probabile keylogger, combofixlog

[Franco72]

Salve a tutti, rieccomi a chiedere il vostro aiuto (questa è la mia terza iscrizione..., scusatemi)
allora avendo avuto il sospetto che avevo un keylogger sul pc (O.S. Windows 7 a 64 bit Home Premium) ho installato KL detector il quale rileva file sospetti e indica la possibilità di presenza di uno o più keylogger, ho quindi proceduto ad installare e a far girare Spybot e Comodo Internet Security che hanno eliminato poche cose, io ho proceduto anche all'eliminazione di alcune cartelle che per KL detector contenevono i file sospette (non tutte), ma KL detector continuava a rilevare la possibile presenza di keylogger ho quindi fatto girare combofix, due volte in quanto dopo la prima pur aspettando una mezz'ora non completava il report, ho quindi il report di combofix ma non so leggerlo (KL detector continua a segnalare la presenza di keyloggers) quindi ve lo posto

Come non detto non me lo fa posta mi dice che non posso posta link aspetterò

[FrancescoFDAC]

Franco devi scrivere almeno 5 messaggi se non ricordo male, presentati, fai un giro nelle altre sezioni, di la tua..

Poi allega il log.


Francesco

[Franco72]

ma io non lo volevo allegare lo avevo incollato ma comunque farò un giretto

[Franco72]

vediamo un po avendo spammato un po in giro me fa incolla il log

ComboFix 11-12-27.01 - Andropov 27/12/2011 16:36:14.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3839.1978 [GMT 1:00]
Eseguito da: C:\Users\Andropov\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))


---- Esecuzione precedente -------

C:\Users\Andropov\Desktop\Internet Explorer.lnk
C:\Windows\security\Database\tmp.edb
C:\Windows\system32\java.exe


((((((((((((((((((((((((( Files Creati Da 2011-11-27 al 2011-12-27 )))))))))))))))))))))))))))))))))))


2011-12-27 15:53:42 . 2011-12-27 15:53:42 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-12-27 15:53:41 . 2011-12-27 15:53:41 -------- d-----w- C:\Users\Gagarin\AppData\Local\temp
2011-12-27 14:49:13 . 2011-12-27 14:49:15 -------- d-----w- C:\ProgramData\CPA_VA
2011-12-27 14:47:51 . 2011-12-27 14:47:51 -------- d-----w- C:\VritualRoot
2011-12-27 12:33:57 . 2011-12-27 12:35:16 -------- d-----w- C:\ProgramData\Comodo
2011-12-27 12:33:51 . 2011-12-27 12:34:06 -------- d-----w- C:\Program Files\COMODO
2011-12-27 12:33:47 . 2011-12-27 12:33:47 -------- d-----w- C:\Program Files (x86)\Comodo
2011-12-27 12:32:50 . 2011-12-27 12:32:50 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2011-12-27 12:32:32 . 2011-12-27 12:32:32 -------- d-sh--w- C:\Windows\system32\%APPDATA%
2011-12-27 12:20:17 . 2011-11-21 11:40:38 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{494B5A54-56AE-4BCA-8278-3F3910237326}\mpengine.dll
2011-12-26 14:19:05 . 2011-12-26 14:37:19 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-12-26 14:19:05 . 2011-12-26 14:21:09 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-12-26 13:49:47 . 2011-12-26 13:49:47 388096 ----a-r- C:\Users\Andropov\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-26 13:49:47 . 2011-12-26 13:49:47 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-12-19 17:59:20 . 2011-12-19 17:59:20 93200 ----a-w- C:\Windows\system32\drivers\inspect.sys
2011-12-19 17:59:18 . 2011-12-19 17:59:18 577824 ----a-w- C:\Windows\system32\drivers\cmdGuard.sys
2011-12-19 17:59:18 . 2011-12-19 17:59:18 43248 ----a-w- C:\Windows\system32\drivers\cmdhlp.sys
2011-12-19 17:59:16 . 2011-12-19 17:59:16 22696 ----a-w- C:\Windows\system32\drivers\cmderd.sys
2011-12-19 17:58:58 . 2011-12-19 17:58:58 41200 ----a-w- C:\Windows\system32\cmdcsr.dll
2011-12-19 17:58:56 . 2011-12-19 17:58:56 389840 ----a-w- C:\Windows\system32\guard64.dll
2011-12-19 17:58:56 . 2011-12-19 17:58:56 301224 ----a-w- C:\Windows\SysWow64\guard32.dll
2011-12-15 18:57:24 . 2011-12-15 18:57:24 375632 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-15 11:24:41 . 2011-10-15 06:31:56 723456 ----a-w- C:\Windows\system32\EncDec.dll
2011-12-15 11:24:40 . 2011-10-15 05:38:59 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 11:24:33 . 2011-11-05 05:32:50 2048 ----a-w- C:\Windows\system32\tzres.dll
2011-12-15 11:24:33 . 2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-14 19:43:10 . 2011-12-14 19:43:10 -------- d-----w- C:\Program Files (x86)\Common Files\Java
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

