| |
| |||||||
Log-Analyse und Auswertung: Computer geht mit Error ausWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.11.2012, 08:29
| #1 |
 |  Computer geht mit Error aus Hallo, schön, dass es euch gibt. Mein Laptop geht seit einigen Wochen nach einigen Minuten im Internet immer langsamer. Einige Male kam auch 1 blauer Screen mit was Geschriebenem + nach Neustart die Meldung über 1 schwerwiegenden Fehler. Neuaufsetzen wäre für mich Horror, da 1 wichtige Programm-CD nach Umzug verschwunden ist. Ich würde mich freuen, wenn jemand meine Logfiles anschauen könnte, ob dort 1 Grund liegt. Vielen Dank |
|
12.11.2012, 18:44
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Computer geht mit Error aus Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Zitat:
Zitat:
__________________ |
|
12.11.2012, 22:39
| #3 |
| | Computer geht mit Error aus Hallo Cosinus, vielen Dank für deine Antwort. Die .txt poste ich nochmal in CODE-Tags, sorry.
__________________Das Programm, dessen Installations-CD beim Umzug verloren ging, ist Photoshop 5.5. Noch habe ich es installiert, durch 1 Formattierung würde ich es definitv verlieren. Den Text vom Bluescreen kenne ich nicht, da er nur 1/2 Sek aufleuchtet, danach ist der Computer zwar noch an (Power-Taste leuchtet), aber alles bleibt schwarz. Ich muss das Herunterfahren des Laptops dann erzwingen. Beim Neustart erscheint dann 1 Fehlermeldung. Von der habe ich am 12.Oktober mal 1 Screenshot gemacht samt Details, das Bild poste ich. Damals hatte ich dann die Cookies gelöscht, mehr nicht. Vielen Dank für deine Zeit, die du hier mit mir investierst. Grüße idila Screenshot von Fehlermeldung 12.10.12 (nach Bluescreen)  OTL.txt Code:
ATTFilter OTL logfile created on: 12.11.2012 21:20:45 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\AAAAA\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Germania | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 58,22% Memory free 5,76 Gb Paging File | 5,04 Gb Available in Paging File | 87,44% Paging File free Paging file location(s): C:\pagefile.sys 4000 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi Drive C: | 92,91 Gb Total Space | 30,97 Gb Free Space | 33,34% Space Free | Partition Type: NTFS Computer Name: AAAAA | User Name: AAAAA | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.11 19:30:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AAAAA\Desktop\OTL.exe PRC - [2012.09.27 16:19:47 | 000,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe PRC - [2012.08.13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2012\avgidsagent.exe PRC - [2012.07.31 02:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2012\avgtray.exe PRC - [2012.07.26 02:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2012\avgrsx.exe PRC - [2012.07.05 21:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe PRC - [2012.06.13 02:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2012\avgnsx.exe PRC - [2012.02.14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2012\avgwdsvc.exe PRC - [2012.02.14 03:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2012\avgcsrvx.exe PRC - [2012.02.08 20:27:22 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Real\RealPlayer\Update\realsched.exe PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programmi\CDBurnerXP\NMSAccessU.exe PRC - [2009.12.22 11:48:29 | 006,034,432 | ---- | M] () -- C:\Programmi\Adobe\Photoshop 5.5\Photoshp.exe PRC - [2008.04.14 03:14:12 | 001,415,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe PRC - [2008.04.14 03:14:07 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.12.20 11:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe PRC - [2005.12.17 00:21:00 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Programmi\Synaptics\SynTP\Toshiba.exe PRC - [2005.12.05 12:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2005.11.30 12:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Programmi\Toshiba\Tvs\TvsTray.exe PRC - [2005.11.28 11:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2005.11.28 11:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2005.10.06 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE PRC - [2005.09.16 14:12:52 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe PRC - [2005.08.12 14:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe PRC - [2005.08.04 10:29:42 | 000,266,240 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe PRC - [2005.08.04 10:29:28 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe PRC - [2005.07.15 22:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Programmi\Google\Gmail Notifier\gnotify.exe PRC - [2005.05.12 13:33:00 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Programmi\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe PRC - [2005.01.18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programmi\Toshiba\ConfigFree\CFSvcs.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE ========== Modules (No Company Name) ========== MOD - [2012.06.13 12:18:33 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_4bccb9d3\system.drawing.dll MOD - [2012.06.13 12:18:18 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f2b8d414\system.windows.forms.dll MOD - [2012.06.13 12:17:51 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll MOD - [2012.04.04 06:53:56 | 000,301,056 | ---- | M] () -- C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2012.01.10 01:17:01 | 003,391,488 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4980b9f8\mscorlib.dll MOD - [2012.01.10 01:16:48 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_6a03f9cc\system.xml.dll MOD - [2012.01.10 01:16:27 | 001,966,080 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_5c3c2b6f\System.dll MOD - [2012.01.10 01:16:12 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2012.01.10 01:16:11 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll MOD - [2012.01.10 01:16:09 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2011.05.22 18:21:36 | 000,093,696 | ---- | M] () -- C:\Programmi\FileZilla FTP Client\fzshellext.dll MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programmi\CDBurnerXP\NMSAccessU.exe MOD - [2009.12.22 11:48:29 | 006,034,432 | ---- | M] () -- C:\Programmi\Adobe\Photoshop 5.5\Photoshp.exe MOD - [2009.11.05 07:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll MOD - [2009.11.04 01:14:04 | 000,054,272 | ---- | M] () -- C:\Programmi\Notepad++\NppShell_01.dll MOD - [2008.10.22 16:07:48 | 000,982,016 | ---- | M] () -- C:\Programmi\PDFConverterDesktop\PDFConverterShell.dll MOD - [2007.08.21 12:32:44 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2006.01.17 09:42:42 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll MOD - [2006.01.17 09:42:41 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2006.01.17 09:42:41 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll MOD - [2006.01.17 09:41:40 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_it_b77a5c561934e089\mscorlib.resources.dll MOD - [2006.01.17 09:41:40 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\system.resources\1.0.5000.0_it_b77a5c561934e089\system.resources.dll MOD - [2006.01.17 09:41:39 | 000,180,224 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms.resources\1.0.5000.0_it_b77a5c561934e089\system.windows.forms.resources.dll MOD - [2005.11.28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Programmi\Intel\Wireless\Bin\Libeay32.dll MOD - [2005.11.28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Programmi\Intel\Wireless\Bin\iWMSProv.dll MOD - [2005.11.28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Programmi\Intel\Wireless\Bin\IntStngs.dll MOD - [2005.11.03 11:37:58 | 000,970,862 | ---- | M] () -- C:\Programmi\Intel\Wireless\Bin\acAuth.dll MOD - [2004.07.20 17:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll MOD - [2002.03.03 04:40:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\TDispVol.dll MOD - [1999.06.30 21:50:28 | 000,056,320 | ---- | M] () -- C:\Programmi\Adobe\Photoshop 5.5\Plug-Ins\Adobe Photoshop Only\Extensions\FastCore.8BX MOD - [1999.06.30 21:50:04 | 000,109,056 | ---- | M] () -- C:\Programmi\Adobe\Photoshop 5.5\Plug-Ins\Adobe Photoshop Only\Extensions\MThread.8BX MOD - [1999.06.30 21:24:20 | 000,179,200 | ---- | M] () -- C:\Programmi\Adobe\Photoshop 5.5\Plug-Ins\Adobe Photoshop Only\Extensions\MMXCore.8BX ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.08.13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.07.05 21:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.02.14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011.01.31 10:05:23 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programmi\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2005.12.20 11:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV) SRV - [2005.01.18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programmi\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2003.07.28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\PROCEXP150.SYS -- (PROCEXP150) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programmi\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\AAAAA~1\IMPOST~1\Temp\catchme.sys -- (catchme) DRV - [2012.08.24 14:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012.07.26 02:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012.04.19 03:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012.01.31 03:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011.12.23 12:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.12.23 12:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011.12.23 12:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011.12.23 12:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2009.12.30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt) DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2005.12.21 05:51:46 | 001,419,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.12.10 00:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) DRV - [2005.12.05 09:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) DRV - [2005.11.30 18:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005.11.30 11:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs) DRV - [2005.11.28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2005.11.15 17:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2005.10.20 14:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD) DRV - [2005.10.06 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2005.10.06 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2005.10.06 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2005.10.06 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2005.10.06 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2005.10.06 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2005.10.06 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2005.09.09 14:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec) DRV - [2005.08.25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005.08.25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2003.09.19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2003.01.29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 CA DD 5A 44 63 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {2003FEA2-F7A0-4DB7-9C42-79C84419D5E1} IE - HKCU\..\SearchScopes\{2003FEA2-F7A0-4DB7-9C42-79C84419D5E1}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_it IE - HKCU\..