Backdoor Agent persistente

[ShadyA&B]

Ragazzi salve a tutti,
sono alle prese con un maledetto virus.
Il file in questione è consrv.dll, che è un Backdoor.Agent...

Descrizione del problema:
Ogni tot di volte che apro una nuova scheda sul browser (qualunque) e mi indirizza automaticamente su mediashifting effettuando una sua particolare ricerca.
Ecco la barra indirizzi:

Codice:

http://auto.ricerca.alice.it/mediashifting.com?search=four+seasons+motors+missoula&subid=196&key=eb30c3cad83b33d6a476&p=1

La pagina mi restituisce DNS ERROR.

Antivirus e soluzioni provate

1. Googlando leggo di andare a vedere tra le perifiche Plug&Play nascoste alcune che riporta il sito della guida, ma io non le ho

2. Hijackthis non trova nulla

3. tdsskiller non trova nulla

4. Kaspersky Virus Removal Tool trova questa dll ma anche se la elimino si ricrea (sia in modalità provissoria che non)

5. Malwarebytes come KVRT, lo trova ma non lo elimina davvero

6. Ho provato un tool di Symantech per i Backdoor ma niente (non lo trova neppure)

7. Se elimino la dll a mano questa ritorna al riavvio

8. Tra i processi attivi e in avvio non c'è nulla di strano

9. Non è un reale problema di DNS, lo specifico, però comunque sono assegnati automaticamente

Chi mi da qualche altra dritta? Però non scansioni a tentativi, ci dev'essere sotto un particolare procedimento che ignoro...

[OzzFan]

Per quanto ne so se un programma si "rigenera" significano prevalentemente 2 cose:

1) c'è un file da qualche parte nel tuo hard disk che lo contiene/genera/scarica che potrebbe non essere rilevato da nessun antivirus

2)per avviarsi da solo deve essere per forza autoavviato oppure appartenere ad un albero di processi che lo attivano (in pratica hai delle dll di win infette)

Partendo dal presupposto che non ho la più pallida idea di che tipo di virus si tratti ti consiglio di avviare in modalità provvisoria e vedere se parte lo stesso..in caso affermativo se hai win 7 vai su start - tutti i programmi - esecuzione automatica e controlla che non ci sia nulla di sospetto.

Un buon antivirus è comodo antivirus poichè ogni processo che si avvia può essere sandboxato limitandone i diritti,provalo e fammi sapere se in modalità provvisoria parte lo stesso

[ShadyA&B]

Sospettavo l'una o l'altra la cosa, tant'è che ho specificato che non c'è nulla di strano..
Può essere utile postare la lista dei processi attivi e ciò che si attiva?

Perchè io comunque all'avvio, utilizzando il comando msconfig, seleziono cosa voglio far partire per non rallentare eccessivamente il sistema all'inizio.

Ditemi cosa dovrei postare, così da mettervi in condizione di capire cosa può rigenerare il file.

[Riku]

Ciao, allega il log di tdsskiller e Malwarebytes secondo le regole di sezione http://www.hwupgrade.it/forum/showthread.php?t=1751598

[ShadyA&B]

TDSSKiller:

Codice:

