Aiuto: Virus causa blocco PC dopo pochi secondi - LOG HijackThis

Devilman · 15 Febbraio 2012

Ciao,

penso di avere un virus. Vi spiego il problema nel concreto:

- accendo il PC, carica tutte le icone desktop, permette di aprire cartelle e programmi ma, dopo 4-5 secondi, tutte le icone della tray scompaiono, si apre internet explorer a mezza finestra (indicante pagina web non disponibile), poi diventa a tutto schermo bianco e non posso fare altro che schiacciare il tasto di spegnimento, appena fatto, torna sul desktop che da qualche messaggio di errore e si spegne normalmente.

Il virus è entrato mentre navigavo e mi ha bloccato tutto, dal riavvio successivo succede quanto appena elencato.

Sto usando il PC in modalità provvisoria...e funziona tutto perfettamente.

Ho già fatto una scansione completa con Avast Antivirus con la quale ho tolto 10 virus, ma mi dà ancora lo stesso problema. Stanotte provo a fare una scansione all'avvio, ma non so se riesco poi a visualizzarne i risultati dalla modalità provvisoria! Qualcuno lo sa?

Potete farmi un controllo? Allego il log di HijackThis.

Grazie!

Codice:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.42.34, on 15/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Stefano\IMPOST~1\Temp\Rar$EX00.062\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\OrbitDownloader\orbitcth.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programmi\FlashGET\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\Stefano\Impostazioni locali\Temp\Rar$EX01.828\tools\bitcometbho.dll (file missing)
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programmi\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programmi\FlashGET\getflash.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programmi\OrbitDownloader\GrabPro.dll
O3 - Toolbar: Copernic Desktop Search - Corporate Toolbar - {B69A3268-DA39-49B0-B1A6-4E7E4B98BB45} - C:\Programmi\Copernic Desktop Search (Corporate)\Toolbar\ToolbarContainer101000325.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programmi\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Programmi\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [MemoREX] "C:\Programmi\MemoRex\MemoRexStart.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [facemoods] "C:\Programmi\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [DNS7reminder] "C:\Programmi\DragonNaturallySpeaking11 (Nuance)\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dati applicazioni\Nuance\NaturallySpeaking11\Ereg.ini"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Granola] "C:\Programmi\Granola (MiserWare)\granola.exe"
O4 - HKCU\..\Run: [VisualTaskTips] C:\Programmi\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [Mmm] "C:\Programmi\MmmFREE (Hace)\Mmm.exe"
O4 - HKCU\..\Run: [Actual Window Manager] "C:\Programmi\Actual Window Manager\ActualWindowManagerCenter.exe"
O4 - HKCU\..\Run: [Copernic Desktop Search - Corporate] "C:\Programmi\Copernic Desktop Search (Corporate)\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM] C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Programmi\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Internet Security] C:\Documents and Settings\All Users\Dati applicazioni\isecurity.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 0.4963367461490301.exe.lnk = C:\WINDOWS\system32\rundll32.exe
O4 - Startup: 4t Tray Minimizer.lnk = C:\Programmi\4t Tray Minimizer\4t-min.exe
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: RunIt!.lnk = C:\Programmi\RunIt!\RunIt.exe
O4 - Global Startup: PhraseExpress.lnk = C:\Programmi\PhraseExpress\phraseexpress.exe
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Programmi\OrbitDownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmi\OrbitDownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Scarica con FlashGet - C:\Programmi\FlashGET\jc_link.htm
O8 - Extra context menu item: &Scarica tutto con FlashGet - C:\Programmi\FlashGET\jc_all.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programmi\OrbitDownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programmi\OrbitDownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: Scarica tutto usando BitComet - res://C:\Documents and Settings\Stefano\Impostazioni locali\Temp\Rar$EX01.828\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Scarica usando &BitComet - res://C:\Documents and Settings\Stefano\Impostazioni locali\Temp\Rar$EX01.828\BitComet.exe/AddLink.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Documents and Settings\Stefano\Impostazioni locali\Temp\Rar$EX01.828\tools\bitcometbho.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmi\FlashGET\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmi\FlashGET\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Programmi\File comuni\Nuance\dgnsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Programmi\Nitro PDF Reader\NitroPDFReaderDriverService2.exe

--
End of file - 9276 bytes

tecnico24 · 15 Febbraio 2012

Il pc è infetto.
Segui questa guida:
http://www.tomshw.it/forum/sicurezz...omputer-infetto-leggere-prima-di-postare.html
Inviaci il log di Combofix , MalwareBytes e di Hijackthis in modalità normale.
Se non riesci proprio a lavorare in modalità normale , allora procederemo diversamente.
Saluti.

Devilman · 15 Febbraio 2012

Non riesco a lavorare in modalità normale perchè mi si blocca dopo pochi secondi.

Posso fare tutte 3 le scansioni (ComboFix, Malwarebytes e TDSSkiller) in modalità provvisoria?

Spero di riuscire ad installarli senza problemi.

tecnico24 · 15 Febbraio 2012

Riavvia il pc e dalle modalità disponibili scegli Modalità provvisoria con Rete

Scarica TDSS Killer dal link che hai letto nella guida ed eseguilo seguendo le opportune istruzioni.
Esegui anche Malwarebytes aggiornando le opportune definizioni effettuando una scansione completa.

I due software rileveranno e rimuoveranno il rogue anti-virus che hai installato involontariamente.

Dopo aver fatto girare i due programmmi , avvia il pc in modalità normale e da lì effettuerai una scansione con combofix.
Inviaci il log di Combofix e di Hijackthis in modalità normale.

Devilman · 15 Febbraio 2012

Ok! Provo.

Speriamo in bene.

Ma, quindi, tu il virus l'hai già individuato? Nel senso, sei già sicuro sia quello?

tecnico24 · 15 Febbraio 2012

Ecco una voce inerente al rogue:

O4 - HKCU\..\Run: [Internet Security] C:\Documents and Settings\All Users\Dati applicazioni\isecurity.exe

Attendo i resoconti
Saluti.

Devilman · 15 Febbraio 2012

Purtroppo, mi sa che non è quello che causa il blocco.

L'Internet Security mi è entrato dopo quando ero in già modalità provvisoria (stavo navigando dimenticandomi di avere l'antivirus disattivato! :cav:).

Vedi qualche altra voce strana?

Poi, nelle prossime ore, ti faccio le scansioni e ti invio i risultati (sperando di riuscire ad avviare il sistema in modalità normale)

tecnico24 · 15 Febbraio 2012

Continua le scansioni con i due programmi in modalita provvisoria e postane i risultati.

Dopo la scansione e la rimozione di malware dovresti rientrare normalmente nell'avvio normale( anche se con qualche rallentamento ) e da lì effettuerai le scansioni con combofix e Hijackthis.

Il log presenta tante schifezze , ma comunque c'è ne sono altre che non vengono individuate poichè sei in provvisoria.

Devilman · 16 Febbraio 2012

OK! Ho fatto le 2 scansioni in modalità provvisoria.

Ho riavviato il PC e sembra non dare più problemi (non si blocca).

