Ragazzi salve a tutti,
sono alle prese con un maledetto virus.
Il file in questione è consrv.dll, che è un Backdoor.Agent...

Descrizione del problema:
Ogni tot di volte che apro una nuova scheda sul browser (qualunque) e mi indirizza automaticamente su mediashifting effettuando una sua particolare ricerca.
Ecco la barra indirizzi:

http://auto.ricerca.alice.it/mediashifting.com?search=four+seasons+motors+missoula&subid=196&key=eb30c3cad83b33d6a476&p=1

La pagina mi restituisce DNS ERROR.

Antivirus e soluzioni provate

1. Googlando leggo di andare a vedere tra le perifiche Plug&Play nascoste alcune che riporta il sito della guida, ma io non le ho

2. Hijackthis non trova nulla

3. tdsskiller non trova nulla

4. Kaspersky Virus Removal Tool trova questa dll ma anche se la elimino si ricrea (sia in modalità provissoria che non)

5. Malwarebytes come KVRT, lo trova ma non lo elimina davvero

6. Ho provato un tool di Symantech per i Backdoor ma niente (non lo trova neppure)

7. Se elimino la dll a mano questa ritorna al riavvio

8. Tra i processi attivi e in avvio non c'è nulla di strano

9. Non è un reale problema di DNS, lo specifico, però comunque sono assegnati automaticamente

Chi mi da qualche altra dritta? Però non scansioni a tentativi, ci dev'essere sotto un particolare procedimento che ignoro...

Per quanto ne so se un programma si "rigenera" significano prevalentemente 2 cose:

1) c'è un file da qualche parte nel tuo hard disk che lo contiene/genera/scarica che potrebbe non essere rilevato da nessun antivirus

2)per avviarsi da solo deve essere per forza autoavviato oppure appartenere ad un albero di processi che lo attivano (in pratica hai delle dll di win infette)

Partendo dal presupposto che non ho la più pallida idea di che tipo di virus si tratti ti consiglio di avviare in modalità provvisoria e vedere se parte lo stesso..in caso affermativo se hai win 7 vai su start - tutti i programmi - esecuzione automatica e controlla che non ci sia nulla di sospetto.

Un buon antivirus è comodo antivirus poichè ogni processo che si avvia può essere sandboxato limitandone i diritti,provalo e fammi sapere se in modalità provvisoria parte lo stesso

Sospettavo l'una o l'altra la cosa, tant'è che ho specificato che non c'è nulla di strano..
Può essere utile postare la lista dei processi attivi e ciò che si attiva?

Perchè io comunque all'avvio, utilizzando il comando msconfig, seleziono cosa voglio far partire per non rallentare eccessivamente il sistema all'inizio.

Ditemi cosa dovrei postare, così da mettervi in condizione di capire cosa può rigenerare il file.

Ciao, allega il log di tdsskiller e Malwarebytes secondo le regole di sezione http://www.hwupgrade.it/forum/showthread.php?t=1751598

TDSSKiller:

22:31:31.0127 3648 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
22:31:31.0349 3648 ============================================================
22:31:31.0349 3648 Current date / time: 2012/01/29 22:31:31.0349
22:31:31.0349 3648 SystemInfo:
22:31:31.0349 3648
22:31:31.0349 3648 OS Version: 6.1.7600 ServicePack: 0.0
22:31:31.0350 3648 Product type: Workstation
22:31:31.0350 3648 ComputerName: ANGEL-PORT
22:31:31.0350 3648 UserName: Angelo2
22:31:31.0350 3648 Windows directory: C:\Windows
22:31:31.0350 3648 System windows directory: C:\Windows
22:31:31.0350 3648 Running under WOW64
22:31:31.0350 3648 Processor architecture: Intel x64
22:31:31.0350 3648 Number of processors: 4
22:31:31.0350 3648 Page size: 0x1000
22:31:31.0350 3648 Boot type: Normal boot
22:31:31.0350 3648 ============================================================
22:31:32.0449 3648 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:31:32.0498 3648 Initialize success
22:31:36.0605 3996 ============================================================
22:31:36.0605 3996 Scan started
22:31:36.0605 3996 Mode: Manual;
22:31:36.0605 3996 ============================================================
22:31:37.0883 3996 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:31:37.0886 3996 1394ohci - ok
22:31:38.0024 3996 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:31:38.0028 3996 ACPI - ok
22:31:38.0088 3996 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:31:38.0089 3996 AcpiPmi - ok
22:31:38.0159 3996 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
22:31:38.0160 3996 adfs - ok
22:31:38.0309 3996 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:31:38.0316 3996 adp94xx - ok
22:31:38.0352 3996 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:31:38.0357 3996 adpahci - ok
22:31:38.0375 3996 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:31:38.0379 3996 adpu320 - ok
22:31:38.0446 3996 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
22:31:38.0453 3996 AFD - ok
22:31:38.0511 3996 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:31:38.0513 3996 agp440 - ok
22:31:38.0606 3996 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:31:38.0607 3996 aliide - ok
22:31:38.0630 3996 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:31:38.0631 3996 amdide - ok
22:31:38.0656 3996 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:31:38.0658 3996 AmdK8 - ok
22:31:38.0863 3996 amdkmdag (3d07f9c090c7a1d76d624972a5384471) C:\Windows\system32\DRIVERS\atikmdag.sys
22:31:38.0987 3996 amdkmdag - ok
22:31:39.0038 3996 amdkmdap (99ab7e4b24c80155dc4296f657faf3c7) C:\Windows\system32\DRIVERS\atikmpag.sys
22:31:39.0039 3996 amdkmdap - ok
22:31:39.0109 3996 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:31:39.0111 3996 AmdPPM - ok
22:31:39.0131 3996 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
22:31:39.0133 3996 amdsata - ok
22:31:39.0170 3996 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:31:39.0173 3996 amdsbs - ok
22:31:39.0197 3996 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
22:31:39.0197 3996 amdxata - ok
22:31:39.0251 3996 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:31:39.0253 3996 AppID - ok
22:31:39.0350 3996 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:31:39.0352 3996 arc - ok
22:31:39.0386 3996 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:31:39.0389 3996 arcsas - ok
22:31:39.0432 3996 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:31:39.0434 3996 AsyncMac - ok
22:31:39.0457 3996 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:31:39.0457 3996 atapi - ok
22:31:39.0594 3996 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:31:39.0600 3996 b06bdrv - ok
22:31:39.0630 3996 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:31:39.0635 3996 b57nd60a - ok
22:31:39.0675 3996 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:31:39.0677 3996 Beep - ok
22:31:39.0710 3996 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:31:39.0712 3996 blbdrive - ok
22:31:39.0747 3996 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
22:31:39.0749 3996 bowser - ok
22:31:39.0766 3996 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:31:39.0767 3996 BrFiltLo - ok
22:31:39.0776 3996 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:31:39.0777 3996 BrFiltUp - ok
22:31:39.0797 3996 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:31:39.0802 3996 Brserid - ok
22:31:39.0812 3996 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:31:39.0813 3996 BrSerWdm - ok
22:31:39.0832 3996 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:31:39.0833 3996 BrUsbMdm - ok
22:31:39.0842 3996 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:31:39.0843 3996 BrUsbSer - ok
22:31:39.0911 3996 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:31:39.0913 3996 BTHMODEM - ok
22:31:40.0003 3996 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:31:40.0005 3996 cdfs - ok
22:31:40.0065 3996 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:31:40.0068 3996 cdrom - ok
22:31:40.0159 3996 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:31:40.0161 3996 circlass - ok
22:31:40.0198 3996 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:31:40.0203 3996 CLFS - ok
22:31:40.0337 3996 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:31:40.0339 3996 CmBatt - ok
22:31:40.0372 3996 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:31:40.0374 3996 cmdide - ok
22:31:40.0407 3996 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
22:31:40.0413 3996 CNG - ok
22:31:40.0516 3996 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\Windows\system32\drivers\CHDRT64.sys
22:31:40.0520 3996 CnxtHdAudService - ok
22:31:40.0589 3996 CnxtHdmiAudService (89c99ab4ae9535f727791592d84d4821) C:\Windows\system32\drivers\CHDMI64.sys
22:31:40.0593 3996 CnxtHdmiAudService - ok
22:31:40.0629 3996 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:31:40.0630 3996 Compbatt - ok
