Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Shield Problem


  • This topic is locked This topic is locked
22 replies to this topic

#1 VashTheStampede

VashTheStampede

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 02 July 2012 - 08:46 PM

Hi,
I have a problem with Security Shield Problem, last night on my monitor suddenly appeared to me a message of Security Shield, which tells me that on my PC there are a number of viruses, Trojans, etc... I read on the net which is like a virus, but I do not know how to delete it and do not even understand how I've done to make it, I preferred to call you because I am afraid of making trouble. The Security Shield brings out a lot of popups on my PC and it makes me very difficult to work on the PC.
Thank you so much for your help.
Vash

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:19 AM

Posted 02 July 2012 - 08:52 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 VashTheStampede

VashTheStampede
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 03 July 2012 - 02:04 PM

Hi Gringo,

I follow your insctructions, so I show you the logs file.

- checkup log

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware versione 1.61.0.1400
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 11% Defragment your hard drive soon!
````````````````````End of Log``````````````````````


- DDS log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Utente at 20:56:26 on 2012-07-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.16364.13703 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
E:\Programmi Installati\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
E:\Programmi Installati\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
E:\Programmi Installati\Version7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
E:\Programmi Installati\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
E:\Programmi Installati\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
E:\Programmi Installati\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
E:\Programmi Installati\mozilla\firefox.exe
E:\Programmi Installati\mozilla\plugin-container.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - E:\Programmi Installati\Adobe CS5.5\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Guida per l'accesso a Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - E:\Programmi Installati\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - E:\Programmi Installati\Adobe CS5.5\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] E:\Programmi Installati\Spybot - Search & Destroy\TeaTimer.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [avgnt] "E:\Programmi Installati\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [QuickTime Task] "E:\Programmi Installati\QTTask.exe" -atboottime
StartupFolder: C:\Users\Utente\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&sporta in Microsoft Excel
IE: I&nvia a OneNote
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programmi Installati\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
TCP: Interfaces\{BE7CBCF5-9C27-46C6-92E4-F59BD329B0AB} : DhcpNameServer = 62.101.93.101 83.103.25.250
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Programmi Installati\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{0347C33E-8762-4905-BF09-768834316C61}
{074C1DC5-9320-4A9A-947D-C042949C6216}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{53707962-6F74-2D53-2644-206D7942484F}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE7CD045-E861-484f-8273-0445EE161910}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [avgnt] "E:\Programmi Installati\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [QuickTime Task] "E:\Programmi Installati\QTTask.exe" -atboottime
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\qw6dy4me.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Users\Utente\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Utente\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: E:\Programmi Installati\Adobe CS5.5\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: E:\Programmi Installati\Mozilla Plugins\npitunes.dll
FF - plugin: E:\Programmi Installati\Plugins\npdeployJava1.dll
FF - plugin: E:\Programmi Installati\Plugins\nppdf32.dll
FF - plugin: E:\Programmi Installati\Plugins\npqtplugin.dll
FF - plugin: E:\Programmi Installati\Plugins\npqtplugin2.dll
FF - plugin: E:\Programmi Installati\Plugins\npqtplugin3.dll
FF - plugin: E:\Programmi Installati\Plugins\npqtplugin4.dll
FF - plugin: E:\Programmi Installati\Plugins\npqtplugin5.dll
FF - plugin: E:\Programmi Installati\Plugins\npqtplugin6.dll
FF - plugin: E:\Programmi Installati\Plugins\npqtplugin7.dll
FF - plugin: E:\Programmi Installati\Reader\AIR\nppdf32.dll
FF - plugin: E:\Programmi Installati\Reader\browser\nppdf32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - f875303a000000000000002683144847
FF - user.js: extensions.BabylonToolbar_i.hardId - f875303a000000000000002683144847
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15453
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.173:19:14
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AntiVirSchedulerService;Avira Scheduler;E:\Programmi Installati\Avira\AntiVir Desktop\sched.exe [2012-4-26 86224]
R2 AntiVirService;Avira Realtime Protection;E:\Programmi Installati\Avira\AntiVir Desktop\avguard.exe [2012-4-26 110032]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 Intel« PROSet Monitoring Service;Intel« PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 SBSDWSCService;SBSD Security Center Service;E:\Programmi Installati\Spybot - Search & Destroy\SDWinSec.exe [2011-4-11 1153368]
R2 TeamViewer7;TeamViewer 7;E:\Programmi Installati\Version7\TeamViewer_Service.exe [2012-6-9 2666880]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-5-30 8192]
S2 SkypeUpdate;Skype Updater;E:\Programmi Installati\Updater\Updater.exe [2012-5-3 158856]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;E:\Programmi Installati\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?]
S3 StorSvc;Servizio di archiviazione;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-07-03 18:54:44 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4FE599CA-2EDF-41AD-85AE-F9B2511E347D}\offreg.dll
2012-07-03 17:38:05 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4FE599CA-2EDF-41AD-85AE-F9B2511E347D}\mpengine.dll
2012-07-03 17:37:23 -------- d-----w- C:\Users\Utente\AppData\Local\{182478BD-2C5C-4B56-B356-3AF8D277C238}
2012-07-03 17:37:12 -------- d-----w- C:\Users\Utente\AppData\Local\{A65C78A6-0E75-4BAC-B041-A348014B9087}
2012-07-03 01:05:08 471040 ----a-w- C:\Users\Utente\AppData\Local\hmoniq.exe
2012-07-02 20:49:41 -------- d-----w- C:\Users\Utente\AppData\Local\{E7FF302C-2992-49C9-AF09-ABEAF9A86B4A}
2012-07-02 20:49:19 -------- d-----w- C:\Users\Utente\AppData\Local\{5682F9F5-6237-4FDB-BB95-A41C23040D94}
2012-07-01 12:09:18 -------- d-----w- C:\Users\Utente\AppData\Local\{51D6082E-DDC4-4DE6-BB2C-899EBB381932}
2012-07-01 12:09:07 -------- d-----w- C:\Users\Utente\AppData\Local\{7ED8FE11-2DDD-442E-90BE-183F9CB56861}
2012-06-30 14:25:23 -------- d-----w- C:\Users\Utente\AppData\Local\{730EAA62-1485-497C-B4CF-ECB487907755}
2012-06-30 14:25:12 -------- d-----w- C:\Users\Utente\AppData\Local\{09401D1C-CC23-4C11-9392-FE88D6F17023}
2012-06-29 18:09:20 -------- d-----w- C:\Users\Utente\AppData\Local\{E063CE75-15B7-47CF-88E7-4D7A65C7D0F1}
2012-06-29 18:09:09 -------- d-----w- C:\Users\Utente\AppData\Local\{738B116B-CB95-4065-9972-4F94ED565DA2}
2012-06-28 18:18:23 -------- d-----w- C:\Users\Utente\AppData\Local\{091681FD-000B-41AC-8837-A5EDCFC48DC2}
2012-06-28 18:18:12 -------- d-----w- C:\Users\Utente\AppData\Local\{E9D4DAAB-0AB3-4DA4-8638-0A9C8D3C6C8B}
2012-06-27 22:29:10 -------- d-----w- C:\Program Files (x86)\MSECache
2012-06-27 17:58:10 -------- d-----w- C:\Users\Utente\AppData\Local\{720DFCB8-A39E-45D4-8468-949AE630DE79}
2012-06-27 17:57:48 -------- d-----w- C:\Users\Utente\AppData\Local\{A667EA7A-1D4E-4573-9AA4-0C056FCF07BC}
2012-06-26 17:44:21 -------- d-----w- C:\Users\Utente\AppData\Local\{D8EF1613-AF3B-4A83-A591-C21F3832A5C1}
2012-06-26 17:43:59 -------- d-----w- C:\Users\Utente\AppData\Local\{92BD8C20-5787-40CF-94EB-2E60290A0191}
2012-06-25 17:46:40 -------- d-----w- C:\Users\Utente\AppData\Local\{40EC5021-9D18-4F63-8CD0-C81D2B5DEF21}
2012-06-25 17:46:29 -------- d-----w- C:\Users\Utente\AppData\Local\{6821A374-10F7-4817-ADDC-18BBDFFEC18E}
2012-06-23 12:10:29 -------- d-----w- C:\Users\Utente\AppData\Local\{B3B8AB41-A887-46AF-A227-51C3249A29B7}
2012-06-23 12:10:18 -------- d-----w- C:\Users\Utente\AppData\Local\{07EFFF0A-ED34-4DD6-822C-63B0C6E4AF97}
2012-06-22 17:08:09 -------- d-----w- C:\Users\Utente\AppData\Local\{E3DD2714-88A3-4BD0-9BDD-EC20C5ADBBD2}
2012-06-22 17:07:58 -------- d-----w- C:\Users\Utente\AppData\Local\{3D3954E4-460B-49A8-9847-FED72AF395C8}
2012-06-21 17:52:10 -------- d-----w- C:\Users\Utente\AppData\Local\{2EEFF550-261A-4E9F-98F3-F841A5A0329D}
2012-06-21 17:51:59 -------- d-----w- C:\Users\Utente\AppData\Local\{7042CBC1-F5E3-4884-8B8F-E6985F7D5DE4}
2012-06-20 19:48:12 -------- d-----w- C:\Users\Utente\AppData\Local\{699BB9AF-8651-4B8C-BD65-A1730E912AAA}
2012-06-20 07:47:39 -------- d-----w- C:\Users\Utente\AppData\Local\{3EF1DC0B-EF8E-4423-AEC4-950EF31A4024}
2012-06-19 19:47:05 -------- d-----w- C:\Users\Utente\AppData\Local\{9EA81711-74DF-4A03-B94E-D1EC3B99F35E}
2012-06-19 19:46:43 -------- d-----w- C:\Users\Utente\AppData\Local\{8FB6B297-0941-45F4-9B3E-4A8670A56D6C}
2012-06-19 14:45:55 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 14:45:53 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 14:45:53 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 14:45:53 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 07:46:12 -------- d-----w- C:\Users\Utente\AppData\Local\{F9351869-FF54-4176-B5E0-3FAF3C1CE6DE}
2012-06-19 07:46:01 -------- d-----w- C:\Users\Utente\AppData\Local\{950251E1-52E7-47BC-AB24-963B40C0AF80}
2012-06-18 07:17:31 -------- d-----w- C:\Users\Utente\AppData\Local\{8F301256-E4B3-4C8A-A7AF-4D4972A626ED}
2012-06-17 17:33:19 -------- d-----w- C:\Users\Utente\AppData\Local\{F0ED5E3D-EB48-4063-8280-AC9413893F15}
2012-06-16 16:58:57 -------- d-----w- C:\Users\Utente\AppData\Local\{0CD0B8A9-9ABF-4DF3-95AA-03C467107262}
2012-06-15 11:16:44 -------- d-----w- C:\Users\Utente\AppData\Local\{44300F48-1AAB-4C8C-A579-41FDA8D1066E}
2012-06-14 13:52:02 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 13:52:02 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 13:52:02 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-14 13:52:01 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-14 13:52:01 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-14 13:52:00 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-14 13:52:00 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-14 13:51:59 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-14 13:51:59 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-14 13:51:59 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-14 13:51:59 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-14 13:51:57 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-14 13:51:57 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-14 13:51:57 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-14 13:51:57 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-14 13:51:57 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-14 13:51:57 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-14 13:50:48 -------- d-----w- C:\Users\Utente\AppData\Local\{57072615-0B8B-4D43-B7AF-2B1B45E1EAB8}
2012-06-14 13:50:37 -------- d-----w- C:\Users\Utente\AppData\Local\{1DBA798B-B3E3-4613-AFDC-943F44113389}
2012-06-13 23:15:17 -------- d-----w- C:\Users\Utente\AppData\Local\{342A6E88-D86D-4B55-9423-857B42465835}
2012-06-13 11:14:42 -------- d-----w- C:\Users\Utente\AppData\Local\{15066626-8600-40AD-9821-39CD7117E075}
2012-06-13 11:14:20 -------- d-----w- C:\Users\Utente\AppData\Local\{2344B44D-8FFE-48B7-8144-75CD384EC4C7}
2012-06-12 14:08:35 -------- d-----w- C:\Users\Utente\AppData\Local\{C8B5E4B1-D888-4DCB-8E17-F9F1FDD4F024}
2012-06-12 14:08:24 -------- d-----w- C:\Users\Utente\AppData\Local\{0DD9ED53-E8D1-4CD6-99C5-CEFADC83BE85}
2012-06-11 17:57:01 -------- d-----w- C:\Users\Utente\AppData\Local\{BFFF5F18-099C-46B5-8F18-DA527A5F3ED8}
2012-06-11 17:56:50 -------- d-----w- C:\Users\Utente\AppData\Local\{23B0E384-B80E-4D20-973C-BD822E043184}
2012-06-08 14:32:09 -------- d-----w- C:\Users\Utente\AppData\Local\{425E6049-7A53-434B-9F3B-EECA8ADAFA78}
2012-06-08 14:31:58 -------- d-----w- C:\Users\Utente\AppData\Local\{799F7DD2-A149-4095-BD64-9E5DBC722405}
2012-06-07 12:29:28 -------- d-----w- C:\Users\Utente\AppData\Local\{5A0F7C6D-6961-475B-8D7D-D8814CB32659}
2012-06-07 12:29:17 -------- d-----w- C:\Users\Utente\AppData\Local\{18D86076-2D34-4200-A58E-83345180A031}
2012-06-06 14:43:27 -------- d-----w- C:\Users\Utente\AppData\Local\{E5E311CB-1617-40B3-A1C5-E873B5DFF306}
2012-06-06 14:43:16 -------- d-----w- C:\Users\Utente\AppData\Local\{A94AEEFE-7839-4AEE-8C6F-A13DFD87A81F}
2012-06-05 22:57:28 -------- d-----w- C:\Users\Utente\AppData\Local\{BB122512-2757-4554-A66B-5518054264DF}
2012-06-05 22:57:18 -------- d-----w- C:\Users\Utente\AppData\Local\{96B1EBAB-D828-4779-9BFE-DE760E5FED46}
2012-06-04 21:30:46 -------- d-----w- C:\Users\Utente\AppData\Local\{B1F83AAD-71B5-406C-A41F-2CC7409C802C}
2012-06-04 21:30:35 -------- d-----w- C:\Users\Utente\AppData\Local\{3758A8D3-2871-4558-B4AC-DED1C5404ECE}
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-08 21:55:13 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-04-23 01:20:14 213546 ----a-w- C:\Windows\SysWow64\~.tmp
2012-04-18 18:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 20:56:36,45 ===============


- Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 31/03/2011 15:57:31
System Uptime: 03/07/2012 19:34:16 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8P67 PRO
Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 45,212 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 1863 GiB total, 1356,253 GiB free.