\SearchScopes\{E3333C96-2E5E-4BF3-B64E-0157AFC8B672}: "URL" = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programmi\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\programmi\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\programmi\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\programmi\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programmi\AVG\AVG2012\Firefox4\ [2012.09.11 08:01:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.02.08 20:28:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Programmi\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.03 09:23:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programmi\Java\jre6\lib\deploy\jqs\ff [2012.06.29 20:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\AAAAA\Dati applicazioni\Mozilla\Extensions ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://apps.facebook.com/gardensoftime/?track=bookmark&ref=bookmarks&count=0 CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer CHR - plugin: Native Client (Disabled) = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programmi\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin7.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin8.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programmi\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Disabled) = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Disabled) = C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Disabled) = c:\programmi\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Disabled) = c:\programmi\real\realplayer\Netscape6\nprpjplug.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Programmi\DivX\DivX Player\npDivxPlayerPlugin.dll CHR - plugin: DivX Web Player (Enabled) = C:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programmi\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: RealJukebox NS Plugin (Disabled) = c:\programmi\real\realplayer\Netscape6\nprjplug.dll CHR - Extension: YouTube = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: AVG Safe Search = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\ CHR - Extension: AVG Do Not Track = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: Google Mail = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2010.08.27 20:20:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programmi\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmi\Google\Gmail Notifier\gnotify.exe (Google Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATICCC] C:\Programmi\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Programmi\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [IntelWireless] C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [SmoothView] C:\Programmi\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Tvs] C:\Programmi\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108859 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108823 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programmi\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O15 - HKCU\..Trusted Domains: facebook.com ([apps] https in Siti attendibili) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304748869531 (MUWebControl Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F21AEDA-65C6-4A4F-880B-7A65EBE3E8E5}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.01.17 09:33:18 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.11 19:30:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\AAAAA\Desktop\OTL.exe [2012.11.06 09:49:16 | 064,289,064 | ---- | C] (Games ) -- C:\Documents and Settings\AAAAA\Desktop\WorldRiddles3SecretsAges.exe [2012.10.30 19:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\MFAData [2012.10.30 19:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Intel [2012.10.30 14:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Funny Bear Studio [2012.10.30 14:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP [2012.10.30 14:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AAAAA\Desktop\World Riddles - Seven Wonders [2012.10.23 19:27:06 | 000,000,000 | ---D | C] -- C:\Programmi\QuickTime [2012.10.23 19:25:53 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Apple [2012.10.23 19:25:33 | 000,000,000 | ---D | C] -- C:\Programmi\Apple Software Update [2012.10.20 14:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Temp [2012.10.16 20:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Chromium [2012.10.16 20:03:47 | 000,000,000 | ---D | C] -- C:\Programmi\SRWare Iron [2011.01.31 09:23:21 | 000,319,248 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\UPI32.dll [2011.01.31 09:23:20 | 000,319,248 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\UPI.dll [2011.01.31 09:23:19 | 000,693,096 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\SetupUi.dll [2011.01.31 09:23:17 | 000,704,360 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\SetupAcadUi.dll [2011.01.31 09:23:10 | 001,049,312 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\PatchMgr.dll [2011.01.31 09:23:05 | 000,653,120 | ---- | C] (Microsoft Corporation) -- C:\Programmi\msvcr90.dll [2011.01.31 09:23:04 | 000,569,664 | ---- | C] (Microsoft Corporation) -- C:\Programmi\msvcp90.dll [2011.01.31 09:23:04 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Programmi\msvcm90.dll [2011.01.31 09:23:01 | 003,783,672 | ---- | C] (Microsoft Corporation) -- C:\Programmi\mfc90u.dll [2011.01.31 09:22:58 | 000,375,128 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\MC3Res.dll [2011.01.31 09:22:57 | 001,764,696 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\MC3.dll [2011.01.31 09:22:56 | 000,108,392 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\LiteHtml.dll [2011.01.31 09:22:52 | 001,645,320 | ---- | C] (Microsoft Corporation) -- C:\Programmi\gdiplus.dll [2011.01.31 09:22:49 | 000,544,616 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\DeployUi.dll [2011.01.31 09:22:48 | 000,085,352 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\CIPUtil.dll [2011.01.31 09:22:22 | 001,274,728 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\adlmPIT.dll [2011.01.31 09:22:22 | 000,189,800 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\adlmutil.dll [2011.01.31 09:22:13 | 000,047,328 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\AcSetup.dll [2011.01.31 09:21:45 | 000,452,456 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\Setup.exe [2011.01.31 09:21:45 | 000,190,688 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\senddmp.exe [2011.01.31 09:20:18 | 000,161,640 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\AcDelTree.exe [2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\CDRip.dll [2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\No23 Recorder.exe [2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\basscd.dll [2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\bass.dll [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.12 20:50:00 | 000,001,144 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.11.12 20:41:45 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2012.11.12 20:40:00 | 000,001,234 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2767231553-2537787753-3555782994-1006UA.job [2012.11.12 17:57:47 | 100,027,288 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2012.11.12 11:50:00 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.11.12 07:29:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.12 07:29:26 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys [2012.11.12 00:40:00 | 000,001,182 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2767231553-2537787753-3555782994-1006Core.job [2012.11.11 19:57:48 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\AAAAA\Desktop\x8ypdrpr.exe [2012.11.11 19:30:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AAAAA\Desktop\OTL.exe [2012.11.11 19:29:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\AAAAA\defogger_reenable [2012.11.11 19:27:35 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\AAAAA\Desktop\Defogger.exe [2012.11.11 19:23:42 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2767231553-2537787753-3555782994-1006.job [2012.11.10 23:44:24 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2767231553-2537787753-3555782994-1006.job [2012.11.06 21:39:54 | 000,245,718 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2012.11.06 09:49:20 | 064,289,064 | ---- | M] (Games ) -- C:\Documents and Settings\AAAAA\Desktop\WorldRiddles3SecretsAges.exe [2012.10.30 20:19:41 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\AAAAA\Desktop\Collegamento a Wonders.exe.lnk [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.11 19:57:46 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\AAAAA\Desktop\x8ypdrpr.exe [2012.11.11 19:29:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\AAAAA\defogger_reenable [2012.11.11 19:27:35 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\AAAAA\Desktop\Defogger.exe [2012.10.30 20:19:41 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\AAAAA\Desktop\Collegamento a Wonders.exe.lnk [2012.10.23 19:25:37 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Apple Software Update.lnk [2012.10.13 16:45:50 | 000,372,080 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.09.18 18:48:08 | 000,076,464 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2012.05.27 10:53:47 | 000,003,677 | ---- | C] () -- C:\Documents and Settings\AAAAA\Dati applicazioni\Sys2657a.DLL [2012.02.14 22:58:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.25 08:56:08 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI [2011.10.30 11:27:54 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\fusioncache.dat [2011.02.17 03:06:41 | 000,001,501 | ---- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\RecConfig.xml [2011.02.16 12:08:44 | 000,239,856 | ---- | C] () -- C:\Documents and Settings\AAAAA\GameUpdater.exe [2011.02.16 12:06:26 | 000,192,512 | ---- | C] () -- C:\Documents and Settings\AAAAA\xdelta3.exe [2011.01.31 13:05:12 | 000,000,008 | -H-- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\L8457789110 [2011.01.31 09:30:21 | 000,001,022 | ---- | C] () -- C:\Programmi\upiconfig.xml [2011.01.31 09:29:08 | 000,075,909 | ---- | C] () -- C:\Programmi\We_Support_You_German.pdf [2011.01.31 09:29:08 | 000,009,416 | ---- | C] () -- C:\Programmi\AutoCADConfig.pit [2011.01.31 09:28:14 | 000,023,635 | ---- | C] () -- C:\Programmi\mapfile.mlm [2011.01.31 09:28:14 | 000,001,528 | ---- | C] () -- C:\Programmi\ProdDep_UserDep.mc3 [2011.01.31 09:28:14 | 000,000,684 | ---- | C] () -- C:\Programmi\ProdInd_UserDep.mc3 [2011.01.31 09:28:14 | 000,000,546 | ---- | C] () -- C:\Programmi\ProdInd_UserInd.mc3 [2011.01.31 09:28:14 | 000,000,216 | ---- | C] () -- C:\Programmi\ProdDep_UserInd.mc3 [2011.01.31 09:20:16 | 000,000,043 | ---- | C] () -- C:\Programmi\autorun.inf [2011.01.31 09:20:15 | 000,018,506 | ---- | C] () -- C:\Programmi\Setup.ini [2010.12.28 09:44:54 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010.12.16 01:24:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI [2010.06.13 16:16:02 | 000,000,236 | ---- | C] () -- C:\Programmi\File comuni\dx.reg [2010.06.06 12:44:09 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\lame_enc.dll [2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\vorbisenc.dll [2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\vorbisfile.dll [2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\vorbis.dll [2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\ogg.dll [2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\no23xwrapper.dll ========== ZeroAccess Check ========== [2006.01.17 09:40:53 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:13:50 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:43 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:13:56 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.02.09 07:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AAAAA\Dati applicazioni\AVG2012 [2012.04.20 19:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AAAAA\Dati applicazioni\JAM Software [2012.07.21 08:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AAAAA\Dati applicazioni\Notepad++ [2012.10.22 18:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG2012 [2012.11.09 18:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Funny Bear Studio [2012.11.12 17:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MFAData [2012.11.12 16:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:EB86F355 < End of report > Extra.txt Code:
ATTFilter OTL Extras logfile created on: 11.11.2012 19:30:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\YYYY\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germania | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 69,25% Memory free
5,76 Gb Paging File | 5,17 Gb Available in Paging File | 89,78% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 92,91 Gb Total Space | 31,15 Gb Free Space | 33,52% Space Free | Partition Type: NTFS
Computer Name: XXXX | User Name: YYYY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programmi\Messenger\msmsgs.exe" = C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programmi\AVG\AVG10\avgmfapx.exe" = C:\Programmi\AVG\AVG10\avgmfapx.exe:*:Enabled:Installazione di AVG
"C:\Programmi\Internet Explorer\iexplore.exe" = C:\Programmi\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programmi\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Programmi\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Programmi\AVG\AVG2012\avgmfapx.exe" = C:\Programmi\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG2012\avgnsx.exe" = C:\Programmi\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG2012\avgdiagex.exe" = C:\Programmi\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnose 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG2012\avgemcx.exe" = C:\Programmi\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal eMail-Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{06C71F80-0E30-4E2C-878F-8502AB5AE3BE}" = ATI Catalyst Control Center
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38580E5E-AF78-4536-AD1E-6A62661372C5}" = AVG 2012
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = Manuali TOSHIBA
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{661E5E8A-C9AF-4815-8996-C2A809196864}" = Schreibmaschinenkurs 3.5 Shareware
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1
"{691BD252-796D-4AE3-924C-C48A1CD4BEDF}" = OpenOffice.org 3.2
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{842F9881-E181-30B3-A152-008D61433274}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA
"{86BA3130-5938-3192-BBCF-6B0A2D86FA58}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = Suono virtuale TOSHIBA
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Silenziatore unità CD/DVD
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A351224F-533A-4EED-89F4-0BF3417FD31D}" = WD Backup
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A725C340-77EE-11D6-BBC2-0000CB591583}" = A.F.5 Rename your files 1.1
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}" = WD Firewire HID Driver
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"All ATI Software" = ATI - Programma di disinstallazione
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2012
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FileZilla Client" = FileZilla Client 3.5.0
"HyperCam 2" = HyperCam 2
"ie8" = Windows Internet Explorer 8
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP3 Recorder Studio_is1" = MP3 Recorder Studio 6.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Notepad++" = Notepad++
"PDFConverter Desktop_is1" = PDFConverter Desktop
"Power Saver" = Risparmio energetico TOSHIBA
"ProInst" = Software Intel(R) PROSet/Wireless
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"ToshibaConnect" = Toshiba Connect
"TreeSize Free_is1" = TreeSize Free V2.7
"Utilità di diagnostica del PC" = Utilità di diagnostica del PC TOSHIBA
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xaldon WebSpider 2" = Xaldon WebSpider 2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab FLV Player" = FoxTab FLV Player
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.07.2012 03:36:03 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore FlashPlayerUpdateService.exe,
versione 11.3.300.268, modulo che ha provocato l'errore ntdll.dll, versione 5.1.2600.6055,
indirizzo errore 0x000113c0.
Error - 31.07.2012 12:36:18 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore FlashPlayerUpdateService.exe,
versione 11.3.300.268, modulo che ha provocato l'errore ntdll.dll, versione 5.1.2600.6055,
indirizzo errore 0x000113c0.
Error - 01.08.2012 00:36:15 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore , versione 0.0.0.0, modulo
che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x00000000.
Error - 01.08.2012 07:36:17 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore FlashPlayerUpdateService.exe,
versione 11.3.300.268, modulo che ha provocato l'errore ntdll.dll, versione 5.1.2600.6055,
indirizzo errore 0x000113c0.
Error - 02.08.2012 02:36:20 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore FlashPlayerUpdateService.exe,
versione 11.3.300.268, modulo che ha provocato l'errore ntdll.dll, versione 5.1.2600.6055,
indirizzo errore 0x000113c0.
Error - 27.09.2012 05:28:24 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore explorer.exe, versione 6.0.2900.5512,
modulo che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x04bdf6d5.
Error - 28.09.2012 05:36:16 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore , versione 0.0.0.0, modulo
che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x059af6d5.
Error - 30.09.2012 04:24:17 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore gnotify.exe, versione 1.0.25.0,
modulo che ha provocato l'errore , versione 5.1.2600.6055, indirizzo errore 0x00019af2.
Error - 30.10.2012 04:55:15 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore explorer.exe, versione 6.0.2900.5512,
modulo che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x0546f6d5.
Error - 07.11.2012 07:42:57 | Computer Name = XXXX | Source = ESENT | ID = 490
Description = svchost (1248) Tentativo di apertura del file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
per accesso in lettura e scrittura non riuscito con errore di sistema 32 (0x00000020):
"Impossibile accedere al file. Il file è utilizzato da un altro processo. ". L'operazione
di apertura del file non verrà effettuata con errore -1032 (0xfffffbf8).
[ System Events ]
Error - 08.11.2012 09:55:07 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
%%126
Error - 08.11.2012 19:42:32 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
%%126
Error - 09.11.2012 03:55:06 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
%%126
Error - 09.11.2012 12:10:50 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
%%126
Error - 10.11.2012 02:19:35 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
%%126
Error - 10.11.2012 23:43:32 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
%%126
Error - 11.11.2012 05:37:03 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
%%126
Error - 11.11.2012 13:11:34 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
%%126
Error - 11.11.2012 14:17:59 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
%%126
Error - 11.11.2012 14:18:08 | Computer Name = XXXX | Source = System Error | ID = 1003
Description = Codice errore 10000050, parametro1 e309401c, parametro2 00000000,
parametro3 bf82ebd1, parametro4 00000001.
< End of report >
Gmer.txt Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-11 23:54:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1032GSX rev.AS021G
Running: x8ypdrpr.exe; Driver: C:\DOCUME~1\YYYY~1\IMPOST~1\Temp\pxtdipog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xAEA0A004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xAEA0A0D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAEA09D76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAEA09E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAEA09EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAEA09F56]
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB9C0FEBF]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[1764] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 05E2FC69 C:\Programmi\PDFConverterDesktop\PDFConverterShell.dll
.text C:\Programmi\Real\RealPlayer\update\realsched.exe[2584] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1B220410-55F3-E40C-1381-E7333CA05BD2}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1B220410-55F3-E40C-1381-E7333CA05BD2}@gafdimgiocciag 0x61 0x63 0x62 0x6A ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 195366468
Disk \Device\Harddisk0\DR0 PE file @ sector 195366490
---- EOF - GMER 1.0.15 ----
|
|
12.11.2012, 23:01
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer geht mit Error ausZitat:
Bitte nun routinemäßig einen Quickscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.11.2012, 00:32
| #5 |
| | Computer geht mit Error aus Ja, die CD von Photoshop 5.5 ist weg (und nicht nur die). Hier der Scan mit der neusten Version von Malwarebytes. Ältere Logs habe ich nicht. Vielen Dank + Grüße mbam-log.txt Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.12.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 XXXX :: XXXX [Administrator] 13.11.2012 00:19:05 mbam-log-2012-11-13 (00-19-05).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213878 Laufzeit: 5 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
13.11.2012, 10:04
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer geht mit Error aus 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> Computer geht mit Error aus |
|
13.11.2012, 11:37
| #7 |
| | Computer geht mit Error aus Hier die 2 neuen Logfiles. Danke, Cosinus aswMBR.txt Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-13 11:12:25
-----------------------------
11:12:25.937 OS Version: Windows 5.1.2600 Service Pack 3
11:12:25.937 Number of processors: 2 586 0xF06
11:12:25.937 ComputerName: XXXXX UserName:
11:12:26.812 Initialize success
11:12:33.281 AVAST engine download error: 0
11:12:38.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:12:38.921 Disk 0 Vendor: TOSHIBA_MK1032GSX AS021G Size: 95396MB BusType: 3
11:12:38.937 Disk 0 MBR read successfully
11:12:38.953 Disk 0 MBR scan
11:12:38.953 Disk 0 Windows XP default MBR code
11:12:38.953 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95142 MB offset 63
11:12:38.984 Disk 0 Partition 2 00 88 Linux plaintext A Kárò'ó 251 MB offset 194852385
11:12:39.015 Disk 0 scanning sectors +195366465
11:12:39.062 Disk 0 malicious Win32:MBRoot code @ sector 195366468 !