22:31:40.0663 3996 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:31:40.0665 3996 CompositeBus - ok
22:31:40.0692 3996 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:31:40.0695 3996 crcdisk - ok
22:31:40.0747 3996 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
22:31:40.0754 3996 CSC - ok
22:31:40.0856 3996 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
22:31:40.0859 3996 DfsC - ok
22:31:40.0943 3996 dgderdrv (def365f0f6e017888c4b869d3ba4b8e0) C:\Windows\system32\drivers\dgderdrv.sys
22:31:40.0945 3996 dgderdrv - ok
22:31:40.0985 3996 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:31:40.0986 3996 discache - ok
22:31:41.0025 3996 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:31:41.0027 3996 Disk - ok
22:31:41.0145 3996 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:31:41.0147 3996 drmkaud - ok
22:31:41.0216 3996 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:31:41.0218 3996 dtsoftbus01 - ok
22:31:41.0286 3996 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
22:31:41.0291 3996 DXGKrnl - ok
22:31:41.0375 3996 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:31:41.0464 3996 ebdrv - ok
22:31:41.0566 3996 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:31:41.0573 3996 elxstor - ok
22:31:41.0592 3996 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:31:41.0594 3996 ErrDev - ok
22:31:41.0617 3996 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:31:41.0621 3996 exfat - ok
22:31:41.0647 3996 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:31:41.0651 3996 fastfat - ok
22:31:41.0786 3996 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:31:41.0788 3996 fdc - ok
22:31:41.0813 3996 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:31:41.0815 3996 FileInfo - ok
22:31:41.0848 3996 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:31:41.0850 3996 Filetrace - ok
22:31:41.0977 3996 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:31:41.0979 3996 flpydisk - ok
22:31:42.0000 3996 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:31:42.0004 3996 FltMgr - ok
22:31:42.0036 3996 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:31:42.0038 3996 FsDepends - ok
22:31:42.0055 3996 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:31:42.0055 3996 Fs_Rec - ok
22:31:42.0098 3996 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:31:42.0101 3996 fvevol - ok
22:31:42.0142 3996 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\Windows\system32\DRIVERS\FwLnk.sys
22:31:42.0143 3996 FwLnk - ok
22:31:42.0172 3996 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:31:42.0174 3996 gagp30kx - ok
22:31:42.0241 3996 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:31:42.0243 3996 hcw85cir - ok
22:31:42.0283 3996 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:31:42.0288 3996 HdAudAddService - ok
22:31:42.0371 3996 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:31:42.0373 3996 HDAudBus - ok
22:31:42.0428 3996 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
22:31:42.0430 3996 HECIx64 - ok
22:31:42.0464 3996 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:31:42.0465 3996 HidBatt - ok
22:31:42.0488 3996 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:31:42.0490 3996 HidBth - ok
22:31:42.0524 3996 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:31:42.0525 3996 HidIr - ok
22:31:42.0612 3996 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:31:42.0614 3996 HidUsb - ok
22:31:42.0676 3996 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:31:42.0678 3996 HpSAMD - ok
22:31:42.0737 3996 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:31:42.0759 3996 HTTP - ok
22:31:42.0934 3996 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:31:42.0934 3996 hwpolicy - ok
22:31:42.0950 3996 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:31:42.0952 3996 i8042prt - ok
22:31:43.0041 3996 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
22:31:43.0046 3996 iaStorV - ok
22:31:43.0100 3996 IDMWFP (71359fc89451bf54fa06f049d3a87adf) C:\Windows\system32\DRIVERS\idmwfp.sys
22:31:43.0101 3996 IDMWFP - ok
22:31:43.0177 3996 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:31:43.0179 3996 iirsp - ok
22:31:43.0283 3996 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
22:31:43.0286 3996 Impcd - ok
22:31:43.0320 3996 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:31:43.0322 3996 intelide - ok
22:31:43.0348 3996 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:31:43.0349 3996 intelppm - ok
22:31:43.0433 3996 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:31:43.0435 3996 IpFilterDriver - ok
22:31:43.0458 3996 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:31:43.0460 3996 IPMIDRV - ok
22:31:43.0558 3996 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:31:43.0560 3996 IPNAT - ok
22:31:43.0590 3996 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:31:43.0591 3996 IRENUM - ok
22:31:43.0637 3996 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:31:43.0639 3996 isapnp - ok
22:31:43.0672 3996 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:31:43.0676 3996 iScsiPrt - ok
22:31:43.0699 3996 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:31:43.0700 3996 kbdclass - ok
22:31:43.0819 3996 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:31:43.0820 3996 kbdhid - ok
22:31:43.0855 3996 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
22:31:43.0857 3996 KSecDD - ok
22:31:43.0891 3996 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
22:31:43.0894 3996 KSecPkg - ok
22:31:43.0932 3996 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:31:43.0934 3996 ksthunk - ok
22:31:44.0030 3996 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\Windows\system32\DRIVERS\L1C62x64.sys
22:31:44.0030 3996 L1C - ok
22:31:44.0133 3996 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:31:44.0135 3996 lltdio - ok
22:31:44.0260 3996 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:31:44.0263 3996 LSI_FC - ok