Ti posto i risultati:

Malwarebytes (modalità provvisoria):

Codice:

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Versione database: v2012.02.15.03

Windows XP Service Pack 3 x86 NTFS (Modalità provvisoria con rete)
Internet Explorer 8.0.6001.18702
Stefano :: PC-STEFANO [amministratore]

Protezione: Disattivata

16/02/2012 3.39.14
mbam-log-2012-02-16 (04-38-19).txt

Tipo di scansione: Scansione completa
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 268889
Tempo impiegato: 38 minuti, 21 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Security (Rogue.InternetSecurity) -> Dati: C:\Documents and Settings\All Users\Dati applicazioni\isecurity.exe -> Nessuna azione intrapresa.

Voci rilevate nei dati di registro: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Cattivo: (1) Buono: (0) -> Nessuna azione intrapresa.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Cattivo: (1) Buono: (0) -> Nessuna azione intrapresa.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Cattivo: (1) Buono: (0) -> Nessuna azione intrapresa.

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 11
C:\Documents and Settings\All Users\Dati applicazioni\isecurity.exe (Rogue.InternetSecurity) -> Nessuna azione intrapresa.
C:\Documents and Settings\Stefano\Dati applicazioni\Sun\Java\Deployment\cache\6.0\18\4b370852-6f3eb470 (Trojan.Agent.TW) -> Nessuna azione intrapresa.
C:\Documents and Settings\Stefano\Dati applicazioni\Sun\Java\Deployment\cache\6.0\55\433c9bb7-4946617d (Trojan.VUPX.ON1) -> Nessuna azione intrapresa.
C:\Documents and Settings\Stefano\Impostazioni locali\Temp\0.4963367461490301.exe (Trojan.VUPX.ON1) -> Nessuna azione intrapresa.
C:\Documents and Settings\Stefano\Impostazioni locali\Temp\116.tmp (Rogue.InternetSecurity) -> Nessuna azione intrapresa.
C:\Documents and Settings\Stefano\Impostazioni locali\Temp\jika0.0020963547719070608.exe (Trojan.Agent.TW) -> Nessuna azione intrapresa.
C:\Documents and Settings\Stefano\Impostazioni locali\Temp\oleda0.5493947347561876.exe (Trojan.Agent.TW) -> Nessuna azione intrapresa.
C:\Documents and Settings\Stefano\Impostazioni locali\Temp\~!#115.tmp (Rogue.InternetSecurity) -> Nessuna azione intrapresa.
C:\WINDOWS\system32\CRYPT.DLL (Hacktool) -> Nessuna azione intrapresa.
C:\Documents and Settings\All Users\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Nessuna azione intrapresa.
C:\Documents and Settings\Stefano\Menu Avvio\Programmi\Esecuzione automatica\0.4963367461490301.exe.lnk (Backdoor.Agent) -> Nessuna azione intrapresa.

(fine)

Wikisend: free file sharing service (immagine)

TDSS (modalità provvisoria):

Codice:

04:45:08.0640 1916	TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
04:45:08.0812 1916	============================================================
04:45:08.0812 1916	Current date / time: 2012/02/16 04:45:08.0812
04:45:08.0812 1916	SystemInfo:
04:45:08.0812 1916	
04:45:08.0812 1916	OS Version: 5.1.2600 ServicePack: 3.0
04:45:08.0812 1916	Product type: Workstation
04:45:08.0812 1916	ComputerName: PC-STEFANO
04:45:08.0812 1916	UserName: Stefano
04:45:08.0812 1916	Windows directory: C:\WINDOWS
04:45:08.0812 1916	System windows directory: C:\WINDOWS
04:45:08.0812 1916	Processor architecture: Intel x86
04:45:08.0812 1916	Number of processors: 1
04:45:08.0812 1916	Page size: 0x1000
04:45:08.0812 1916	Boot type: Safe boot with network
04:45:08.0812 1916	============================================================
04:45:09.0578 1916	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
04:45:17.0187 1916	Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1D9265, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000050
04:45:17.0187 1916	\Device\Harddisk0\DR0:
04:45:17.0187 1916	MBR used
04:45:17.0187 1916	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
04:45:17.0187 1916	\Device\Harddisk1\DR1:
04:45:17.0187 1916	MBR used
04:45:17.0187 1916	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747061A1
04:45:18.0843 1916	Initialize success
04:45:18.0843 1916	============================================================
04:45:53.0593 0800	============================================================
04:45:53.0593 0800	Scan started
04:45:53.0593 0800	Mode: Manual; 
04:45:53.0593 0800	============================================================
04:45:54.0656 0800	Aavmker4        (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
04:45:54.0656 0800	Aavmker4 - ok
04:45:54.0656 0800	Abiosdsk - ok
04:45:54.0671 0800	abp480n5 - ok
04:45:54.0718 0800	ACPI            (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
04:45:54.0718 0800	ACPI - ok
04:45:54.0781 0800	ACPIEC          (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys
04:45:54.0781 0800	ACPIEC - ok
04:45:54.0843 0800	adfs            (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
04:45:54.0843 0800	adfs - ok
04:45:54.0859 0800	adpu160m - ok
04:45:54.0906 0800	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
04:45:54.0906 0800	aec - ok
04:45:54.0953 0800	AegisP          (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
04:45:54.0953 0800	AegisP - ok
04:45:54.0984 0800	AFD             (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
04:45:54.0984 0800	AFD - ok
04:45:55.0000 0800	Aha154x - ok
04:45:55.0015 0800	aic78u2 - ok
04:45:55.0031 0800	aic78xx - ok
04:45:55.0078 0800	alcan5wn        (235ced68762538aae388cca5cdc0441a) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
04:45:55.0078 0800	alcan5wn - ok
04:45:55.0140 0800	alcaudsl        (d6652432d103b4228ffad7a754a374b5) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
04:45:55.0156 0800	alcaudsl - ok
04:45:55.0250 0800	ALCXWDM         (933933288df5ed26d1928215c97d05c7) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
04:45:55.0265 0800	ALCXWDM - ok
04:45:55.0281 0800	AliIde - ok
04:45:55.0312 0800	AmdK8           (899f7c468b2bfd1561765c413d40a8bd) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
04:45:55.0312 0800	AmdK8 - ok
04:45:55.0312 0800	amsint - ok
04:45:55.0390 0800	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
04:45:55.0390 0800	Arp1394 - ok
04:45:55.0406 0800	asc - ok
04:45:55.0421 0800	asc3350p - ok
04:45:55.0437 0800	asc3550 - ok
04:45:55.0468 0800	aswFsBlk        (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
04:45:55.0468 0800	aswFsBlk - ok
04:45:55.0484 0800	aswMon2         (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
04:45:55.0484 0800	aswMon2 - ok
04:45:55.0515 0800	aswRdr          (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
04:45:55.0515 0800	aswRdr - ok
04:45:55.0562 0800	aswSnx          (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
04:45:55.0562 0800	aswSnx - ok
04:45:55.0593 0800	aswSP           (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
04:45:55.0593 0800	aswSP - ok
04:45:55.0609 0800	aswTdi          (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
04:45:55.0625 0800	aswTdi - ok
04:45:55.0687 0800	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
04:45:55.0687 0800	AsyncMac - ok
04:45:55.0718 0800	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
04:45:55.0734 0800	atapi - ok
04:45:55.0734 0800	Atdisk - ok
04:45:55.0828 0800	ati2mtag        (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
04:45:55.0828 0800	ati2mtag - ok
04:45:55.0843 0800	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
04:45:55.0859 0800	Atmarpc - ok
04:45:55.0953 0800	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
04:45:55.0953 0800	audstub - ok
04:45:56.0000 0800	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
04:45:56.0000 0800	Beep - ok
04:45:56.0031 0800	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
04:45:56.0031 0800	cbidf2k - ok
04:45:56.0046 0800	cd20xrnt - ok
04:45:56.0078 0800	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
04:45:56.0078 0800	Cdaudio - ok
04:45:56.0093 0800	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
04:45:56.0093 0800	Cdfs - ok
04:45:56.0140 0800	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
04:45:56.0140 0800	Cdrom - ok
04:45:56.0156 0800	Changer - ok
04:45:56.0187 0800	CmdIde - ok
04:45:56.0218 0800	Cpqarray - ok
04:45:56.0359 0800	cpuz135 - ok
04:45:56.0375 0800	dac2w2k - ok
04:45:56.0390 0800	dac960nt - ok
04:45:56.0437 0800	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
04:45:56.0437 0800	Disk - ok
04:45:56.0515 0800	dmboot          (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
04:45:56.0531 0800	dmboot - ok
04:45:56.0546 0800	dmio            (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
04:45:56.0546 0800	dmio - ok
04:45:56.0578 0800	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
04:45:56.0578 0800	dmload - ok
04:45:56.0609 0800	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
04:45:56.0609 0800	DMusic - ok
04:45:56.0640 0800	dpti2o - ok
04:45:56.0687 0800	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
04:45:56.0687 0800	drmkaud - ok
04:45:56.0734 0800	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
04:45:56.0734 0800	Fastfat - ok
04:45:56.0750 0800	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
04:45:56.0750 0800	Fdc - ok
04:45:56.0781 0800	Fips            (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
04:45:56.0781 0800	Fips - ok
04:45:56.0796 0800	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
04:45:56.0796 0800	Flpydisk - ok
04:45:56.0843 0800	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
04:45:56.0843 0800	FltMgr - ok
04:45:56.0906 0800	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
04:45:56.0906 0800	Fs_Rec - ok
04:45:56.0921 0800	Ftdisk          (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
04:45:56.0937 0800	Ftdisk - ok
04:45:56.0968 0800	gameenum        (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
04:45:56.0968 0800	gameenum - ok
04:45:57.0031 0800	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
04:45:57.0031 0800	Gpc - ok
04:45:57.0078 0800	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
04:45:57.0078 0800	HidUsb - ok
04:45:57.0093 0800	hpn - ok
04:45:57.0156 0800	HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
04:45:57.0156 0800	HTTP - ok
04:45:57.0171 0800	i2omgmt - ok
04:45:57.0187 0800	i2omp - ok
04:45:57.0218 0800	i8042prt        (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
04:45:57.0218 0800	i8042prt - ok
04:45:57.0234 0800	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
04:45:57.0250 0800	Imapi - ok
04:45:57.0265 0800	ini910u - ok
04:45:57.0281 0800	IntelIde - ok
04:45:57.0312 0800	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
04:45:57.0312 0800	Ip6Fw - ok
04:45:57.0343 0800	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
04:45:57.0343 0800	IpFilterDriver - ok
04:45:57.0359 0800	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
04:45:57.0359 0800	IpInIp - ok
04:45:57.0375 0800	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
04:45:57.0375 0800	IpNat - ok
04:45:57.0406 0800	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
04:45:57.0406 0800	IPSec - ok
04:45:57.0453 0800	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
04:45:57.0453 0800	IRENUM - ok
04:45:57.0468 0800	isapnp          (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
04:45:57.0468 0800	isapnp - ok
04:45:57.0515 0800	Kbdclass        (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
04:45:57.0515 0800	Kbdclass - ok
04:45:57.0562 0800	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
04:45:57.0562 0800	kmixer - ok
04:45:57.0625 0800	kqugng          (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\bemrushy.sys
04:45:57.0625 0800	kqugng - ok
04:45:57.0656 0800	KSecDD          (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
04:45:57.0656 0800	KSecDD - ok
04:45:57.0671 0800	lbrtfdc - ok
04:45:57.0734 0800	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
04:45:57.0734 0800	MBAMProtector - ok
04:45:57.0796 0800	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
04:45:57.0796 0800	mnmdd - ok
04:45:57.0828 0800	Modem           (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
04:45:57.0828 0800	Modem - ok
04:45:57.0843 0800	Mouclass        (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
04:45:57.0843 0800	Mouclass - ok
04:45:57.0875 0800	mouhid          (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