22:31:31.0127 3648	TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
22:31:31.0349 3648	============================================================
22:31:31.0349 3648	Current date / time: 2012/01/29 22:31:31.0349
22:31:31.0349 3648	SystemInfo:
22:31:31.0349 3648	
22:31:31.0349 3648	OS Version: 6.1.7600 ServicePack: 0.0
22:31:31.0350 3648	Product type: Workstation
22:31:31.0350 3648	ComputerName: ANGEL-PORT
22:31:31.0350 3648	UserName: Angelo2
22:31:31.0350 3648	Windows directory: C:\Windows
22:31:31.0350 3648	System windows directory: C:\Windows
22:31:31.0350 3648	Running under WOW64
22:31:31.0350 3648	Processor architecture: Intel x64
22:31:31.0350 3648	Number of processors: 4
22:31:31.0350 3648	Page size: 0x1000
22:31:31.0350 3648	Boot type: Normal boot
22:31:31.0350 3648	============================================================
22:31:32.0449 3648	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:31:32.0498 3648	Initialize success
22:31:36.0605 3996	============================================================
22:31:36.0605 3996	Scan started
22:31:36.0605 3996	Mode: Manual; 
22:31:36.0605 3996	============================================================
22:31:37.0883 3996	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:31:37.0886 3996	1394ohci - ok
22:31:38.0024 3996	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:31:38.0028 3996	ACPI - ok
22:31:38.0088 3996	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:31:38.0089 3996	AcpiPmi - ok
22:31:38.0159 3996	adfs            (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
22:31:38.0160 3996	adfs - ok
22:31:38.0309 3996	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:31:38.0316 3996	adp94xx - ok
22:31:38.0352 3996	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:31:38.0357 3996	adpahci - ok
22:31:38.0375 3996	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:31:38.0379 3996	adpu320 - ok
22:31:38.0446 3996	AFD             (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
22:31:38.0453 3996	AFD - ok
22:31:38.0511 3996	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:31:38.0513 3996	agp440 - ok
22:31:38.0606 3996	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:31:38.0607 3996	aliide - ok
22:31:38.0630 3996	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:31:38.0631 3996	amdide - ok
22:31:38.0656 3996	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:31:38.0658 3996	AmdK8 - ok
22:31:38.0863 3996	amdkmdag        (3d07f9c090c7a1d76d624972a5384471) C:\Windows\system32\DRIVERS\atikmdag.sys
22:31:38.0987 3996	amdkmdag - ok
22:31:39.0038 3996	amdkmdap        (99ab7e4b24c80155dc4296f657faf3c7) C:\Windows\system32\DRIVERS\atikmpag.sys
22:31:39.0039 3996	amdkmdap - ok
22:31:39.0109 3996	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:31:39.0111 3996	AmdPPM - ok
22:31:39.0131 3996	amdsata         (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
22:31:39.0133 3996	amdsata - ok
22:31:39.0170 3996	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:31:39.0173 3996	amdsbs - ok
22:31:39.0197 3996	amdxata         (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
22:31:39.0197 3996	amdxata - ok
22:31:39.0251 3996	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:31:39.0253 3996	AppID - ok
22:31:39.0350 3996	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:31:39.0352 3996	arc - ok
22:31:39.0386 3996	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:31:39.0389 3996	arcsas - ok
22:31:39.0432 3996	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:31:39.0434 3996	AsyncMac - ok
22:31:39.0457 3996	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:31:39.0457 3996	atapi - ok
22:31:39.0594 3996	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:31:39.0600 3996	b06bdrv - ok
22:31:39.0630 3996	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:31:39.0635 3996	b57nd60a - ok
22:31:39.0675 3996	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:31:39.0677 3996	Beep - ok
22:31:39.0710 3996	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:31:39.0712 3996	blbdrive - ok
22:31:39.0747 3996	bowser          (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
22:31:39.0749 3996	bowser - ok
22:31:39.0766 3996	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:31:39.0767 3996	BrFiltLo - ok
22:31:39.0776 3996	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:31:39.0777 3996	BrFiltUp - ok
22:31:39.0797 3996	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:31:39.0802 3996	Brserid - ok
22:31:39.0812 3996	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:31:39.0813 3996	BrSerWdm - ok
22:31:39.0832 3996	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:31:39.0833 3996	BrUsbMdm - ok
22:31:39.0842 3996	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:31:39.0843 3996	BrUsbSer - ok
22:31:39.0911 3996	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:31:39.0913 3996	BTHMODEM - ok
22:31:40.0003 3996	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:31:40.0005 3996	cdfs - ok
22:31:40.0065 3996	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:31:40.0068 3996	cdrom - ok
22:31:40.0159 3996	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:31:40.0161 3996	circlass - ok
22:31:40.0198 3996	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:31:40.0203 3996	CLFS - ok
22:31:40.0337 3996	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:31:40.0339 3996	CmBatt - ok
22:31:40.0372 3996	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:31:40.0374 3996	cmdide - ok
22:31:40.0407 3996	CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
22:31:40.0413 3996	CNG - ok
22:31:40.0516 3996	CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\Windows\system32\drivers\CHDRT64.sys
22:31:40.0520 3996	CnxtHdAudService - ok
22:31:40.0589 3996	CnxtHdmiAudService (89c99ab4ae9535f727791592d84d4821) C:\Windows\system32\drivers\CHDMI64.sys
22:31:40.0593 3996	CnxtHdmiAudService - ok
22:31:40.0629 3996	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:31:40.0630 3996	Compbatt - ok
22:31:40.0663 3996	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:31:40.0665 3996	CompositeBus - ok