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP183: 26/06/2012 19:36:51 - Windows Update
RP184: 28/06/2012 00:29:10 - Pacchetto di compatibilitÓ per Office System 2007 installato
RP185: 28/06/2012 00:37:33 - Pacchetto di compatibilitÓ per Office System 2007 rimosso
RP186: 28/06/2012 00:39:20 - Pacchetto di compatibilitÓ per Office System 2007 rimosso
RP187: 29/06/2012 20:12:11 - Windows Update
RP189: 03/07/2012 04:35:28 - Windows Defender Checkpoint
RP190: 03/07/2012 19:37:59 - Windows Update
.
==== Installed Programs ======================
.
ActiveState Komodo Edit 7.0.1
Adobe Acrobat X Pro - English, Franšais, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Master Collection
Adobe Download Assistant
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader X (10.1.3) - Italiano
Adobe Story
Adobe Widget Browser
AdunanzA
Advertising Center
AIO_Scan
Apple Application Support
Apple Software Update
Autodesk 3ds Max 2011 32-bit
Autodesk Backburner 2008.1
Autodesk FBX Plug-in 2011.1 - 3ds Max 2011
Autodesk Material Library 2011
Avira Free Antivirus
BufferChm
Copy
D3DX10
Destinations
DeviceDiscovery
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
DolbyFiles
Dropbox
ESET Online Scanner v3
F4100
F4100_Help
Facebook Video Calling 1.2.0.159
Google Chrome
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
High-Definition Video Playback 10
HiJackThis
HP Product Detection
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
IETester v0.4.10 (remove only)
Intel® Management Engine Components
Java Auto Updater
Java™ 6 Update 31
JMicron JMB36X Driver
Junk Mail filter update
Malwarebytes Anti-Malware versione 1.61.0.1400
MarketResearch
marvell 91xx console driver
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 13.0.1 (x86 it)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Installer
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
Opera 11.64
PDF Settings CS5
PDFCreator
PxMergeModule
QuickTime
RealFlow
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Click to Call
SkypeÖ 5.9
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
TeamViewer 7
Toolbox
TopStyle 4
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
V-Ray for 3dsmax 2011 for x86
VLC media player 2.0.1
WebLoc Translator 2.0
WebReg
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
.
==== End Of File ===========================

The computer operates normally at this time, I did not open the popup again, as happened yesterday.

Vash

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:19 AM

Posted 03 July 2012 - 02:54 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 VashTheStampede

VashTheStampede
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 03 July 2012 - 05:12 PM

Hi,

I have run ComboFix after I have disabled all security tools.

I haven't seen any error and at the end of ComboFix, it don't say me to restart the pc, so I don't it.

The pc work regular and I haven't see popup still.

The ComboFix log:

ComboFix 12-07-02.01 - Utente 03/07/2012 23:58:25.4.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.16364.14353 [GMT 2:00]
Eseguito da: c:\users\Utente\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
c:\users\Utente\AppData\Local\hmoniq.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-03 al 2012-07-03 )))))))))))))))))))))))))))))))))))
.
.
2012-07-03 22:00 . 2012-07-03 22:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-03 22:00 . 2012-07-03 22:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-03 17:38 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FE599CA-2EDF-41AD-85AE-F9B2511E347D}\mpengine.dll
2012-06-27 22:29 . 2012-06-27 22:43 -------- d-----w- c:\program files (x86)\MSECache
2012-06-19 14:45 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 14:45 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 14:45 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 14:45 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 14:45 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 14:45 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 14:45 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 14:45 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 14:45 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 13:52 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 13:52 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 13:52 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 13:52 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 13:52 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 13:52 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 13:52 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 13:51 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 13:51 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 13:51 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 13:51 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 13:51 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 13:51 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 13:51 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 13:51 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 13:51 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 13:51 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 21:55 . 2012-04-26 20:30 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 21:55 . 2012-04-26 20:30 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-23 01:20 . 2012-04-23 00:40 213546 ----a-w- c:\windows\SysWow64\~.tmp
2012-04-18 23:03 . 2012-04-18 23:03 388096 ----a-r- c:\users\Utente\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\programmi installati\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"avgnt"="e:\programmi installati\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"QuickTime Task"="e:\programmi installati\QTTask.exe" [2012-04-18 421888]
.
c:\users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
R2 SkypeUpdate;Skype Updater;e:\programmi installati\Updater\Updater.exe [2012-05-03 158856]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;e:\programmi installati\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-31 1255736]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Scheduler;e:\programmi installati\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 Intel« PROSet Monitoring Service;Intel« PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 SBSDWSCService;SBSD Security Center Service;e:\programmi installati\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer7;TeamViewer 7;e:\programmi installati\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3932923347-2004413485-1034368658-1000Core.job
- c:\users\Utente\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-23 20:00]
.
2012-07-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3932923347-2004413485-1034368658-1000UA.job
- c:\users\Utente\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-23 20:00]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3932923347-2004413485-1034368658-1000Core.job
- c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-10 23:02]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3932923347-2004413485-1034368658-1000UA.job
- c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-10 23:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel
IE: I&nvia a OneNote
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
FF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\qw6dy4me.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - f875303a000000000000002683144847
FF - user.js: extensions.BabylonToolbar_i.hardId - f875303a000000000000002683144847
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15453
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.173:19
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-V-Ray for 3dsmax 2011 for x86 - c:\program files (x86)\Chaos Group\V-Ray\3dsmax 2011 for x86\uninstall\wininstaller.exe-uninstall=c:\program files (x86)\Chaos Group\V-Ray\3dsmax 2011 for x86\uninstall\install.log
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-07-04 00:02:16
ComboFix-quarantined-files.txt 2012-07-03 22:02
.
Pre-Run: 48.252.805.120 byte disponibili
Post-Run: 48.106.442.752 byte disponibili
.
- - End Of File - - 4BD0266C8B125BC512645D7EE9DA7764

Vash

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:19 AM

Posted 03 July 2012 - 09:43 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 VashTheStampede

VashTheStampede
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 04 July 2012 - 01:56 PM

Hi Gringo,

I have run before tdsskiller and then aswMBR. When run aswMBR, after it has finished to download extra definitions, I click Scan, after a while the the program crashed and windows says me that it's occured a problem and that I have to close the program. I don't know if the problem depends by aswMBR or it's only Windows that is crashed. While the program was running, firefox was open, could it be a problem? Have I still to run the program?
The popup about Security Shield Problem aren't open for now.