04:45:57.0875 0800	mouhid - ok
04:45:57.0906 0800	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
04:45:57.0906 0800	MountMgr - ok
04:45:57.0921 0800	mraid35x - ok
04:45:57.0953 0800	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
04:45:57.0953 0800	MRxDAV - ok
04:45:57.0984 0800	MRxSmb          (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
04:45:57.0984 0800	MRxSmb - ok
04:45:58.0015 0800	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
04:45:58.0015 0800	Msfs - ok
04:45:58.0062 0800	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
04:45:58.0062 0800	MSKSSRV - ok
04:45:58.0078 0800	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
04:45:58.0078 0800	MSPCLOCK - ok
04:45:58.0125 0800	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
04:45:58.0125 0800	MSPQM - ok
04:45:58.0156 0800	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
04:45:58.0156 0800	mssmbios - ok
04:45:58.0218 0800	ms_mpu401       (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
04:45:58.0218 0800	ms_mpu401 - ok
04:45:58.0265 0800	MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
04:45:58.0265 0800	MTsensor - ok
04:45:58.0281 0800	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
04:45:58.0281 0800	Mup - ok
04:45:58.0312 0800	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
04:45:58.0312 0800	NDIS - ok
04:45:58.0328 0800	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
04:45:58.0328 0800	NdisTapi - ok
04:45:58.0359 0800	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
04:45:58.0359 0800	Ndisuio - ok
04:45:58.0375 0800	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
04:45:58.0375 0800	NdisWan - ok
04:45:58.0390 0800	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
04:45:58.0390 0800	NDProxy - ok
04:45:58.0406 0800	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
04:45:58.0406 0800	NetBIOS - ok
04:45:58.0421 0800	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
04:45:58.0421 0800	NetBT - ok
04:45:58.0468 0800	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
04:45:58.0468 0800	NIC1394 - ok
04:45:58.0500 0800	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
04:45:58.0500 0800	Npfs - ok
04:45:58.0531 0800	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
04:45:58.0531 0800	Ntfs - ok
04:45:58.0578 0800	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
04:45:58.0578 0800	Null - ok
04:45:58.0593 0800	nvata           (dce353985c988bfb7e84fd942068151f) C:\WINDOWS\system32\DRIVERS\nvata.sys
04:45:58.0593 0800	nvata - ok
04:45:58.0625 0800	NVENETFD        (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
04:45:58.0625 0800	NVENETFD - ok
04:45:58.0656 0800	nvnetbus        (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
04:45:58.0656 0800	nvnetbus - ok
04:45:58.0703 0800	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
04:45:58.0703 0800	NwlnkFlt - ok
04:45:58.0718 0800	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
04:45:58.0718 0800	NwlnkFwd - ok
04:45:58.0750 0800	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
04:45:58.0750 0800	ohci1394 - ok
04:45:58.0812 0800	Parport         (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\DRIVERS\parport.sys
04:45:58.0812 0800	Parport - ok
04:45:58.0828 0800	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
04:45:58.0828 0800	PartMgr - ok
04:45:58.0843 0800	ParVdm          (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
04:45:58.0843 0800	ParVdm - ok
04:45:58.0859 0800	PCI             (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
04:45:58.0859 0800	PCI - ok
04:45:58.0875 0800	PCIDump - ok
04:45:58.0890 0800	PCIIde          (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
04:45:58.0890 0800	PCIIde - ok
04:45:58.0921 0800	Pcmcia          (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
04:45:58.0921 0800	Pcmcia - ok
04:45:58.0937 0800	PDCOMP - ok
04:45:58.0953 0800	PDFRAME - ok
04:45:58.0968 0800	PDRELI - ok
04:45:58.0968 0800	PDRFRAME - ok
04:45:58.0984 0800	perc2 - ok
04:45:59.0000 0800	perc2hib - ok
04:45:59.0062 0800	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
04:45:59.0062 0800	PptpMiniport - ok
04:45:59.0078 0800	Processor       (b479f50e883b2297a5f7f212aaee6f6c) C:\WINDOWS\system32\DRIVERS\processr.sys
04:45:59.0078 0800	Processor - ok
04:45:59.0093 0800	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
04:45:59.0109 0800	PSched - ok
04:45:59.0125 0800	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
04:45:59.0125 0800	Ptilink - ok
04:45:59.0140 0800	ql1080 - ok
04:45:59.0156 0800	Ql10wnt - ok
04:45:59.0171 0800	ql12160 - ok
04:45:59.0187 0800	ql1240 - ok
04:45:59.0203 0800	ql1280 - ok
04:45:59.0218 0800	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
04:45:59.0218 0800	RasAcd - ok
04:45:59.0250 0800	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
04:45:59.0250 0800	Rasl2tp - ok
04:45:59.0265 0800	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
04:45:59.0265 0800	RasPppoe - ok
04:45:59.0281 0800	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
04:45:59.0281 0800	Raspti - ok
04:45:59.0296 0800	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
04:45:59.0296 0800	Rdbss - ok
04:45:59.0328 0800	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
04:45:59.0328 0800	RDPCDD - ok
04:45:59.0359 0800	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
04:45:59.0359 0800	rdpdr - ok
04:45:59.0437 0800	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
04:45:59.0437 0800	RDPWD - ok
04:45:59.0500 0800	redbook         (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
04:45:59.0500 0800	redbook - ok
04:45:59.0578 0800	RTL8192cu       (474b7bcb74e9d6388cfbe9c2a11ac02e) C:\WINDOWS\system32\DRIVERS\RTL8192cu.sys
04:45:59.0578 0800	RTL8192cu - ok
04:45:59.0734 0800	SASDIFSV        (4bfbb868c869a4f8486d4c36849d59cf) C:\DOCUME~1\Stefano\IMPOST~1\Temp\SAS_SelfExtract\SASDIFSV.SYS
04:45:59.0734 0800	SASDIFSV - ok
04:45:59.0796 0800	SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\DOCUME~1\Stefano\IMPOST~1\Temp\SAS_SelfExtract\SASKUTIL.SYS
04:45:59.0796 0800	SASKUTIL - ok
04:45:59.0843 0800	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
04:45:59.0843 0800	Secdrv - ok
04:45:59.0890 0800	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
04:45:59.0906 0800	serenum - ok
04:45:59.0937 0800	Serial          (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\DRIVERS\serial.sys
04:45:59.0937 0800	Serial - ok
04:45:59.0984 0800	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
04:45:59.0984 0800	Sfloppy - ok
04:46:00.0000 0800	Simbad - ok
04:46:00.0031 0800	Sparrow - ok
04:46:00.0062 0800	speccy - ok
04:46:00.0078 0800	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
04:46:00.0078 0800	splitter - ok
04:46:00.0125 0800	sr              (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
04:46:00.0140 0800	sr - ok
04:46:00.0187 0800	Srv             (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
04:46:00.0187 0800	Srv - ok
04:46:00.0218 0800	ST330           (c9fa6a70c051fc59d22c2e4cd211ad9b) C:\WINDOWS\system32\drivers\st330.sys
04:46:00.0218 0800	ST330 - ok
04:46:00.0234 0800	STBUS           (0017202eb0224f82706f04ed35ab23c2) C:\WINDOWS\system32\drivers\stbus.sys
04:46:00.0234 0800	STBUS - ok
04:46:00.0265 0800	stppp           (0a9484e3cdafb529b392b5e9ebbc4aa6) C:\WINDOWS\system32\DRIVERS\stppp.sys
04:46:00.0281 0800	stppp - ok
04:46:00.0296 0800	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
04:46:00.0296 0800	swenum - ok
04:46:00.0328 0800	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
04:46:00.0328 0800	swmidi - ok
04:46:00.0343 0800	symc810 - ok
04:46:00.0359 0800	symc8xx - ok
04:46:00.0375 0800	sym_hi - ok
04:46:00.0390 0800	sym_u3 - ok
04:46:00.0406 0800	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
04:46:00.0406 0800	sysaudio - ok
04:46:00.0453 0800	Tcpip           (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
04:46:00.0453 0800	Tcpip - ok
04:46:00.0484 0800	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
04:46:00.0484 0800	TDPIPE - ok
04:46:00.0562 0800	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
04:46:00.0562 0800	TDTCP - ok
04:46:00.0609 0800	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
04:46:00.0609 0800	TermDD - ok
04:46:00.0640 0800	TosIde - ok
04:46:00.0687 0800	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
04:46:00.0687 0800	Udfs - ok
04:46:00.0703 0800	ultra - ok
04:46:00.0750 0800	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
04:46:00.0750 0800	Update - ok
04:46:00.0812 0800	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
04:46:00.0812 0800	usbehci - ok
04:46:00.0828 0800	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
04:46:00.0828 0800	usbhub - ok
04:46:00.0859 0800	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
04:46:00.0859 0800	usbohci - ok
04:46:00.0890 0800	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
04:46:00.0890 0800	usbstor - ok
04:46:00.0921 0800	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
04:46:00.0921 0800	VgaSave - ok
04:46:00.0937 0800	ViaIde - ok
04:46:00.0953 0800	VolSnap         (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
04:46:00.0953 0800	VolSnap - ok
04:46:01.0000 0800	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
04:46:01.0000 0800	Wanarp - ok
04:46:01.0015 0800	WDICA - ok
04:46:01.0062 0800	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
04:46:01.0062 0800	wdmaud - ok
04:46:01.0156 0800	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
04:46:01.0156 0800	WS2IFSL - ok
04:46:01.0218 0800	MBR (0x1B8)     (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
04:46:01.0328 0800	\Device\Harddisk0\DR0 - ok