11:12:39.062 Disk 0 PE file @ sector 195366490 !
11:12:39.093 Disk 0 scanning C:\WINDOWS\system32\drivers
11:12:46.421 Service scanning
11:12:57.453 Modules scanning
11:13:01.656 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
11:13:02.781 Disk 0 trace - called modules:
11:13:02.812 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:13:02.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5c11f0]
11:13:02.828 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000081[0x8a5be260]
11:13:02.828 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a588940]
11:13:02.828 Scan finished successfully
11:13:22.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\XXXXX\Desktop\MBR.dat"
11:13:22.250 The log file has been saved successfully to "C:\Documents and Settings\XXXXX\Desktop\aswMBR.txt"
TDSSKiller.txt Code:
ATTFilter 11:16:51.0750 1008 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:16:51.0765 1008 ============================================================
11:16:51.0765 1008 Current date / time: 2012/11/13 11:16:51.0765
11:16:51.0765 1008 SystemInfo:
11:16:51.0765 1008
11:16:51.0765 1008 OS Version: 5.1.2600 ServicePack: 3.0
11:16:51.0765 1008 Product type: Workstation
11:16:51.0765 1008 ComputerName: XXXXX
11:16:51.0765 1008 UserName: XXXXX
11:16:51.0765 1008 Windows directory: C:\WINDOWS
11:16:51.0765 1008 System windows directory: C:\WINDOWS
11:16:51.0765 1008 Processor architecture: Intel x86
11:16:51.0765 1008 Number of processors: 2
11:16:51.0765 1008 Page size: 0x1000
11:16:51.0765 1008 Boot type: Normal boot
11:16:51.0765 1008 ============================================================
11:16:53.0406 1008 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:16:53.0406 1008 ============================================================
11:16:53.0406 1008 \Device\Harddisk0\DR0:
11:16:53.0406 1008 MBR partitions:
11:16:53.0406 1008 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB9D35E2
11:16:53.0406 1008 ============================================================
11:16:53.0437 1008 C: <-> \Device\Harddisk0\DR0\Partition1
11:16:53.0437 1008 ============================================================
11:16:53.0437 1008 Initialize success
11:16:53.0437 1008 ============================================================
11:16:58.0843 5728 ============================================================
11:16:58.0843 5728 Scan started
11:16:58.0843 5728 Mode: Manual; SigCheck; TDLFS;
11:16:58.0843 5728 ============================================================
11:16:59.0578 5728 ================ Scan system memory ========================
11:16:59.0578 5728 System memory - ok
11:16:59.0578 5728 ================ Scan services =============================
11:16:59.0718 5728 Abiosdsk - ok
11:16:59.0718 5728 abp480n5 - ok
11:16:59.0765 5728 [ D766E636187B8F240BBFBABCD51EB2C6 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:17:00.0140 5728 ACPI - ok
11:17:00.0171 5728 [ 49AC5CD87FBDDA62F3E25190019E7627 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:17:00.0281 5728 ACPIEC - ok
11:17:00.0281 5728 adpu160m - ok
11:17:00.0312 5728 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:17:00.0406 5728 aec - ok
11:17:00.0453 5728 [ 12DAFD934641DCF61E446313BC261EC2 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:17:00.0468 5728 AegisP ( UnsignedFile.Multi.Generic ) - warning
11:17:00.0468 5728 AegisP - detected UnsignedFile.Multi.Generic (1)
11:17:00.0515 5728 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:17:00.0562 5728 AFD - ok
11:17:00.0609 5728 [ B3192376C7A3814B5341EFC2202022F8 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
11:17:00.0718 5728 AgereSoftModem - ok
11:17:00.0718 5728 Aha154x - ok
11:17:00.0734 5728 aic78u2 - ok
11:17:00.0734 5728 aic78xx - ok
11:17:00.0781 5728 [ 14A077AD0CF6116D1102631D8E1EDEE8 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:17:00.0890 5728 Alerter - ok
11:17:00.0906 5728 [ 79FE2E0D7859738225816658F0BB2A0D ] ALG C:\WINDOWS\System32\alg.exe
11:17:00.0953 5728 ALG - ok
11:17:00.0968 5728 AliIde - ok
11:17:00.0968 5728 amsint - ok
11:17:00.0984 5728 AppMgmt - ok
11:17:01.0000 5728 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:17:01.0109 5728 Arp1394 - ok
11:17:01.0109 5728 asc - ok
11:17:01.0109 5728 asc3350p - ok
11:17:01.0125 5728 asc3550 - ok
11:17:01.0234 5728 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:17:01.0250 5728 aspnet_state - ok
11:17:01.0281 5728 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:17:01.0406 5728 AsyncMac - ok
11:17:01.0437 5728 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:17:01.0562 5728 atapi - ok
11:17:01.0562 5728 Atdisk - ok
11:17:01.0625 5728 [ BAAB0EECD33888E7BEF52A75B6D6EC30 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
11:17:01.0640 5728 Ati HotKey Poller - ok
11:17:01.0734 5728 [ 0959C83F18F8A5966AFA2EC33BB96D14 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:17:01.0859 5728 ati2mtag - ok
11:17:01.0890 5728 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:17:02.0000 5728 Atmarpc - ok
11:17:02.0015 5728 [ 1B58D118049304E88464BE614C6D0014 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:17:02.0156 5728 AudioSrv - ok
11:17:02.0171 5728 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:17:02.0312 5728 audstub - ok
11:17:02.0625 5728 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Programmi\AVG\AVG2012\AVGIDSAgent.exe
11:17:02.0812 5728 AVGIDSAgent - ok
11:17:02.0875 5728 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
11:17:02.0921 5728 AVGIDSDriver - ok
11:17:02.0937 5728 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
11:17:02.0968 5728 AVGIDSFilter - ok
11:17:02.0984 5728 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
11:17:03.0015 5728 AVGIDSHX - ok
11:17:03.0031 5728 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
11:17:03.0046 5728 AVGIDSShim - ok
11:17:03.0078 5728 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
11:17:03.0109 5728 Avgldx86 - ok
11:17:03.0125 5728 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
11:17:03.0125 5728 Avgmfx86 - ok
11:17:03.0140 5728 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
11:17:03.0156 5728 Avgrkx86 - ok
11:17:03.0171 5728 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
11:17:03.0203 5728 Avgtdix - ok
11:17:03.0234 5728 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Programmi\AVG\AVG2012\avgwdsvc.exe
11:17:03.0250 5728 avgwd - ok
11:17:03.0281 5728 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:17:03.0390 5728 Beep - ok
11:17:03.0453 5728 [ 48C4763A9C8990FB48B73445BEB15D6A ] BITS C:\WINDOWS\system32\qmgr.dll
11:17:03.0671 5728 BITS - ok
11:17:03.0703 5728 [ D3FACB34FFF5DB91ADB70987838F8BA7 ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe
11:17:03.0734 5728 Brother XP spl Service - ok
11:17:03.0750 5728 [ 076D11B52F066ED33E3A80F8070A3E2E ] Browser C:\WINDOWS\System32\browser.dll
11:17:03.0828 5728 Browser - ok
11:17:03.0875 5728 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\Drivers\BrScnUsb.sys
11:17:03.0921 5728 BrScnUsb - ok
11:17:04.0046 5728 catchme - ok
11:17:04.0078 5728 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:17:04.0218 5728 cbidf2k - ok
11:17:04.0218 5728 cd20xrnt - ok
11:17:04.0234 5728 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:17:04.0421 5728 Cdaudio - ok
11:17:04.0437 5728 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:17:04.0562 5728 Cdfs - ok
11:17:04.0562 5728 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:17:04.0687 5728 Cdrom - ok
11:17:04.0750 5728 [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
11:17:04.0750 5728 CFSvcs ( UnsignedFile.Multi.Generic ) - warning
11:17:04.0750 5728 CFSvcs - detected UnsignedFile.Multi.Generic (1)
11:17:04.0765 5728 Changer - ok
11:17:04.0796 5728 [ D04F2BEB5EA63D0766E12E44AEF7C38D ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:17:04.0890 5728 CiSvc - ok
11:17:04.0906 5728 [ 48CB1DEFA1A6506C3CF09E4950F82EF6 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:17:05.0250 5728 ClipSrv - ok
11:17:05.0265 5728 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:17:05.0312 5728 clr_optimization_v2.0.50727_32 - ok
11:17:05.0343 5728 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:17:05.0468 5728 CmBatt - ok
11:17:05.0468 5728 CmdIde - ok
11:17:05.0468 5728 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:17:05.0593 5728 Compbatt - ok
11:17:05.0593 5728 COMSysApp - ok
11:17:05.0609 5728 Cpqarray - ok
11:17:05.0640 5728 [ B6FCBB157E9C8ABDCA4134C535535A8B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:17:05.0734 5728 CryptSvc - ok