tdsskiller log

20:24:26.0254 3324 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
20:24:26.0393 3324 ============================================================
20:24:26.0393 3324 Current date / time: 2012/07/04 20:24:26.0393
20:24:26.0393 3324 SystemInfo:
20:24:26.0394 3324
20:24:26.0394 3324 OS Version: 6.1.7601 ServicePack: 1.0
20:24:26.0394 3324 Product type: Workstation
20:24:26.0394 3324 ComputerName: UTENTE-PC
20:24:26.0394 3324 UserName: Utente
20:24:26.0394 3324 Windows directory: C:\Windows
20:24:26.0394 3324 System windows directory: C:\Windows
20:24:26.0394 3324 Running under WOW64
20:24:26.0394 3324 Processor architecture: Intel x64
20:24:26.0394 3324 Number of processors: 8
20:24:26.0394 3324 Page size: 0x1000
20:24:26.0394 3324 Boot type: Normal boot
20:24:26.0394 3324 ============================================================
20:24:26.0724 3324 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:24:26.0724 3324 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:24:26.0727 3324 Drive \Device\Harddisk2\DR2 - Size: 0xFE780000 (3.98 Gb), SectorSize: 0x200, Cylinders: 0x207, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:24:26.0728 3324 Drive \Device\Harddisk3\DR3 - Size: 0xFDB80000 (3.96 Gb), SectorSize: 0x200, Cylinders: 0x205, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:24:26.0730 3324 ============================================================
20:24:26.0730 3324 \Device\Harddisk0\DR0:
20:24:26.0730 3324 MBR partitions:
20:24:26.0730 3324 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
20:24:26.0730 3324 \Device\Harddisk1\DR1:
20:24:26.0730 3324 MBR partitions:
20:24:26.0730 3324 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:24:26.0730 3324 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
20:24:26.0730 3324 \Device\Harddisk2\DR2:
20:24:26.0730 3324 MBR partitions:
20:24:26.0730 3324 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xB, StartLBA 0x40, BlocksNum 0x7F3BC0
20:24:26.0730 3324 \Device\Harddisk3\DR3:
20:24:26.0731 3324 MBR partitions:
20:24:26.0731 3324 \Device\Harddisk3\DR3\Partition0: MBR, Type 0xB, StartLBA 0x40, BlocksNum 0x7EDBC0
20:24:26.0731 3324 ============================================================
20:24:26.0732 3324 C: <-> \Device\Harddisk1\DR1\Partition1
20:24:26.0748 3324 E: <-> \Device\Harddisk0\DR0\Partition0
20:24:26.0748 3324 ============================================================
20:24:26.0748 3324 Initialize success
20:24:26.0748 3324 ============================================================
20:24:33.0924 3444 ============================================================
20:24:33.0924 3444 Scan started
20:24:33.0924 3444 Mode: Manual;
20:24:33.0924 3444 ============================================================
20:24:34.0022 3444 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:24:34.0023 3444 1394ohci - ok
20:24:34.0035 3444 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:24:34.0037 3444 ACPI - ok
20:24:34.0039 3444 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:24:34.0042 3444 AcpiPmi - ok
20:24:34.0049 3444 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:24:34.0049 3444 AdobeARMservice - ok
20:24:34.0067 3444 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:24:34.0074 3444 adp94xx - ok
20:24:34.0088 3444 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:24:34.0094 3444 adpahci - ok
20:24:34.0103 3444 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:24:34.0108 3444 adpu320 - ok
20:24:34.0113 3444 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:24:34.0117 3444 AeLookupSvc - ok
20:24:34.0135 3444 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:24:34.0138 3444 AFD - ok
20:24:34.0142 3444 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:24:34.0146 3444 agp440 - ok
20:24:34.0150 3444 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:24:34.0154 3444 ALG - ok
20:24:34.0156 3444 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:24:34.0158 3444 aliide - ok
20:24:34.0160 3444 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:24:34.0162 3444 amdide - ok
20:24:34.0167 3444 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:24:34.0170 3444 AmdK8 - ok
20:24:34.0175 3444 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:24:34.0178 3444 AmdPPM - ok
20:24:34.0184 3444 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:24:34.0188 3444 amdsata - ok
20:24:34.0197 3444 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:24:34.0201 3444 amdsbs - ok
20:24:34.0204 3444 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:24:34.0206 3444 amdxata - ok
20:24:34.0296 3444 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) E:\Programmi Installati\Avira\AntiVir Desktop\sched.exe
20:24:34.0297 3444 AntiVirSchedulerService - ok
20:24:34.0318 3444 AntiVirService (c9a36ef935aced86aedf93e97e606911) E:\Programmi Installati\Avira\AntiVir Desktop\avguard.exe
20:24:34.0319 3444 AntiVirService - ok
20:24:34.0324 3444 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:24:34.0330 3444 AppID - ok
20:24:34.0333 3444 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:24:34.0339 3444 AppIDSvc - ok
20:24:34.0345 3444 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:24:34.0349 3444 Appinfo - ok
20:24:34.0356 3444 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:24:34.0357 3444 Apple Mobile Device - ok
20:24:34.0365 3444 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:24:34.0371 3444 AppMgmt - ok
20:24:34.0376 3444 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:24:34.0380 3444 arc - ok
20:24:34.0386 3444 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:24:34.0389 3444 arcsas - ok
20:24:34.0392 3444 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:24:34.0394 3444 AsyncMac - ok
20:24:34.0396 3444 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:24:34.0397 3444 atapi - ok
20:24:34.0400 3444 AthBTPort (aaae03f8eda817ec28c5445193ea8bf3) C:\Windows\system32\DRIVERS\btath_flt.sys
20:24:34.0402 3444 AthBTPort - ok
20:24:34.0406 3444 ATHDFU (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys
20:24:34.0408 3444 ATHDFU - ok
20:24:34.0413 3444 AtherosSvc (c34b28d6285ead94b3a2faba84e90da5) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
20:24:34.0413 3444 AtherosSvc - ok
20:24:34.0438 3444 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:24:34.0453 3444 AudioEndpointBuilder - ok
20:24:34.0456 3444 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:24:34.0459 3444 AudioSrv - ok
20:24:34.0466 3444 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
20:24:34.0469 3444 avgntflt - ok
20:24:34.0476 3444 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
20:24:34.0479 3444 avipbb - ok
20:24:34.0482 3444 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:24:34.0485 3444 avkmgr - ok
20:24:34.0491 3444 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:24:34.0495 3444 AxInstSV - ok
20:24:34.0512 3444 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:24:34.0521 3444 b06bdrv - ok
20:24:34.0532 3444 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:24:34.0538 3444 b57nd60a - ok
20:24:34.0545 3444 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:24:34.0548 3444 BDESVC - ok
20:24:34.0550 3444 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:24:34.0552 3444 Beep - ok
20:24:34.0580 3444 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:24:34.0594 3444 BFE - ok
20:24:34.0626 3444 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:24:34.0633 3444 BITS - ok
20:24:34.0640 3444 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:24:34.0643 3444 blbdrive - ok
20:24:34.0662 3444 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:24:34.0663 3444 Bonjour Service - ok
20:24:34.0670 3444 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:24:34.0673 3444 bowser - ok
20:24:34.0675 3444 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:24:34.0677 3444 BrFiltLo - ok
20:24:34.0679 3444 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:24:34.0681 3444 BrFiltUp - ok
20:24:34.0685 3444 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:24:34.0689 3444 BridgeMP - ok
20:24:34.0696 3444 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:24:34.0701 3444 Browser - ok
20:24:34.0712 3444 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:24:34.0718 3444 Brserid - ok
20:24:34.0722 3444 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:24:34.0725 3444 BrSerWdm - ok
20:24:34.0727 3444 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:24:34.0729 3444 BrUsbMdm - ok
20:24:34.0731 3444 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:24:34.0733 3444 BrUsbSer - ok
20:24:34.0746 3444 BTATH_A2DP (3b1b573371b206d1d5f25e0ef5fcd6d6) C:\Windows\system32\drivers\btath_a2dp.sys
20:24:34.0749 3444 BTATH_A2DP - ok
20:24:34.0753 3444 BTATH_BUS (2d0446336d9db55a742b999ec16adf15) C:\Windows\system32\DRIVERS\btath_bus.sys
20:24:34.0753 3444 BTATH_BUS - ok
20:24:34.0763 3444 BTATH_HCRP (9a9694bbeb2849eaf95dffcae5df02ad) C:\Windows\system32\DRIVERS\btath_hcrp.sys
20:24:34.0766 3444 BTATH_HCRP - ok
20:24:34.0770 3444 BTATH_LWFLT (fc0a8075ddf2e9c66267aec91e0676f9) C:\Windows\system32\DRIVERS\btath_lwflt.sys
20:24:34.0773 3444 BTATH_LWFLT - ok
20:24:34.0780 3444 BTATH_RCP (5eb4815cbddba4541f2380dae6e269ab) C:\Windows\system32\DRIVERS\btath_rcp.sys
20:24:34.0783 3444 BTATH_RCP - ok
20:24:34.0795 3444 BtFilter (0ecede7b33cfd9a52a61220abbd09a50) C:\Windows\system32\DRIVERS\btfilter.sys
20:24:34.0796 3444 BtFilter - ok
20:24:34.0800 3444 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
20:24:34.0803 3444 BthEnum - ok
20:24:34.0808 3444 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:24:34.0811 3444 BTHMODEM - ok
20:24:34.0817 3444 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:24:34.0818 3444 BthPan - ok
20:24:34.0837 3444 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
20:24:34.0846 3444 BTHPORT - ok
20:24:34.0852 3444 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:24:34.0855 3444 bthserv - ok
20:24:34.0860 3444 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
20:24:34.0864 3444 BTHUSB - ok
20:24:34.0866 3444 catchme - ok
20:24:34.0872 3444 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:24:34.0875 3444 cdfs - ok
20:24:34.0882 3444 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:24:34.0886 3444 cdrom - ok
20:24:34.0892 3444 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:24:34.0896 3444 CertPropSvc - ok
20:24:34.0899 3444 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:24:34.0903 3444 circlass - ok
20:24:34.0918 3444 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:24:34.0921 3444 CLFS - ok
20:24:34.0930 3444 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:24:34.0935 3444 clr_optimization_v2.0.50727_32 - ok
20:24:34.0942 3444 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:24:34.0947 3444 clr_optimization_v2.0.50727_64 - ok
20:24:34.0958 3444 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:24:34.0961 3444 clr_optimization_v4.0.30319_32 - ok
20:24:34.0969 3444 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:24:34.0971 3444 clr_optimization_v4.0.30319_64 - ok
20:24:34.0973 3444 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:24:34.0975 3444 CmBatt - ok
20:24:34.0977 3444 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:24:34.0979 3444 cmdide - ok
20:24:34.0996 3444 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:24:35.0005 3444 CNG - ok
20:24:35.0007 3444 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:24:35.0010 3444 Compbatt - ok
20:24:35.0013 3444 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:24:35.0016 3444 CompositeBus - ok
20:24:35.0018 3444 COMSysApp - ok
20:24:35.0021 3444 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:24:35.0024 3444 crcdisk - ok
20:24:35.0032 3444 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:24:35.0033 3444 CryptSvc - ok
20:24:35.0051 3444 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:24:35.0061 3444 CSC - ok
20:24:35.0088 3444 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:24:35.0093 3444 CscService - ok
20:24:35.0115 3444 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:24:35.0119 3444 DcomLaunch - ok
20:24:35.0132 3444 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:24:35.0139 3444 defragsvc - ok
20:24:35.0147 3444 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:24:35.0151 3444 DfsC - ok
20:24:35.0165 3444 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:24:35.0174 3444 Dhcp - ok
20:24:35.0178 3444 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:24:35.0179 3444 discache - ok
20:24:35.0183 3444 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:24:35.0187 3444 Disk - ok
20:24:35.0195 3444 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:24:35.0201 3444 Dnscache - ok
20:24:35.0213 3444 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:24:35.0219 3444 dot3svc - ok
20:24:35.0228 3444 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
20:24:35.0232 3444 Dot4 - ok
20:24:35.0235 3444 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:24:35.0237 3444 Dot4Print - ok
20:24:35.0240 3444 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
20:24:35.0243 3444 dot4usb - ok
20:24:35.0251 3444 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:24:35.0252 3444 DPS - ok
20:24:35.0253 3444 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:24:35.0255 3444 drmkaud - ok
20:24:35.0291 3444 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:24:35.0298 3444 DXGKrnl - ok
20:24:35.0311 3444 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
20:24:35.0315 3444 e1cexpress - ok
20:24:35.0322 3444 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:24:35.0326 3444 EapHost - ok
20:24:35.0428 3444 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:24:35.0461 3444 ebdrv - ok
20:24:35.0485 3444 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:24:35.0488 3444 EFS - ok
20:24:35.0515 3444 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:24:35.0528 3444 ehRecvr - ok
20:24:35.0535 3444 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:24:35.0540 3444 ehSched - ok
20:24:35.0562 3444 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:24:35.0570 3444 elxstor - ok
20:24:35.0573 3444 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:24:35.0575 3444 ErrDev - ok
20:24:35.0594 3444 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:24:35.0596 3444 EventSystem - ok
20:24:35.0606 3444 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:24:35.0611 3444 exfat - ok
20:24:35.0619 3444 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:24:35.0624 3444 fastfat - ok
20:24:35.0649 3444 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:24:35.0655 3444 Fax - ok
20:24:35.0658 3444 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:24:35.0660 3444 fdc - ok
20:24:35.0663 3444 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:24:35.0665 3444 fdPHost - ok
20:24:35.0668 3444 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:24:35.0668 3444 FDResPub - ok
20:24:35.0672 3444 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:24:35.0675 3444 FileInfo - ok