2011-11-19 19:32:32 . 2011-11-19 19:32:32 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-11-14 11:25:41 . 2011-07-03 08:29:02 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 04:06:03 . 2011-06-06 10:09:19 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-29 16:29:28 . 2011-11-09 19:48:26 1923952 ----a-w- C:\Windows\system32\drivers\tcpip.sys


((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "C:\Program Files (x86)\Vuze_Remote\tbVuze.dll" [2010-04-15 10:33:48 2515552]
"{59506042-42a8-4ef6-82c9-35177bfb7f6f}"= "C:\Program Files (x86)\ZoneAlarm_IT\prxtbZone.dll" [2011-05-09 09:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{59506042-42a8-4ef6-82c9-35177bfb7f6f}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{59506042-42a8-4ef6-82c9-35177bfb7f6f}]
2011-05-09 09:49:38 176936 ----a-w- C:\Program Files (x86)\ZoneAlarm_IT\prxtbZone.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-04-15 10:33:48 2515552 ----a-w- C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "C:\Program Files (x86)\Vuze_Remote\tbVuze.dll" [2010-04-15 10:33:48 2515552]
"{59506042-42a8-4ef6-82c9-35177bfb7f6f}"= "C:\Program Files (x86)\ZoneAlarm_IT\prxtbZone.dll" [2011-05-09 09:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{59506042-42a8-4ef6-82c9-35177bfb7f6f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 14:26:44 1685048]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-03 23:54:19 39408]
"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 15:07:20 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 09:47:28 62768]
"HP Remote Solution"="C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 02:11:15 656896]
"HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 13:50:04 54576]
"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 11:00:00 60464]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 13:22:01 281768]
"hpqSRMon"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 16:33:36 150528]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 22:58:10 37296]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 04:59:06 937920]
"ZoneAlarm"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 19:01:38 73360]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696]
"COMODO"="C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 10:27:10 213304]
"CPA"="C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 10:27:12 184120]

C:\Users\Gagarin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

C:\Users\Andropov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\SysWOW64\guard32.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe [2009-07-14 01:39:46 27136]
R2 gupdate;Servizio di Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-04 10:17:32 135664]
R3 dump_wmimmc;dump_wmimmc;C:\Program Files (x86)\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Servizio Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-04 10:17:32 135664]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-09-17 05:57:46 23536]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 17:10:10 57184]
S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [x]
S2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 10:27:10 1267000]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 16:27:38 92216]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 14:44:22 33672]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 14:44:42 827520]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 14:31:10 1153368]


--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - CMDERD

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

Contenuto della cartella 'Scheduled Tasks'

2011-12-27 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-04 10:17:33 . 2010-05-04 10:17:32]

2011-12-27 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-04 10:17:33 . 2010-05-04 10:17:32]

2010-05-03 C:\Windows\Tasks\PCDRScheduledMaintenance.job
- C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11:04 . 2009-09-18 07:11:04]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2009-07-29 09:21:26 16333856]
"PC-Doctor for Windows localizer"="C:\Program Files\PC-Doctor for Windows\localizer.exe" [2009-09-17 05:57:42 95728]
"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 08:11:56 660360]
"ISW"="C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 14:44:38 1125504]
"COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-20 23:41:46 9454920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=C:\Windows\System32\guard64.dll

------- Scansione supplementare -------

uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/firefox?client=fir ... t:official
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

- - - - CHIAVI ORFANE RIMOSSE - - - -

URLSearchHooks-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
Wow6432Node-HKCU-Run-{8C237BA5-9BDE-92CC-3B4B-F24A327887D5} - C:\Users\Andropov\AppData\Roaming\Yxguyl\vezuriv.exe
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
WebBrowser-{59506042-42A8-4EF6-82C9-35177BFB7F6F} - (no file)
AddRemove-EasyBits Magic Desktop - C:\Windows\system32\ezMDUninstall.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - C:\Program Files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe


allora che dice questo log? quale problema rileva?

ciao e grazie

[FrancescoFDAC]

Disinstalla Spybot (inutile) e Vuze_Remote Toolbar.

