15:05:00.0225 1184 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

15:05:00.0303 1184 pla - ok

15:05:00.0349 1184 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

15:05:00.0381 1184 PlugPlay - ok

15:05:00.0412 1184 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

15:05:00.0443 1184 PNRPAutoReg - ok

15:05:00.0474 1184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

15:05:00.0490 1184 PNRPsvc - ok

15:05:00.0537 1184 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

15:05:00.0599 1184 PolicyAgent - ok

15:05:00.0646 1184 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

15:05:00.0693 1184 Power - ok

15:05:00.0755 1184 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

15:05:00.0802 1184 PptpMiniport - ok

15:05:00.0833 1184 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

15:05:00.0864 1184 Processor - ok

15:05:00.0911 1184 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

15:05:00.0958 1184 ProfSvc - ok

15:05:00.0989 1184 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

15:05:01.0005 1184 ProtectedStorage - ok

15:05:01.0036 1184 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

15:05:01.0098 1184 Psched - ok

15:05:01.0145 1184 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

15:05:01.0192 1184 ql2300 - ok

15:05:01.0207 1184 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

15:05:01.0223 1184 ql40xx - ok

15:05:01.0254 1184 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

15:05:01.0270 1184 QWAVE - ok

15:05:01.0301 1184 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

15:05:01.0317 1184 QWAVEdrv - ok

15:05:01.0332 1184 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

15:05:01.0395 1184 RasAcd - ok

15:05:01.0441 1184 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

15:05:01.0473 1184 RasAgileVpn - ok

15:05:01.0613 1184 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

15:05:01.0675 1184 RasAuto - ok

15:05:01.0722 1184 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

15:05:01.0769 1184 Rasl2tp - ok

15:05:01.0816 1184 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

15:05:01.0863 1184 RasMan - ok

15:05:01.0894 1184 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

15:05:01.0925 1184 RasPppoe - ok

15:05:01.0941 1184 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

15:05:02.0003 1184 RasSstp - ok

15:05:02.0034 1184 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

15:05:02.0097 1184 rdbss - ok

15:05:02.0143 1184 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

15:05:02.0159 1184 rdpbus - ok

15:05:02.0175 1184 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

15:05:02.0221 1184 RDPCDD - ok

15:05:02.0268 1184 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

15:05:02.0315 1184 RDPENCDD - ok

15:05:02.0346 1184 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

15:05:02.0393 1184 RDPREFMP - ok

15:05:02.0424 1184 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

15:05:02.0455 1184 RDPWD - ok

15:05:02.0518 1184 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

15:05:02.0533 1184 rdyboost - ok

15:05:02.0565 1184 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

15:05:02.0627 1184 RemoteAccess - ok

15:05:02.0658 1184 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

15:05:02.0721 1184 RemoteRegistry - ok

15:05:02.0752 1184 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

15:05:02.0799 1184 RpcEptMapper - ok

15:05:02.0830 1184 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

15:05:02.0845 1184 RpcLocator - ok

15:05:02.0877 1184 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

15:05:02.0923 1184 RpcSs - ok

15:05:02.0970 1184 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

15:05:03.0017 1184 rspndr - ok

15:05:03.0079 1184 [ 4FBDA07EF0A3097CE14C5CABF723B278 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

15:05:03.0095 1184 RTL8167 - ok

15:05:03.0157 1184 [ CD8F32BB993B98E6705F11504A7F7250 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys

15:05:03.0189 1184 rtl8192se - ok

15:05:03.0267 1184 [ 5FFF3E71B4724BB10918FD6DD7413D99 ] RtVOsdService C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

15:05:03.0298 1184 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning

15:05:03.0298 1184 RtVOsdService - detected UnsignedFile.Multi.Generic (1)

15:05:03.0313 1184 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

15:05:03.0329 1184 SamSs - ok

15:05:03.0329 1184 sbapifs - ok

15:05:03.0360 1184 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

15:05:03.0376 1184 sbp2port - ok

15:05:03.0423 1184 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

15:05:03.0485 1184 SCardSvr - ok

15:05:03.0516 1184 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

15:05:03.0563 1184 scfilter - ok

15:05:03.0625 1184 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

15:05:03.0672 1184 Schedule - ok

15:05:03.0719 1184 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

15:05:03.0750 1184 SCPolicySvc - ok

15:05:03.0797 1184 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys

15:05:03.0828 1184 sdbus - ok

15:05:03.0875 1184 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

15:05:03.0906 1184 SDRSVC - ok

15:05:03.0953 1184 SeaPort - ok

15:05:04.0000 1184 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

15:05:04.0062 1184 secdrv - ok

15:05:04.0078 1184 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

15:05:04.0140 1184 seclogon - ok

15:05:04.0187 1184 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

15:05:04.0218 1184 SENS - ok

15:05:04.0265 1184 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

15:05:04.0296 1184 SensrSvc - ok

15:05:04.0343 1184 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

15:05:04.0374 1184 Serenum - ok

15:05:04.0421 1184 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

15:05:04.0437 1184 Serial - ok

15:05:04.0468 1184 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

15:05:04.0499 1184 sermouse - ok

15:05:04.0546 1184 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

15:05:04.0608 1184 SessionEnv - ok

15:05:04.0639 1184 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

15:05:04.0686 1184 sffdisk - ok

15:05:04.0702 1184 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

15:05:04.0733 1184 sffp_mmc - ok

15:05:04.0749 1184 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

15:05:04.0764 1184 sffp_sd - ok

15:05:04.0811 1184 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

15:05:04.0842 1184 sfloppy - ok

15:05:04.0889 1184 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

15:05:04.0920 1184 SharedAccess - ok

15:05:04.0967 1184 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

15:05:05.0029 1184 ShellHWDetection - ok

15:05:05.0076 1184 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:05:05.0092 1184 SiSRaid2 - ok