20:24:35.0678 3444 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:24:35.0680 3444 Filetrace - ok
20:24:35.0714 3444 FLEXnet Licensing Service (d60ef46dc0e757fe5eb579db95b88954) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:24:35.0731 3444 FLEXnet Licensing Service - ok
20:24:35.0733 3444 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:24:35.0736 3444 flpydisk - ok
20:24:35.0748 3444 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:24:35.0756 3444 FltMgr - ok
20:24:35.0793 3444 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:24:35.0801 3444 FontCache - ok
20:24:35.0806 3444 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:24:35.0810 3444 FontCache3.0.0.0 - ok
20:24:35.0817 3444 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:24:35.0820 3444 FsDepends - ok
20:24:35.0823 3444 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:24:35.0825 3444 Fs_Rec - ok
20:24:35.0836 3444 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:24:35.0837 3444 fvevol - ok
20:24:35.0841 3444 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:24:35.0845 3444 gagp30kx - ok
20:24:35.0848 3444 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:24:35.0850 3444 GEARAspiWDM - ok
20:24:35.0881 3444 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:24:35.0902 3444 gpsvc - ok
20:24:35.0906 3444 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:24:35.0910 3444 hcw85cir - ok
20:24:35.0924 3444 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:24:35.0931 3444 HdAudAddService - ok
20:24:35.0938 3444 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:24:35.0939 3444 HDAudBus - ok
20:24:35.0941 3444 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:24:35.0943 3444 HidBatt - ok
20:24:35.0948 3444 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:24:35.0952 3444 HidBth - ok
20:24:35.0955 3444 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:24:35.0959 3444 HidIr - ok
20:24:35.0962 3444 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:24:35.0965 3444 hidserv - ok
20:24:35.0968 3444 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:24:35.0971 3444 HidUsb - ok
20:24:35.0976 3444 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:24:35.0980 3444 hkmsvc - ok
20:24:35.0990 3444 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:24:35.0998 3444 HomeGroupListener - ok
20:24:36.0007 3444 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:24:36.0009 3444 HomeGroupProvider - ok
20:24:36.0022 3444 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
20:24:36.0024 3444 hpqcxs08 - ok
20:24:36.0029 3444 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
20:24:36.0030 3444 hpqddsvc - ok
20:24:36.0034 3444 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:24:36.0038 3444 HpSAMD - ok
20:24:36.0067 3444 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:24:36.0073 3444 HTTP - ok
20:24:36.0075 3444 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:24:36.0075 3444 hwpolicy - ok
20:24:36.0081 3444 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:24:36.0085 3444 i8042prt - ok
20:24:36.0101 3444 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:24:36.0108 3444 iaStorV - ok
20:24:36.0137 3444 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:24:36.0156 3444 idsvc - ok
20:24:36.0162 3444 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:24:36.0165 3444 iirsp - ok
20:24:36.0196 3444 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:24:36.0211 3444 IKEEXT - ok
20:24:36.0308 3444 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
20:24:36.0331 3444 IntcAzAudAddService - ok
20:24:36.0357 3444 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:24:36.0360 3444 intelide - ok
20:24:36.0365 3444 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:24:36.0365 3444 intelppm - ok
20:24:36.0371 3444 Intel« PROSet Monitoring Service (068ec06f3b6dd7b81b365d8fd2ce27e6) C:\Windows\system32\IProsetMonitor.exe
20:24:36.0372 3444 Intel« PROSet Monitoring Service - ok
20:24:36.0377 3444 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:24:36.0381 3444 IPBusEnum - ok
20:24:36.0387 3444 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:24:36.0391 3444 IpFilterDriver - ok
20:24:36.0424 3444 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:24:36.0435 3444 iphlpsvc - ok
20:24:36.0440 3444 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:24:36.0444 3444 IPMIDRV - ok
20:24:36.0449 3444 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:24:36.0453 3444 IPNAT - ok
20:24:36.0489 3444 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
20:24:36.0509 3444 iPod Service - ok
20:24:36.0513 3444 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:24:36.0515 3444 IRENUM - ok
20:24:36.0518 3444 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:24:36.0521 3444 isapnp - ok
20:24:36.0532 3444 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:24:36.0539 3444 iScsiPrt - ok
20:24:36.0547 3444 JRAID (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\DRIVERS\jraid.sys
20:24:36.0551 3444 JRAID - ok
20:24:36.0555 3444 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:24:36.0558 3444 kbdclass - ok
20:24:36.0561 3444 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:24:36.0564 3444 kbdhid - ok
20:24:36.0567 3444 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:24:36.0568 3444 KeyIso - ok
20:24:36.0569 3444 KMService - ok
20:24:36.0574 3444 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:24:36.0578 3444 KSecDD - ok
20:24:36.0585 3444 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:24:36.0590 3444 KSecPkg - ok
20:24:36.0593 3444 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:24:36.0595 3444 ksthunk - ok
20:24:36.0607 3444 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:24:36.0616 3444 KtmRm - ok
20:24:36.0628 3444 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:24:36.0637 3444 LanmanServer - ok
20:24:36.0643 3444 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:24:36.0649 3444 LanmanWorkstation - ok
20:24:36.0654 3444 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:24:36.0658 3444 lltdio - ok
20:24:36.0669 3444 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:24:36.0675 3444 lltdsvc - ok
20:24:36.0678 3444 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:24:36.0681 3444 lmhosts - ok
20:24:36.0688 3444 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:24:36.0691 3444 LSI_FC - ok
20:24:36.0697 3444 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:24:36.0701 3444 LSI_SAS - ok
20:24:36.0705 3444 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:24:36.0708 3444 LSI_SAS2 - ok
20:24:36.0714 3444 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:24:36.0718 3444 LSI_SCSI - ok
20:24:36.0724 3444 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:24:36.0728 3444 luafv - ok
20:24:36.0733 3444 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:24:36.0737 3444 Mcx2Svc - ok
20:24:36.0740 3444 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:24:36.0743 3444 megasas - ok
20:24:36.0754 3444 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:24:36.0760 3444 MegaSR - ok
20:24:36.0765 3444 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
20:24:36.0767 3444 MEIx64 - ok
20:24:36.0778 3444 mi-raysat_3dsmax2011_32 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
20:24:36.0779 3444 mi-raysat_3dsmax2011_32 - ok
20:24:36.0816 3444 Microsoft SharePoint Workspace Audit Service - ok
20:24:36.0823 3444 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:24:36.0830 3444 MMCSS - ok
20:24:36.0834 3444 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:24:36.0838 3444 Modem - ok
20:24:36.0840 3444 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:24:36.0840 3444 monitor - ok
20:24:36.0844 3444 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:24:36.0846 3444 mouclass - ok
20:24:36.0850 3444 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:24:36.0852 3444 mouhid - ok
20:24:36.0857 3444 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:24:36.0858 3444 mountmgr - ok
20:24:36.0864 3444 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:24:36.0870 3444 mpio - ok
20:24:36.0875 3444 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:24:36.0878 3444 mpsdrv - ok
20:24:36.0906 3444 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:24:36.0920 3444 MpsSvc - ok
20:24:36.0929 3444 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:24:36.0933 3444 MRxDAV - ok
20:24:36.0941 3444 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:24:36.0946 3444 mrxsmb - ok
20:24:36.0957 3444 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:24:36.0963 3444 mrxsmb10 - ok
20:24:36.0970 3444 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:24:36.0973 3444 mrxsmb20 - ok
20:24:36.0976 3444 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:24:36.0978 3444 msahci - ok
20:24:36.0985 3444 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:24:36.0989 3444 msdsm - ok
20:24:36.0996 3444 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:24:37.0001 3444 MSDTC - ok
20:24:37.0005 3444 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:24:37.0008 3444 Msfs - ok
20:24:37.0009 3444 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:24:37.0011 3444 mshidkmdf - ok
20:24:37.0013 3444 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:24:37.0015 3444 msisadrv - ok
20:24:37.0023 3444 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:24:37.0028 3444 MSiSCSI - ok
20:24:37.0029 3444 msiserver - ok
20:24:37.0032 3444 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:24:37.0034 3444 MSKSSRV - ok
20:24:37.0035 3444 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:24:37.0037 3444 MSPCLOCK - ok
20:24:37.0038 3444 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:24:37.0040 3444 MSPQM - ok
20:24:37.0054 3444 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:24:37.0061 3444 MsRPC - ok
20:24:37.0065 3444 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:24:37.0065 3444 mssmbios - ok
20:24:37.0068 3444 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:24:37.0069 3444 MSTEE - ok
20:24:37.0071 3444 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:24:37.0073 3444 MTConfig - ok
20:24:37.0077 3444 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:24:37.0080 3444 Mup - ok
20:24:37.0091 3444 mv91xx (34d08c9c64f657d194961e96c47e9c69) C:\Windows\system32\DRIVERS\mv91xx.sys
20:24:37.0097 3444 mv91xx - ok
20:24:37.0117 3444 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:24:37.0121 3444 napagent - ok
20:24:37.0134 3444 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:24:37.0141 3444 NativeWifiP - ok
20:24:37.0160 3444 NAUpdate (e4534bccdd1ea7a7a256bb9d6688a5fc) C:\Program Files (x86)\Nero\Update\NASvc.exe
20:24:37.0162 3444 NAUpdate - ok
20:24:37.0201 3444 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:24:37.0212 3444 NDIS - ok
20:24:37.0217 3444 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:24:37.0221 3444 NdisCap - ok
20:24:37.0225 3444 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:24:37.0228 3444 NdisTapi - ok
20:24:37.0232 3444 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:24:37.0235 3444 Ndisuio - ok
20:24:37.0243 3444 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:24:37.0248 3444 NdisWan - ok
20:24:37.0253 3444 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:24:37.0256 3444 NDProxy - ok
20:24:37.0262 3444 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
20:24:37.0263 3444 Net Driver HPZ12 - ok
20:24:37.0266 3444 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:24:37.0269 3444 NetBIOS - ok
20:24:37.0282 3444 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:24:37.0283 3444 NetBT - ok
20:24:37.0287 3444 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:24:37.0287 3444 Netlogon - ok
20:24:37.0301 3444 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:24:37.0311 3444 Netman - ok
20:24:37.0331 3444 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:24:37.0334 3444 netprofm - ok
20:24:37.0341 3444 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:24:37.0346 3444 NetTcpPortSharing - ok
20:24:37.0350 3444 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:24:37.0353 3444 nfrd960 - ok
20:24:37.0367 3444 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:24:37.0376 3444 NlaSvc - ok
20:24:37.0379 3444 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:24:37.0382 3444 Npfs - ok
20:24:37.0385 3444 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:24:37.0388 3444 nsi - ok
20:24:37.0390 3444 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:24:37.0390 3444 nsiproxy - ok
20:24:37.0450 3444 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:24:37.0480 3444 Ntfs - ok
20:24:37.0505 3444 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:24:37.0507 3444 Null - ok
20:24:37.0511 3444 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
20:24:37.0516 3444 nusb3hub - ok
20:24:37.0524 3444 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:24:37.0529 3444 nusb3xhc - ok
20:24:37.0944 3444 nvlddmkm (0d4e03fda79691efd97ae5d7bb3a257d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:24:37.0993 3444 nvlddmkm - ok
20:24:38.0022 3444 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:24:38.0027 3444 nvraid - ok
20:24:38.0035 3444 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:24:38.0039 3444 nvstor - ok
20:24:38.0047 3444 nvsvc (2786b69ae9144c522e2f0ad44b8ce1ad) C:\Windows\system32\nvvsvc.exe
20:24:38.0048 3444 nvsvc - ok
20:24:38.0054 3444 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:24:38.0058 3444 nv_agp - ok
20:24:38.0063 3444 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:24:38.0067 3444 ohci1394 - ok
20:24:38.0076 3444 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:24:38.0081 3444 ose64 - ok
20:24:38.0281 3444 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:24:38.0337 3444 osppsvc - ok
20:24:38.0372 3444 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:24:38.0380 3444 p2pimsvc - ok
20:24:38.0397 3444 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:24:38.0406 3444 p2psvc - ok
20:24:38.0430 3444 PAC207 (3a6dceb1848470320e4a3c12d7a35b1c) C:\Windows\system32\DRIVERS\PFC027.SYS
20:24:38.0440 3444 PAC207 - ok
20:24:38.0445 3444 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:24:38.0450 3444 Parport - ok
20:24:38.0455 3444 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:24:38.0459 3444 partmgr - ok
20:24:38.0468 3444 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:24:38.0476 3444 PcaSvc - ok
20:24:38.0485 3444 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:24:38.0491 3444 pci - ok
20:24:38.0493 3444 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:24:38.0495 3444 pciide - ok
20:24:38.0503 3444 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:24:38.0509 3444 pcmcia - ok
20:24:38.0512 3444 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:24:38.0515 3444 pcw - ok
20:24:38.0535 3444 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:24:38.0547 3444 PEAUTH - ok