22:31:44.0278 3996 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:31:44.0280 3996 LSI_SAS - ok
22:31:44.0304 3996 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:31:44.0306 3996 LSI_SAS2 - ok
22:31:44.0330 3996 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:31:44.0332 3996 LSI_SCSI - ok
22:31:44.0357 3996 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:31:44.0359 3996 luafv - ok
22:31:44.0420 3996 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:31:44.0421 3996 megasas - ok
22:31:44.0475 3996 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:31:44.0479 3996 MegaSR - ok
22:31:44.0560 3996 mod7700 (74c85bbd2489949f5b325fdd886e662f) C:\Windows\system32\DRIVERS\mod7700.sys
22:31:44.0594 3996 mod7700 - ok
22:31:44.0634 3996 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:31:44.0636 3996 Modem - ok
22:31:44.0703 3996 MODRC (21d0cbafd2e6ab86fd2bbfbcbebe71d6) C:\Windows\system32\DRIVERS\modrc.sys
22:31:44.0704 3996 MODRC - ok
22:31:44.0738 3996 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:31:44.0739 3996 monitor - ok
22:31:44.0770 3996 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:31:44.0771 3996 mouclass - ok
22:31:44.0866 3996 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:31:44.0868 3996 mouhid - ok
22:31:44.0894 3996 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:31:44.0896 3996 mountmgr - ok
22:31:44.0917 3996 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
22:31:44.0920 3996 mpio - ok
22:31:44.0936 3996 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:31:44.0938 3996 mpsdrv - ok
22:31:44.0964 3996 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:31:44.0967 3996 MRxDAV - ok
22:31:44.0998 3996 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:31:45.0001 3996 mrxsmb - ok
22:31:45.0028 3996 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:31:45.0033 3996 mrxsmb10 - ok
22:31:45.0076 3996 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:31:45.0079 3996 mrxsmb20 - ok
22:31:45.0107 3996 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
22:31:45.0107 3996 msahci - ok
22:31:45.0136 3996 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
22:31:45.0140 3996 msdsm - ok
22:31:45.0177 3996 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:31:45.0178 3996 Msfs - ok
22:31:45.0211 3996 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:31:45.0213 3996 mshidkmdf - ok
22:31:45.0247 3996 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:31:45.0248 3996 msisadrv - ok
22:31:45.0343 3996 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:31:45.0345 3996 MSKSSRV - ok
22:31:45.0371 3996 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:31:45.0373 3996 MSPCLOCK - ok
22:31:45.0386 3996 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:31:45.0387 3996 MSPQM - ok
22:31:45.0410 3996 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:31:45.0415 3996 MsRPC - ok
22:31:45.0440 3996 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:31:45.0440 3996 mssmbios - ok
22:31:45.0478 3996 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:31:45.0479 3996 MSTEE - ok
22:31:45.0498 3996 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:31:45.0500 3996 MTConfig - ok
22:31:45.0519 3996 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:31:45.0520 3996 Mup - ok
22:31:45.0607 3996 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:31:45.0612 3996 NativeWifiP - ok
22:31:45.0678 3996 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:31:45.0700 3996 NDIS - ok
22:31:45.0731 3996 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:31:45.0733 3996 NdisCap - ok
22:31:45.0765 3996 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:31:45.0766 3996 NdisTapi - ok
22:31:45.0784 3996 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:31:45.0786 3996 Ndisuio - ok
22:31:45.0811 3996 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:31:45.0814 3996 NdisWan - ok
22:31:45.0832 3996 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:31:45.0834 3996 NDProxy - ok
22:31:45.0851 3996 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:31:45.0853 3996 NetBIOS - ok
22:31:45.0872 3996 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:31:45.0876 3996 NetBT - ok
22:31:45.0916 3996 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:31:45.0918 3996 nfrd960 - ok
22:31:45.0949 3996 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:31:45.0951 3996 Npfs - ok
22:31:45.0966 3996 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:31:45.0968 3996 nsiproxy - ok
22:31:46.0012 3996 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
22:31:46.0046 3996 Ntfs - ok
22:31:46.0070 3996 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:31:46.0072 3996 Null - ok
22:31:46.0093 3996 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
22:31:46.0096 3996 nvraid - ok
22:31:46.0113 3996 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
22:31:46.0117 3996 nvstor - ok
22:31:46.0159 3996 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:31:46.0162 3996 nv_agp - ok
22:31:46.0177 3996 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:31:46.0179 3996 ohci1394 - ok
22:31:46.0225 3996 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:31:46.0228 3996 Parport - ok
22:31:46.0249 3996 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
22:31:46.0252 3996 partmgr - ok
22:31:46.0277 3996 pccsmcfd - ok
22:31:46.0302 3996 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:31:46.0305 3996 pci - ok
22:31:46.0328 3996 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:31:46.0330 3996 pciide - ok
22:31:46.0349 3996 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:31:46.0353 3996 pcmcia - ok
22:31:46.0372 3996 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:31:46.0372 3996 pcw - ok
22:31:46.0407 3996 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:31:46.0416 3996 PEAUTH - ok
22:31:46.0564 3996 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys
22:31:46.0564 3996 PGEffect - ok