15:05:05.0123 1184 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

15:05:05.0123 1184 SiSRaid4 - ok

15:05:05.0248 1184 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

15:05:05.0263 1184 SkypeUpdate - ok

15:05:05.0295 1184 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

15:05:05.0326 1184 Smb - ok

15:05:05.0373 1184 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

15:05:05.0404 1184 SNMPTRAP - ok

15:05:05.0435 1184 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

15:05:05.0451 1184 spldr - ok

15:05:05.0482 1184 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

15:05:05.0544 1184 Spooler - ok

15:05:05.0638 1184 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

15:05:05.0731 1184 sppsvc - ok

15:05:05.0747 1184 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

15:05:05.0809 1184 sppuinotify - ok

15:05:05.0919 1184 [ 4F3DEE025DFC4D8BB067FA952D040405 ] SRTSP C:\Windows\system32\drivers\NISx64\1200000.080\SRTSP64.SYS

15:05:05.0965 1184 SRTSP ( UnsignedFile.Multi.Generic ) - warning

15:05:05.0965 1184 SRTSP - detected UnsignedFile.Multi.Generic (1)

15:05:05.0997 1184 [ F14935C467021F3293A099307CFC8E2A ] SRTSPX C:\Windows\system32\drivers\NISx64\1200000.080\SRTSPX64.SYS

15:05:06.0012 1184 SRTSPX ( UnsignedFile.Multi.Generic ) - warning

15:05:06.0012 1184 SRTSPX - detected UnsignedFile.Multi.Generic (1)

15:05:06.0059 1184 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

15:05:06.0090 1184 srv - ok

15:05:06.0121 1184 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

15:05:06.0168 1184 srv2 - ok

15:05:06.0215 1184 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS

15:05:06.0231 1184 SrvHsfHDA - ok

15:05:06.0262 1184 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

15:05:06.0324 1184 SrvHsfV92 - ok

15:05:06.0340 1184 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

15:05:06.0371 1184 SrvHsfWinac - ok

15:05:06.0402 1184 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

15:05:06.0433 1184 srvnet - ok

15:05:06.0480 1184 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys

15:05:06.0496 1184 ssadbus - ok

15:05:06.0558 1184 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys

15:05:06.0589 1184 ssadmdfl - ok

15:05:06.0605 1184 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys

15:05:06.0636 1184 ssadmdm - ok

15:05:06.0683 1184 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys

15:05:06.0714 1184 ssadserd - ok

15:05:06.0792 1184 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

15:05:06.0839 1184 SSDPSRV - ok

15:05:06.0870 1184 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

15:05:06.0901 1184 SstpSvc - ok

15:05:06.0933 1184 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

15:05:06.0933 1184 stexstor - ok

15:05:07.0011 1184 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

15:05:07.0057 1184 stisvc - ok

15:05:07.0104 1184 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

15:05:07.0104 1184 swenum - ok

15:05:07.0135 1184 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

15:05:07.0213 1184 swprv - ok

15:05:07.0307 1184 [ 868DFB220A18312A12CEF01BA9AC069B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

15:05:07.0307 1184 SynTP - ok

15:05:07.0385 1184 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

15:05:07.0447 1184 SysMain - ok

15:05:07.0494 1184 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

15:05:07.0510 1184 TabletInputService - ok

15:05:07.0525 1184 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32 apisrv.dll

15:05:07.0588 1184 TapiSrv - ok

15:05:07.0635 1184 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32 bssvc.dll

15:05:07.0666 1184 TBS - ok

15:05:07.0759 1184 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers cpip.sys

15:05:07.0806 1184 Tcpip - ok

15:05:07.0884 1184 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS cpip.sys

15:05:07.0915 1184 TCPIP6 - ok

15:05:07.0962 1184 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers cpipreg.sys

15:05:07.0993 1184 tcpipreg - ok

15:05:08.0040 1184 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers dpipe.sys

15:05:08.0087 1184 TDPIPE - ok

15:05:08.0118 1184 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers dtcp.sys

15:05:08.0165 1184 TDTCP - ok

15:05:08.0196 1184 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS dx.sys

15:05:08.0259 1184 tdx - ok

15:05:08.0290 1184 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers ermdd.sys

15:05:08.0305 1184 TermDD - ok

15:05:08.0337 1184 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32 ermsrv.dll

15:05:08.0399 1184 TermService - ok

15:05:08.0430 1184 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32 hemeservice.dll

15:05:08.0461 1184 Themes - ok

15:05:08.0493 1184 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

15:05:08.0524 1184 THREADORDER - ok

15:05:08.0539 1184 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32 rkwks.dll

15:05:08.0586 1184 TrkWks - ok

15:05:08.0633 1184 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

15:05:08.0680 1184 TrustedInstaller - ok

15:05:08.0711 1184 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS ssecsrv.sys

15:05:08.0773 1184 tssecsrv - ok

15:05:08.0820 1184 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers susbflt.sys

15:05:08.0836 1184 TsUsbFlt - ok

15:05:08.0914 1184 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS unnel.sys

15:05:08.0961 1184 tunnel - ok

15:05:08.0992 1184 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

15:05:09.0007 1184 uagp35 - ok

15:05:09.0039 1184 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

15:05:09.0101 1184 udfs - ok

15:05:09.0148 1184 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

15:05:09.0163 1184 UI0Detect - ok

15:05:09.0195 1184 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

15:05:09.0210 1184 uliagpkx - ok

15:05:09.0257 1184 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

15:05:09.0288 1184 umbus - ok

15:05:09.0319 1184 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

15:05:09.0351 1184 UmPass - ok

15:05:09.0382 1184 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

15:05:09.0444 1184 upnphost - ok

15:05:09.0475 1184 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

15:05:09.0507 1184 usbccgp - ok

15:05:09.0553 1184 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

15:05:09.0585 1184 usbcir - ok

15:05:09.0616 1184 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

15:05:09.0631 1184 usbehci - ok

15:05:09.0663 1184 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

15:05:09.0709 1184 usbhub - ok

15:05:09.0725 1184 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

15:05:09.0756 1184 usbohci - ok

15:05:09.0803 1184 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

15:05:09.0819 1184 usbprint - ok

15:05:09.0834 1184 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:05:09.0881 1184 USBSTOR - ok