04:46:01.0343 0800	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
04:46:01.0343 0800	\Device\Harddisk1\DR1 - ok
04:46:01.0359 0800	Boot (0x1200)   (cdb69565ac804fab12ffcb7813cf06e7) \Device\Harddisk0\DR0\Partition0
04:46:01.0359 0800	\Device\Harddisk0\DR0\Partition0 - ok
04:46:01.0375 0800	Boot (0x1200)   (a917041e5b6b8495e41204d27ad0d294) \Device\Harddisk1\DR1\Partition0
04:46:01.0375 0800	\Device\Harddisk1\DR1\Partition0 - ok
04:46:01.0375 0800	============================================================
04:46:01.0375 0800	Scan finished
04:46:01.0375 0800	============================================================
04:46:01.0390 2728	Detected object count: 0
04:46:01.0390 2728	Actual detected object count: 0
04:47:14.0421 3860	============================================================
04:47:14.0421 3860	Scan started
04:47:14.0421 3860	Mode: Manual; 
04:47:14.0421 3860	============================================================
04:47:14.0625 3860	Aavmker4        (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
04:47:14.0625 3860	Aavmker4 - ok
04:47:14.0640 3860	Abiosdsk - ok
04:47:14.0656 3860	abp480n5 - ok
04:47:14.0671 3860	ACPI            (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
04:47:14.0671 3860	ACPI - ok
04:47:14.0703 3860	ACPIEC          (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys
04:47:14.0703 3860	ACPIEC - ok
04:47:14.0750 3860	adfs            (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
04:47:14.0750 3860	adfs - ok
04:47:14.0765 3860	adpu160m - ok
04:47:14.0812 3860	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
04:47:14.0812 3860	aec - ok
04:47:14.0843 3860	AegisP          (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
04:47:14.0843 3860	AegisP - ok
04:47:14.0906 3860	AFD             (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
04:47:14.0906 3860	AFD - ok
04:47:14.0968 3860	Aha154x - ok
04:47:14.0984 3860	aic78u2 - ok
04:47:15.0000 3860	aic78xx - ok
04:47:15.0015 3860	alcan5wn        (235ced68762538aae388cca5cdc0441a) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
04:47:15.0015 3860	alcan5wn - ok
04:47:15.0109 3860	alcaudsl        (d6652432d103b4228ffad7a754a374b5) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
04:47:15.0109 3860	alcaudsl - ok
04:47:15.0218 3860	ALCXWDM         (933933288df5ed26d1928215c97d05c7) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
04:47:15.0234 3860	ALCXWDM - ok
04:47:15.0250 3860	AliIde - ok
04:47:15.0281 3860	AmdK8           (899f7c468b2bfd1561765c413d40a8bd) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
04:47:15.0281 3860	AmdK8 - ok
04:47:15.0281 3860	amsint - ok
04:47:15.0312 3860	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
04:47:15.0312 3860	Arp1394 - ok
04:47:15.0328 3860	asc - ok
04:47:15.0343 3860	asc3350p - ok
04:47:15.0359 3860	asc3550 - ok
04:47:15.0390 3860	aswFsBlk        (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
04:47:15.0390 3860	aswFsBlk - ok
04:47:15.0406 3860	aswMon2         (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
04:47:15.0406 3860	aswMon2 - ok
04:47:15.0437 3860	aswRdr          (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
04:47:15.0437 3860	aswRdr - ok
04:47:15.0484 3860	aswSnx          (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
04:47:15.0484 3860	aswSnx - ok
04:47:15.0515 3860	aswSP           (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
04:47:15.0515 3860	aswSP - ok
04:47:15.0531 3860	aswTdi          (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
04:47:15.0531 3860	aswTdi - ok
04:47:15.0562 3860	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
04:47:15.0562 3860	AsyncMac - ok
04:47:15.0640 3860	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
04:47:15.0640 3860	atapi - ok
04:47:15.0656 3860	Atdisk - ok
04:47:15.0734 3860	ati2mtag        (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
04:47:15.0750 3860	ati2mtag - ok
04:47:15.0765 3860	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
04:47:15.0765 3860	Atmarpc - ok
04:47:15.0812 3860	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
04:47:15.0812 3860	audstub - ok
04:47:15.0875 3860	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
04:47:15.0875 3860	Beep - ok
04:47:15.0906 3860	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
04:47:15.0906 3860	cbidf2k - ok
04:47:15.0921 3860	cd20xrnt - ok
04:47:15.0953 3860	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
04:47:15.0953 3860	Cdaudio - ok
04:47:15.0968 3860	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
04:47:15.0968 3860	Cdfs - ok
04:47:16.0000 3860	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
04:47:16.0000 3860	Cdrom - ok
04:47:16.0015 3860	Changer - ok
04:47:16.0046 3860	CmdIde - ok
04:47:16.0078 3860	Cpqarray - ok
04:47:16.0218 3860	cpuz135 - ok
04:47:16.0234 3860	dac2w2k - ok
04:47:16.0250 3860	dac960nt - ok
04:47:16.0265 3860	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
04:47:16.0265 3860	Disk - ok
04:47:16.0328 3860	dmboot          (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
04:47:16.0343 3860	dmboot - ok
04:47:16.0406 3860	dmio            (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
04:47:16.0406 3860	dmio - ok
04:47:16.0437 3860	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
04:47:16.0437 3860	dmload - ok
04:47:16.0468 3860	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
04:47:16.0468 3860	DMusic - ok
04:47:16.0500 3860	dpti2o - ok
04:47:16.0531 3860	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
04:47:16.0531 3860	drmkaud - ok
04:47:16.0578 3860	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
04:47:16.0578 3860	Fastfat - ok
04:47:16.0609 3860	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
04:47:16.0609 3860	Fdc - ok
04:47:16.0625 3860	Fips            (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
04:47:16.0625 3860	Fips - ok
04:47:16.0640 3860	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
04:47:16.0640 3860	Flpydisk - ok
04:47:16.0687 3860	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
04:47:16.0687 3860	FltMgr - ok
04:47:16.0703 3860	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
04:47:16.0703 3860	Fs_Rec - ok
04:47:16.0718 3860	Ftdisk          (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
04:47:16.0718 3860	Ftdisk - ok
04:47:16.0750 3860	gameenum        (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
04:47:16.0750 3860	gameenum - ok
04:47:16.0765 3860	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
04:47:16.0765 3860	Gpc - ok
04:47:16.0828 3860	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
04:47:16.0828 3860	HidUsb - ok
04:47:16.0843 3860	hpn - ok
04:47:16.0859 3860	HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
04:47:16.0875 3860	HTTP - ok
04:47:16.0890 3860	i2omgmt - ok
04:47:16.0906 3860	i2omp - ok
04:47:16.0937 3860	i8042prt        (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
04:47:16.0937 3860	i8042prt - ok
04:47:17.0000 3860	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
04:47:17.0000 3860	Imapi - ok
04:47:17.0015 3860	ini910u - ok
04:47:17.0031 3860	IntelIde - ok
04:47:17.0078 3860	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
04:47:17.0078 3860	Ip6Fw - ok
04:47:17.0109 3860	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
04:47:17.0109 3860	IpFilterDriver - ok
04:47:17.0125 3860	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
04:47:17.0125 3860	IpInIp - ok
04:47:17.0140 3860	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
04:47:17.0140 3860	IpNat - ok
04:47:17.0171 3860	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
04:47:17.0171 3860	IPSec - ok
04:47:17.0234 3860	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
04:47:17.0234 3860	IRENUM - ok
04:47:17.0265 3860	isapnp          (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
04:47:17.0265 3860	isapnp - ok
04:47:17.0296 3860	Kbdclass        (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
04:47:17.0296 3860	Kbdclass - ok
04:47:17.0343 3860	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
04:47:17.0343 3860	kmixer - ok
04:47:17.0375 3860	kqugng          (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\bemrushy.sys
04:47:17.0375 3860	kqugng - ok
04:47:17.0390 3860	KSecDD          (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
04:47:17.0390 3860	KSecDD - ok
04:47:17.0421 3860	lbrtfdc - ok
04:47:17.0484 3860	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
04:47:17.0484 3860	MBAMProtector - ok
04:47:17.0546 3860	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
04:47:17.0546 3860	mnmdd - ok
04:47:17.0625 3860	Modem           (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
04:47:17.0625 3860	Modem - ok
04:47:17.0640 3860	Mouclass        (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
04:47:17.0640 3860	Mouclass - ok
04:47:17.0687 3860	mouhid          (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
04:47:17.0687 3860	mouhid - ok
04:47:17.0703 3860	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
04:47:17.0703 3860	MountMgr - ok
04:47:17.0718 3860	mraid35x - ok
04:47:17.0765 3860	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
04:47:17.0781 3860	MRxDAV - ok
04:47:17.0812 3860	MRxSmb          (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
04:47:17.0812 3860	MRxSmb - ok
04:47:17.0843 3860	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
04:47:17.0843 3860	Msfs - ok
04:47:17.0906 3860	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
04:47:17.0906 3860	MSKSSRV - ok
04:47:17.0921 3860	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
04:47:17.0921 3860	MSPCLOCK - ok