20:24:38.0592 3444 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:24:38.0610 3444 PeerDistSvc - ok
20:24:38.0631 3444 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:24:38.0635 3444 PerfHost - ok
20:24:38.0708 3444 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:24:38.0736 3444 pla - ok
20:24:38.0755 3444 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:24:38.0768 3444 PlugPlay - ok
20:24:38.0775 3444 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
20:24:38.0776 3444 Pml Driver HPZ12 - ok
20:24:38.0779 3444 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:24:38.0783 3444 PNRPAutoReg - ok
20:24:38.0796 3444 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:24:38.0798 3444 PNRPsvc - ok
20:24:38.0819 3444 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:24:38.0828 3444 PolicyAgent - ok
20:24:38.0838 3444 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:24:38.0845 3444 Power - ok
20:24:38.0854 3444 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:24:38.0859 3444 PptpMiniport - ok
20:24:38.0863 3444 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:24:38.0868 3444 Processor - ok
20:24:38.0877 3444 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:24:38.0879 3444 ProfSvc - ok
20:24:38.0882 3444 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:24:38.0883 3444 ProtectedStorage - ok
20:24:38.0890 3444 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:24:38.0891 3444 Psched - ok
20:24:38.0895 3444 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:24:38.0898 3444 PxHlpa64 - ok
20:24:38.0953 3444 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:24:38.0978 3444 ql2300 - ok
20:24:39.0009 3444 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:24:39.0016 3444 ql40xx - ok
20:24:39.0029 3444 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:24:39.0041 3444 QWAVE - ok
20:24:39.0046 3444 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:24:39.0051 3444 QWAVEdrv - ok
20:24:39.0054 3444 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:24:39.0057 3444 RasAcd - ok
20:24:39.0062 3444 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:24:39.0065 3444 RasAgileVpn - ok
20:24:39.0071 3444 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:24:39.0076 3444 RasAuto - ok
20:24:39.0083 3444 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:24:39.0088 3444 Rasl2tp - ok
20:24:39.0102 3444 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:24:39.0113 3444 RasMan - ok
20:24:39.0119 3444 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:24:39.0123 3444 RasPppoe - ok
20:24:39.0128 3444 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:24:39.0132 3444 RasSstp - ok
20:24:39.0146 3444 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:24:39.0154 3444 rdbss - ok
20:24:39.0157 3444 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:24:39.0159 3444 rdpbus - ok
20:24:39.0161 3444 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:24:39.0162 3444 RDPCDD - ok
20:24:39.0171 3444 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:24:39.0176 3444 RDPDR - ok
20:24:39.0178 3444 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:24:39.0178 3444 RDPENCDD - ok
20:24:39.0181 3444 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:24:39.0181 3444 RDPREFMP - ok
20:24:39.0190 3444 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:24:39.0196 3444 RDPWD - ok
20:24:39.0206 3444 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:24:39.0212 3444 rdyboost - ok
20:24:39.0217 3444 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:24:39.0222 3444 RemoteAccess - ok
20:24:39.0230 3444 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:24:39.0237 3444 RemoteRegistry - ok
20:24:39.0246 3444 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:24:39.0250 3444 RFCOMM - ok
20:24:39.0255 3444 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:24:39.0259 3444 RpcEptMapper - ok
20:24:39.0261 3444 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:24:39.0264 3444 RpcLocator - ok
20:24:39.0284 3444 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
20:24:39.0287 3444 RpcSs - ok
20:24:39.0292 3444 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:24:39.0295 3444 rspndr - ok
20:24:39.0297 3444 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:24:39.0299 3444 s3cap - ok
20:24:39.0301 3444 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:24:39.0302 3444 SamSs - ok
20:24:39.0307 3444 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:24:39.0311 3444 sbp2port - ok
20:24:39.0390 3444 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) E:\Programmi Installati\Spybot - Search & Destroy\SDWinSec.exe
20:24:39.0394 3444 SBSDWSCService - ok
20:24:39.0403 3444 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:24:39.0409 3444 SCardSvr - ok
20:24:39.0412 3444 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:24:39.0415 3444 scfilter - ok
20:24:39.0457 3444 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:24:39.0485 3444 Schedule - ok
20:24:39.0491 3444 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:24:39.0491 3444 SCPolicySvc - ok
20:24:39.0499 3444 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:24:39.0507 3444 SDRSVC - ok
20:24:39.0513 3444 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:24:39.0516 3444 secdrv - ok
20:24:39.0518 3444 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:24:39.0522 3444 seclogon - ok
20:24:39.0527 3444 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:24:39.0528 3444 SENS - ok
20:24:39.0531 3444 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:24:39.0534 3444 SensrSvc - ok
20:24:39.0537 3444 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:24:39.0539 3444 Serenum - ok
20:24:39.0544 3444 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:24:39.0548 3444 Serial - ok
20:24:39.0551 3444 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:24:39.0553 3444 sermouse - ok
20:24:39.0562 3444 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:24:39.0567 3444 SessionEnv - ok
20:24:39.0570 3444 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:24:39.0572 3444 sffdisk - ok
20:24:39.0574 3444 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:24:39.0576 3444 sffp_mmc - ok
20:24:39.0578 3444 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:24:39.0580 3444 sffp_sd - ok
20:24:39.0582 3444 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:24:39.0584 3444 sfloppy - ok
20:24:39.0597 3444 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:24:39.0605 3444 SharedAccess - ok
20:24:39.0620 3444 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:24:39.0625 3444 ShellHWDetection - ok
20:24:39.0629 3444 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:24:39.0633 3444 SiSRaid2 - ok
20:24:39.0638 3444 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:24:39.0641 3444 SiSRaid4 - ok
20:24:39.0672 3444 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) E:\Programmi Installati\Updater\Updater.exe
20:24:39.0673 3444 SkypeUpdate - ok
20:24:39.0680 3444 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:24:39.0686 3444 Smb - ok
20:24:39.0692 3444 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:24:39.0695 3444 SNMPTRAP - ok
20:24:39.0697 3444 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:24:39.0700 3444 spldr - ok
20:24:39.0721 3444 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:24:39.0730 3444 Spooler - ok
20:24:39.0858 3444 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:24:39.0884 3444 sppsvc - ok
20:24:39.0911 3444 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:24:39.0915 3444 sppuinotify - ok
20:24:39.0934 3444 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:24:39.0942 3444 srv - ok
20:24:39.0957 3444 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:24:39.0966 3444 srv2 - ok
20:24:39.0975 3444 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:24:39.0979 3444 srvnet - ok
20:24:39.0989 3444 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:24:39.0991 3444 SSDPSRV - ok
20:24:39.0995 3444 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:24:39.0999 3444 SstpSvc - ok
20:24:40.0002 3444 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:24:40.0005 3444 stexstor - ok
20:24:40.0028 3444 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:24:40.0038 3444 stisvc - ok
20:24:40.0042 3444 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:24:40.0045 3444 storflt - ok
20:24:40.0048 3444 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
20:24:40.0051 3444 StorSvc - ok
20:24:40.0054 3444 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:24:40.0057 3444 storvsc - ok
20:24:40.0059 3444 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:24:40.0061 3444 swenum - ok
20:24:40.0082 3444 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:24:40.0095 3444 SwitchBoard - ok
20:24:40.0112 3444 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:24:40.0122 3444 swprv - ok
20:24:40.0179 3444 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:24:40.0201 3444 SysMain - ok
20:24:40.0227 3444 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:24:40.0232 3444 TabletInputService - ok
20:24:40.0247 3444 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:24:40.0256 3444 TapiSrv - ok
20:24:40.0260 3444 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:24:40.0264 3444 TBS - ok
20:24:40.0336 3444 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:24:40.0364 3444 Tcpip - ok
20:24:40.0454 3444 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:24:40.0467 3444 TCPIP6 - ok
20:24:40.0495 3444 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:24:40.0498 3444 tcpipreg - ok
20:24:40.0502 3444 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:24:40.0504 3444 TDPIPE - ok
20:24:40.0506 3444 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:24:40.0509 3444 TDTCP - ok
20:24:40.0516 3444 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:24:40.0520 3444 tdx - ok
20:24:40.0650 3444 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) E:\Programmi Installati\Version7\TeamViewer_Service.exe
20:24:40.0663 3444 TeamViewer7 - ok
20:24:40.0669 3444 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:24:40.0672 3444 TermDD - ok
20:24:40.0699 3444 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:24:40.0712 3444 TermService - ok
20:24:40.0716 3444 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:24:40.0720 3444 Themes - ok
20:24:40.0724 3444 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:24:40.0725 3444 THREADORDER - ok
20:24:40.0733 3444 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:24:40.0739 3444 TrkWks - ok
20:24:40.0748 3444 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:24:40.0749 3444 TrustedInstaller - ok
20:24:40.0753 3444 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:24:40.0756 3444 tssecsrv - ok
20:24:40.0760 3444 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:24:40.0764 3444 TsUsbFlt - ok
20:24:40.0771 3444 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:24:40.0775 3444 tunnel - ok
20:24:40.0780 3444 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:24:40.0783 3444 uagp35 - ok
20:24:40.0797 3444 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:24:40.0803 3444 udfs - ok
20:24:40.0809 3444 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:24:40.0813 3444 UI0Detect - ok
20:24:40.0818 3444 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:24:40.0821 3444 uliagpkx - ok
20:24:40.0825 3444 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:24:40.0828 3444 umbus - ok
20:24:40.0831 3444 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:24:40.0833 3444 UmPass - ok
20:24:40.0845 3444 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:24:40.0853 3444 UmRdpService - ok
20:24:40.0867 3444 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:24:40.0874 3444 upnphost - ok
20:24:40.0881 3444 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:24:40.0884 3444 usbccgp - ok
20:24:40.0890 3444 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:24:40.0895 3444 usbcir - ok
20:24:40.0899 3444 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:24:40.0902 3444 usbehci - ok
20:24:40.0916 3444 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:24:40.0923 3444 usbhub - ok
20:24:40.0926 3444 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:24:40.0929 3444 usbohci - ok
20:24:40.0931 3444 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:24:40.0934 3444 usbprint - ok
20:24:40.0938 3444 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:24:40.0941 3444 usbscan - ok
20:24:40.0946 3444 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:24:40.0949 3444 USBSTOR - ok
20:24:40.0952 3444 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:24:40.0954 3444 usbuhci - ok
20:24:40.0958 3444 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:24:40.0961 3444 UxSms - ok
20:24:40.0964 3444 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:24:40.0965 3444 VaultSvc - ok
20:24:40.0968 3444 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:24:40.0971 3444 vdrvroot - ok
20:24:40.0990 3444 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:24:41.0000 3444 vds - ok
20:24:41.0004 3444 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:24:41.0007 3444 vga - ok
20:24:41.0009 3444 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:24:41.0011 3444 VgaSave - ok
20:24:41.0021 3444 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:24:41.0026 3444 vhdmp - ok
20:24:41.0029 3444 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:24:41.0032 3444 viaide - ok
20:24:41.0041 3444 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:24:41.0047 3444 vmbus - ok
20:24:41.0049 3444 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:24:41.0052 3444 VMBusHID - ok
20:24:41.0057 3444 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:24:41.0060 3444 volmgr - ok
20:24:41.0074 3444 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:24:41.0077 3444 volmgrx - ok
20:24:41.0089 3444 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:24:41.0097 3444 volsnap - ok
20:24:41.0104 3444 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:24:41.0109 3444 vsmraid - ok
20:24:41.0169 3444 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:24:41.0197 3444 VSS - ok
20:24:41.0223 3444 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:24:41.0227 3444 vwifibus - ok
20:24:41.0244 3444 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:24:41.0256 3444 W32Time - ok
20:24:41.0260 3444 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:24:41.0263 3444 WacomPen - ok
20:24:41.0269 3444 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:24:41.0273 3444 WANARP - ok
20:24:41.0275 3444 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:24:41.0276 3444 Wanarpv6 - ok
20:24:41.0325 3444 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:24:41.0352 3444 WatAdminSvc - ok
20:24:41.0409 3444 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:24:41.0437 3444 wbengine - ok
20:24:41.0480 3444 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:24:41.0489 3444 WbioSrvc - ok