15:05:09.0912 1184 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

15:05:09.0943 1184 usbuhci - ok

15:05:09.0990 1184 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

15:05:10.0021 1184 usbvideo - ok

15:05:10.0053 1184 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

15:05:10.0115 1184 UxSms - ok

15:05:10.0131 1184 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

15:05:10.0146 1184 VaultSvc - ok

15:05:10.0193 1184 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

15:05:10.0209 1184 vdrvroot - ok

15:05:10.0240 1184 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

15:05:10.0302 1184 vds - ok

15:05:10.0349 1184 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

15:05:10.0365 1184 vga - ok

15:05:10.0380 1184 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

15:05:10.0427 1184 VgaSave - ok

15:05:10.0474 1184 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

15:05:10.0489 1184 vhdmp - ok

15:05:10.0521 1184 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

15:05:10.0536 1184 viaide - ok

15:05:10.0552 1184 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

15:05:10.0567 1184 volmgr - ok

15:05:10.0599 1184 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

15:05:10.0614 1184 volmgrx - ok

15:05:10.0630 1184 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

15:05:10.0661 1184 volsnap - ok

15:05:10.0677 1184 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

15:05:10.0692 1184 vsmraid - ok

15:05:10.0755 1184 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

15:05:10.0817 1184 VSS - ok

15:05:10.0833 1184 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

15:05:10.0864 1184 vwifibus - ok

15:05:10.0911 1184 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

15:05:10.0942 1184 vwififlt - ok

15:05:10.0973 1184 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

15:05:11.0004 1184 vwifimp - ok

15:05:11.0067 1184 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

15:05:11.0098 1184 W32Time - ok

15:05:11.0145 1184 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

15:05:11.0176 1184 WacomPen - ok

15:05:11.0223 1184 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

15:05:11.0285 1184 WANARP - ok

15:05:11.0301 1184 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

15:05:11.0332 1184 Wanarpv6 - ok

15:05:11.0410 1184 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

15:05:11.0441 1184 WatAdminSvc - ok

15:05:11.0503 1184 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

15:05:11.0566 1184 wbengine - ok

15:05:11.0613 1184 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

15:05:11.0628 1184 WbioSrvc - ok

15:05:11.0675 1184 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

15:05:11.0691 1184 wcncsvc - ok

15:05:11.0706 1184 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

15:05:11.0753 1184 WcsPlugInService - ok

15:05:11.0784 1184 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

15:05:11.0800 1184 Wd - ok

15:05:11.0847 1184 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

15:05:11.0862 1184 Wdf01000 - ok

15:05:11.0909 1184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

15:05:11.0987 1184 WdiServiceHost - ok

15:05:12.0003 1184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

15:05:12.0018 1184 WdiSystemHost - ok

15:05:12.0065 1184 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

15:05:12.0096 1184 WebClient - ok

15:05:12.0127 1184 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

15:05:12.0190 1184 Wecsvc - ok

15:05:12.0205 1184 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

15:05:12.0252 1184 wercplsupport - ok

15:05:12.0299 1184 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

15:05:12.0361 1184 WerSvc - ok

15:05:12.0393 1184 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

15:05:12.0455 1184 WfpLwf - ok

15:05:12.0471 1184 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

15:05:12.0486 1184 WIMMount - ok

15:05:12.0502 1184 WinDefend - ok

15:05:12.0517 1184 WinHttpAutoProxySvc - ok

15:05:12.0564 1184 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

15:05:12.0595 1184 Winmgmt - ok

15:05:12.0673 1184 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

15:05:12.0783 1184 WinRM - ok

15:05:12.0845 1184 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

15:05:12.0876 1184 WinUsb - ok

15:05:12.0923 1184 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

15:05:12.0970 1184 Wlansvc - ok

15:05:13.0063 1184 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:05:13.0126 1184 wlidsvc - ok

15:05:13.0173 1184 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

15:05:13.0204 1184 WmiAcpi - ok

15:05:13.0235 1184 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

15:05:13.0282 1184 wmiApSrv - ok

15:05:13.0313 1184 WMPNetworkSvc - ok

15:05:13.0329 1184 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

15:05:13.0375 1184 WPCSvc - ok

15:05:13.0407 1184 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

15:05:13.0453 1184 WPDBusEnum - ok

15:05:13.0500 1184 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

15:05:13.0547 1184 ws2ifsl - ok

15:05:13.0563 1184 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

15:05:13.0609 1184 wscsvc - ok

15:05:13.0625 1184 WSearch - ok

15:05:13.0719 1184 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

15:05:13.0765 1184 wuauserv - ok

15:05:13.0812 1184 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

15:05:13.0859 1184 WudfPf - ok

15:05:13.0906 1184 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

15:05:13.0921 1184 WUDFRd - ok

15:05:13.0937 1184 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

15:05:13.0968 1184 wudfsvc - ok

15:05:14.0015 1184 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

15:05:14.0046 1184 WwanSvc - ok

15:05:14.0124 1184 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys

15:05:14.0155 1184 yukonw7 - ok

15:05:14.0171 1184 ================ Scan global ===============================

15:05:14.0202 1184 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

15:05:14.0249 1184 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll

15:05:14.0265 1184 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll

15:05:14.0296 1184 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

15:05:14.0358 1184 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

15:05:14.0358 1184 [Global] - ok

15:05:14.0358 1184 ================ Scan MBR ==================================

15:05:14.0358 1184 [ BE4AE5D90925083C3B039D63BC5402D4 ] \Device\Harddisk0\DR0

15:05:14.0764 1184 \Device\Harddisk0\DR0 - ok

15:05:14.0764 1184 ================ Scan VBR ==================================

15:05:14.0779 1184 [ 67D7CA8C2E4F7B171EC0C9BE40E00F69 ] \Device\Harddisk0\DR0\Partition1