04:47:17.0953 3860	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
04:47:17.0953 3860	MSPQM - ok
04:47:17.0984 3860	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
04:47:17.0984 3860	mssmbios - ok
04:47:17.0984 3860	ms_mpu401       (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
04:47:17.0984 3860	ms_mpu401 - ok
04:47:18.0031 3860	MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
04:47:18.0031 3860	MTsensor - ok
04:47:18.0046 3860	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
04:47:18.0046 3860	Mup - ok
04:47:18.0093 3860	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
04:47:18.0093 3860	NDIS - ok
04:47:18.0109 3860	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
04:47:18.0109 3860	NdisTapi - ok
04:47:18.0140 3860	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
04:47:18.0140 3860	Ndisuio - ok
04:47:18.0156 3860	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
04:47:18.0156 3860	NdisWan - ok
04:47:18.0171 3860	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
04:47:18.0171 3860	NDProxy - ok
04:47:18.0187 3860	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
04:47:18.0187 3860	NetBIOS - ok
04:47:18.0203 3860	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
04:47:18.0203 3860	NetBT - ok
04:47:18.0250 3860	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
04:47:18.0250 3860	NIC1394 - ok
04:47:18.0281 3860	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
04:47:18.0281 3860	Npfs - ok
04:47:18.0312 3860	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
04:47:18.0328 3860	Ntfs - ok
04:47:18.0375 3860	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
04:47:18.0375 3860	Null - ok
04:47:18.0406 3860	nvata           (dce353985c988bfb7e84fd942068151f) C:\WINDOWS\system32\DRIVERS\nvata.sys
04:47:18.0406 3860	nvata - ok
04:47:18.0406 3860	NVENETFD        (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
04:47:18.0406 3860	NVENETFD - ok
04:47:18.0437 3860	nvnetbus        (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
04:47:18.0437 3860	nvnetbus - ok
04:47:18.0484 3860	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
04:47:18.0484 3860	NwlnkFlt - ok
04:47:18.0500 3860	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
04:47:18.0500 3860	NwlnkFwd - ok
04:47:18.0531 3860	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
04:47:18.0531 3860	ohci1394 - ok
04:47:18.0562 3860	Parport         (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\DRIVERS\parport.sys
04:47:18.0562 3860	Parport - ok
04:47:18.0578 3860	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
04:47:18.0578 3860	PartMgr - ok
04:47:18.0593 3860	ParVdm          (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
04:47:18.0593 3860	ParVdm - ok
04:47:18.0656 3860	PCI             (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
04:47:18.0656 3860	PCI - ok
04:47:18.0671 3860	PCIDump - ok
04:47:18.0671 3860	PCIIde          (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
04:47:18.0671 3860	PCIIde - ok
04:47:18.0703 3860	Pcmcia          (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
04:47:18.0703 3860	Pcmcia - ok
04:47:18.0718 3860	PDCOMP - ok
04:47:18.0734 3860	PDFRAME - ok
04:47:18.0750 3860	PDRELI - ok
04:47:18.0765 3860	PDRFRAME - ok
04:47:18.0765 3860	perc2 - ok
04:47:18.0781 3860	perc2hib - ok
04:47:18.0843 3860	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
04:47:18.0843 3860	PptpMiniport - ok
04:47:18.0859 3860	Processor       (b479f50e883b2297a5f7f212aaee6f6c) C:\WINDOWS\system32\DRIVERS\processr.sys
04:47:18.0875 3860	Processor - ok
04:47:18.0890 3860	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
04:47:18.0890 3860	PSched - ok
04:47:18.0906 3860	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
04:47:18.0906 3860	Ptilink - ok
04:47:18.0921 3860	ql1080 - ok
04:47:18.0937 3860	Ql10wnt - ok
04:47:18.0953 3860	ql12160 - ok
04:47:18.0968 3860	ql1240 - ok
04:47:18.0968 3860	ql1280 - ok
04:47:19.0015 3860	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
04:47:19.0015 3860	RasAcd - ok
04:47:19.0031 3860	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
04:47:19.0031 3860	Rasl2tp - ok
04:47:19.0046 3860	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
04:47:19.0046 3860	RasPppoe - ok
04:47:19.0062 3860	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
04:47:19.0062 3860	Raspti - ok
04:47:19.0078 3860	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
04:47:19.0078 3860	Rdbss - ok
04:47:19.0093 3860	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
04:47:19.0093 3860	RDPCDD - ok
04:47:19.0125 3860	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
04:47:19.0140 3860	rdpdr - ok
04:47:19.0156 3860	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
04:47:19.0156 3860	RDPWD - ok
04:47:19.0218 3860	redbook         (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
04:47:19.0218 3860	redbook - ok
04:47:19.0296 3860	RTL8192cu       (474b7bcb74e9d6388cfbe9c2a11ac02e) C:\WINDOWS\system32\DRIVERS\RTL8192cu.sys
04:47:19.0296 3860	RTL8192cu - ok
04:47:19.0453 3860	SASDIFSV        (4bfbb868c869a4f8486d4c36849d59cf) C:\DOCUME~1\Stefano\IMPOST~1\Temp\SAS_SelfExtract\SASDIFSV.SYS
04:47:19.0453 3860	SASDIFSV - ok
04:47:19.0515 3860	SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\DOCUME~1\Stefano\IMPOST~1\Temp\SAS_SelfExtract\SASKUTIL.SYS
04:47:19.0515 3860	SASKUTIL - ok
04:47:19.0578 3860	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
04:47:19.0578 3860	Secdrv - ok
04:47:19.0609 3860	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
04:47:19.0609 3860	serenum - ok
04:47:19.0625 3860	Serial          (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\DRIVERS\serial.sys
04:47:19.0640 3860	Serial - ok
04:47:19.0687 3860	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
04:47:19.0687 3860	Sfloppy - ok
04:47:19.0703 3860	Simbad - ok
04:47:19.0718 3860	Sparrow - ok
04:47:19.0750 3860	speccy - ok
04:47:19.0781 3860	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
04:47:19.0781 3860	splitter - ok
04:47:19.0828 3860	sr              (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
04:47:19.0828 3860	sr - ok
04:47:19.0875 3860	Srv             (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
04:47:19.0875 3860	Srv - ok
04:47:19.0921 3860	ST330           (c9fa6a70c051fc59d22c2e4cd211ad9b) C:\WINDOWS\system32\drivers\st330.sys
04:47:19.0921 3860	ST330 - ok
04:47:19.0937 3860	STBUS           (0017202eb0224f82706f04ed35ab23c2) C:\WINDOWS\system32\drivers\stbus.sys
04:47:19.0937 3860	STBUS - ok
04:47:19.0968 3860	stppp           (0a9484e3cdafb529b392b5e9ebbc4aa6) C:\WINDOWS\system32\DRIVERS\stppp.sys
04:47:19.0968 3860	stppp - ok
04:47:20.0031 3860	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
04:47:20.0031 3860	swenum - ok
04:47:20.0078 3860	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
04:47:20.0078 3860	swmidi - ok
04:47:20.0093 3860	symc810 - ok
04:47:20.0109 3860	symc8xx - ok
04:47:20.0125 3860	sym_hi - ok
04:47:20.0140 3860	sym_u3 - ok
04:47:20.0156 3860	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
04:47:20.0156 3860	sysaudio - ok
04:47:20.0187 3860	Tcpip           (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
04:47:20.0203 3860	Tcpip - ok
04:47:20.0218 3860	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
04:47:20.0218 3860	TDPIPE - ok
04:47:20.0234 3860	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
04:47:20.0234 3860	TDTCP - ok
04:47:20.0265 3860	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
04:47:20.0265 3860	TermDD - ok
04:47:20.0296 3860	TosIde - ok
04:47:20.0343 3860	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
04:47:20.0343 3860	Udfs - ok
04:47:20.0359 3860	ultra - ok
04:47:20.0406 3860	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
04:47:20.0406 3860	Update - ok
04:47:20.0453 3860	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
04:47:20.0453 3860	usbehci - ok
04:47:20.0484 3860	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
04:47:20.0484 3860	usbhub - ok
04:47:20.0515 3860	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
04:47:20.0515 3860	usbohci - ok
04:47:20.0531 3860	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
04:47:20.0531 3860	usbstor - ok
04:47:20.0562 3860	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
04:47:20.0562 3860	VgaSave - ok
04:47:20.0578 3860	ViaIde - ok
04:47:20.0593 3860	VolSnap         (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
04:47:20.0609 3860	VolSnap - ok
04:47:20.0640 3860	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
04:47:20.0640 3860	Wanarp - ok
04:47:20.0656 3860	WDICA - ok
04:47:20.0703 3860	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
04:47:20.0703 3860	wdmaud - ok
04:47:20.0796 3860	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
04:47:20.0796 3860	WS2IFSL - ok
04:47:20.0859 3860	MBR (0x1B8)     (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
04:47:20.0968 3860	\Device\Harddisk0\DR0 - ok
04:47:20.0984 3860	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
04:47:21.0000 3860	\Device\Harddisk1\DR1 - ok
04:47:21.0000 3860	Boot (0x1200)   (cdb69565ac804fab12ffcb7813cf06e7) \Device\Harddisk0\DR0\Partition0
04:47:21.0000 3860	\Device\Harddisk0\DR0\Partition0 - ok
04:47:21.0015 3860	Boot (0x1200)   (a917041e5b6b8495e41204d27ad0d294) \Device\Harddisk1\DR1\Partition0
04:47:21.0015 3860	\Device\Harddisk1\DR1\Partition0 - ok
04:47:21.0015 3860	============================================================
04:47:21.0015 3860	Scan finished
04:47:21.0015 3860	============================================================
04:47:21.0031 2904	Detected object count: 0
04:47:21.0031 2904	Actual detected object count: 0