11:17:05.0750 5728 dac2w2k - ok
11:17:05.0750 5728 dac960nt - ok
11:17:05.0812 5728 [ BC4E0226341AAEC1222336B3AED86BAB ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:17:05.0843 5728 DcomLaunch - ok
11:17:05.0890 5728 [ 699EE7F752A25180AEB92C3A0EAEE440 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:17:06.0000 5728 Dhcp - ok
11:17:06.0015 5728 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:17:06.0140 5728 Disk - ok
11:17:06.0140 5728 [ EE4325BECEF51B8C32B4329097E4F301 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
11:17:06.0156 5728 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
11:17:06.0156 5728 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
11:17:06.0171 5728 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
11:17:06.0171 5728 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
11:17:06.0171 5728 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
11:17:06.0218 5728 [ 1206B0B4930B58DF7FCAB3A2E526711E ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
11:17:06.0218 5728 DLADResN ( UnsignedFile.Multi.Generic ) - warning
11:17:06.0218 5728 DLADResN - detected UnsignedFile.Multi.Generic (1)
11:17:06.0250 5728 [ 752376E109A090970BFA9722F0F40B03 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
11:17:06.0250 5728 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
11:17:06.0250 5728 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
11:17:06.0265 5728 [ 62EE7902E74B90BF1CCC4643FC6C07A7 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
11:17:06.0296 5728 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
11:17:06.0296 5728 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
11:17:06.0312 5728 [ 5C220124C5AFEAEE84A9BB89D685C17B ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
11:17:06.0312 5728 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
11:17:06.0312 5728 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
11:17:06.0312 5728 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
11:17:06.0343 5728 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
11:17:06.0343 5728 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
11:17:06.0359 5728 [ 4EBB78D9BBF072119363B35B9B3E518F ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
11:17:06.0375 5728 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
11:17:06.0375 5728 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
11:17:06.0390 5728 [ 333B770E52D2CEA7BD86391120466E43 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
11:17:06.0406 5728 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
11:17:06.0406 5728 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
11:17:06.0406 5728 dmadmin - ok
11:17:06.0468 5728 [ 82BC125A8ED33F5F0E75F2AAC1065323 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:17:06.0609 5728 dmboot - ok
11:17:06.0625 5728 [ E959DDC0EA7AC11EE5E5602E2A364310 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:17:06.0750 5728 dmio - ok
11:17:06.0765 5728 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:17:06.0890 5728 dmload - ok
11:17:06.0906 5728 [ A01858C50704B2D2EDEEBBF6BBBCED2A ] dmserver C:\WINDOWS\System32\dmserver.dll
11:17:07.0015 5728 dmserver - ok
11:17:07.0031 5728 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:17:07.0156 5728 DMusic - ok
11:17:07.0203 5728 [ B7A1162B1A26DF7B60D5D9500006096C ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:17:07.0296 5728 Dnscache - ok
11:17:07.0343 5728 [ D580D77DFF316BD8C9D73B38695DE8DC ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:17:07.0468 5728 Dot3svc - ok
11:17:07.0484 5728 dpti2o - ok
11:17:07.0500 5728 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:17:07.0593 5728 drmkaud - ok
11:17:07.0640 5728 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
11:17:07.0640 5728 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
11:17:07.0640 5728 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
11:17:07.0656 5728 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
11:17:07.0656 5728 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
11:17:07.0656 5728 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
11:17:07.0687 5728 [ 2646883E6DD867CD872D5B51B6036710 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:17:07.0734 5728 E100B - ok
11:17:07.0765 5728 [ 86B1F123BACD444E81960B339BAE3FF2 ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:17:07.0906 5728 EapHost - ok
11:17:07.0937 5728 [ B6599EDA9F3EBEF064504EE35BBECA1C ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:17:08.0062 5728 ERSvc - ok
11:17:08.0109 5728 [ 26845F272435302E0F3322E660A24F7D ] Eventlog C:\WINDOWS\system32\services.exe
11:17:08.0140 5728 Eventlog - ok
11:17:08.0187 5728 [ 8360CB9756E598A5C6214EACFB3677C3 ] EventSystem C:\WINDOWS\system32\es.dll
11:17:08.0234 5728 EventSystem - ok
11:17:08.0281 5728 [ 56DED3ADE453272E6A0AD582D945D1A4 ] EvtEng C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
11:17:08.0281 5728 EvtEng ( UnsignedFile.Multi.Generic ) - warning
11:17:08.0281 5728 EvtEng - detected UnsignedFile.Multi.Generic (1)
11:17:08.0328 5728 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:17:08.0468 5728 Fastfat - ok
11:17:08.0500 5728 [ DCCC606FC144F6E44E497F9A906F1C30 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:17:08.0546 5728 FastUserSwitchingCompatibility - ok
11:17:08.0562 5728 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
11:17:08.0718 5728 Fdc - ok
11:17:08.0734 5728 [ 2CFEA3326981A18C6BAF2BD9BE76225B ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:17:08.0843 5728 Fips - ok
11:17:08.0953 5728 [ D60EF46DC0E757FE5EB579DB95B88954 ] FLEXnet Licensing Service C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:17:09.0015 5728 FLEXnet Licensing Service - ok
11:17:09.0031 5728 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
11:17:09.0140 5728 Flpydisk - ok
11:17:09.0187 5728 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:17:09.0281 5728 FltMgr - ok
11:17:09.0343 5728 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:17:09.0359 5728 FontCache3.0.0.0 - ok
11:17:09.0390 5728 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:17:09.0531 5728 Fs_Rec - ok
11:17:09.0531 5728 [ F3269A6EE547EA87B949A1CEA4816B38 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:17:09.0671 5728 Ftdisk - ok
11:17:09.0703 5728 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:17:09.0843 5728 Gpc - ok
11:17:09.0937 5728 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programmi\Google\Update\GoogleUpdate.exe
11:17:09.0953 5728 gupdate - ok
11:17:09.0968 5728 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programmi\Google\Update\GoogleUpdate.exe
11:17:09.0984 5728 gupdatem - ok
11:17:10.0015 5728 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:17:10.0156 5728 HDAudBus - ok
11:17:10.0234 5728 [ 6CE66B51B4EB23D9D073F92698C55C8D ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:17:10.0375 5728 helpsvc - ok
11:17:10.0375 5728 HidServ - ok
11:17:10.0390 5728 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:17:10.0562 5728 HidUsb - ok
11:17:10.0609 5728 [ 00CAD842F48947887A972828ACA665F7 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:17:10.0734 5728 hkmsvc - ok
11:17:10.0734 5728 hpn - ok
11:17:10.0781 5728 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:17:10.0828 5728 HTTP - ok
11:17:10.0875 5728 [ 450091AEBFCD08E5858533EAB5B9A436 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:17:11.0000 5728 HTTPFilter - ok
11:17:11.0015 5728 i2omgmt - ok
11:17:11.0015 5728 i2omp - ok
11:17:11.0046 5728 [ 610726E28AF55B95043C5C35A727E320 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:17:11.0140 5728 i8042prt - ok
11:17:11.0218 5728 [ BC1F1FF8D5800398937966CDB0A97FDC ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:17:11.0328 5728 ialm - ok
11:17:11.0406 5728 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:17:11.0468 5728 idsvc - ok
11:17:11.0500 5728 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:17:11.0656 5728 Imapi - ok
11:17:11.0687 5728 [ DB491237445F172FDDDF00541DE1A51D ] ImapiService C:\WINDOWS\system32\imapi.exe
11:17:11.0843 5728 ImapiService - ok
11:17:11.0843 5728 ini910u - ok
11:17:12.0031 5728 [ B12A9FC49CD2765A43829D834F518AED ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:17:12.0218 5728 IntcAzAudAddService - ok
11:17:12.0218 5728 IntelIde - ok
11:17:12.0265 5728 [ EBD830A0970C438047006A49C23E287F ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:17:12.0593 5728 intelppm - ok
11:17:12.0625 5728 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:17:12.0734 5728 Ip6Fw - ok