20:24:41.0506 3444 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:24:41.0518 3444 wcncsvc - ok
20:24:41.0524 3444 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:24:41.0530 3444 WcsPlugInService - ok
20:24:41.0537 3444 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:24:41.0541 3444 Wd - ok
20:24:41.0567 3444 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:24:41.0580 3444 Wdf01000 - ok
20:24:41.0586 3444 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:24:41.0592 3444 WdiServiceHost - ok
20:24:41.0594 3444 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:24:41.0596 3444 WdiSystemHost - ok
20:24:41.0607 3444 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:24:41.0617 3444 WebClient - ok
20:24:41.0627 3444 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:24:41.0634 3444 Wecsvc - ok
20:24:41.0640 3444 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:24:41.0641 3444 wercplsupport - ok
20:24:41.0647 3444 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:24:41.0652 3444 WerSvc - ok
20:24:41.0658 3444 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:24:41.0660 3444 WfpLwf - ok
20:24:41.0663 3444 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:24:41.0666 3444 WIMMount - ok
20:24:41.0668 3444 WinDefend - ok
20:24:41.0671 3444 WinHttpAutoProxySvc - ok
20:24:41.0685 3444 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:24:41.0694 3444 Winmgmt - ok
20:24:41.0763 3444 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:24:41.0791 3444 WinRM - ok
20:24:41.0820 3444 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:24:41.0824 3444 WinUsb - ok
20:24:41.0855 3444 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:24:41.0869 3444 Wlansvc - ok
20:24:41.0943 3444 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:24:41.0960 3444 wlidsvc - ok
20:24:41.0985 3444 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:24:41.0986 3444 WmiAcpi - ok
20:24:41.0996 3444 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:24:42.0001 3444 wmiApSrv - ok
20:24:42.0004 3444 WMPNetworkSvc - ok
20:24:42.0007 3444 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:24:42.0010 3444 WPCSvc - ok
20:24:42.0016 3444 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:24:42.0021 3444 WPDBusEnum - ok
20:24:42.0024 3444 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:24:42.0024 3444 ws2ifsl - ok
20:24:42.0029 3444 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:24:42.0034 3444 wscsvc - ok
20:24:42.0036 3444 WSearch - ok
20:24:42.0120 3444 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:24:42.0143 3444 wuauserv - ok
20:24:42.0172 3444 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:24:42.0175 3444 WudfPf - ok
20:24:42.0185 3444 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:24:42.0189 3444 WUDFRd - ok
20:24:42.0194 3444 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:24:42.0198 3444 wudfsvc - ok
20:24:42.0208 3444 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:24:42.0214 3444 WwanSvc - ok
20:24:42.0218 3444 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:24:42.0221 3444 \Device\Harddisk0\DR0 - ok
20:24:42.0222 3444 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
20:24:42.0325 3444 \Device\Harddisk1\DR1 - ok
20:24:42.0331 3444 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk2\DR2
20:24:47.0353 3444 \Device\Harddisk2\DR2 - ok
20:24:47.0358 3444 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk3\DR3
20:24:52.0354 3444 \Device\Harddisk3\DR3 - ok
20:24:52.0357 3444 Boot (0x1200) (492b86f2ae2a1bc05d54d024baf40b92) \Device\Harddisk0\DR0\Partition0
20:24:52.0359 3444 \Device\Harddisk0\DR0\Partition0 - ok
20:24:52.0361 3444 Boot (0x1200) (af578236e71b01da83490dc931719a92) \Device\Harddisk1\DR1\Partition0
20:24:52.0362 3444 \Device\Harddisk1\DR1\Partition0 - ok
20:24:52.0365 3444 Boot (0x1200) (b9125bb48cf8105c9118331b53d82ec1) \Device\Harddisk1\DR1\Partition1
20:24:52.0367 3444 \Device\Harddisk1\DR1\Partition1 - ok
20:24:52.0371 3444 Boot (0x1200) (8e134cb4d9fdcdfe245b8487ec5b51ab) \Device\Harddisk2\DR2\Partition0
20:24:52.0372 3444 \Device\Harddisk2\DR2\Partition0 - ok
20:24:52.0375 3444 Boot (0x1200) (e05c42b99a851629e16652f332506cc1) \Device\Harddisk3\DR3\Partition0
20:24:52.0377 3444 \Device\Harddisk3\DR3\Partition0 - ok
20:24:52.0377 3444 ============================================================
20:24:52.0377 3444 Scan finished
20:24:52.0377 3444 ============================================================
20:24:52.0386 3292 Detected object count: 0
20:24:52.0386 3292 Actual detected object count: 0

Vash

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:19 AM

Posted 04 July 2012 - 02:20 PM

you do not have to run it again but do run this one for me then


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 VashTheStampede

VashTheStampede
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 04 July 2012 - 04:15 PM

Hi Gringo,

I have run OTL, this is log file:

OTL log

OTL logfile created on: 04/07/2012 23:10:31 - Run 3
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Utente\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

15,98 Gb Total Physical Memory | 12,52 Gb Available Physical Memory | 78,32% Memory free
31,96 Gb Paging File | 27,62 Gb Available in Paging File | 86,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 43,91 Gb Free Space | 39,31% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 1356,24 Gb Free Space | 72,80% Space Free | Partition Type: NTFS
Drive F: | 3,96 Gb Total Space | 2,63 Gb Free Space | 66,37% Space Free | Partition Type: FAT32
Drive G: | 3,97 Gb Total Space | 0,48 Gb Free Space | 12,01% Space Free | Partition Type: FAT32

Computer Name: UTENTE-PC | User Name: Utente | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Utente\Desktop\OTL.exe (OldTimer Tools)
PRC - E:\Programmi Installati\mozilla\firefox.exe (Mozilla Corporation)
PRC - E:\Programmi Installati\mozilla\plugin-container.exe (Mozilla Corporation)
PRC - C:\Users\Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - E:\Programmi Installati\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - E:\Programmi Installati\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - E:\Programmi Installati\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - E:\Programmi Installati\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe ()
PRC - E:\Programmi Installati\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - E:\Programmi Installati\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)


========== Modules (No Company Name) ==========

MOD - E:\Programmi Installati\mozilla\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\zlib1.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (Intel« PROSet Monitoring Service) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirService) -- E:\Programmi Installati\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- E:\Programmi Installati\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- E:\Programmi Installati\Updater\Updater.exe (Skype Technologies)
SRV - (TeamViewer7) -- E:\Programmi Installati\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (Microsoft SharePoint Workspace Audit Service) -- E:\Programmi Installati\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (wlidsvc) -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (mi-raysat_3dsmax2011_32) -- C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe ()
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programmi\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programmi\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (e1cexpress) Intel® -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (PAC207) -- C:\Windows\SysNative\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3932923347-2004413485-1034368658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3932923347-2004413485-1034368658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKU\S-1-5-21-3932923347-2004413485-1034368658-1000\..\SearchScopes,DefaultScope = {66FB9650-1CC6-48AB-ADAB-EF3052FF4D29}
IE - HKU\S-1-5-21-3932923347-2004413485-1034368658-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3932923347-2004413485-1034368658-1000\..\SearchScopes\{66FB9650-1CC6-48AB-ADAB-EF3052FF4D29}: "URL" = http://www.google.it/search?hl=it&q={searchTerms}&meta=
IE - HKU\S-1-5-21-3932923347-2004413485-1034368658-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3932923347-2004413485-1034368658-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\PROGRA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Programmi Installati\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: E:\Programmi Installati\Adobe CS5.5\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Programmi Installati\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Utente\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Utente\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Utente\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/16 18:01:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: E:\Programmi Installati\Adobe CS5.5\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/11/13 01:57:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: E:\Programmi Installati\Adobe CS5.5\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/12 08:57:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: E:\Programmi Installati\mozilla\components [2012/06/16 18:58:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: E:\Programmi Installati\mozilla\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/16 18:01:03 | 000,000,000 | ---D | M]

[2011/04/14 00:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utente\AppData\Roaming\mozilla\Extensions
[2011/04/14 00:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utente\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/06/15 13:17:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\qw6dy4me.default\extensions
[2012/01/09 21:22:02 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\qw6dy4me.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2012/06/15 13:17:04 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\qw6dy4me.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/10/20 19:58:51 | 000,018,202 | ---- | M] () (No name found) -- C:\USERS\UTENTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QW6DY4ME.DEFAULT\EXTENSIONS\{04426594-BCE6-4705-B811-BCDBA2FD9C7B}.XPI
[2012/05/17 20:07:41 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\UTENTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QW6DY4ME.DEFAULT\EXTENSIONS\[email protected]
[2012/03/02 21:17:32 | 000,197,358 | ---- | M] () (No name found) -- C:\USERS\UTENTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QW6DY4ME.DEFAULT\EXTENSIONS\[email protected]
[2012/04/12 08:57:06 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- E:\PROGRAMMI INSTALLATI\ADOBE CS5.5\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2011/11/13 01:57:56 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- E:\PROGRAMMI INSTALLATI\ADOBE CS5.5\ADOBE CONTRIBUTE CS5.1\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}
[2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Utente\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Utente\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Utente\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = E:\Programmi Installati\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = E:\Programmi Installati\plugins\npdeployJava1.dll
CHR - plugin: Apple Java Plug-In (Enabled) = E:\Programmi Installati\plugins\npJavaPlugin.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = E:\Programmi Installati\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = E:\Programmi Installati\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = E:\Programmi Installati\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = E:\Programmi Installati\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = E:\Programmi Installati\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = E:\Programmi Installati\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = E:\Programmi Installati\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Utente\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Utente\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = E:\Programmi Installati\Mozilla Plugins\npitunes.dll
CHR - Extension: Skype Click to Call = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: Skype Click to Call = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2012/07/04 00:24:58 | 000,001,378 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 21 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Programmi Installati\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Programmi Installati\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Programmi Installati\Adobe CS5.5\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programmi Installati\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Programmi Installati\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Programmi Installati\Adobe CS5.5\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKU\S-1-5-21-3932923347-2004413485-1034368658-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] E:\Programmi Installati\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [QuickTime Task] E:\Programmi Installati\QTTask.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3932923347-2004413485-1034368658-1000..\Run: [SpybotSD TeaTimer] E:\Programmi Installati\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3932923347-2004413485-1034368658-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3932923347-2004413485-1034368658-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: I&nvia a OneNote - Reg Error: Value error. File not found
O8 - Extra context menu item: E&sporta in Microsoft Excel - Reg Error: Value error. File not found
O8 - Extra context menu item: I&nvia a OneNote - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Programmi Installati\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Programmi Installati\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Programmi Installati\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Programmi Installati\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programmi Installati\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programmi Installati\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programmi Installati\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} Reg Error: Value error. (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 83.103.25.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE7CBCF5-9C27-46C6-92E4-F59BD329B0AB}: DhcpNameServer = 62.101.93.101 83.103.25.250
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Programmi Installati\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Programmi Installati\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/28 16:02:46 | 150,542,356 | ---- | M] () - G:\Autodesk_Sketchbook_Pro_2011_Multilingual_WIN_32bit.exe -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/04 22:03:41 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Utente\Desktop\OTL.exe