Riavvio PC in modalità normale. Tutto OK! (carica tutto e non si blocca)

HijackThis (modalità normale):

Codice:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5.19.11, on 16/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Alwil Software\Avast5\avastUI.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Granola (MiserWare)\granola.exe
C:\Programmi\VisualTaskTips\VisualTaskTips.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\MemoRex\MemoRex.exe
C:\Programmi\MmmFREE (Hace)\Mmm.exe
C:\Programmi\Actual Window Manager\ActualWindowManagerCenter.exe
C:\Programmi\Copernic Desktop Search (Corporate)\DesktopSearchService.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet\Connect\11\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DAP\DAP.EXE
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\PhraseExpress\phraseexpress.exe
C:\Programmi\4t Tray Minimizer\4t-min.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmi\RunIt!\RunIt.exe
C:\Programmi\File comuni\Nuance\dgnsvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Nitro PDF Reader\NitroPDFReaderDriverService2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Stefano\IMPOST~1\Temp\Rar$EX01.968\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\OrbitDownloader\orbitcth.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programmi\FlashGET\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\Stefano\Impostazioni locali\Temp\Rar$EX01.828\tools\bitcometbho.dll (file missing)
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programmi\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programmi\FlashGET\getflash.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programmi\OrbitDownloader\GrabPro.dll
O3 - Toolbar: Copernic Desktop Search - Corporate Toolbar - {B69A3268-DA39-49B0-B1A6-4E7E4B98BB45} - C:\Programmi\Copernic Desktop Search (Corporate)\Toolbar\ToolbarContainer101000325.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programmi\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Programmi\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [MemoREX] "C:\Programmi\MemoRex\MemoRexStart.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [facemoods] "C:\Programmi\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [DNS7reminder] "C:\Programmi\DragonNaturallySpeaking11 (Nuance)\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dati applicazioni\Nuance\NaturallySpeaking11\Ereg.ini"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Granola] "C:\Programmi\Granola (MiserWare)\granola.exe"
O4 - HKCU\..\Run: [VisualTaskTips] C:\Programmi\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [Mmm] "C:\Programmi\MmmFREE (Hace)\Mmm.exe"
O4 - HKCU\..\Run: [Actual Window Manager] "C:\Programmi\Actual Window Manager\ActualWindowManagerCenter.exe"
O4 - HKCU\..\Run: [Copernic Desktop Search - Corporate] "C:\Programmi\Copernic Desktop Search (Corporate)\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM] C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Programmi\DAP\DAP.EXE" /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 4t Tray Minimizer.lnk = C:\Programmi\4t Tray Minimizer\4t-min.exe
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: RunIt!.lnk = C:\Programmi\RunIt!\RunIt.exe
O4 - Global Startup: PhraseExpress.lnk = C:\Programmi\PhraseExpress\phraseexpress.exe
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Programmi\OrbitDownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmi\OrbitDownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Scarica con FlashGet - C:\Programmi\FlashGET\jc_link.htm
O8 - Extra context menu item: &Scarica tutto con FlashGet - C:\Programmi\FlashGET\jc_all.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programmi\OrbitDownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programmi\OrbitDownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: Scarica tutto usando BitComet - res://C:\Documents and Settings\Stefano\Impostazioni locali\Temp\Rar$EX01.828\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Scarica usando &BitComet - res://C:\Documents and Settings\Stefano\Impostazioni locali\Temp\Rar$EX01.828\BitComet.exe/AddLink.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Documents and Settings\Stefano\Impostazioni locali\Temp\Rar$EX01.828\tools\bitcometbho.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmi\FlashGET\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmi\FlashGET\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Programmi\File comuni\Nuance\dgnsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Programmi\Nitro PDF Reader\NitroPDFReaderDriverService2.exe