15:05:14.0779 1184 \Device\Harddisk0\DR0\Partition1 - ok

15:05:14.0779 1184 [ EF971981152CA0923E94874A8E365289 ] \Device\Harddisk0\DR0\Partition2

15:05:14.0795 1184 \Device\Harddisk0\DR0\Partition2 - ok

15:05:14.0811 1184 [ 38DBBC12ABBA9AB05DE98E5AE3C01408 ] \Device\Harddisk0\DR0\Partition3

15:05:14.0857 1184 \Device\Harddisk0\DR0\Partition3 - ok

15:05:14.0873 1184 [ DAFFEAFDB59F0295C56633358F9A37AD ] \Device\Harddisk0\DR0\Partition4

15:05:14.0873 1184 \Device\Harddisk0\DR0\Partition4 - ok

15:05:14.0873 1184 ============================================================

15:05:14.0873 1184 Scan finished

15:05:14.0873 1184 ============================================================

15:05:14.0889 1176 Detected object count: 4

15:05:14.0889 1176 Actual detected object count: 4

15:06:02.0656 1176 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

15:06:02.0656 1176 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:06:02.0656 1176 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user

15:06:02.0656 1176 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:06:02.0656 1176 SRTSP ( UnsignedFile.Multi.Generic ) - skipped by user

15:06:02.0656 1176 SRTSP ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:06:02.0671 1176 SRTSPX ( UnsignedFile.Multi.Generic ) - skipped by user

15:06:02.0671 1176 SRTSPX ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:06:10.0534 1144 Deinitialize success

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao.

I driver segnalati sono leggittimi , ti ho fatto eseguire TDSS apposta per verificare se il bootkit era stato eliminato.

Adesso apri OTL

clicca in alto su cleanup : si rimuoveranno Combofix e OTL correttamente.

Rimuovi TDSS Killer , Malwarebytes e i relativi report.

Dimmi come funziona il pc , riesegui una scansione con Avira e dimmi i risultati.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Continua a esserci qualcosa che non quadra... Il desktop é tornato come era in origine, ma se vado nei "Documenti", le cartelle ci sono tutte (immagini, video, musica ecc.) ma o le indica vuote o mi dice che non ho le autorizzazioni necessarie per accedere. Ora purtroppo non ho tempo di continuare la scansione perché devo lavorare tutto il pomeriggio. stasera posto il risultato di avira. grazie

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Inviato (modificato)

C'èra da aspettarselo che dopo si riscontrano degli effetti/problemi post-eliminazione , sopratutto quando il malware in questione è ZeroAccess , specialista nell'danneggiamento dei file e servizi di sistema.

Oltre alla scansione con Avira , esegui queste due operazioni:

1)Leggi queste indicazioni

http://forum.wininiz...ida-illustrata/

posta il resoconto di Combofix copia-incollandolo.

ATTENZIONE:questo tool se eseguito in modo scorretto può arrecare danni , anche gravi , quindi attieniti alle indicazioni e per qualsiasi dubbio posta nel forum , siamo qui apposta.

2)Questo passaggio è dedicato completamente all'ottimizzazione/riparazione di eventuali servizi corrotti.

Scarica Tweaking Windows Repair

sul desktop.

tasto destro->esegui come amministratore

Vai allo step 2

Check File System(optional) Very important If Doing File Permission Repair

clicca su Do It

Il pc si riavvierà per il controllo.

Avvia di nuovo Windows Repair sempre con i permessi di amministratore

Vai allo step 3

System File Check (optional)

Clicca su Do It

quando ha finito , riavvia il pc.

Avvia sempre Windows repair

Vai alla voce Start Repairs

clicca Start in basso a destra

saranno spuntate tutte le voci , lasciale così di default.

Spunta anche la voce : Unhide non system files

Metti la spunta su Restart/Shutdown System When finished

assicurati che sotto sia spuntato su Restart system

clicca Start

al termine delle operazioni il pc si riavvierà da solo.

Al termine di tutto , dovrai postare

il log di combofix

il log di avira post-scansione

e l'avvenuta conferma delle operazioni con Tweaking:buon lavoro.

Modificato da tecnico24

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao, ho fatto la scansione con avira (che continua a rilevare il virus TDSS, poi allego il log) e ora sto per fare quella con combofix. peró combofix mi chiede di "disabilitare gli scanner in real-time attivi" (Avira). Che devo fare? Grazie

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

C'e' scritto anche nella guida ufficiale : vanno disabilitati tutti i software di difesa.

Quindi disabilita Avira e continua , poi posta il report per verificare cosa rileva esattamente, visto che sia TDSS, sia RogueKiller, non rilevano nulla.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao! Il computer ora pare funzionare abbastanza bene, ho accesso a tutte le cartelle, il desktop é tornato normale, le immagini si aprono, la musica si sente ecc.ecc. Ho svolto tutto quello che mi avevi detto. Qui sotto riporto i Log. L'unica cosa Avira segnalava ancora un'infezione, ma ditemi voi cosa ne pensate. Un'ultima domanda: Combofix va disinstallato, giusto?