22:31:40.0692 3996	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:31:40.0695 3996	crcdisk - ok
22:31:40.0747 3996	CSC             (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
22:31:40.0754 3996	CSC - ok
22:31:40.0856 3996	DfsC            (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
22:31:40.0859 3996	DfsC - ok
22:31:40.0943 3996	dgderdrv        (def365f0f6e017888c4b869d3ba4b8e0) C:\Windows\system32\drivers\dgderdrv.sys
22:31:40.0945 3996	dgderdrv - ok
22:31:40.0985 3996	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:31:40.0986 3996	discache - ok
22:31:41.0025 3996	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:31:41.0027 3996	Disk - ok
22:31:41.0145 3996	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:31:41.0147 3996	drmkaud - ok
22:31:41.0216 3996	dtsoftbus01     (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:31:41.0218 3996	dtsoftbus01 - ok
22:31:41.0286 3996	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
22:31:41.0291 3996	DXGKrnl - ok
22:31:41.0375 3996	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:31:41.0464 3996	ebdrv - ok
22:31:41.0566 3996	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:31:41.0573 3996	elxstor - ok
22:31:41.0592 3996	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:31:41.0594 3996	ErrDev - ok
22:31:41.0617 3996	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:31:41.0621 3996	exfat - ok
22:31:41.0647 3996	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:31:41.0651 3996	fastfat - ok
22:31:41.0786 3996	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:31:41.0788 3996	fdc - ok
22:31:41.0813 3996	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:31:41.0815 3996	FileInfo - ok
22:31:41.0848 3996	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:31:41.0850 3996	Filetrace - ok
22:31:41.0977 3996	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:31:41.0979 3996	flpydisk - ok
22:31:42.0000 3996	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:31:42.0004 3996	FltMgr - ok
22:31:42.0036 3996	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:31:42.0038 3996	FsDepends - ok
22:31:42.0055 3996	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:31:42.0055 3996	Fs_Rec - ok
22:31:42.0098 3996	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:31:42.0101 3996	fvevol - ok
22:31:42.0142 3996	FwLnk           (60acb128e64c35c2b4e4aab1b0a5c293) C:\Windows\system32\DRIVERS\FwLnk.sys
22:31:42.0143 3996	FwLnk - ok
22:31:42.0172 3996	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:31:42.0174 3996	gagp30kx - ok
22:31:42.0241 3996	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:31:42.0243 3996	hcw85cir - ok
22:31:42.0283 3996	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:31:42.0288 3996	HdAudAddService - ok
22:31:42.0371 3996	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:31:42.0373 3996	HDAudBus - ok
22:31:42.0428 3996	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
22:31:42.0430 3996	HECIx64 - ok
22:31:42.0464 3996	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:31:42.0465 3996	HidBatt - ok
22:31:42.0488 3996	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:31:42.0490 3996	HidBth - ok
22:31:42.0524 3996	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:31:42.0525 3996	HidIr - ok
22:31:42.0612 3996	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:31:42.0614 3996	HidUsb - ok
22:31:42.0676 3996	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:31:42.0678 3996	HpSAMD - ok
22:31:42.0737 3996	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:31:42.0759 3996	HTTP - ok
22:31:42.0934 3996	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:31:42.0934 3996	hwpolicy - ok
22:31:42.0950 3996	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:31:42.0952 3996	i8042prt - ok
22:31:43.0041 3996	iaStorV         (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
22:31:43.0046 3996	iaStorV - ok
22:31:43.0100 3996	IDMWFP          (71359fc89451bf54fa06f049d3a87adf) C:\Windows\system32\DRIVERS\idmwfp.sys
22:31:43.0101 3996	IDMWFP - ok
22:31:43.0177 3996	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:31:43.0179 3996	iirsp - ok
22:31:43.0283 3996	Impcd           (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
22:31:43.0286 3996	Impcd - ok
22:31:43.0320 3996	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:31:43.0322 3996	intelide - ok
22:31:43.0348 3996	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:31:43.0349 3996	intelppm - ok
22:31:43.0433 3996	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:31:43.0435 3996	IpFilterDriver - ok
22:31:43.0458 3996	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:31:43.0460 3996	IPMIDRV - ok
22:31:43.0558 3996	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:31:43.0560 3996	IPNAT - ok
22:31:43.0590 3996	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:31:43.0591 3996	IRENUM - ok
22:31:43.0637 3996	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:31:43.0639 3996	isapnp - ok
22:31:43.0672 3996	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:31:43.0676 3996	iScsiPrt - ok
22:31:43.0699 3996	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:31:43.0700 3996	kbdclass - ok
22:31:43.0819 3996	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:31:43.0820 3996	kbdhid - ok
22:31:43.0855 3996	KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
22:31:43.0857 3996	KSecDD - ok
22:31:43.0891 3996	KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
22:31:43.0894 3996	KSecPkg - ok
22:31:43.0932 3996	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:31:43.0934 3996	ksthunk - ok
22:31:44.0030 3996	L1C             (55480b9c63f3f91a8ebbadcbf28fe581) C:\Windows\system32\DRIVERS\L1C62x64.sys
22:31:44.0030 3996	L1C - ok
22:31:44.0133 3996	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:31:44.0135 3996	lltdio - ok
22:31:44.0260 3996	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:31:44.0263 3996	LSI_FC - ok
22:31:44.0278 3996	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:31:44.0280 3996	LSI_SAS - ok