--
End of file - 10581 bytes

ComboFix ho provato ad usarlo ma, sinceramente, mi fa un po' paura! E' un programma abbastanza particolare :oogle:
Mi viene bloccato da Avast e, nel percorso, leggo un nome strano, clicco su "Apri normalmente" e mi da errore, riprovo altre 2/3 volte e sempre errore, poi mi si apre una schermata di consenso...e il PC mi fa un rumore stranissimo (tipo un "BIP" mai sentito). Ho cliccato su NO anche se, probabilmente, dovevo cliccare su SI. Non vorrei far danni!

Forse avrei dovuto anche disabilitare l'antivirus (in più...non posso eseguirlo da amministratore perchè non conosco la password)

Questo è quanto. Dimmi tu.

tecnico24 · 16 Febbraio 2012

Per avviare Combofix :
Disattiva antivirus , firewall e connessione internet
Tasto destro sull'icona di combofix posizionata sul desktop e click su esegui come amministratore
Il programma lavorerà ( lascialo lavorare ) e alla fine dopo il riavvio ti posterà il suo report.

Gli antivirus vanno disattivati , in questo caso Avast

Malwarebytes ha rilevato parecchie infezioni , hai cliccato su Rimuovi elementi selezionati ?
In caso negativo rifai la scansione e assicurati che tutte le infezioni siano spuntate e rimuovile.
Altrimenti portati in quarantena ed elimina i valori rilevati.

Devilman · 16 Febbraio 2012

Malwarebytes mediante scansione completa ha rilevato 15 infezioni. Ho fatto rimuovi elementi selezionati e mi ha tolto tutto. Devo fare altro?

Questo il log di rimozione:

Codice:

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Versione database: v2012.02.15.03

Windows XP Service Pack 3 x86 NTFS (Modalità provvisoria con rete)
Internet Explorer 8.0.6001.18702
Stefano :: PC-STEFANO [amministratore]

Protezione: Disattivata

16/02/2012 3.39.14
mbam-log-2012-02-16 (03-39-14).txt

Tipo di scansione: Scansione completa
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 268889
Tempo impiegato: 38 minuti, 21 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Security (Rogue.InternetSecurity) -> Dati: C:\Documents and Settings\All Users\Dati applicazioni\isecurity.exe -> Spostato in quarantena ed eliminato con successo.

Voci rilevate nei dati di registro: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Cattivo: (1) Buono: (0) -> Spostato in quarantena e riparato con successo.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Cattivo: (1) Buono: (0) -> Spostato in quarantena e riparato con successo.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Cattivo: (1) Buono: (0) -> Spostato in quarantena e riparato con successo.

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 11
C:\Documents and Settings\All Users\Dati applicazioni\isecurity.exe (Rogue.InternetSecurity) -> Spostato in quarantena ed eliminato con successo.
C:\Documents and Settings\Stefano\Dati applicazioni\Sun\Java\Deployment\cache\6.0\18\4b370852-6f3eb470 (Trojan.Agent.TW) -> Spostato in quarantena ed eliminato con successo.
C:\Documents and Settings\Stefano\Dati applicazioni\Sun\Java\Deployment\cache\6.0\55\433c9bb7-4946617d (Trojan.VUPX.ON1) -> Spostato in quarantena ed eliminato con successo.
C:\Documents and Settings\Stefano\Impostazioni locali\Temp\0.4963367461490301.exe (Trojan.VUPX.ON1) -> Spostato in quarantena ed eliminato con successo.
C:\Documents and Settings\Stefano\Impostazioni locali\Temp\116.tmp (Rogue.InternetSecurity) -> Spostato in quarantena ed eliminato con successo.
C:\Documents and Settings\Stefano\Impostazioni locali\Temp\jika0.0020963547719070608.exe (Trojan.Agent.TW) -> Spostato in quarantena ed eliminato con successo.
C:\Documents and Settings\Stefano\Impostazioni locali\Temp\oleda0.5493947347561876.exe (Trojan.Agent.TW) -> Spostato in quarantena ed eliminato con successo.
C:\Documents and Settings\Stefano\Impostazioni locali\Temp\~!#115.tmp (Rogue.InternetSecurity) -> Spostato in quarantena ed eliminato con successo.
C:\WINDOWS\system32\CRYPT.DLL (Hacktool) -> Spostato in quarantena ed eliminato con successo.
C:\Documents and Settings\All Users\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Spostato in quarantena ed eliminato con successo.
C:\Documents and Settings\Stefano\Menu Avvio\Programmi\Esecuzione automatica\0.4963367461490301.exe.lnk (Backdoor.Agent) -> Spostato in quarantena ed eliminato con successo.

(fine)

ComboFix: se clicco tasto destro sull'icona del desktop, mi si apre la finestra con tutte le classiche voci, io clicco su "Esegui come...", e poi metto la spunta su "amministratore" però mi chiede la password...che io non conosco (ho Windows XP).

Posso fare la scansione lo stesso?

La password non so dove andare a prenderla.

Cosa mi dici, invece, del log di HijackThis?

tecnico24 · 16 Febbraio 2012

Ops , dobbiamo far presente su un piccolo particolare dimenticato : visto che hai Xp non c'è bisogno , o meglio non bisogna fare tasto destro e su esegui come amministratore.
Questa operazione viene effettuata coi sistemi Windows vista e 7.
Prosegui lo stesso con Combofix che eliminerà ciò che Hijackthis rileva nocivo ( facemoods e qualche toolbar invadente ).

Inviaci quindi il log di Combofix e dopo le operazioni anche un nuovo log di Hijackthis.

Devilman · 16 Febbraio 2012

Ok, infatti, mi sembrava strana questa cosa dell'amministratore...su XP.

ComboFix, una volta avviato, fa tutto da solo riparando e pulendo in automatico tutte le infezioni scovate? Giusto?

Vado sul sicuro che non mi crea nessun danno?

Quel rumore che fa il PC all'avvio del programma è assolutamente normale? :oogle:

tecnico24 · 17 Febbraio 2012

Il rumore non dipende assolutamente da Combofix.

Il tool elimina le infezioni , ma posta comunque il suo log per un controllo.

Devilman · 17 Febbraio 2012

Ok, proverò nel pomeriggio...appena torno.

Tra pochi minuti devo accompagnare mio zio da un tecnico informatico. Nel caso non fossi riuscito a risolvere da solo...ero già pronto a portarglielo per la formattazione! :lol:

Spero in bene.

Cerca

Aiuto: Virus causa blocco PC dopo pochi secondi - LOG HijackThis

Devilman

Utente Attivo

tecnico24

Devilman

Utente Attivo

tecnico24

Devilman

Utente Attivo

tecnico24

Devilman

Utente Attivo

tecnico24

Devilman

Utente Attivo

tecnico24

Devilman

Utente Attivo

tecnico24

Devilman

Utente Attivo

tecnico24

Devilman

Utente Attivo

Entra