Report di Avira:

Avira Free Antivirus

Data del file di report: martedì 19 marzo 2013 00:04

Il programma funziona come versione completa e illimitata.

I servizi online sono disponibili.

Concesso in licenza a : Avira Free Antivirus

Numero di serie : 0000149996-ADJIE-0000001

Piattaforma : Windows 7 Home Premium

Versione di Windows : (Service Pack 1) [6.1.7601]

Modalità di avvio : Modalità provvisoria con avvio di rete

Nome utente : Jack

Nome computer : JACK-HP

Informazioni sulla versione:

BUILD.DAT : 13.0.0.2516 47702 Bytes 31/01/2013 15:51:00

AVSCAN.EXE : 13.6.0.584 640224 Bytes 13/02/2013 17:47:02

AVSCANRC.DLL : 13.4.0.360 63264 Bytes 07/12/2012 07:40:51

LUKE.DLL : 13.6.0.602 67808 Bytes 13/02/2013 17:47:23

AVSCPLR.DLL : 13.6.0.628 94432 Bytes 05/02/2013 19:03:19

AVREG.DLL : 13.6.0.600 250592 Bytes 05/02/2013 19:03:18

avlode.dll : 13.6.2.624 434912 Bytes 05/02/2013 19:03:20

avlode.rdf : 13.0.0.38 15231 Bytes 13/02/2013 08:55:15

VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 13:50:29

VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 07:54:23

VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 07:54:28

VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 07:54:30

VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 07:54:31

VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 10:27:45

VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 10:27:48

VBASE007.VDF : 7.11.50.230 3904512 Bytes 22/11/2012 07:40:50

VBASE008.VDF : 7.11.60.10 6627328 Bytes 07/02/2013 13:08:13

VBASE009.VDF : 7.11.60.11 2048 Bytes 07/02/2013 13:08:13

VBASE010.VDF : 7.11.60.12 2048 Bytes 07/02/2013 13:08:14

VBASE011.VDF : 7.11.60.13 2048 Bytes 07/02/2013 13:08:14

VBASE012.VDF : 7.11.60.14 2048 Bytes 07/02/2013 13:08:14

VBASE013.VDF : 7.11.60.62 351232 Bytes 08/02/2013 14:19:22

VBASE014.VDF : 7.11.60.115 190976 Bytes 09/02/2013 15:25:38

VBASE015.VDF : 7.11.60.177 282624 Bytes 11/02/2013 18:42:45

VBASE016.VDF : 7.11.60.249 215552 Bytes 13/02/2013 17:46:58

VBASE017.VDF : 7.11.61.65 151040 Bytes 15/02/2013 13:58:44

VBASE018.VDF : 7.11.61.135 159232 Bytes 18/02/2013 13:26:12

VBASE019.VDF : 7.11.61.163 152064 Bytes 18/02/2013 20:34:33

VBASE020.VDF : 7.11.61.207 164352 Bytes 19/02/2013 15:14:20

VBASE021.VDF : 7.11.62.43 206336 Bytes 21/02/2013 20:25:34

VBASE022.VDF : 7.11.64.106 1510912 Bytes 11/03/2013 13:59:29

VBASE023.VDF : 7.11.64.157 137216 Bytes 12/03/2013 13:59:29

VBASE024.VDF : 7.11.64.233 159744 Bytes 14/03/2013 13:59:29

VBASE025.VDF : 7.11.65.19 143360 Bytes 15/03/2013 13:59:29

VBASE026.VDF : 7.11.65.63 150528 Bytes 17/03/2013 13:59:29

VBASE027.VDF : 7.11.65.64 2048 Bytes 17/03/2013 13:59:29

VBASE028.VDF : 7.11.65.65 2048 Bytes 17/03/2013 13:59:29

VBASE029.VDF : 7.11.65.66 2048 Bytes 17/03/2013 13:59:29

VBASE030.VDF : 7.11.65.67 2048 Bytes 17/03/2013 13:59:29

VBASE031.VDF : 7.11.65.74 47104 Bytes 18/03/2013 13:59:30

Motore : 8.2.12.16

AEVDF.DLL : 8.1.2.10 102772 Bytes 29/11/2012 10:27:28

AESCRIPT.DLL : 8.1.4.98 475516 Bytes 18/03/2013 13:59:33

AESCN.DLL : 8.1.10.0 131445 Bytes 09/01/2013 09:00:14

AESBX.DLL : 8.2.5.12 606578 Bytes 29/11/2012 10:27:28

AERDL.DLL : 8.2.0.88 643444 Bytes 10/01/2013 18:08:55

AEPACK.DLL : 8.3.2.2 827767 Bytes 18/03/2013 13:59:33

AEOFFICE.DLL : 8.1.2.56 205180 Bytes 18/03/2013 13:59:33

AEHEUR.DLL : 8.1.4.248 5804409 Bytes 18/03/2013 13:59:32

AEHELP.DLL : 8.1.25.2 258423 Bytes 29/11/2012 10:27:25

AEGEN.DLL : 8.1.6.16 434549 Bytes 24/01/2013 16:25:22

AEEXP.DLL : 8.4.0.12 192886 Bytes 18/03/2013 13:59:33

AEEMU.DLL : 8.1.3.2 393587 Bytes 29/11/2012 10:27:25

AECORE.DLL : 8.1.31.2 201080 Bytes 18/03/2013 13:59:30

AEBB.DLL : 8.1.1.4 53619 Bytes 29/11/2012 10:27:25

AVWINLL.DLL : 13.6.0.480 26480 Bytes 13/02/2013 17:46:57

AVPREF.DLL : 13.6.0.480 51056 Bytes 13/02/2013 17:47:02

AVREP.DLL : 13.6.0.480 178544 Bytes 05/02/2013 19:03:18

AVARKT.DLL : 13.6.0.624 260832 Bytes 13/02/2013 17:46:59

AVEVTLOG.DLL : 13.6.0.600 167648 Bytes 13/02/2013 17:47:00

SQLITE3.DLL : 3.7.0.1 397088 Bytes 29/11/2012 10:27:41

AVSMTP.DLL : 13.6.0.480 63344 Bytes 13/02/2013 17:47:02

NETNT.DLL : 13.6.0.480 16240 Bytes 13/02/2013 17:47:23

RCIMAGE.DLL : 13.4.0.360 4782880 Bytes 07/12/2012 07:40:52

RCTEXT.DLL : 13.6.0.480 69488 Bytes 13/02/2013 17:46:57

Impostazioni di configurazione per la scansione attuale:

Nome del job................................: Scansione completa del sistema

File di configurazione......................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp

Report......................................: standard

Azione primaria.............................: interattivo

Azione secondaria...........................: ignora

Scansione dei record master di avvio........: Attivo

Scansiona record di avvio...................: Attivo

Record di avvio.............................: C:, D:,

Scansione dei programmi attivi..............: Attivo

Processo esteso di scansione................: Attivo

Scansiona la registrazione..................: Attivo

Cerca Rootkits..............................: Attivo

Controllo di integrità dei file di sistema..: Non attivo

Modalità di scansione file..................: Tutti i file

Scansione degli archivi.....................: Attivo

Limita la profondità di ricorsione..........: 20

Archivio estensioni Smart...................: Attivo

Macro euristico.............................: Attivo

File euristico..............................: avanzato

Avvio della scansione: martedì 19 marzo 2013 00:04

Avvio della scansione dei record master di avvio:

Record master di avvio dell'Hard Disk 0

[iNFO] Nessun virus è stato trovato!

Avvio della scansione dei record di avvio:

Record di avvio 'C:\'

[iNFO] Nessun virus è stato trovato!

Record di avvio 'D:\'

[iNFO] Nessun virus è stato trovato!

È stata avviata la scansione per accertare la presenza di oggetti nascosti.

Non è stato possibile inizializzare il driver.

La scansione dei processi in esecuzione verrà avviata:

Scansione processo 'svchost.exe' - '51' modulo(i) scansionato(i)

Scansione processo 'svchost.exe' - '34' modulo(i) scansionato(i)

Scansione processo 'svchost.exe' - '40' modulo(i) scansionato(i)

Scansione processo 'svchost.exe' - '67' modulo(i) scansionato(i)

Scansione processo 'svchost.exe' - '30' modulo(i) scansionato(i)

Scansione processo 'svchost.exe' - '69' modulo(i) scansionato(i)

Scansione processo 'svchost.exe' - '77' modulo(i) scansionato(i)

Scansione processo 'svchost.exe' - '53' modulo(i) scansionato(i)

Scansione processo 'Explorer.EXE' - '166' modulo(i) scansionato(i)

Scansione processo 'svchost.exe' - '37' modulo(i) scansionato(i)

Scansione processo 'ctfmon.exe' - '21' modulo(i) scansionato(i)

Scansione processo 'avcenter.exe' - '103' modulo(i) scansionato(i)

Scansione processo 'avscan.exe' - '107' modulo(i) scansionato(i)

Scansione processo 'iexplore.exe' - '66' modulo(i) scansionato(i)

Scansione processo 'avshadow.exe' - '20' modulo(i) scansionato(i)

Scansione processo 'smss.exe' - '2' modulo(i) scansionato(i)

Scansione processo 'csrss.exe' - '16' modulo(i) scansionato(i)

Scansione processo 'wininit.exe' - '25' modulo(i) scansionato(i)

Scansione processo 'csrss.exe' - '16' modulo(i) scansionato(i)

Scansione processo 'winlogon.exe' - '24' modulo(i) scansionato(i)

Scansione processo 'services.exe' - '32' modulo(i) scansionato(i)

Scansione processo 'lsass.exe' - '62' modulo(i) scansionato(i)

Scansione processo 'lsm.exe' - '16' modulo(i) scansionato(i)

Avvio della scansione dei file eseguibili (registro):

Il registro è stato scansionato ( 1745 file ).

Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\'

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam

[RILEVAMENTO] Contiene il codice del virus del settore di avvio BOO/TDss.O

Inizia con la scansione di 'D:\' <RECOVERY>

Avvio della disinfezione:

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam

[RILEVAMENTO] Contiene il codice del virus del settore di avvio BOO/TDss.O

[NOTA] Il file è stato spostato in quarantena con il nome '59ed3016.qua'!

Fine della scansione: martedì 19 marzo 2013 01:07

Tempo impiegato: 1:00:18 Ora(e)

La scansione è stata completamente eseguita.

32963 Directory scansionate

1144130 I file sono stati scansionati

1 Rilevati virus e/o programmi indesiderati

0 I file sono stati classificati come sospetti

0 I file sono stati eliminati

0 I virus o i programmi indesiderati sono stati riparati

1 File spostati in quarantena

0 File rinominati

0 Impossibile scansionare i file

1144129 File non infetti

5854 Archivi scansionati

0 Avvisi

1 Note

Report di COMBOFIX:

ComboFix 13-03-17.01 - Jack 19/03/2013 11:56:15.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3999.2587 [GMT 2:00]

Eseguito da: c:\users\Jack\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\intellidownload\gunzip.exe

c:\programdata 3FuAQhk.exe.b

C: orrent.exe

.

.

((((((((((((((((((((((((( Files Creati Da 2013-02-19 al 2013-03-19 )))))))))))))))))))))))))))))))))))

.

.