22:31:46.0619 3996 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:31:46.0621 3996 PptpMiniport - ok
22:31:46.0645 3996 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:31:46.0647 3996 Processor - ok
22:31:46.0682 3996 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:31:46.0685 3996 Psched - ok
22:31:46.0761 3996 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
22:31:46.0762 3996 PxHlpa64 - ok
22:31:46.0821 3996 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:31:46.0855 3996 ql2300 - ok
22:31:46.0884 3996 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:31:46.0887 3996 ql40xx - ok
22:31:46.0903 3996 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:31:46.0905 3996 QWAVEdrv - ok
22:31:46.0927 3996 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:31:46.0929 3996 RasAcd - ok
22:31:46.0958 3996 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:31:46.0960 3996 RasAgileVpn - ok
22:31:46.0990 3996 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:31:46.0993 3996 Rasl2tp - ok
22:31:47.0015 3996 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:31:47.0017 3996 RasPppoe - ok
22:31:47.0036 3996 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:31:47.0038 3996 RasSstp - ok
22:31:47.0065 3996 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:31:47.0070 3996 rdbss - ok
22:31:47.0086 3996 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:31:47.0087 3996 rdpbus - ok
22:31:47.0126 3996 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:31:47.0127 3996 RDPCDD - ok
22:31:47.0168 3996 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
22:31:47.0172 3996 RDPDR - ok
22:31:47.0189 3996 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:31:47.0191 3996 RDPENCDD - ok
22:31:47.0216 3996 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:31:47.0218 3996 RDPREFMP - ok
22:31:47.0245 3996 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
22:31:47.0249 3996 RDPWD - ok
22:31:47.0276 3996 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
22:31:47.0280 3996 rdyboost - ok
22:31:47.0313 3996 RivaTuner64 - ok
22:31:47.0394 3996 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:31:47.0396 3996 rspndr - ok
22:31:47.0454 3996 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
22:31:47.0459 3996 RSUSBSTOR - ok
22:31:47.0555 3996 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\Windows\system32\DRIVERS\rtl8192se.sys
22:31:47.0561 3996 rtl8192se - ok
22:31:47.0617 3996 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
22:31:47.0618 3996 s3cap - ok
22:31:47.0671 3996 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:31:47.0673 3996 sbp2port - ok
22:31:47.0718 3996 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:31:47.0720 3996 scfilter - ok
22:31:47.0788 3996 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:31:47.0790 3996 secdrv - ok
22:31:47.0821 3996 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:31:47.0823 3996 Serenum - ok
22:31:47.0864 3996 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:31:47.0866 3996 Serial - ok
22:31:47.0923 3996 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:31:47.0925 3996 sermouse - ok
22:31:47.0980 3996 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
22:31:47.0982 3996 sffdisk - ok
22:31:47.0995 3996 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:31:47.0996 3996 sffp_mmc - ok
22:31:48.0012 3996 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:31:48.0014 3996 sffp_sd - ok
22:31:48.0036 3996 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:31:48.0037 3996 sfloppy - ok
22:31:48.0076 3996 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:31:48.0078 3996 SiSRaid2 - ok
22:31:48.0111 3996 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:31:48.0113 3996 SiSRaid4 - ok
22:31:48.0162 3996 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:31:48.0164 3996 Smb - ok
22:31:48.0202 3996 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:31:48.0202 3996 spldr - ok
22:31:48.0264 3996 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
22:31:48.0270 3996 srv - ok
22:31:48.0331 3996 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
22:31:48.0337 3996 srv2 - ok
22:31:48.0396 3996 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
22:31:48.0400 3996 srvnet - ok
22:31:48.0447 3996 sscebus (f74634f46692c8315e7f37f698af3225) C:\Windows\system32\DRIVERS\sscebus.sys
22:31:48.0449 3996 sscebus - ok
22:31:48.0486 3996 sscemdfl (82732b391efd69b0548044be9cb37bfc) C:\Windows\system32\DRIVERS\sscemdfl.sys
22:31:48.0488 3996 sscemdfl - ok
22:31:48.0508 3996 sscemdm (43d56ace4469d90f9790e8352d87d9b5) C:\Windows\system32\DRIVERS\sscemdm.sys
22:31:48.0511 3996 sscemdm - ok
22:31:48.0540 3996 ssceserd (db504ef6d73f6b8ab5cf8a18560c4e2a) C:\Windows\system32\DRIVERS\ssceserd.sys
22:31:48.0542 3996 ssceserd - ok
22:31:48.0638 3996 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:31:48.0640 3996 stexstor - ok
22:31:48.0687 3996 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
22:31:48.0688 3996 storflt - ok
22:31:48.0708 3996 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
22:31:48.0710 3996 storvsc - ok
22:31:48.0738 3996 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:31:48.0738 3996 swenum - ok
22:31:48.0901 3996 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys
22:31:48.0903 3996 SynTP - ok
22:31:48.0974 3996 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
22:31:49.0019 3996 Tcpip - ok
22:31:49.0150 3996 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
22:31:49.0159 3996 TCPIP6 - ok
22:31:49.0216 3996 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:31:49.0218 3996 tcpipreg - ok
22:31:49.0238 3996 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:31:49.0239 3996 TDPIPE - ok
22:31:49.0249 3996 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:31:49.0250 3996 TDTCP - ok
22:31:49.0273 3996 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:31:49.0275 3996 tdx - ok
