problemi di stablità sistema persistenti....ancora virus?

[joker75]

Ciao a tutti
Avendo riscontrato delle anomalia (spegnimenti improvvisi del pc, e mafunzionamento di file excel e pdf, etc. etc.), ho seguito delle scansioni con gli strumeti anti virus a mia disposizione. Antivir (eseguito in mod provvisoria) mi ha beccato 43 file infetti, che io puntualmente ho eliminato. La stessa cosa (con qualche file in meno rilevato) ho fatto la stessa cosa.

Ho effettuato una scansione successiva e non è stato rilevato nulla.
Io però continuo ad avere dei problemi di stabilità di acluni programmi.

Ho analizzato il log di hijacthis su "www.hijackthis.de", e qui mi viene indicato di eliminare alcuni file. Non so se posso fidarmi, ecco perchè vi posto il log di Hijacthis per avere dei suggerimenti.

[joker75]

dimenticavo, ecco il log, :

Part.1

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.27.09, on 11/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\IDT\IntelXPV_v50\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\IDT\WDM\sttray.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Sprint & FineReader 5.0 Office Try&Buy\CAgent.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe

[menatwork]

posta il log vediamo se c'e' ancora qualcosa da eliminare

[joker75]

Part.2

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Programmi\Sprint & FineReader 5.0 Office Try&Buy\CAgent.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility. exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.e xe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Winpopup LAN Messenger] "C:\Programmi\Winpopup LAN Messenger\WinPopup.exe" RUNALL
O4 - HKLM\..\Run: [HipServ Agent] C:\Programmi\NETGEAR\Stora Desktop Applications\HipServAgent\HipServAgent.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Programmi\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Programmi\File comuni\Ahead\Lib\NMFirstStart.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Programmi\File comuni\Ahead\Lib\NMFirstStart.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O8 - Extra context menu item: Cerca nel web - C:\Programmi\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183 CA64F05FDD98.dll/cmsidewiki.html
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85736DA0-9507-47EF-94E2-DD9A305D1222}: NameServer = 151.99.0.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Comando remoto iSeries Access per Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lmab_device - - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Programmi\IDT\IntelXPV_v50\WDM\STacSV.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmi\RealVNC\VNC4\WinVNC4.exe

--
End of file - 14173 bytes

[menatwork]

di solito ti colleghi su questo sito?

http://dlm.tools.akamai.com

[joker75]

No, non so neancheche sito è

[menatwork]

fai questa scansione ci aiutera' a chiarire qualche dubbio

disattiva l'antivirus

scarica combofix sul desktop

alla richiesta se vuoi installare la recovery console clicca su NO

esegui ComboFix.exe

segui le instruzioni

finita la scansione portati in C:\ e allega, nella tua prossima risposta, il contenuto del file di testo Combofix.txt


finita la scansione riattiva l'antivirus

[joker75]

Scusa per il ritardo nella risposta, ecco il link al log di combofix.

la scansione è durata parecchio.... ......brutto segno?

http://www.mediafire.com/?t98cmt6tr5b8xtv

[menatwork]

ci sono state molte eliminazioni eri pieno di infezioni ma c'e' ancora dell'altro da togliere

prima di proseguire dammi queste informazioni

questo c:\programmi\Application Updater\ApplicationUpdater.exe lo usi? io lo eliminerei se il pc fosse mio

rimuovi Messenger dopo lo reinstalliamo pulito

ZoneAlarm residuo bellico e molto pesante

Ad-Aware superato toglierei anche questo

per ora fammi questa scansione dopo proseguiamo con le altre pulizie, ci sono altre infezioni


scarica TDSSKiller ed estrai il contenuto sul desktop

Start > Esegui > copia/incolla il seguente comando e dai OK.


"%userprofile%\Desktop\TDSSKiller.exe"

Clicca su Start Scan.
Se c’è un’infezione, l'azione di default sarà cure. Clicca su continua.
Se c’è il sospetto di un’infezione, l'azione di default sarà skip. Clicca su continua.
Se viene richiesto il riavvio, accetta.
Il rapporto si troverà in C:, sotto queste sembianze: TDSSKiller.[Version]_[Date]_[Time]_log.txt
Se non è stato richiesto il riavvio, chiudi e clicca su report. Salva il contenuto in un file di testo e allegalo nel forum

[joker75]