22:31:44.0304 3996	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:31:44.0306 3996	LSI_SAS2 - ok
22:31:44.0330 3996	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:31:44.0332 3996	LSI_SCSI - ok
22:31:44.0357 3996	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:31:44.0359 3996	luafv - ok
22:31:44.0420 3996	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:31:44.0421 3996	megasas - ok
22:31:44.0475 3996	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:31:44.0479 3996	MegaSR - ok
22:31:44.0560 3996	mod7700         (74c85bbd2489949f5b325fdd886e662f) C:\Windows\system32\DRIVERS\mod7700.sys
22:31:44.0594 3996	mod7700 - ok
22:31:44.0634 3996	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:31:44.0636 3996	Modem - ok
22:31:44.0703 3996	MODRC           (21d0cbafd2e6ab86fd2bbfbcbebe71d6) C:\Windows\system32\DRIVERS\modrc.sys
22:31:44.0704 3996	MODRC - ok
22:31:44.0738 3996	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:31:44.0739 3996	monitor - ok
22:31:44.0770 3996	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:31:44.0771 3996	mouclass - ok
22:31:44.0866 3996	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:31:44.0868 3996	mouhid - ok
22:31:44.0894 3996	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:31:44.0896 3996	mountmgr - ok
22:31:44.0917 3996	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
22:31:44.0920 3996	mpio - ok
22:31:44.0936 3996	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:31:44.0938 3996	mpsdrv - ok
22:31:44.0964 3996	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:31:44.0967 3996	MRxDAV - ok
22:31:44.0998 3996	mrxsmb          (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:31:45.0001 3996	mrxsmb - ok
22:31:45.0028 3996	mrxsmb10        (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:31:45.0033 3996	mrxsmb10 - ok
22:31:45.0076 3996	mrxsmb20        (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:31:45.0079 3996	mrxsmb20 - ok
22:31:45.0107 3996	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
22:31:45.0107 3996	msahci - ok
22:31:45.0136 3996	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
22:31:45.0140 3996	msdsm - ok
22:31:45.0177 3996	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:31:45.0178 3996	Msfs - ok
22:31:45.0211 3996	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:31:45.0213 3996	mshidkmdf - ok
22:31:45.0247 3996	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:31:45.0248 3996	msisadrv - ok
22:31:45.0343 3996	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:31:45.0345 3996	MSKSSRV - ok
22:31:45.0371 3996	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:31:45.0373 3996	MSPCLOCK - ok
22:31:45.0386 3996	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:31:45.0387 3996	MSPQM - ok
22:31:45.0410 3996	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:31:45.0415 3996	MsRPC - ok
22:31:45.0440 3996	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:31:45.0440 3996	mssmbios - ok
22:31:45.0478 3996	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:31:45.0479 3996	MSTEE - ok
22:31:45.0498 3996	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:31:45.0500 3996	MTConfig - ok
22:31:45.0519 3996	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:31:45.0520 3996	Mup - ok
22:31:45.0607 3996	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:31:45.0612 3996	NativeWifiP - ok
22:31:45.0678 3996	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:31:45.0700 3996	NDIS - ok
22:31:45.0731 3996	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:31:45.0733 3996	NdisCap - ok
22:31:45.0765 3996	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:31:45.0766 3996	NdisTapi - ok
22:31:45.0784 3996	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:31:45.0786 3996	Ndisuio - ok
22:31:45.0811 3996	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:31:45.0814 3996	NdisWan - ok
22:31:45.0832 3996	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:31:45.0834 3996	NDProxy - ok
22:31:45.0851 3996	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:31:45.0853 3996	NetBIOS - ok
22:31:45.0872 3996	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:31:45.0876 3996	NetBT - ok
22:31:45.0916 3996	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:31:45.0918 3996	nfrd960 - ok
22:31:45.0949 3996	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:31:45.0951 3996	Npfs - ok
22:31:45.0966 3996	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:31:45.0968 3996	nsiproxy - ok
22:31:46.0012 3996	Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
22:31:46.0046 3996	Ntfs - ok
22:31:46.0070 3996	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:31:46.0072 3996	Null - ok
22:31:46.0093 3996	nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
22:31:46.0096 3996	nvraid - ok
22:31:46.0113 3996	nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
22:31:46.0117 3996	nvstor - ok
22:31:46.0159 3996	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:31:46.0162 3996	nv_agp - ok
22:31:46.0177 3996	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:31:46.0179 3996	ohci1394 - ok
22:31:46.0225 3996	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:31:46.0228 3996	Parport - ok
22:31:46.0249 3996	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
22:31:46.0252 3996	partmgr - ok
22:31:46.0277 3996	pccsmcfd - ok
22:31:46.0302 3996	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:31:46.0305 3996	pci - ok
22:31:46.0328 3996	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:31:46.0330 3996	pciide - ok
22:31:46.0349 3996	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:31:46.0353 3996	pcmcia - ok
22:31:46.0372 3996	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:31:46.0372 3996	pcw - ok
22:31:46.0407 3996	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:31:46.0416 3996	PEAUTH - ok
22:31:46.0564 3996	PGEffect        (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys
22:31:46.0564 3996	PGEffect - ok
22:31:46.0619 3996	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:31:46.0621 3996	PptpMiniport - ok