22:31:49.0298 3996 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:31:49.0298 3996 TermDD - ok
22:31:49.0353 3996 TFsExDisk (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
22:31:49.0355 3996 TFsExDisk - ok
22:31:49.0440 3996 Tosrfcom - ok
22:31:49.0501 3996 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:31:49.0503 3996 tssecsrv - ok
22:31:49.0575 3996 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:31:49.0577 3996 tunnel - ok
22:31:49.0626 3996 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:31:49.0626 3996 TVALZ - ok
22:31:49.0655 3996 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:31:49.0657 3996 uagp35 - ok
22:31:49.0683 3996 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
22:31:49.0688 3996 udfs - ok
22:31:49.0729 3996 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:31:49.0732 3996 uliagpkx - ok
22:31:49.0767 3996 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:31:49.0769 3996 umbus - ok
22:31:49.0786 3996 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:31:49.0788 3996 UmPass - ok
22:31:49.0849 3996 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
22:31:49.0852 3996 usbaudio - ok
22:31:49.0879 3996 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
22:31:49.0881 3996 usbccgp - ok
22:31:49.0902 3996 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:31:49.0904 3996 usbcir - ok
22:31:49.0929 3996 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
22:31:49.0931 3996 usbehci - ok
22:31:49.0973 3996 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
22:31:49.0978 3996 usbhub - ok
22:31:50.0044 3996 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
22:31:50.0046 3996 usbohci - ok
22:31:50.0068 3996 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:31:50.0069 3996 usbprint - ok
22:31:50.0099 3996 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:31:50.0101 3996 usbscan - ok
22:31:50.0127 3996 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:31:50.0129 3996 USBSTOR - ok
22:31:50.0144 3996 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:31:50.0145 3996 usbuhci - ok
22:31:50.0202 3996 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
22:31:50.0206 3996 usbvideo - ok
22:31:50.0251 3996 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:31:50.0251 3996 vdrvroot - ok
22:31:50.0322 3996 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:31:50.0324 3996 vga - ok
22:31:50.0342 3996 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:31:50.0344 3996 VgaSave - ok
22:31:50.0365 3996 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:31:50.0369 3996 vhdmp - ok
22:31:50.0395 3996 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:31:50.0396 3996 viaide - ok
22:31:50.0429 3996 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
22:31:50.0433 3996 vmbus - ok
22:31:50.0449 3996 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
22:31:50.0451 3996 VMBusHID - ok
22:31:50.0475 3996 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
22:31:50.0477 3996 volmgr - ok
22:31:50.0505 3996 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:31:50.0511 3996 volmgrx - ok
22:31:50.0532 3996 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:31:50.0537 3996 volsnap - ok
22:31:50.0572 3996 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:31:50.0576 3996 vsmraid - ok
22:31:50.0602 3996 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:31:50.0604 3996 vwifibus - ok
22:31:50.0624 3996 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:31:50.0626 3996 vwififlt - ok
22:31:50.0654 3996 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:31:50.0656 3996 vwifimp - ok
22:31:50.0685 3996 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:31:50.0686 3996 WacomPen - ok
22:31:50.0722 3996 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:31:50.0724 3996 WANARP - ok
22:31:50.0736 3996 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:31:50.0737 3996 Wanarpv6 - ok
22:31:50.0849 3996 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:31:50.0850 3996 Wd - ok
22:31:50.0884 3996 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:31:50.0893 3996 Wdf01000 - ok
22:31:50.0986 3996 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:31:50.0988 3996 WfpLwf - ok
22:31:51.0005 3996 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:31:51.0007 3996 WIMMount - ok
22:31:51.0090 3996 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Program Files (x86)\BatteryCare\WinRing0x64.sys
22:31:51.0091 3996 WinRing0_1_2_0 - ok
22:31:51.0199 3996 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
22:31:51.0201 3996 WinUsb - ok
22:31:51.0259 3996 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:31:51.0260 3996 WmiAcpi - ok
22:31:51.0293 3996 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:31:51.0295 3996 ws2ifsl - ok
22:31:51.0338 3996 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
22:31:51.0340 3996 WudfPf - ok
22:31:51.0377 3996 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:31:51.0381 3996 WUDFRd - ok
22:31:51.0497 3996 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
22:31:51.0506 3996 xnacc - ok
22:31:51.0523 3996 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:31:51.0600 3996 \Device\Harddisk0\DR0 - ok
22:31:51.0634 3996 Boot (0x1200) (7e0ad898f935e32f702d2aa5e7ad6604) \Device\Harddisk0\DR0\Partition0
22:31:51.0635 3996 \Device\Harddisk0\DR0\Partition0 - ok
22:31:51.0650 3996 Boot (0x1200) (71f92112d874ab33579a28fd4d1d46c0) \Device\Harddisk0\DR0\Partition1
22:31:51.0652 3996 \Device\Harddisk0\DR0\Partition1 - ok
22:31:51.0672 3996 Boot (0x1200) (384c4bb2faf4a9b96d58e6c85679ac40) \Device\Harddisk0\DR0\Partition2
22:31:51.0674 3996 \Device\Harddisk0\DR0\Partition2 - ok
22:31:51.0675 3996 ============================================================
22:31:51.0675 3996 Scan finished
22:31:51.0675 3996 ============================================================
22:31:51.0683 2512 Detected object count: 0
22:31:51.0683 2512 Actual detected object count: 0