Part1


13:50:58.0468 1136 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
13:50:58.0734 1136 ================================================== ==========
13:50:58.0734 1136 Current date / time: 2011/10/12 13:50:58.0734
13:50:58.0734 1136 SystemInfo:
13:50:58.0734 1136
13:50:58.0734 1136 OS Version: 5.1.2600 ServicePack: 3.0
13:50:58.0734 1136 Product type: Workstation
13:50:58.0734 1136 ComputerName: PC_NUOVO
13:50:58.0734 1136 UserName: Utente
13:50:58.0734 1136 Windows directory: C:\WINDOWS
13:50:58.0734 1136 System windows directory: C:\WINDOWS
13:50:58.0734 1136 Processor architecture: Intel x86
13:50:58.0734 1136 Number of processors: 4
13:50:58.0734 1136 Page size: 0x1000
13:50:58.0734 1136 Boot type: Normal boot
13:50:58.0734 1136 ================================================== ==========
13:50:59.0187 1136 Initialize success
13:51:03.0875 3348 ================================================== ==========
13:51:03.0875 3348 Scan started
13:51:03.0875 3348 Mode: Manual;
13:51:03.0875 3348 ================================================== ==========
13:51:04.0750 3348 Abiosdsk - ok
13:51:04.0765 3348 abp480n5 - ok
13:51:04.0812 3348 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:51:04.0812 3348 ACPI - ok
13:51:04.0859 3348 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:51:04.0859 3348 ACPIEC - ok
13:51:04.0875 3348 adpu160m - ok
13:51:04.0921 3348 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:51:04.0921 3348 aec - ok
13:51:04.0968 3348 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
13:51:04.0968 3348 Afc - ok
13:51:05.0000 3348 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
13:51:05.0000 3348 AFD - ok
13:51:05.0015 3348 Aha154x - ok
13:51:05.0015 3348 aic78u2 - ok
13:51:05.0031 3348 aic78xx - ok
13:51:05.0031 3348 AliIde - ok
13:51:05.0046 3348 amsint - ok
13:51:05.0078 3348 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:51:05.0078 3348 Arp1394 - ok
13:51:05.0093 3348 asc - ok
13:51:05.0093 3348 asc3350p - ok
13:51:05.0109 3348 asc3550 - ok
13:51:05.0140 3348 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:51:05.0140 3348 AsyncMac - ok
13:51:05.0156 3348 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:51:05.0156 3348 atapi - ok
13:51:05.0171 3348 Atdisk - ok
13:51:05.0171 3348 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:51:05.0171 3348 Atmarpc - ok
13:51:05.0187 3348 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:51:05.0187 3348 audstub - ok
13:51:05.0203 3348 AVG Anti-Rootkit (d4248d3364f61c2cd658f3df7e02a3e5) C:\WINDOWS\system32\DRIVERS\anti_rkt.sys
13:51:05.0218 3348 AVG Anti-Rootkit - ok
13:51:05.0218 3348 AVG Clean Driver (c7849527ae6940d6d96f16bf88b9f3b3) C:\WINDOWS\system32\DRIVERS\cleanDrv.sys
13:51:05.0218 3348 AVG Clean Driver - ok
13:51:05.0265 3348 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programmi\Avira\AntiVir Desktop\avgio.sys
13:51:05.0265 3348 avgio - ok
13:51:05.0328 3348 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:51:05.0328 3348 avgntflt - ok
13:51:05.0359 3348 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:51:05.0359 3348 avipbb - ok
13:51:05.0390 3348 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:51:05.0390 3348 Beep - ok
13:51:05.0390 3348 BlueletAudio - ok
13:51:05.0406 3348 BlueletSCOAudio - ok
13:51:05.0406 3348 BT - ok
13:51:05.0421 3348 Btcsrusb - ok
13:51:05.0421 3348 BTHidEnum - ok
13:51:05.0437 3348 BTHidMgr - ok
13:51:05.0453 3348 C-Dilla (b48362954d9e0b3069ebfdc283325fe5) C:\WINDOWS\system32\drivers\CDANT.SYS
13:51:05.0453 3348 C-Dilla - ok
13:51:05.0453 3348 catchme - ok
13:51:05.0484 3348 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:51:05.0484 3348 cbidf2k - ok
13:51:05.0484 3348 cd20xrnt - ok
13:51:05.0515 3348 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:51:05.0515 3348 Cdaudio - ok
13:51:05.0515 3348 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:51:05.0515 3348 Cdfs - ok
13:51:05.0531 3348 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:51:05.0531 3348 Cdrom - ok
13:51:05.0546 3348 Changer - ok
13:51:05.0562 3348 CmdIde - ok
13:51:05.0562 3348 Cpqarray - ok
13:51:05.0578 3348 dac2w2k - ok
13:51:05.0578 3348 dac960nt - ok
13:51:05.0593 3348 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:51:05.0593 3348 Disk - ok
13:51:05.0640 3348 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
13:51:05.0640 3348 dmboot - ok
13:51:05.0656 3348 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
13:51:05.0656 3348 dmio - ok
13:51:05.0656 3348 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:51:05.0656 3348 dmload - ok
13:51:05.0671 3348 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:51:05.0671 3348 DMusic - ok
13:51:05.0687 3348 dpti2o - ok
13:51:05.0687 3348 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:51:05.0687 3348 drmkaud - ok
13:51:05.0734 3348 e1express (12774e08ae0b9b418e55e7338ad8b0dc) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
13:51:05.0734 3348 e1express - ok
13:51:05.0750 3348 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:51:05.0750 3348 Fastfat - ok
13:51:05.0765 3348 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:51:05.0765 3348 Fdc - ok