11:17:12.0765 5728 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:17:12.0875 5728 IpFilterDriver - ok
11:17:12.0906 5728 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:17:13.0015 5728 IpInIp - ok
11:17:13.0046 5728 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:17:13.0156 5728 IpNat - ok
11:17:13.0171 5728 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:17:13.0281 5728 IPSec - ok
11:17:13.0312 5728 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:17:13.0359 5728 IRENUM - ok
11:17:13.0375 5728 [ 0953594BEB81CC72FCC62D37921B25A6 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:17:13.0500 5728 isapnp - ok
11:17:13.0515 5728 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
11:17:13.0515 5728 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
11:17:13.0515 5728 Iviaspi - detected UnsignedFile.Multi.Generic (1)
11:17:13.0609 5728 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
11:17:13.0625 5728 JavaQuickStarterService - ok
11:17:13.0640 5728 [ 28B6EACE513CA7EABA3B809AD4BC274D ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:17:13.0750 5728 Kbdclass - ok
11:17:13.0765 5728 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:17:13.0875 5728 kmixer - ok
11:17:13.0921 5728 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:17:14.0000 5728 KSecDD - ok
11:17:14.0031 5728 [ 0F726D49C0B19E5A506A1CDFCE0EE42F ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:17:14.0078 5728 lanmanserver - ok
11:17:14.0109 5728 [ E13B0181DDA60B93E3253EFF52A79CBE ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:17:14.0171 5728 lanmanworkstation - ok
11:17:14.0171 5728 Lavasoft Kernexplorer - ok
11:17:14.0187 5728 lbrtfdc - ok
11:17:14.0234 5728 [ E01255727D0B158538D7C2B469B533A8 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:17:14.0406 5728 LmHosts - ok
11:17:14.0453 5728 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
11:17:14.0468 5728 MBAMProtector - ok
11:17:14.0531 5728 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:17:14.0578 5728 MBAMScheduler - ok
11:17:14.0625 5728 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
11:17:14.0656 5728 MBAMService - ok
11:17:14.0765 5728 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
11:17:14.0796 5728 MDM - ok
11:17:14.0812 5728 [ 3B32F662C8607E891F325E41F7EE225C ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:17:14.0921 5728 Messenger - ok
11:17:14.0953 5728 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:17:15.0062 5728 mnmdd - ok
11:17:15.0093 5728 [ 514A299EC926BAADA3C718B171476AA4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:17:15.0203 5728 mnmsrvc - ok
11:17:15.0218 5728 [ 8CB6636806D76B85FAFAEE94D75F5129 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:17:15.0328 5728 Modem - ok
11:17:15.0343 5728 [ E904EBED608055A2BFB824C07F59766C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:17:15.0453 5728 Mouclass - ok
11:17:15.0500 5728 [ D7662F0CF5B77BBBE3202716F5BD5318 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:17:15.0609 5728 mouhid - ok
11:17:15.0640 5728 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:17:15.0750 5728 MountMgr - ok
11:17:15.0765 5728 mraid35x - ok
11:17:15.0781 5728 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:17:15.0921 5728 MRxDAV - ok
11:17:15.0968 5728 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:17:16.0046 5728 MRxSmb - ok
11:17:16.0078 5728 [ 01F77E9E473235C31796ADE46107B0AD ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:17:16.0203 5728 MSDTC - ok
11:17:16.0218 5728 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:17:16.0328 5728 Msfs - ok
11:17:16.0343 5728 MSIServer - ok
11:17:16.0343 5728 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:17:16.0468 5728 MSKSSRV - ok
11:17:16.0484 5728 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:17:16.0609 5728 MSPCLOCK - ok
11:17:16.0656 5728 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:17:16.0765 5728 MSPQM - ok
11:17:16.0781 5728 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:17:16.0906 5728 mssmbios - ok
11:17:16.0921 5728 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:17:16.0968 5728 Mup - ok
11:17:17.0015 5728 [ 911587FD303C9690A428BB4B04732B61 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:17:17.0125 5728 napagent - ok
11:17:17.0140 5728 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:17:17.0250 5728 NDIS - ok
11:17:17.0281 5728 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:17:17.0312 5728 NdisTapi - ok
11:17:17.0328 5728 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:17:17.0453 5728 Ndisuio - ok
11:17:17.0468 5728 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:17:17.0593 5728 NdisWan - ok
11:17:17.0625 5728 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:17:17.0656 5728 NDProxy - ok
11:17:17.0671 5728 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:17:17.0781 5728 NetBIOS - ok
11:17:17.0812 5728 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:17:17.0937 5728 NetBT - ok
11:17:17.0984 5728 [ 1B09227E41F414A93DBC0BAF80C4D527 ] NetDDE C:\WINDOWS\system32\netdde.exe
11:17:18.0093 5728 NetDDE - ok
11:17:18.0109 5728 [ 1B09227E41F414A93DBC0BAF80C4D527 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:17:18.0218 5728 NetDDEdsdm - ok
11:17:18.0250 5728 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
11:17:18.0265 5728 Netdevio ( UnsignedFile.Multi.Generic ) - warning
11:17:18.0265 5728 Netdevio - detected UnsignedFile.Multi.Generic (1)
11:17:18.0296 5728 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:17:18.0406 5728 Netlogon - ok
11:17:18.0437 5728 [ 02815B70FC4CA8611A926176F1C39FC2 ] Netman C:\WINDOWS\System32\netman.dll
11:17:18.0546 5728 Netman - ok
11:17:18.0578 5728 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:17:18.0609 5728 NetTcpPortSharing - ok
11:17:18.0640 5728 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:17:18.0750 5728 NIC1394 - ok
11:17:18.0812 5728 [ C6B69A18D39744725FB73AC85E46032B ] Nla C:\WINDOWS\System32\mswsock.dll
11:17:18.0843 5728 Nla - ok
11:17:18.0906 5728 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programmi\CDBurnerXP\NMSAccessU.exe
11:17:18.0921 5728 NMSAccess - ok
11:17:18.0937 5728 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:17:19.0031 5728 Npfs - ok
11:17:19.0093 5728 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:17:19.0218 5728 Ntfs - ok
11:17:19.0218 5728 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:17:19.0328 5728 NtLmSsp - ok
11:17:19.0359 5728 [ 89DB90B5F35D2795D9FC56D933CC72B8 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:17:19.0515 5728 NtmsSvc - ok
11:17:19.0531 5728 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:17:19.0640 5728 Null - ok
11:17:19.0656 5728 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:17:19.0765 5728 NwlnkFlt - ok
11:17:19.0781 5728 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:17:20.0093 5728 NwlnkFwd - ok
11:17:20.0093 5728 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:17:20.0234 5728 ohci1394 - ok
11:17:20.0281 5728 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
11:17:20.0296 5728 ose - ok
11:17:20.0343 5728 [ 4E9408A178B2D955871C2CDD278DE3C3 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
11:17:20.0500 5728 Parport - ok
11:17:20.0515 5728 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:17:20.0640 5728 PartMgr - ok
11:17:20.0671 5728 [ 0DABEF655A444CB1E193626FB1D24B9F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:17:20.0781 5728 ParVdm - ok
11:17:20.0781 5728 [ F40A46892AFEBB0314536B849D57C11E ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:17:20.0906 5728 PCI - ok
11:17:20.0921 5728 PCIDump - ok
11:17:20.0937 5728 [ B2DF00D650FD6C4EE781740ED3C8E67F ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:17:21.0031 5728 PCIIde - ok
11:17:21.0062 5728 [ 815C50F2B1D1562800BDCE8BE895000E ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:17:21.0171 5728 Pcmcia - ok
11:17:21.0171 5728 PDCOMP - ok
11:17:21.0187 5728 PDFRAME - ok
11:17:21.0187 5728 PDRELI - ok
11:17:21.0187 5728 PDRFRAME - ok
11:17:21.0203 5728 perc2 - ok
11:17:21.0203 5728 perc2hib - ok
11:17:21.0234 5728 [ 444F122E68DB44C0589227781F3C8B3F ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
11:17:21.0250 5728 Pfc ( UnsignedFile.Multi.Generic ) - warning
11:17:21.0250 5728 Pfc - detected UnsignedFile.Multi.Generic (1)
11:17:21.0265 5728 [ 26845F272435302E0F3322E660A24F7D ] PlugPlay C:\WINDOWS\system32\services.exe
11:17:21.0281 5728 PlugPlay - ok
11:17:21.0296 5728 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:17:21.0406 5728 PolicyAgent - ok