22:31:46.0645 3996	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:31:46.0647 3996	Processor - ok
22:31:46.0682 3996	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:31:46.0685 3996	Psched - ok
22:31:46.0761 3996	PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
22:31:46.0762 3996	PxHlpa64 - ok
22:31:46.0821 3996	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:31:46.0855 3996	ql2300 - ok
22:31:46.0884 3996	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:31:46.0887 3996	ql40xx - ok
22:31:46.0903 3996	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:31:46.0905 3996	QWAVEdrv - ok
22:31:46.0927 3996	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:31:46.0929 3996	RasAcd - ok
22:31:46.0958 3996	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:31:46.0960 3996	RasAgileVpn - ok
22:31:46.0990 3996	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:31:46.0993 3996	Rasl2tp - ok
22:31:47.0015 3996	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:31:47.0017 3996	RasPppoe - ok
22:31:47.0036 3996	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:31:47.0038 3996	RasSstp - ok
22:31:47.0065 3996	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:31:47.0070 3996	rdbss - ok
22:31:47.0086 3996	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:31:47.0087 3996	rdpbus - ok
22:31:47.0126 3996	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:31:47.0127 3996	RDPCDD - ok
22:31:47.0168 3996	RDPDR           (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
22:31:47.0172 3996	RDPDR - ok
22:31:47.0189 3996	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:31:47.0191 3996	RDPENCDD - ok
22:31:47.0216 3996	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:31:47.0218 3996	RDPREFMP - ok
22:31:47.0245 3996	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
22:31:47.0249 3996	RDPWD - ok
22:31:47.0276 3996	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
22:31:47.0280 3996	rdyboost - ok
22:31:47.0313 3996	RivaTuner64 - ok
22:31:47.0394 3996	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:31:47.0396 3996	rspndr - ok
22:31:47.0454 3996	RSUSBSTOR       (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
22:31:47.0459 3996	RSUSBSTOR - ok
22:31:47.0555 3996	rtl8192se       (7475548b0ba58eba4d12414fc9e9dfe6) C:\Windows\system32\DRIVERS\rtl8192se.sys
22:31:47.0561 3996	rtl8192se - ok
22:31:47.0617 3996	s3cap           (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
22:31:47.0618 3996	s3cap - ok
22:31:47.0671 3996	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:31:47.0673 3996	sbp2port - ok
22:31:47.0718 3996	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:31:47.0720 3996	scfilter - ok
22:31:47.0788 3996	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:31:47.0790 3996	secdrv - ok
22:31:47.0821 3996	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:31:47.0823 3996	Serenum - ok
22:31:47.0864 3996	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:31:47.0866 3996	Serial - ok
22:31:47.0923 3996	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:31:47.0925 3996	sermouse - ok
22:31:47.0980 3996	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
22:31:47.0982 3996	sffdisk - ok
22:31:47.0995 3996	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:31:47.0996 3996	sffp_mmc - ok
22:31:48.0012 3996	sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:31:48.0014 3996	sffp_sd - ok
22:31:48.0036 3996	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:31:48.0037 3996	sfloppy - ok
22:31:48.0076 3996	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:31:48.0078 3996	SiSRaid2 - ok
22:31:48.0111 3996	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:31:48.0113 3996	SiSRaid4 - ok
22:31:48.0162 3996	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:31:48.0164 3996	Smb - ok
22:31:48.0202 3996	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:31:48.0202 3996	spldr - ok
22:31:48.0264 3996	srv             (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
22:31:48.0270 3996	srv - ok
22:31:48.0331 3996	srv2            (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
22:31:48.0337 3996	srv2 - ok
22:31:48.0396 3996	srvnet          (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
22:31:48.0400 3996	srvnet - ok
22:31:48.0447 3996	sscebus         (f74634f46692c8315e7f37f698af3225) C:\Windows\system32\DRIVERS\sscebus.sys
22:31:48.0449 3996	sscebus - ok
22:31:48.0486 3996	sscemdfl        (82732b391efd69b0548044be9cb37bfc) C:\Windows\system32\DRIVERS\sscemdfl.sys
22:31:48.0488 3996	sscemdfl - ok
22:31:48.0508 3996	sscemdm         (43d56ace4469d90f9790e8352d87d9b5) C:\Windows\system32\DRIVERS\sscemdm.sys
22:31:48.0511 3996	sscemdm - ok
22:31:48.0540 3996	ssceserd        (db504ef6d73f6b8ab5cf8a18560c4e2a) C:\Windows\system32\DRIVERS\ssceserd.sys
22:31:48.0542 3996	ssceserd - ok
22:31:48.0638 3996	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:31:48.0640 3996	stexstor - ok
22:31:48.0687 3996	storflt         (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
22:31:48.0688 3996	storflt - ok
22:31:48.0708 3996	storvsc         (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
22:31:48.0710 3996	storvsc - ok
22:31:48.0738 3996	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:31:48.0738 3996	swenum - ok
22:31:48.0901 3996	SynTP           (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys
22:31:48.0903 3996	SynTP - ok
22:31:48.0974 3996	Tcpip           (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
22:31:49.0019 3996	Tcpip - ok
22:31:49.0150 3996	TCPIP6          (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
22:31:49.0159 3996	TCPIP6 - ok
22:31:49.0216 3996	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:31:49.0218 3996	tcpipreg - ok
22:31:49.0238 3996	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:31:49.0239 3996	TDPIPE - ok
22:31:49.0249 3996	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:31:49.0250 3996	TDTCP - ok
22:31:49.0273 3996	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:31:49.0275 3996	tdx - ok