2013-03-19 10:08 . 2013-03-19 10:08 -------- dc----w- c:\users\Default\AppData\Local emp

2013-03-18 14:10 . 2013-02-19 02:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E5779B3-1836-4B0E-B8B4-F916CEE94663}\mpengine.dll

2013-03-18 12:08 . 2013-03-18 12:08 36680 -c--a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-03-18 12:08 . 2013-03-18 12:08 157000 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-03-12 08:46 . 2013-03-14 07:56 -------- dc----w- c:\program files (x86)\WinCDEmu

2013-02-26 11:09 . 2013-02-26 11:09 -------- dc----w- c:\users\Jack\AppData\Roaming\SUPERAntiSpyware.com

2013-02-26 11:09 . 2013-02-26 11:09 -------- dc----w- c:\programdata\SUPERAntiSpyware.com

2013-02-25 19:45 . 2013-02-25 21:41 -------- dc----w- c:\programdata\Spybot - Search & Destroy

2013-02-25 19:41 . 2013-03-07 18:33 -------- dc----w- c:\program files (x86)\Spybot - Search & Destroy 2

2013-02-25 18:49 . 2013-02-25 18:49 -------- dc----w- c:\users\Jack\AppData\Local\Threat Expert

2013-02-25 18:39 . 2013-03-10 13:17 -------- dc----w- c:\programdata\PC Tools

2013-02-25 18:39 . 2013-02-25 18:39 -------- dc----w- c:\users\Jack\AppData\Roaming\TestApp

2013-02-25 10:48 . 2013-03-10 13:12 -------- dc----w- c:\program files (x86)\STOPzilla!

2013-02-25 10:48 . 2013-03-10 13:12 -------- dc----w- c:\programdata\STOPzilla!

2013-02-24 22:54 . 2013-02-24 22:55 -------- dc----w- C:\sh4ldr

2013-02-24 22:54 . 2013-02-24 22:54 -------- dc----w- c:\program files\Enigma Software Group

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-19 07:43 . 2012-03-30 06:44 693976 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-19 07:43 . 2011-09-23 08:35 73432 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-04 12:53 . 2011-09-29 20:34 72013344 -c--a-w- c:\windows\system32\MRT.exe

2013-01-16 23:28 . 2011-09-12 16:57 273840 -c----w- c:\windows\system32\MpSigStub.exe

2013-01-10 10:09 . 2013-01-09 08:45 750592 ----a-w- c:\windows\system32\win32spl.dll

2013-01-10 10:09 . 2013-01-09 08:45 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-01-10 09:52 . 2013-01-09 08:45 2002432 ----a-w- c:\windows\system32\msxml6.dll

2013-01-10 09:52 . 2013-01-09 08:45 1882624 ----a-w- c:\windows\system32\msxml3.dll

2013-01-10 09:52 . 2013-01-09 08:45 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2013-01-10 09:52 . 2013-01-09 08:45 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2013-01-10 09:52 . 2013-01-09 08:45 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-10 09:52 . 2013-01-09 08:45 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-01-10 09:52 . 2013-01-09 08:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll

2013-01-10 09:52 . 2013-01-09 08:45 800768 ----a-w- c:\windows\system32\usp10.dll

2013-01-10 09:52 . 2013-01-09 08:45 46592 ----a-w- c:\windows\SysWow64\fpb.rs

2013-01-10 09:52 . 2013-01-09 08:45 46592 ----a-w- c:\windows\system32\fpb.rs

2013-01-10 09:52 . 2013-01-09 08:45 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs

2013-01-10 09:52 . 2013-01-09 08:45 45568 ----a-w- c:\windows\system32\oflc-nz.rs

2013-01-10 09:52 . 2013-01-09 08:45 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs

2013-01-10 09:52 . 2013-01-09 08:45 44544 ----a-w- c:\windows\system32\pegibbfc.rs

2013-01-10 09:52 . 2013-01-09 08:45 441856 ----a-w- c:\windows\system32\Wpc.dll

2013-01-10 09:52 . 2013-01-09 08:45 43520 ----a-w- c:\windows\SysWow64\csrr.rs

2013-01-10 09:52 . 2013-01-09 08:45 43520 ----a-w- c:\windows\system32\csrr.rs

2013-01-10 09:52 . 2013-01-09 08:45 40960 ----a-w- c:\windows\SysWow64\cob-au.rs

2013-01-10 09:52 . 2013-01-09 08:45 40960 ----a-w- c:\windows\system32\cob-au.rs

2013-01-10 09:52 . 2013-01-09 08:45 308736 ----a-w- c:\windows\SysWow64\Wpc.dll

2013-01-10 09:52 . 2013-01-09 08:45 30720 ----a-w- c:\windows\SysWow64\usk.rs

2013-01-10 09:52 . 2013-01-09 08:45 30720 ----a-w- c:\windows\system32\usk.rs

2013-01-10 09:52 . 2013-01-09 08:45 2746368 ----a-w- c:\windows\system32\gameux.dll

2013-01-10 09:52 . 2013-01-09 08:45 2576384 ----a-w- c:\windows\SysWow64\gameux.dll

2013-01-10 09:52 . 2013-01-09 08:45 21504 ----a-w- c:\windows\SysWow64\grb.rs

2013-01-10 09:52 . 2013-01-09 08:45 21504 ----a-w- c:\windows\system32\grb.rs

2013-01-10 09:52 . 2013-01-09 08:45 20480 ----a-w- c:\windows\SysWow64\pegi.rs

2013-01-10 09:52 . 2013-01-09 08:45 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs

2013-01-10 09:52 . 2013-01-09 08:45 20480 ----a-w- c:\windows\system32\pegi.rs

2013-01-10 09:52 . 2013-01-09 08:45 20480 ----a-w- c:\windows\system32\pegi-pt.rs