11:17:21.0421 5728 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:17:21.0515 5728 PptpMiniport - ok
11:17:21.0531 5728 PROCEXP150 - ok
11:17:21.0531 5728 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:17:21.0640 5728 ProtectedStorage - ok
11:17:21.0656 5728 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:17:21.0781 5728 PSched - ok
11:17:21.0796 5728 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:17:21.0906 5728 Ptilink - ok
11:17:21.0906 5728 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:17:21.0937 5728 PxHelp20 - ok
11:17:21.0937 5728 ql1080 - ok
11:17:21.0937 5728 Ql10wnt - ok
11:17:21.0953 5728 ql12160 - ok
11:17:21.0953 5728 ql1240 - ok
11:17:21.0968 5728 ql1280 - ok
11:17:21.0984 5728 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:17:22.0109 5728 RasAcd - ok
11:17:22.0140 5728 [ 9839B418343D6E6E52659BDF3FF1FE67 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:17:22.0250 5728 RasAuto - ok
11:17:22.0281 5728 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:17:22.0390 5728 Rasl2tp - ok
11:17:22.0437 5728 [ 62AD41548E720DB4763B86F95E44F3FA ] RasMan C:\WINDOWS\System32\rasmans.dll
11:17:22.0562 5728 RasMan - ok
11:17:22.0578 5728 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:17:22.0687 5728 RasPppoe - ok
11:17:22.0703 5728 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:17:22.0812 5728 Raspti - ok
11:17:22.0843 5728 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:17:22.0953 5728 Rdbss - ok
11:17:22.0968 5728 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:17:23.0062 5728 RDPCDD - ok
11:17:23.0125 5728 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:17:23.0171 5728 RDPWD - ok
11:17:23.0218 5728 [ CC72E6AE90245F0AE48BF1236A7E1F9C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:17:23.0328 5728 RDSessMgr - ok
11:17:23.0375 5728 [ 393FC252593323B624B230ECA6B85E63 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:17:23.0500 5728 redbook - ok
11:17:23.0515 5728 [ 1B2857EF12D79A9F9ADBA14B0637CBF8 ] RegSrvc C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
11:17:23.0531 5728 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
11:17:23.0531 5728 RegSrvc - detected UnsignedFile.Multi.Generic (1)
11:17:23.0578 5728 [ 7EBBF16FBD3E0E34F084FA635C1844E3 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:17:23.0734 5728 RemoteAccess - ok
11:17:23.0765 5728 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
11:17:23.0781 5728 Revoflt - ok
11:17:23.0812 5728 [ DC97F6C8A94691834439872B9E8FF2B3 ] RpcLocator C:\WINDOWS\system32\locator.exe
11:17:23.0921 5728 RpcLocator - ok
11:17:23.0953 5728 [ BC4E0226341AAEC1222336B3AED86BAB ] RpcSs C:\WINDOWS\System32\rpcss.dll
11:17:23.0984 5728 RpcSs - ok
11:17:24.0031 5728 [ DCE0D20F8FB66DF41D53734BFF9D66F0 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:17:24.0125 5728 RSVP - ok
11:17:24.0187 5728 [ 6C5155CC0E805C7BE6028BFF7AC14524 ] S24EventMonitor C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
11:17:24.0187 5728 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
11:17:24.0203 5728 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
11:17:24.0234 5728 [ 1CC074E0D48383D4E9BFFC6A26C2A58A ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:17:24.0250 5728 s24trans ( UnsignedFile.Multi.Generic ) - warning
11:17:24.0250 5728 s24trans - detected UnsignedFile.Multi.Generic (1)
11:17:24.0265 5728 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] SamSs C:\WINDOWS\system32\lsass.exe
11:17:24.0375 5728 SamSs - ok
11:17:24.0390 5728 [ 1D456F1CD76A80793C07BA52CF3A7455 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:17:24.0515 5728 SCardSvr - ok
11:17:24.0546 5728 [ 511886E5BD060046CCE8373E92E62EDF ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:17:24.0687 5728 Schedule - ok
11:17:24.0718 5728 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:17:24.0828 5728 sdbus - ok
11:17:24.0843 5728 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:17:24.0890 5728 Secdrv - ok
11:17:24.0906 5728 [ 17C6354CA08E7C7972E12C67478AE134 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:17:25.0031 5728 seclogon - ok
11:17:25.0046 5728 [ A0ECA1CE0FCCB29C5E4E1F416E95E73E ] SENS C:\WINDOWS\system32\sens.dll
11:17:25.0156 5728 SENS - ok
11:17:25.0187 5728 [ FDBD9D64E2E03270021D424F0DCCF79D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
11:17:25.0312 5728 Serial - ok
11:17:25.0328 5728 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:17:25.0437 5728 Sfloppy - ok
11:17:25.0484 5728 [ 152C0555925DFE028E3148FD215146BB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:17:25.0593 5728 SharedAccess - ok
11:17:25.0625 5728 [ DCCC606FC144F6E44E497F9A906F1C30 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:17:25.0640 5728 ShellHWDetection - ok
11:17:25.0656 5728 Simbad - ok
11:17:25.0656 5728 Sparrow - ok
11:17:25.0671 5728 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:17:25.0796 5728 splitter - ok
11:17:25.0843 5728 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:17:25.0859 5728 Spooler - ok
11:17:25.0875 5728 [ 618718CAE288BF7CBD8FCBAB2577D932 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:17:25.0937 5728 sr - ok
11:17:25.0968 5728 [ B3E3DA70A7A76E69B872DE3D06D32C19 ] srservice C:\WINDOWS\system32\srsvc.dll
11:17:26.0015 5728 srservice - ok
11:17:26.0078 5728 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:17:26.0140 5728 Srv - ok
11:17:26.0156 5728 [ 5215569DD3A8FBC65A85E85F3C12258B ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:17:26.0203 5728 SSDPSRV - ok
11:17:26.0250 5728 [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
11:17:26.0250 5728 StarOpen ( UnsignedFile.Multi.Generic ) - warning
11:17:26.0250 5728 StarOpen - detected UnsignedFile.Multi.Generic (1)
11:17:26.0296 5728 [ 3B9263E137896E4D303494F116E00608 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:17:26.0437 5728 stisvc - ok
11:17:26.0453 5728 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:17:26.0578 5728 swenum - ok
11:17:26.0593 5728 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:17:26.0703 5728 swmidi - ok
11:17:26.0703 5728 SwPrv - ok
11:17:26.0718 5728 symc810 - ok
11:17:26.0734 5728 symc8xx - ok
11:17:26.0734 5728 sym_hi - ok
11:17:26.0750 5728 sym_u3 - ok
11:17:26.0781 5728 [ E295FFFFF3AAF9A6A40B29497901908F ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:17:26.0828 5728 SynTP - ok
11:17:26.0843 5728 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:17:26.0953 5728 sysaudio - ok
11:17:27.0000 5728 [ A34A9A872EEC4C026FD542AC7156FE0B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:17:27.0109 5728 SysmonLog - ok
11:17:27.0125 5728 [ 6B85F1A9DCE45D45BFFAD3222C21F297 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:17:27.0250 5728 TapiSrv - ok
11:17:27.0281 5728 [ 90861642FD6D8FAFB1408EE26FA93CB4 ] TAPPSRV C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
11:17:27.0296 5728 TAPPSRV ( UnsignedFile.Multi.Generic ) - warning
11:17:27.0296 5728 TAPPSRV - detected UnsignedFile.Multi.Generic (1)
11:17:27.0343 5728 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:17:27.0390 5728 Tcpip - ok
11:17:27.0421 5728 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:17:27.0546 5728 TDPIPE - ok
11:17:27.0562 5728 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:17:27.0671 5728 TDTCP - ok
11:17:27.0687 5728 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:17:27.0781 5728 TermDD - ok
11:17:27.0828 5728 [ FE5A5329CCFC33D645C33077FF04F052 ] TermService C:\WINDOWS\System32\termsrv.dll
11:17:27.0953 5728 TermService - ok
11:17:27.0968 5728 [ DCCC606FC144F6E44E497F9A906F1C30 ] Themes C:\WINDOWS\System32\shsvcs.dll
11:17:27.0984 5728 Themes - ok
11:17:28.0015 5728 [ 244CFBFFDEFB77F3DF571A8CD108FC06 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
11:17:28.0046 5728 tifm21 - ok
11:17:28.0062 5728 TosIde - ok
11:17:28.0062 5728 [ CC069342EE0EAE55B32A0AE99CF6185C ] tosrfec C:\WINDOWS\system32\DRIVERS\tosrfec.sys
11:17:28.0093 5728 tosrfec ( UnsignedFile.Multi.Generic ) - warning
11:17:28.0093 5728 tosrfec - detected UnsignedFile.Multi.Generic (1)
11:17:28.0140 5728 [ 690294999DF1248FAF85D95B31955D0C ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:17:28.0265 5728 TrkWks - ok
11:17:28.0312 5728 [ 676DB15DDF2E0FF6EC03068DEA428B8B ] TVALD C:\WINDOWS\system32\DRIVERS\NBSMI.sys
11:17:28.0312 5728 TVALD ( UnsignedFile.Multi.Generic ) - warning
11:17:28.0312 5728 TVALD - detected UnsignedFile.Multi.Generic (1)
11:17:28.0359 5728 [ CC6763889198EF975B143D49789BCFA9 ] Tvs C:\WINDOWS\system32\DRIVERS\Tvs.sys