Consiglio: disinstalla pure ZoneAlarm, hai già comodo e avira.

Fammi sapere

[Franco72]

ho disinstallato spybot, vuze toolbar, n'altro paio di toolbar ma zone alarm non me lo fa disinstalla me dice che non lo posso INSTALLARE perché c'è comodo.

ma vedendo il log si capisce che c'è qualcosa che non va?

[Franco72]

questo è quello che dice Kl-detector

KL-Detector has found a suspicious file:
C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\sessionstore-24.js

Please check; someone might have installed a keylogger on your computer!


You MAY want to take a look at:
C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\
C:\Users\Andropov\
C:\Windows\Prefetch\
C:\Users\Andropov\AppData\Local\Mozilla\Firefox\Profiles\k5c07l8v.default\Cache\
C:\Windows\System32\config\


ma cercando il primo file non si trova, in quella cartella ci sono file con nome simile ma non il -24
la cartella k5c.... non è cancellabile, dice che è in uso.
ma una votla che ho guardato le cartelle che devo cerca?

[FrancescoFDAC]

Personalmente non ho mai fatto uso di Keylogger, li reputo fastidiosi e comunque inutili.
Disinstalla KL-Detector, segui il mio consiglio.

Per disinstallare Zonealarm attieniti a questa procedura:

Disinstalla Zone Alarm:
● cessane l'esecuzione dalla Traybar (vicino all'orologio)
● clicca su Start - Pannello di Controllo - Installazione Applicazioni e disinstalla Zone Alarm

Scarica Zone Alarm Removal Tool: http://download.zonealarm.com/bin/free/ ... /clean.exe
● posiziona il file sul Desktop
● doppio click sul tool per eseguirlo
● segui le istruzioni che verranno rilasciate dal programma per rimuovere correttamente l'antivirus in questione
● riavvia il sistema

Infine:

Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
● posiziona il tool sul Desktop
● chiudi tutti i programmi attivi
● avvia il tool con un doppio click
● clicca sul pulsante CleanUp!
● il programma chiede di riavviare il sistema: consenti, cliccando su Yes per due volte

Riavvia il PC, ed esegui nuovamente ComboFix, seguendo passo per passo le indicazioni sottostanti (sono importanti, ricordati specialmente di salvarlo sul Desktop e non nella cartella Downloads)

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
● disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
● disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un doppio click
● segui le istruzioni che verranno rilasciate per eseguire la scansione
● in caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare
● senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
● sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato da te dopo l'utilizzo del software stesso.
Lo stesso vale per me; questo tool non è un giocattolo e non è destinato all'utilizzo quotidiano. Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
● ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette, Hard Disk Esterni, Lettori MP3...) per prevenire future minacce: quando inserisci una Pendrive, sarai costretto ad avviarla dalle Risorse del computer. Una precauzione in più, una possibile minaccia in meno

[Franco72]

procederò nella lunga serie di operazioni
comunque io non ho installato nessun keylogger, ho avuto il sospetto che dall'esterno l'avessero installato (ovviamente con aiuto inconsapevole all'interno) perché ho avuto un problema (furto) su un gioco on line, alla prossima e grazie per l'aiuto

[FrancescoFDAC]

Esegui pure la procedura indicata. Attendo il report.

[Franco72]

combofix non funziona fa l'installazione ma dopo non parte

[Franco72]

combofix non funziona fa l'installazione ma dopo non parte

scrive "impossibile trovare il file NIRCMD. verificare che il nome del file sia corretto, quindi riprovare

[FrancescoFDAC]

Hai eseguito prima OTC?