[2012/07/04 20:19:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/04 00:02:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/03 23:58:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/03 23:58:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/03 23:58:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/03 23:57:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/03 23:55:50 | 004,568,951 | R--- | C] (Swearware) -- C:\Users\Utente\Desktop\ComboFix.exe
[2012/07/03 21:30:00 | 000,000,000 | ---D | C] -- C:\Users\Utente\Desktop\Security Shield Problem
[2012/07/03 19:37:23 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{182478BD-2C5C-4B56-B356-3AF8D277C238}
[2012/07/03 19:37:12 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{A65C78A6-0E75-4BAC-B041-A348014B9087}
[2012/07/02 22:49:41 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{E7FF302C-2992-49C9-AF09-ABEAF9A86B4A}
[2012/07/02 22:49:19 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{5682F9F5-6237-4FDB-BB95-A41C23040D94}
[2012/07/01 19:32:35 | 000,000,000 | ---D | C] -- C:\Users\Utente\Desktop\foto stanza
[2012/07/01 14:09:18 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{51D6082E-DDC4-4DE6-BB2C-899EBB381932}
[2012/07/01 14:09:07 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{7ED8FE11-2DDD-442E-90BE-183F9CB56861}
[2012/06/30 16:25:23 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{730EAA62-1485-497C-B4CF-ECB487907755}
[2012/06/30 16:25:12 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{09401D1C-CC23-4C11-9392-FE88D6F17023}
[2012/06/29 20:09:20 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{E063CE75-15B7-47CF-88E7-4D7A65C7D0F1}
[2012/06/29 20:09:09 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{738B116B-CB95-4065-9972-4F94ED565DA2}
[2012/06/28 20:18:23 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{091681FD-000B-41AC-8837-A5EDCFC48DC2}
[2012/06/28 20:18:12 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{E9D4DAAB-0AB3-4DA4-8638-0A9C8D3C6C8B}
[2012/06/28 00:42:43 | 063,210,976 | ---- | C] (Microsoft Corporation) -- C:\Users\Utente\Desktop\PowerPointViewer-2010-en.exe
[2012/06/28 00:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012/06/27 19:58:10 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{720DFCB8-A39E-45D4-8468-949AE630DE79}
[2012/06/27 19:57:48 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{A667EA7A-1D4E-4573-9AA4-0C056FCF07BC}
[2012/06/27 00:34:03 | 000,000,000 | ---D | C] -- C:\Users\Utente\Desktop\iMac_updated
[2012/06/26 19:44:21 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{D8EF1613-AF3B-4A83-A591-C21F3832A5C1}
[2012/06/26 19:43:59 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{92BD8C20-5787-40CF-94EB-2E60290A0191}
[2012/06/25 19:46:40 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{40EC5021-9D18-4F63-8CD0-C81D2B5DEF21}
[2012/06/25 19:46:29 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{6821A374-10F7-4817-ADDC-18BBDFFEC18E}
[2012/06/23 14:10:29 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{B3B8AB41-A887-46AF-A227-51C3249A29B7}
[2012/06/23 14:10:18 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{07EFFF0A-ED34-4DD6-822C-63B0C6E4AF97}
[2012/06/23 02:20:39 | 000,000,000 | ---D | C] -- C:\Users\Utente\Desktop\017_your_cart
[2012/06/22 19:08:09 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{E3DD2714-88A3-4BD0-9BDD-EC20C5ADBBD2}
[2012/06/22 19:07:58 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{3D3954E4-460B-49A8-9847-FED72AF395C8}
[2012/06/21 19:52:10 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{2EEFF550-261A-4E9F-98F3-F841A5A0329D}
[2012/06/21 19:51:59 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{7042CBC1-F5E3-4884-8B8F-E6985F7D5DE4}
[2012/06/20 21:48:12 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{699BB9AF-8651-4B8C-BD65-A1730E912AAA}
[2012/06/20 19:34:48 | 000,000,000 | ---D | C] -- C:\Users\Utente\Desktop\Urologia
[2012/06/20 19:34:10 | 000,000,000 | ---D | C] -- C:\Users\Utente\Desktop\Dott. Salonia
[2012/06/20 09:47:39 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{3EF1DC0B-EF8E-4423-AEC4-950EF31A4024}
[2012/06/19 21:47:05 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{9EA81711-74DF-4A03-B94E-D1EC3B99F35E}
[2012/06/19 21:46:43 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{8FB6B297-0941-45F4-9B3E-4A8670A56D6C}
[2012/06/19 16:45:55 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/19 16:45:55 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/19 16:45:55 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/19 16:45:53 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/19 16:45:53 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/19 16:45:53 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/19 16:45:53 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/19 16:45:53 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/19 09:46:12 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{F9351869-FF54-4176-B5E0-3FAF3C1CE6DE}
[2012/06/19 09:46:01 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{950251E1-52E7-47BC-AB24-963B40C0AF80}
[2012/06/18 09:17:31 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{8F301256-E4B3-4C8A-A7AF-4D4972A626ED}
[2012/06/17 19:33:19 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{F0ED5E3D-EB48-4063-8280-AC9413893F15}
[2012/06/16 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{0CD0B8A9-9ABF-4DF3-95AA-03C467107262}
[2012/06/15 13:16:44 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{44300F48-1AAB-4C8C-A579-41FDA8D1066E}
[2012/06/15 02:50:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/15 02:50:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/15 02:50:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/15 02:50:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/15 02:50:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/15 02:50:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/15 02:50:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/15 02:50:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/15 02:50:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/15 02:50:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/15 02:50:06 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/15 02:50:06 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/15 02:50:06 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/14 15:52:02 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/14 15:52:02 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/14 15:52:02 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/14 15:52:01 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/14 15:52:00 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/14 15:52:00 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/14 15:51:59 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/14 15:51:57 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/14 15:51:57 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/14 15:50:48 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{57072615-0B8B-4D43-B7AF-2B1B45E1EAB8}
[2012/06/14 15:50:37 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{1DBA798B-B3E3-4613-AFDC-943F44113389}
[2012/06/14 01:15:17 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{342A6E88-D86D-4B55-9423-857B42465835}
[2012/06/13 13:14:42 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{15066626-8600-40AD-9821-39CD7117E075}
[2012/06/13 13:14:20 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{2344B44D-8FFE-48B7-8144-75CD384EC4C7}
[2012/06/12 16:08:35 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{C8B5E4B1-D888-4DCB-8E17-F9F1FDD4F024}
[2012/06/12 16:08:24 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{0DD9ED53-E8D1-4CD6-99C5-CEFADC83BE85}
[2012/06/11 19:57:01 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{BFFF5F18-099C-46B5-8F18-DA527A5F3ED8}
[2012/06/11 19:56:50 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{23B0E384-B80E-4D20-973C-BD822E043184}
[2012/06/09 17:39:00 | 004,586,328 | ---- | C] (TeamViewer GmbH) -- C:\Users\Utente\Desktop\TeamViewer_Setup.exe
[2012/06/08 16:32:09 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{425E6049-7A53-434B-9F3B-EECA8ADAFA78}
[2012/06/08 16:31:58 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{799F7DD2-A149-4095-BD64-9E5DBC722405}
[2012/06/07 14:29:28 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{5A0F7C6D-6961-475B-8D7D-D8814CB32659}
[2012/06/07 14:29:17 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{18D86076-2D34-4200-A58E-83345180A031}
[2012/06/06 16:43:27 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{E5E311CB-1617-40B3-A1C5-E873B5DFF306}
[2012/06/06 16:43:16 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{A94AEEFE-7839-4AEE-8C6F-A13DFD87A81F}
[2012/06/06 00:57:28 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{BB122512-2757-4554-A66B-5518054264DF}
[2012/06/06 00:57:18 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{96B1EBAB-D828-4779-9BFE-DE760E5FED46}
[2012/06/04 23:30:46 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{B1F83AAD-71B5-406C-A41F-2CC7409C802C}
[2012/06/04 23:30:35 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{3758A8D3-2871-4558-B4AC-DED1C5404ECE}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/04 23:12:18 | 000,321,624 | ---- | M] () -- C:\Users\Utente\Desktop\iwbank_example2.png
[2012/07/04 23:12:18 | 000,001,456 | ---- | M] () -- C:\Users\Utente\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/07/04 23:02:00 | 000,001,164 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3932923347-2004413485-1034368658-1000UA.job
[2012/07/04 23:02:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3932923347-2004413485-1034368658-1000Core.job
[2012/07/04 22:03:42 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Utente\Desktop\OTL.exe
[2012/07/04 21:05:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3932923347-2004413485-1034368658-1000UA.job
[2012/07/04 21:05:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3932923347-2004413485-1034368658-1000Core.job
[2012/07/04 20:22:42 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 20:22:42 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 20:19:53 | 001,541,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/04 20:19:53 | 000,698,554 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/07/04 20:19:53 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/04 20:19:53 | 000,127,780 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/07/04 20:19:53 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/04 20:15:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/04 20:15:29 | 4279,349,246 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/04 03:05:34 | 000,244,350 | ---- | M] () -- C:\Users\Utente\Desktop\get-started_ver2.png
[2012/07/04 02:28:00 | 000,032,519 | ---- | M] () -- C:\Users\Utente\Desktop\icon-24308_640.png
[2012/07/04 00:58:21 | 001,106,127 | ---- | M] () -- C:\Users\Utente\Desktop\index_ver2.png
[2012/07/04 00:57:14 | 001,115,362 | ---- | M] () -- C:\Users\Utente\Desktop\index_ver2_hover.png
[2012/07/04 00:24:58 | 000,001,378 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/03 23:56:08 | 004,568,951 | R--- | M] (Swearware) -- C:\Users\Utente\Desktop\ComboFix.exe
[2012/07/03 20:53:57 | 000,000,000 | ---- | M] () -- C:\Users\Utente\defogger_reenable
[2012/07/03 19:34:31 | 004,991,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/03 01:58:57 | 000,035,541 | ---- | M] () -- C:\Users\Utente\Desktop\BreeSerif_Regular.zip
[2012/07/03 01:56:59 | 002,232,129 | ---- | M] () -- C:\Users\Utente\Desktop\RBNo2.zip
[2012/07/02 03:08:32 | 000,270,213 | ---- | M] () -- C:\Users\Utente\Desktop\artwork_and_antiques.ai
[2012/07/01 19:54:54 | 000,202,585 | ---- | M] () -- C:\Users\Utente\Desktop\repp_italiana.ai
[2012/07/01 16:12:49 | 000,033,892 | ---- | M] () -- C:\Users\Utente\Desktop\books_icon.jpg
[2012/07/01 16:12:42 | 000,035,819 | ---- | M] () -- C:\Users\Utente\Desktop\artwork_and_antiques.jpg
[2012/06/30 02:02:51 | 000,002,375 | ---- | M] () -- C:\Users\Utente\Desktop\Google Chrome.lnk
[2012/06/29 02:34:43 | 000,085,692 | ---- | M] () -- C:\Users\Utente\Desktop\immobil_icon.ai
[2012/06/29 02:19:11 | 000,007,839 | ---- | M] () -- C:\Users\Utente\Desktop\2925546-edificio-icon-set-in-blue-tones.jpg
[2012/06/29 02:11:18 | 000,122,660 | ---- | M] () -- C:\Users\Utente\Desktop\agricolture_icon.ai
[2012/06/29 01:30:32 | 000,059,813 | ---- | M] () -- C:\Users\Utente\Desktop\wheeled-tractor-icon.png
[2012/06/29 01:16:51 | 000,046,299 | ---- | M] () -- C:\Users\Utente\Desktop\min.jpg
[2012/06/28 00:43:31 | 063,210,976 | ---- | M] (Microsoft Corporation) -- C:\Users\Utente\Desktop\PowerPointViewer-2010-en.exe
[2012/06/25 02:14:47 | 000,046,035 | ---- | M] () -- C:\Users\Utente\Desktop\Curriculum Vitae - Riccardo Ferranti.pdf
[2012/06/24 19:45:59 | 000,424,429 | ---- | M] () -- C:\Users\Utente\Desktop\iwbank_example.png
[2012/06/17 00:16:48 | 000,000,063 | ---- | M] () -- C:\Users\Utente\Desktop\Princess Ramy.URL
[2012/06/14 20:55:54 | 000,000,067 | ---- | M] () -- C:\Users\Utente\Desktop\Cristina Chanel.URL
[2012/06/09 17:41:30 | 000,000,726 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/06/09 17:39:18 | 004,586,328 | ---- | M] (TeamViewer GmbH) -- C:\Users\Utente\Desktop\TeamViewer_Setup.exe
[2012/06/07 23:16:51 | 000,313,921 | ---- | M] () -- C:\Users\Utente\Desktop\OS_01_ITA.pdf
[2012/06/05 01:36:07 | 004,876,577 | ---- | M] () -- C:\Users\Utente\Desktop\jquery.ajaxZoom_ver_3.3.0.zip
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/04 03:05:33 | 000,244,350 | ---- | C] () -- C:\Users\Utente\Desktop\get-started_ver2.png
[2012/07/04 02:27:59 | 000,032,519 | ---- | C] () -- C:\Users\Utente\Desktop\icon-24308_640.png
[2012/07/04 00:47:58 | 001,115,362 | ---- | C] () -- C:\Users\Utente\Desktop\index_ver2_hover.png
[2012/07/04 00:44:48 | 001,106,127 | ---- | C] () -- C:\Users\Utente\Desktop\index_ver2.png
[2012/07/04 00:40:48 | 000,196,549 | ---- | C] () -- C:\Users\Utente\Desktop\landing_esempio.jpg
[2012/07/03 23:58:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/03 23:58:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/03 23:58:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/03 23:58:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/03 23:58:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/03 20:53:57 | 000,000,000 | ---- | C] () -- C:\Users\Utente\defogger_reenable
[2012/07/03 01:58:54 | 000,035,541 | ---- | C] () -- C:\Users\Utente\Desktop\BreeSerif_Regular.zip
[2012/07/03 01:56:57 | 002,232,129 | ---- | C] () -- C:\Users\Utente\Desktop\RBNo2.zip
[2012/07/01 18:48:06 | 000,202,585 | ---- | C] () -- C:\Users\Utente\Desktop\repp_italiana.ai
[2012/07/01 17:31:05 | 000,270,213 | ---- | C] () -- C:\Users\Utente\Desktop\artwork_and_antiques.ai
[2012/07/01 16:12:49 | 000,033,892 | ---- | C] () -- C:\Users\Utente\Desktop\books_icon.jpg
[2012/07/01 16:12:41 | 000,035,819 | ---- | C] () -- C:\Users\Utente\Desktop\artwork_and_antiques.jpg