13:51:05.0781 3348 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
13:51:05.0781 3348 Fips - ok
13:51:05.0812 3348 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:51:05.0828 3348 Flpydisk - ok
13:51:05.0843 3348 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:51:05.0843 3348 FltMgr - ok
13:51:05.0843 3348 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:51:05.0843 3348 Fs_Rec - ok
13:51:05.0859 3348 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:51:05.0859 3348 Ftdisk - ok
13:51:05.0937 3348 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:51:05.0937 3348 Gpc - ok
13:51:05.0953 3348 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:51:05.0953 3348 HDAudBus - ok
13:51:05.0968 3348 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys
13:51:05.0968 3348 HECI - ok
13:51:05.0984 3348 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:51:05.0984 3348 hidusb - ok
13:51:06.0000 3348 hpn - ok
13:51:06.0031 3348 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
13:51:06.0031 3348 HTTP - ok
13:51:06.0046 3348 hwdatacard - ok
13:51:06.0062 3348 i2omgmt - ok
13:51:06.0062 3348 i2omp - ok
13:51:06.0093 3348 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\drivers\i8042prt.sys
13:51:06.0093 3348 i8042prt - ok
13:51:06.0125 3348 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\DRIVERS\iaStor.sys
13:51:06.0125 3348 iaStor - ok
13:51:06.0140 3348 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:51:06.0140 3348 Imapi - ok
13:51:06.0156 3348 ini910u - ok
13:51:06.0156 3348 IntelIde - ok
13:51:06.0171 3348 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:51:06.0171 3348 intelppm - ok
13:51:06.0187 3348 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:51:06.0187 3348 Ip6Fw - ok
13:51:06.0187 3348 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:51:06.0187 3348 IpFilterDriver - ok
13:51:06.0203 3348 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:51:06.0203 3348 IpInIp - ok
13:51:06.0203 3348 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:51:06.0218 3348 IpNat - ok
13:51:06.0218 3348 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:51:06.0218 3348 IPSec - ok
13:51:06.0234 3348 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:51:06.0234 3348 IRENUM - ok
13:51:06.0234 3348 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:51:06.0250 3348 isapnp - ok
13:51:06.0250 3348 IWPORT (8660a2f09aeefe933728b9fd4c7da0cf) C:\WINDOWS\SYSTEM32\DRIVERS\IWPORT.SYS
13:51:06.0265 3348 IWPORT - ok
13:51:06.0265 3348 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:51:06.0265 3348 Kbdclass - ok
13:51:06.0281 3348 kbdhid (4c61c226bdda2ef1672b2c5f4e56625e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:51:06.0281 3348 kbdhid - ok
13:51:06.0296 3348 KeyP (82e4645d6e3de5bb5788ce02483060f1) C:\WINDOWS\SYSTEM32\DRIVERS\KeyP.sys
13:51:06.0296 3348 KeyP - ok
13:51:06.0328 3348 KLIF (2cf7c3dd0102a32a680ef97f3b1c861a) C:\WINDOWS\system32\DRIVERS\klif.sys
13:51:06.0328 3348 KLIF - ok
13:51:06.0343 3348 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:51:06.0343 3348 kmixer - ok
13:51:06.0343 3348 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:51:06.0359 3348 KSecDD - ok
13:51:06.0437 3348 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Programmi\Lavasoft\Ad-Aware\KernExplorer.sys
13:51:06.0437 3348 Lavasoft Kernexplorer - ok
13:51:06.0453 3348 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
13:51:06.0453 3348 Lbd - ok
13:51:06.0453 3348 lbrtfdc - ok
13:51:06.0484 3348 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:51:06.0484 3348 mnmdd - ok
13:51:06.0515 3348 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
13:51:06.0515 3348 Modem - ok
13:51:06.0515 3348 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:51:06.0515 3348 Mouclass - ok
13:51:06.0531 3348 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:51:06.0531 3348 mouhid - ok
13:51:06.0531 3348 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:51:06.0531 3348 MountMgr - ok
13:51:06.0546 3348 mraid35x - ok
13:51:06.0562 3348 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:51:06.0562 3348 MRxDAV - ok
13:51:06.0593 3348 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:51:06.0609 3348 MRxSmb - ok
13:51:06.0609 3348 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:51:06.0609 3348 Msfs - ok
13:51:06.0640 3348 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:51:06.0640 3348 MSKSSRV - ok
13:51:06.0640 3348 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:51:06.0640 3348 MSPCLOCK - ok
13:51:06.0656 3348 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:51:06.0656 3348 MSPQM - ok
13:51:06.0671 3348 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:51:06.0671 3348 mssmbios - ok
13:51:06.0687 3348 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:51:06.0703 3348 Mup - ok
13:51:06.0703 3348 NAL (a467e1deb3bb2b57426c8a5993ba933e) C:\WINDOWS\system32\Drivers\iqvw32.sys
13:51:06.0703 3348 NAL - ok
13:51:06.0750 3348 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:51:06.0750 3348 NDIS - ok
13:51:06.0750 3348 NdisTapi (0109c4f3850dfbab279542515386ae22)