22:31:49.0298 3996	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:31:49.0298 3996	TermDD - ok
22:31:49.0353 3996	TFsExDisk       (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
22:31:49.0355 3996	TFsExDisk - ok
22:31:49.0440 3996	Tosrfcom - ok
22:31:49.0501 3996	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:31:49.0503 3996	tssecsrv - ok
22:31:49.0575 3996	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:31:49.0577 3996	tunnel - ok
22:31:49.0626 3996	TVALZ           (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:31:49.0626 3996	TVALZ - ok
22:31:49.0655 3996	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:31:49.0657 3996	uagp35 - ok
22:31:49.0683 3996	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
22:31:49.0688 3996	udfs - ok
22:31:49.0729 3996	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:31:49.0732 3996	uliagpkx - ok
22:31:49.0767 3996	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:31:49.0769 3996	umbus - ok
22:31:49.0786 3996	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:31:49.0788 3996	UmPass - ok
22:31:49.0849 3996	usbaudio        (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
22:31:49.0852 3996	usbaudio - ok
22:31:49.0879 3996	usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
22:31:49.0881 3996	usbccgp - ok
22:31:49.0902 3996	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:31:49.0904 3996	usbcir - ok
22:31:49.0929 3996	usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
22:31:49.0931 3996	usbehci - ok
22:31:49.0973 3996	usbhub          (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
22:31:49.0978 3996	usbhub - ok
22:31:50.0044 3996	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
22:31:50.0046 3996	usbohci - ok
22:31:50.0068 3996	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:31:50.0069 3996	usbprint - ok
22:31:50.0099 3996	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:31:50.0101 3996	usbscan - ok
22:31:50.0127 3996	USBSTOR         (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:31:50.0129 3996	USBSTOR - ok
22:31:50.0144 3996	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:31:50.0145 3996	usbuhci - ok
22:31:50.0202 3996	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
22:31:50.0206 3996	usbvideo - ok
22:31:50.0251 3996	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:31:50.0251 3996	vdrvroot - ok
22:31:50.0322 3996	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:31:50.0324 3996	vga - ok
22:31:50.0342 3996	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:31:50.0344 3996	VgaSave - ok
22:31:50.0365 3996	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:31:50.0369 3996	vhdmp - ok
22:31:50.0395 3996	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:31:50.0396 3996	viaide - ok
22:31:50.0429 3996	vmbus           (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
22:31:50.0433 3996	vmbus - ok
22:31:50.0449 3996	VMBusHID        (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
22:31:50.0451 3996	VMBusHID - ok
22:31:50.0475 3996	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
22:31:50.0477 3996	volmgr - ok
22:31:50.0505 3996	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:31:50.0511 3996	volmgrx - ok
22:31:50.0532 3996	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:31:50.0537 3996	volsnap - ok
22:31:50.0572 3996	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:31:50.0576 3996	vsmraid - ok
22:31:50.0602 3996	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:31:50.0604 3996	vwifibus - ok
22:31:50.0624 3996	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:31:50.0626 3996	vwififlt - ok
22:31:50.0654 3996	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:31:50.0656 3996	vwifimp - ok
22:31:50.0685 3996	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:31:50.0686 3996	WacomPen - ok
22:31:50.0722 3996	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:31:50.0724 3996	WANARP - ok
22:31:50.0736 3996	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:31:50.0737 3996	Wanarpv6 - ok
22:31:50.0849 3996	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:31:50.0850 3996	Wd - ok
22:31:50.0884 3996	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:31:50.0893 3996	Wdf01000 - ok
22:31:50.0986 3996	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:31:50.0988 3996	WfpLwf - ok
22:31:51.0005 3996	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:31:51.0007 3996	WIMMount - ok
22:31:51.0090 3996	WinRing0_1_2_0  (0c0195c48b6b8582fa6f6373032118da) C:\Program Files (x86)\BatteryCare\WinRing0x64.sys
22:31:51.0091 3996	WinRing0_1_2_0 - ok
22:31:51.0199 3996	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
22:31:51.0201 3996	WinUsb - ok
22:31:51.0259 3996	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:31:51.0260 3996	WmiAcpi - ok
22:31:51.0293 3996	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:31:51.0295 3996	ws2ifsl - ok
22:31:51.0338 3996	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
22:31:51.0340 3996	WudfPf - ok
22:31:51.0377 3996	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:31:51.0381 3996	WUDFRd - ok
22:31:51.0497 3996	xnacc           (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
22:31:51.0506 3996	xnacc - ok
22:31:51.0523 3996	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:31:51.0600 3996	\Device\Harddisk0\DR0 - ok
22:31:51.0634 3996	Boot (0x1200)   (7e0ad898f935e32f702d2aa5e7ad6604) \Device\Harddisk0\DR0\Partition0
22:31:51.0635 3996	\Device\Harddisk0\DR0\Partition0 - ok
22:31:51.0650 3996	Boot (0x1200)   (71f92112d874ab33579a28fd4d1d46c0) \Device\Harddisk0\DR0\Partition1
22:31:51.0652 3996	\Device\Harddisk0\DR0\Partition1 - ok
22:31:51.0672 3996	Boot (0x1200)   (384c4bb2faf4a9b96d58e6c85679ac40) \Device\Harddisk0\DR0\Partition2
22:31:51.0674 3996	\Device\Harddisk0\DR0\Partition2 - ok
22:31:51.0675 3996	============================================================
22:31:51.0675 3996	Scan finished
22:31:51.0675 3996	============================================================
22:31:51.0683 2512	Detected object count: 0
22:31:51.0683 2512	Actual detected object count: 0