Malwarebytes:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Versione database: v2012.01.28.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Angelo2 :: ANGEL-PORT [amministratore]

29/01/2012 22:34:46
mbam-log-2012-01-29 (22-38-47).txt

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 190208
Tempo impiegato: 3 minuti, 23 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Dati: C:\Users\Angelo2\AppData\Local\51cc80ad\X -> Nessuna azione intrapresa.

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)

Fai una scansione completa con Malwarebytes e allega il log

Valori di registro rilevati: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Dati: C:\Users\Angelo2\AppData\Local\51cc80ad\X -> Nessuna azione intrapresa.

gli elementi infetti vanno quarantenati, allega i log su uno dei Server Remoti indicati nelle Regole di sezione.

Su Malwarebytes come si mettono in quarantena i virus?

L'opzione è solo di ignorare o cancellare.

Su Malwarebytes come si mettono in quarantena i virus?

L'opzione è solo di ignorare o cancellare.

Gli elementi infetti rimossi vengono spostati direttamente in quarantena.

io rimango del parere che con comodo antivirus oltre a sandboxare i processi incerti riusciresti tranquillamente a risolvere..sennò prova con il live cd di kaspersky

Gli elementi infetti rimossi vengono spostati direttamente in quarantena.


Ma quindi in sostanza devo "ignorare" e basta, senza cliccare su Rimuovi?

Se sì l'ho già fatto una volta e non ha funzionato.

@OzzFan: in serata vi posto gli screen dei processi, perchè onestamente non vedo nulla di strano che prima non c'era.
Così magari dando voi un'occhiata mi sapete indirizzare meglio.

non possiamo sapere ogni singolo processo cosa fà..potresti avere hoopuh.exe che io reputerei sospetto ma magari sarà uno scanner..

Io ti ho dato un consiglio perchè comodo fa sandboxare i processi che si autoavviano così' dovresti farcela

EDIT:

Credo di aver risolto con Comodo, grazie.

Tuttavia lo trovo sComodo, in quanto a mio modo di vedere molto invasivo.

L'antivirus mi ha trovato lo stesso consrv che puntualmente dice di eliminare e non elimina, però il problema sembra scomparso per ora..

Grazie. Magari non chiudete la discussione, perchè il problema è random e potrebbe ricapitare.

Diventerà Comodo quando vedrai che starai senza virus,comunque le notifiche si possono personalizzare..

Tutti i file autoeseguibili non firmati sono sandboxati di default

Fai una scansione approfondita dalla modalità provvisoria

Ma quindi in sostanza devo "ignorare" e basta, senza cliccare su Rimuovi?