11:17:28.0375 5728 Tvs ( UnsignedFile.Multi.Generic ) - warning
11:17:28.0375 5728 Tvs - detected UnsignedFile.Multi.Generic (1)
11:17:28.0406 5728 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:17:28.0531 5728 Udfs - ok
11:17:28.0546 5728 ultra - ok
11:17:28.0593 5728 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:17:28.0734 5728 Update - ok
11:17:28.0765 5728 [ 8057B0744D9842A090E51D2845861D5F ] upnphost C:\WINDOWS\System32\upnphost.dll
11:17:28.0859 5728 upnphost - ok
11:17:28.0890 5728 [ F5E8B846EC10E1DF8DCA64119E2EB709 ] UPS C:\WINDOWS\System32\ups.exe
11:17:29.0046 5728 UPS - ok
11:17:29.0078 5728 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:17:29.0203 5728 usbccgp - ok
11:17:29.0218 5728 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:17:29.0328 5728 usbehci - ok
11:17:29.0343 5728 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:17:29.0453 5728 usbhub - ok
11:17:29.0500 5728 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:17:29.0609 5728 usbprint - ok
11:17:29.0625 5728 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:17:29.0750 5728 USBSTOR - ok
11:17:29.0765 5728 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:17:29.0875 5728 usbuhci - ok
11:17:29.0890 5728 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:17:30.0000 5728 VgaSave - ok
11:17:30.0000 5728 ViaIde - ok
11:17:30.0031 5728 [ E46C1B5A56DA7DA603D09DFCC79EC59E ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:17:30.0140 5728 VolSnap - ok
11:17:30.0187 5728 [ C2FE17125256102F5B44194D5DB0A799 ] VSS C:\WINDOWS\System32\vssvc.exe
11:17:30.0265 5728 VSS - ok
11:17:30.0296 5728 [ 2969DD84B584A6BB541A5273103957A3 ] W32Time C:\WINDOWS\system32\w32time.dll
11:17:30.0406 5728 W32Time - ok
11:17:30.0484 5728 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
11:17:30.0609 5728 w39n51 - ok
11:17:30.0687 5728 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:17:30.0859 5728 Wanarp - ok
11:17:30.0859 5728 WDICA - ok
11:17:30.0906 5728 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:17:31.0015 5728 wdmaud - ok
11:17:31.0031 5728 [ 2EC50EE79B65F60C8E8B4A03BBB3A42F ] WebClient C:\WINDOWS\System32\webclnt.dll
11:17:31.0140 5728 WebClient - ok
11:17:31.0234 5728 [ 40911E98D0F1CBB1015F2101982F1DDF ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:17:31.0343 5728 winmgmt - ok
11:17:31.0375 5728 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:17:31.0437 5728 WmdmPmSN - ok
11:17:31.0468 5728 [ 81FD02839FDB10ACF0EC40B809B9F8CC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:17:31.0593 5728 WmiApSrv - ok
11:17:31.0703 5728 [ F30DC8F80CF65A323E8B6A2DB81561E3 ] WMPNetworkSvc C:\Programmi\Windows Media Player\WMPNetwk.exe
11:17:31.0828 5728 WMPNetworkSvc - ok
11:17:31.0875 5728 [ 926D921C93CFF1E19EF4DE3E4C8368CA ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:17:32.0015 5728 wscsvc - ok
11:17:32.0031 5728 [ CC48415E6C7CBAA441A3D6A6DCCBCFA6 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:17:32.0156 5728 wuauserv - ok
11:17:32.0203 5728 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:17:32.0234 5728 WudfPf - ok
11:17:32.0250 5728 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:17:32.0296 5728 WudfRd - ok
11:17:32.0312 5728 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:17:32.0359 5728 WudfSvc - ok
11:17:32.0421 5728 [ 053E0307A08CAC60793E27E921B46B3E ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:17:32.0687 5728 WZCSVC - ok
11:17:32.0703 5728 [ 5526482DCBA6047641B13BF9C75A74E0 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:17:32.0828 5728 xmlprov - ok
11:17:32.0843 5728 ================ Scan global ===============================
11:17:32.0875 5728 [ 17DDFE6A0B5404C5EF4C03AD996D0562 ] C:\WINDOWS\system32\basesrv.dll
11:17:32.0921 5728 [ 7B39F8912DF2C266411F7248EC250AE6 ] C:\WINDOWS\system32\winsrv.dll
11:17:32.0937 5728 [ 7B39F8912DF2C266411F7248EC250AE6 ] C:\WINDOWS\system32\winsrv.dll
11:17:32.0953 5728 [ 26845F272435302E0F3322E660A24F7D ] C:\WINDOWS\system32\services.exe
11:17:32.0953 5728 [Global] - ok
11:17:32.0953 5728 ================ Scan MBR ==================================
11:17:32.0968 5728 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:17:33.0000 5728 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
11:17:33.0000 5728 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
11:17:33.0078 5728 ================ Scan VBR ==================================
11:17:33.0078 5728 [ ACAE0AF64C93B8F1740F348E12A335E9 ] \Device\Harddisk0\DR0\Partition1
11:17:33.0078 5728 \Device\Harddisk0\DR0\Partition1 - ok
11:17:33.0078 5728 ============================================================
11:17:33.0078 5728 Scan finished
11:17:33.0078 5728 ============================================================
11:17:33.0187 1684 Detected object count: 26
11:17:33.0187 1684 Actual detected object count: 26
11:19:16.0734 1684 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0734 1684 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0734 1684 CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0734 1684 CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0734 1684 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0734 1684 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0750 1684 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0750 1684 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0750 1684 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0750 1684 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0750 1684 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0750 1684 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0750 1684 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0750 1684 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0750 1684 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0750 1684 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0750 1684 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0750 1684 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0750 1684 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0750 1684 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0765 1684 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0765 1684 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0765 1684 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0765 1684 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0765 1684 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0765 1684 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0765 1684 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0765 1684 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0765 1684 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0765 1684 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0765 1684 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0765 1684 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0781 1684 Pfc ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0781 1684 Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0781 1684 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0781 1684 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0781 1684 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0781 1684 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0781 1684 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0781 1684 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0781 1684 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0781 1684 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0781 1684 TAPPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0781 1684 TAPPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0781 1684 tosrfec ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0781 1684 tosrfec ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0781 1684 TVALD ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0781 1684 TVALD ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:16.0796 1684 Tvs ( UnsignedFile.Multi.Generic ) - skipped by user
11:19:16.0796 1684 Tvs ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:19:17.0109 1684 \Device\Harddisk0\DR0\# - copied to quarantine
11:19:17.0109 1684 \Device\Harddisk0\DR0 - copied to quarantine
11:19:17.0140 1684 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
11:19:17.0187 1684 \Device\Harddisk0\DR0 - ok
11:19:17.0187 1684 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
|
|
13.11.2012, 16:05
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer geht mit Error aus Du hast Rootkitbefall! Bitte ein Log mit CF machen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
Linear-Darstellung