Malwarebytes:

Codice:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Versione database: v2012.01.28.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Angelo2 :: ANGEL-PORT [amministratore]

29/01/2012 22:34:46
mbam-log-2012-01-29 (22-38-47).txt

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 190208
Tempo impiegato: 3 minuti, 23 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Dati: C:\Users\Angelo2\AppData\Local\51cc80ad\X -> Nessuna azione intrapresa.

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)

[Riku]

Fai una scansione completa con Malwarebytes e allega il log

[Chill-Out]

Quote:

Valori di registro rilevati: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Dati: C:\Users\Angelo2\AppData\Local\51cc80ad\X -> Nessuna azione intrapresa.

gli elementi infetti vanno quarantenati, allega i log su uno dei Server Remoti indicati nelle Regole di sezione.

[ShadyA&B]

Su Malwarebytes come si mettono in quarantena i virus?

L'opzione è solo di ignorare o cancellare.

[Chill-Out]

Quote:

Originariamente inviato da ShadyA&B

Su Malwarebytes come si mettono in quarantena i virus?

L'opzione è solo di ignorare o cancellare.

Gli elementi infetti rimossi vengono spostati direttamente in quarantena.

[OzzFan]

io rimango del parere che con comodo antivirus oltre a sandboxare i processi incerti riusciresti tranquillamente a risolvere..sennò prova con il live cd di kaspersky

[ShadyA&B]

Quote:

Originariamente inviato da Chill-Out

Gli elementi infetti rimossi vengono spostati direttamente in quarantena.