2013-01-10 09:52 . 2013-01-09 08:45 15360 ----a-w- c:\windows\SysWow64\djctq.rs

2013-01-10 09:52 . 2013-01-09 08:45 15360 ----a-w- c:\windows\system32\djctq.rs

2013-01-10 09:52 . 2013-01-09 08:45 55296 ----a-w- c:\windows\SysWow64\cero.rs

2013-01-10 09:52 . 2013-01-09 08:45 55296 ----a-w- c:\windows\system32\cero.rs

2013-01-10 09:52 . 2013-01-09 08:45 51712 ----a-w- c:\windows\SysWow64\esrb.rs

2013-01-10 09:52 . 2013-01-09 08:45 51712 ----a-w- c:\windows\system32\esrb.rs

2013-01-10 09:52 . 2013-01-09 08:45 23552 ----a-w- c:\windows\SysWow64\oflc.rs

2013-01-10 09:52 . 2013-01-09 08:45 23552 ----a-w- c:\windows\system32\oflc.rs

2013-01-10 09:52 . 2013-01-09 08:45 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs

2013-01-10 09:52 . 2013-01-09 08:45 20480 ----a-w- c:\windows\system32\pegi-fi.rs

2013-01-10 09:51 . 2013-01-09 08:44 424448 ----a-w- c:\windows\system32\KernelBase.dll

2013-01-10 09:51 . 2013-01-09 08:44 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2013-01-10 09:51 . 2013-01-09 08:44 1161216 ----a-w- c:\windows\system32\kernel32.dll

2013-01-10 09:51 . 2013-01-09 08:44 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-01-10 09:51 . 2013-01-09 08:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-01-10 09:51 . 2013-01-09 08:44 362496 ----a-w- c:\windows\system32\wow64win.dll

2013-01-10 09:51 . 2013-01-09 08:44 338432 ----a-w- c:\windows\system32\conhost.exe

2013-01-10 09:51 . 2013-01-09 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 243200 ----a-w- c:\windows\system32\wow64.dll

2013-01-10 09:51 . 2013-01-09 08:44 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-01-10 09:51 . 2013-01-09 08:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2013-01-10 09:51 . 2013-01-09 08:44 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-01-10 09:51 . 2013-01-09 08:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2013-01-10 09:51 . 2013-01-09 08:44 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-01-10 09:51 . 2013-01-09 08:44 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-01-10 09:51 . 2013-01-09 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-09 1712184]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]

"Facebook Update"="c:\users\Jack\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-29 602168]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-06-02 61112]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-13 385248]

.

c:\users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

My 190.lnk - c:\program files (x86)\My 190\My 190.exe [N/A]

Widget vodafone.lnk - c:\program files (x86)\Widget vodafone.it\Widget vodafone.it.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-03-18 36680]

R3 mbamswissarmy;mbamswissarmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-03-18 157000]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers susbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-29 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-12-07 27800]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-13 86752]

S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-29 27192]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe [2010-05-23 126904]

S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-19 315392]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-02-05 1093152]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-05-19 09:36 451872 -c--a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contenuto della cartella 'Scheduled Tasks'

.

2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 07:43]

.

2013-02-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-488496752-2776678865-3593269437-1000Core.job

- c:\users\Jack\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-07 07:38]

.

2013-02-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-488496752-2776678865-3593269437-1000UA.job

- c:\users\Jack\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-07 07:38]

.

2013-02-11 c:\windows\Tasks\HPCeeScheduleForJack.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-05 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-05 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-05 410648]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]

.

------- Scansione supplementare -------

.

uStart Page = hxxp://www.virgilio.it/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://search.findeer.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: I&nvia a OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.89.123.231 193.210.19.190

TCP: Interfaces\{18CEE218-575F-4FAF-8EF0-59AC9B8A07DA}\3747164696E656474796: NameServer = 176.31.229.24,176.31.229.25

TCP: Interfaces\{18CEE218-575F-4FAF-8EF0-59AC9B8A07DA}\E4544574541425: NameServer = 176.31.229.24,176.31.229.25

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

.

BHO-{82EA3E77-7BD2-4744-A8F2-670770767EC5} - c:\program files (x86)\OApps\bho_project.dll

SafeBoot-90820530.sys

SafeBoot-mbamchameleon

SafeBoot-mbamswissarmy

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe

AddRemove-WildTangentGDF-hp-clubpenguin - c:\program files (x86)\HP Games\Web Link - Club Penguin\Uninstall.exe

AddRemove-WildTangentGDF-hp-darkorbit - c:\program files (x86)\HP Games\Web Link - Dark Orbit\Uninstall.exe

AddRemove-WildTangentGDF-hp-habbohotel - c:\program files (x86)\HP Games\Web Link - Habbo Hotel\Uninstall.exe

AddRemove-WildTangentGDF-hp-seafight - c:\program files (x86)\HP Games\Web Link - Seafight\Uninstall.exe

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe

AddRemove-{3E70F8B2-2ADE-4F83-8AD8-BDB602985E98}_is1 - c:\windows\unins000.exe

AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\diMaster.dll\" /prefetch:1"

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Ora fine scansione: 2013-03-19 12:13:45

ComboFix-quarantined-files.txt 2013-03-19 10:13

.

Pre-Run: 199.418.839.040 byte disponibili

Post-Run: 199.401.340.928 byte disponibili

.

- - End Of File - - 480450DFF0B9872F25091DCF958C033D

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao.

Il virus rilevato appartiene alle rilevazioni di malwarebytes , il pc è pulito.

Apri OTL e clicca su cleanup:

si rimuoveranno Combofix e OTL correttamente

Saluti

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao! Ho eliminato sia Combofix che OTL. Tutto a posto, il computer ora funziona normalmente. Grazie mille per il supporto, mi avete risolto un bel problema!

Ciao a tutti

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora
Accedi per seguire   
Seguaci 0