Se sì l'ho già fatto una volta e non ha funzionato.

@OzzFan: in serata vi posto gli screen dei processi, perchè onestamente non vedo nulla di strano che prima non c'era.
Così magari dando voi un'occhiata mi sapete indirizzare meglio.

Devi cliccare su rimuovi e vanno diritti in quarantena. Allega questo log :)

Ecco il log, CLICCA (http://www.mediafire.com/?syvut0emg7rym2i)

Non ho intrapreso alcuna azione perchè tanto non funziona.
Comunque in quel percorso non esiste la cartella X... il percorso reale si ferma a ...AppData\Local\51cc80ad
ed è vuota!

PS: probabilmente non mi ha rilevato consrv.dll perchè c'è Comodo che lo tiene a bada.

Tra l'altro, ho dovuto mettere Comodo in modalità leggera perchè mi blocca TUTTO, anche FireFox Optimizer, e anche mettendolo tra i file sicuri al riavvio torna tra quelli bloccati. Una scocciatura.

Comunque questo mi ha permesso di verificare che il file consrv.dll si rigenera ogni tot minuti (non è standard, ora tra 20 ora tra 10 ora tra 60)...

Ecco il log, CLICCA (http://www.mediafire.com/?syvut0emg7rym2i)

Non ho intrapreso alcuna azione perchè tanto non funziona.
Comunque in quel percorso non esiste la cartella X... il percorso reale si ferma a ...AppData\Local\51cc80ad
ed è vuota!

PS: probabilmente non mi ha rilevato consrv.dll perchè c'è Comodo che lo tiene a bada.

Tra l'altro, ho dovuto mettere Comodo in modalità leggera perchè mi blocca TUTTO, anche FireFox Optimizer, e anche mettendolo tra i file sicuri al riavvio torna tra quelli bloccati. Una scocciatura.

Comunque questo mi ha permesso di verificare che il file consrv.dll si rigenera ogni tot minuti (non è standard, ora tra 20 ora tra 10 ora tra 60)...


Il PC è il tuo pertanto fai come credi.

Perchè questa risposta?

Perchè questa risposta?

In funzione di questa


Non ho intrapreso alcuna azione perchè tanto non funziona.


dalla quale non si capisce se desideri ricevere assistenza oppure no.

Come avevo scritto al primo post (punto 5) e come ho detto qui a proposito di Comodo:

L'antivirus mi ha trovato lo stesso consrv che puntualmente dice di eliminare e non elimina, però il problema sembra scomparso per ora..


Rimuoverlo con qualsiasi antivirus non serve a niente, in quanto si rigenera.

Ecco perchè ho postato il log senza intraprendere alcuna azione, perchè pure andando a rimuoverlo tornava dopo qualche minuto.

Più che altro serve trovare una soluzione completa e secca, perchè adesso Comodo me lo tiene a bada però mi esce l'avviso ogni manciata di minuti in cui mi chiede di rimuovere o ignorare, ed io rimuovo sempre.

:D Ciao hai provato ad avviare il pc in modalita' provvisoria, scansionare con COMODO e quando lo rileva ad eliminarlo, i virus in modalita' provvisoria non si dovrebbero attivare.

Come avevo scritto al primo post (punto 5) e come ho detto qui a proposito di Comodo:



Rimuoverlo con qualsiasi antivirus non serve a niente, in quanto si rigenera.

Ecco perchè ho postato il log senza intraprendere alcuna azione, perchè pure andando a rimuoverlo tornava dopo qualche minuto.

Più che altro serve trovare una soluzione completa e secca, perchè adesso Comodo me lo tiene a bada però mi esce l'avviso ogni manciata di minuti in cui mi chiede di rimuovere o ignorare, ed io rimuovo sempre.

Scarica HitmanPro 3.6

http://www.surfright.nl/en/downloads/

non necessita installazione, al termine della scansione ed in caso di infezione provvederà alla rimozione gratuita.

Ragazzi dopo 2 giorni di "osservazione" sembra che con Hitman il problema sia stato risolto...
Anche provando a far partire Windows senza (s)Comodo non mi appare più alcun avviso nè errore durante la navigazione.
Però non chiudete perchè non si sa mai, comunque vi ringrazio per le dritte!

Ragazzi dopo 2 giorni di "osservazione" sembra che con Hitman il problema sia stato risolto...
Anche provando a far partire Windows senza (s)Comodo non mi appare più alcun avviso nè errore durante la navigazione.
Però non chiudete perchè non si sa mai, comunque vi ringrazio per le dritte!

Apri HitmanPro clicca su Setting - History ed allega uno screenshot, grazie.