Ma quindi in sostanza devo "ignorare" e basta, senza cliccare su Rimuovi?

Se sì l'ho già fatto una volta e non ha funzionato.

@OzzFan: in serata vi posto gli screen dei processi, perchè onestamente non vedo nulla di strano che prima non c'era.
Così magari dando voi un'occhiata mi sapete indirizzare meglio.

[OzzFan]

non possiamo sapere ogni singolo processo cosa fà..potresti avere hoopuh.exe che io reputerei sospetto ma magari sarà uno scanner..

Io ti ho dato un consiglio perchè comodo fa sandboxare i processi che si autoavviano così' dovresti farcela

[ShadyA&B]

EDIT:

Credo di aver risolto con Comodo, grazie.

Tuttavia lo trovo sComodo, in quanto a mio modo di vedere molto invasivo.

L'antivirus mi ha trovato lo stesso consrv che puntualmente dice di eliminare e non elimina, però il problema sembra scomparso per ora..

Grazie. Magari non chiudete la discussione, perchè il problema è random e potrebbe ricapitare.

[OzzFan]

Diventerà Comodo quando vedrai che starai senza virus,comunque le notifiche si possono personalizzare..

Tutti i file autoeseguibili non firmati sono sandboxati di default

Fai una scansione approfondita dalla modalità provvisoria

[Chill-Out]

Quote:

Originariamente inviato da ShadyA&B

Ma quindi in sostanza devo "ignorare" e basta, senza cliccare su Rimuovi?

Se sì l'ho già fatto una volta e non ha funzionato.

@OzzFan: in serata vi posto gli screen dei processi, perchè onestamente non vedo nulla di strano che prima non c'era.
Così magari dando voi un'occhiata mi sapete indirizzare meglio.

Devi cliccare su rimuovi e vanno diritti in quarantena. Allega questo log

[ShadyA&B]

Ecco il log, CLICCA

Non ho intrapreso alcuna azione perchè tanto non funziona.
Comunque in quel percorso non esiste la cartella X... il percorso reale si ferma a ...AppData\Local\51cc80ad
ed è vuota!

PS: probabilmente non mi ha rilevato consrv.dll perchè c'è Comodo che lo tiene a bada.

Tra l'altro, ho dovuto mettere Comodo in modalità leggera perchè mi blocca TUTTO, anche FireFox Optimizer, e anche mettendolo tra i file sicuri al riavvio torna tra quelli bloccati. Una scocciatura.

Comunque questo mi ha permesso di verificare che il file consrv.dll si rigenera ogni tot minuti (non è standard, ora tra 20 ora tra 10 ora tra 60)...

[Chill-Out]

Quote:

Originariamente inviato da ShadyA&B

Ecco il log, CLICCA

Non ho intrapreso alcuna azione perchè tanto non funziona.
Comunque in quel percorso non esiste la cartella X... il percorso reale si ferma a ...AppData\Local\51cc80ad
ed è vuota!

PS: probabilmente non mi ha rilevato consrv.dll perchè c'è Comodo che lo tiene a bada.

Tra l'altro, ho dovuto mettere Comodo in modalità leggera perchè mi blocca TUTTO, anche FireFox Optimizer, e anche mettendolo tra i file sicuri al riavvio torna tra quelli bloccati. Una scocciatura.

Comunque questo mi ha permesso di verificare che il file consrv.dll si rigenera ogni tot minuti (non è standard, ora tra 20 ora tra 10 ora tra 60)...

Il PC è il tuo pertanto fai come credi.

[ShadyA&B]

Perchè questa risposta?

[Chill-Out]

Quote:

Originariamente inviato da ShadyA&B

Perchè questa risposta?

In funzione di questa

Quote:

Originariamente inviato da ShadyA&B

Non ho intrapreso alcuna azione perchè tanto non funziona.

dalla quale non si capisce se desideri ricevere assistenza oppure no.

[ShadyA&B]

Come avevo scritto al primo post (punto 5) e come ho detto qui a proposito di Comodo:

Quote:

Originariamente inviato da ShadyA&B

L'antivirus mi ha trovato lo stesso consrv che puntualmente dice di eliminare e non elimina, però il problema sembra scomparso per ora..

Rimuoverlo con qualsiasi antivirus non serve a niente, in quanto si rigenera.

Ecco perchè ho postato il log senza intraprendere alcuna azione, perchè pure andando a rimuoverlo tornava dopo qualche minuto.

Più che altro serve trovare una soluzione completa e secca, perchè adesso Comodo me lo tiene a bada però mi esce l'avviso ogni manciata di minuti in cui mi chiede di rimuovere o ignorare, ed io rimuovo sempre.