[2012/06/29 02:34:40 | 000,085,692 | ---- | C] () -- C:\Users\Utente\Desktop\immobil_icon.ai
[2012/06/29 02:19:11 | 000,007,839 | ---- | C] () -- C:\Users\Utente\Desktop\2925546-edificio-icon-set-in-blue-tones.jpg
[2012/06/29 01:55:57 | 000,122,660 | ---- | C] () -- C:\Users\Utente\Desktop\agricolture_icon.ai
[2012/06/29 01:30:32 | 000,059,813 | ---- | C] () -- C:\Users\Utente\Desktop\wheeled-tractor-icon.png
[2012/06/29 01:16:50 | 000,046,299 | ---- | C] () -- C:\Users\Utente\Desktop\min.jpg
[2012/06/25 02:14:46 | 000,046,035 | ---- | C] () -- C:\Users\Utente\Desktop\Curriculum Vitae - Riccardo Ferranti.pdf
[2012/06/24 19:45:58 | 000,424,429 | ---- | C] () -- C:\Users\Utente\Desktop\iwbank_example.png
[2012/06/17 00:16:48 | 000,000,063 | ---- | C] () -- C:\Users\Utente\Desktop\Princess Ramy.URL
[2012/06/14 20:55:54 | 000,000,067 | ---- | C] () -- C:\Users\Utente\Desktop\Cristina Chanel.URL
[2012/06/13 00:51:51 | 001,124,935 | ---- | C] () -- C:\Users\Utente\Desktop\search-button.psd
[2012/06/09 17:41:30 | 000,000,726 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/06/09 17:41:30 | 000,000,726 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/06/07 23:15:58 | 000,313,921 | ---- | C] () -- C:\Users\Utente\Desktop\OS_01_ITA.pdf
[2012/06/05 01:36:05 | 004,876,577 | ---- | C] () -- C:\Users\Utente\Desktop\jquery.ajaxZoom_ver_3.3.0.zip
[2011/10/21 01:44:30 | 000,001,456 | ---- | C] () -- C:\Users\Utente\AppData\Local\Adobe Salva per Web e dispositivi 12.0 Prefs
[2011/07/31 12:45:42 | 000,003,584 | ---- | C] () -- C:\Users\Utente\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/30 23:45:28 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/04/16 17:59:45 | 000,177,784 | ---- | C] () -- C:\Windows\hpoins14.dat
[2011/04/16 17:59:45 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2011/04/14 00:34:48 | 000,020,179 | ---- | C] () -- C:\Users\Utente\AppData\Roaming\UserTile.png
[2011/04/12 00:03:17 | 000,001,456 | ---- | C] () -- C:\Users\Utente\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/03/31 16:05:36 | 000,041,007 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/03/31 15:59:09 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/03/31 15:59:05 | 000,026,612 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

< End of report >


What do you think about it?

Thank you so much.

Vash

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:19 AM

Posted 04 July 2012 - 07:24 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - Reg Error: Value error. File not found
    O8:64bit: - Extra context menu item: I&nvia a OneNote - Reg Error: Value error. File not found
    O8 - Extra context menu item: E&sporta in Microsoft Excel - Reg Error: Value error. File not found
    O8 - Extra context menu item: I&nvia a OneNote - Reg Error: Value error. File not found
    O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    :Files
    ipconfig /flushdns /c
    :Commands
    [resethosts]
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 VashTheStampede

VashTheStampede
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 05 July 2012 - 05:13 PM

Hi,

I copy and run the code, first tme that I run fix, Avira blocked the program so I disabled Avira and I have repeat the operation.

I haven't any problem now on my PC, popup about Security Shield aren't longer open.

I got this log file:

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&sporta in Microsoft Excel\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\I&nvia a OneNote\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&sporta in Microsoft Excel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\I&nvia a OneNote\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ not found.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ not found.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ not found.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ not found.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\Utente\Desktop\cmd.bat deleted successfully.
C:\Users\Utente\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Utente
->Java cache emptied: 609629 bytes

Total Java Files Cleaned = 1,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Utente
->Flash cache emptied: 18876 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07062012_000659

Vash

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:19 AM

Posted 05 July 2012 - 08:41 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 VashTheStampede

VashTheStampede
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 06 July 2012 - 08:48 PM

Hi Gringo,

I have run your script, during the running combofix says me that I had to disabled Avira and Spybot, so I do it and ComboFix continued the running normally. Maybe had I to disable the protection before running tha script? Also had I do disabled Windows defender and Windows firewall?
After the script runnning the computer is doing well, I haven't any problems.

ComboFix 12-07-02.01 - Utente 07/07/2012 3:36.5.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.16364.13818 [GMT 2:00]
Eseguito da: c:\users\Utente\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Utente\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.txt
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-07 al 2012-07-07 )))))))))))))))))))))))))))))))))))
.
.
2012-07-07 01:39 . 2012-07-07 01:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-07 01:39 . 2012-07-07 01:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 20:29 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FEDD5A4-9C38-40EC-9192-6A8686C6D5F4}\mpengine.dll
2012-06-27 22:29 . 2012-06-27 22:43 -------- d-----w- c:\program files (x86)\MSECache
2012-06-19 14:45 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 14:45 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 14:45 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 14:45 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 14:45 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 14:45 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 14:45 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 14:45 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 14:45 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 13:52 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 13:52 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 13:52 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 13:52 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 13:52 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 13:52 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 13:52 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 13:51 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 13:51 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 13:51 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 13:51 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 13:51 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 13:51 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 13:51 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 13:51 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 13:51 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 13:51 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 21:55 . 2012-04-26 20:30 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 21:55 . 2012-04-26 20:30 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-23 01:20 . 2012-04-23 00:40 213546 ----a-w- c:\windows\SysWow64\~.tmp
2012-04-18 23:03 . 2012-04-18 23:03 388096 ----a-r- c:\users\Utente\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-03_22.00.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-31 14:09 . 2012-07-06 20:28 45792 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-06 20:28 31556 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-31 19:53 . 2012-07-07 00:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-31 19:53 . 2012-07-03 01:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-31 19:53 . 2012-07-03 01:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-31 19:53 . 2012-07-07 00:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-03 01:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-07 00:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-31 14:02 . 2012-07-06 20:28 7280 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3932923347-2004413485-1034368658-1000_UserData.bin
+ 2012-07-06 20:25 . 2012-07-06 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-03 17:34 . 2012-07-03 17:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-03 17:34 . 2012-07-03 17:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-06 20:25 . 2012-07-06 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 10:53 . 2012-07-03 17:38 698554 c:\windows\system32\perfh010.dat
+ 2009-07-14 10:53 . 2012-07-06 23:15 698554 c:\windows\system32\perfh010.dat
- 2009-07-14 02:36 . 2012-07-03 17:38 616032 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-06 23:15 616032 c:\windows\system32\perfh009.dat
+ 2009-07-14 10:53 . 2012-07-06 23:15 127780 c:\windows\system32\perfc010.dat
- 2009-07-14 10:53 . 2012-07-03 17:38 127780 c:\windows\system32\perfc010.dat
+ 2009-07-14 02:36 . 2012-07-06 23:15 106412 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-03 17:38 106412 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:12 . 2012-07-06 23:57 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-07-03 01:34 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-07-06 00:52 483232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-03 06:29 483232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-10 23:31 . 2012-07-06 00:52 4659348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3932923347-2004413485-1034368658-1000-8192.dat
+ 2011-04-16 01:06 . 2012-07-05 22:58 6641304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3932923347-2004413485-1034368658-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\programmi installati\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"avgnt"="e:\programmi installati\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"QuickTime Task"="e:\programmi installati\QTTask.exe" [2012-04-18 421888]
.
c:\users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
R2 SkypeUpdate;Skype Updater;e:\programmi installati\Updater\Updater.exe [2012-05-03 158856]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;e:\programmi installati\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-31 1255736]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Scheduler;e:\programmi installati\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 Intel« PROSet Monitoring Service;Intel« PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 SBSDWSCService;SBSD Security Center Service;e:\programmi installati\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer7;TeamViewer 7;e:\programmi installati\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3932923347-2004413485-1034368658-1000Core.job
- c:\users\Utente\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-23 20:00]
.
2012-07-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3932923347-2004413485-1034368658-1000UA.job
- c:\users\Utente\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-23 20:00]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3932923347-2004413485-1034368658-1000Core.job
- c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-10 23:02]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3932923347-2004413485-1034368658-1000UA.job
- c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-10 23:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
FF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\qw6dy4me.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - f875303a000000000000002683144847
FF - user.js: extensions.BabylonToolbar_i.hardId - f875303a000000000000002683144847
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15453
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.173:19
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-07-07 03:40:19
ComboFix-quarantined-files.txt 2012-07-07 01:40
ComboFix2.txt 2012-07-03 22:02
.
Pre-Run: 48.927.236.096 byte disponibili
Post-Run: 49.069.600.768 byte disponibili
.
- - End Of File - - 7E87226C819911A142EC5BF5F687CE29

Thanks

Vash

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:19 AM

Posted 06 July 2012 - 11:47 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

JavaÖ 6 Update 31 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 VashTheStampede

VashTheStampede
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 07 July 2012 - 09:05 PM

Hi Gringo,

when I installed java, I must remove Avira, because avira process creates problems for instllationand I can't stopped the process, so I have removed Avira for the moment. But JavaÖ 6 Update 31 is obsoleted? For this reason have I to remove it?
When I download HijackThis Installer and I run it, it is opened directly, without my having had to install it, maybe because I already had a previous version, then updated automatically without telling me anything?
The computer is doing well, I haven't any problems.

The following log files:

- MBAM log file:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Versione database: v2012.07.07.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Utente :: UTENTE-PC [amministratore]

08/07/2012 03:46:08
mbam-log-2012-07-08 (03-46-08).txt

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 211880
Tempo impiegato: 31 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)


- the Hijackthis report:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 03:53:18, on 08/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Users\Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
E:\Programmi Installati\mozilla\firefox.exe
E:\Programmi Installati\Malwarebytes' Anti-Malware\mbam.exe
E:\Programmi Installati\mozilla\plugin-container.exe
C:\Users\Utente\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Programmi Installati\Adobe CS5.5\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Programmi Installati\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Programmi Installati\Adobe CS5.5\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programmi Installati\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Programmi Installati\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Dropbox.lnk = C:\Users\Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programmi Installati\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programmi Installati\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) -
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel« PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit (mi-raysat_3dsmax2011_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - E:\Programmi Installati\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - E:\Programmi Installati\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - E:\Programmi Installati\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11104 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users