[Franco72]

certo

[FrancescoFDAC]

Scarica ed installa HitmanPro: http://www.surfright.nl/en/downloads
● scegli la versione adatta al tuo Sistema Operativo (32Bit o 64Bit)
● una volta lanciato, nella finestra principale clicca su Impostazioni
● clicca su Licenza ed attiva la licenza
● clicca su scansione di default (consigliato)
● al termine della scansione ti verrà mostrato un riepilogo: nella finestra di riepilogo, in basso a sinistra, avrai modo di salvare il Report generato che dovrai allegare

Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● clicca due volte sul file TDSSKiller.exe per avviare l'applicazione
● successivamente premi il pulsante Start scan

Nota - riguardo al programma:
● non cliccare sul pulsante Stop scan per nessun motivo, la scansione si interromperebbe

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure: clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip: clicca quindi su Continua
● se non viene rilevato nulla, chiudi semplicemente il programma

Una volta terminata la scansione, si presenterà una di queste due opzioni:
● non è necessario il riavvio del sistema: allega il Report situato nel Disco Locale C:\, di nome TDSSKiller.[Version]_[Date]_[Time]_log.txt
● è necessario riavviare il sistema: clicca su Riavvia ora, infine allega il risultato della scansione (si trova nello stesso percorso menzionato poco fa')

[Franco72]

questo è il report di Hitman ma non so se è davvero così

<Log computer="SOYUZ27" scan="Normal" version="3.5.9.131" date="2011-12-29T23:58:16" timeSpentInSecs="238" filesProcessed="31984">
- <Item type="Suspicious" score="40.0" status="None">
<File path="C:\ProgramData\WildTangent\My HP Game Console\Downloads\it\Installers\dragonball\prodinfo_dragonball_1.0.0.2103.exe" hash="8FEDBDB69E1ED7013C7C941F41D53FBA109127A6EE0F529108198EAF8B621671" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Microsoft\Windows\Cookies\andropov@247realmedia[1].txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Microsoft\Windows\Cookies\andropov@adbrite[2].txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Microsoft\Windows\Cookies\andropov@bs.serving-sys[1].txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Microsoft\Windows\Cookies\andropov@content.yieldmanager[3].txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Microsoft\Windows\Cookies\andropov@content.yieldmanager[4].txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Microsoft\Windows\Cookies\andropov@hotlog[1].txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Microsoft\Windows\Cookies\andropov@realmedia[2].txt" />
</Item>
- <Item type="Repair" score="0.0" status="DeleteFailed">
<File path="C:\Users\Andropov\AppData\Roaming\Microsoft\Windows\Cookies\andropov@realmedia[3].txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Microsoft\Windows\Cookies\andropov@serving-sys[1].txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Microsoft\Windows\Cookies\andropov@tribalfusion[2].txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Microsoft\Windows\Cookies\andropov@yadro[1].txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Microsoft\Windows\Cookies\C9BP01TC.txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Microsoft\Windows\Cookies\KX6LF3YY.txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:247realmedia.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:ad.360yield.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:ad.adc-serv.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:ad.zanox.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:adbrite.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:adinterax.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:ads.advextreme.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:ads.bleepingcomputer.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:adtech.de" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:at.atwola.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:bs.serving-sys.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:collective-media.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:fl01.ct2.comclick.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:interclick.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:invitemedia.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:kontera.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:media6degrees.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:pg2.solution.weborama.fr" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:revsci.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:ru4.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:serving-sys.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:tribalfusion.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:weborama.fr" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Andropov\AppData\Roaming\Mozilla\Firefox\Profiles\k5c07l8v.default\cookies.sqlite:yieldmanager.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Gagarin\AppData\Roaming\Mozilla\Firefox\Profiles\1e72krly.default\cookies.sqlite:ad.wsod.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Gagarin\AppData\Roaming\Mozilla\Firefox\Profiles\1e72krly.default\cookies.sqlite:ad.yieldmanager.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Gagarin\AppData\Roaming\Mozilla\Firefox\Profiles\1e72krly.default\cookies.sqlite:adbrite.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Gagarin\AppData\Roaming\Mozilla\Firefox\Profiles\1e72krly.default\cookies.sqlite:advertising.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Gagarin\AppData\Roaming\Mozilla\Firefox\Profiles\1e72krly.default\cookies.sqlite:apmebf.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Gagarin\AppData\Roaming\Mozilla\Firefox\Profiles\1e72krly.default\cookies.sqlite:atdmt.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Gagarin\AppData\Roaming\Mozilla\Firefox\Profiles\1e72krly.default\cookies.sqlite:casalemedia.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Gagarin\AppData\Roaming\Mozilla\Firefox\Profiles\1e72krly.default\cookies.sqlite:doubleclick.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Gagarin\AppData\Roaming\Mozilla\Firefox\Profiles\1e72krly.default\cookies.sqlite:findarticles.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Gagarin\AppData\Roaming\Mozilla\Firefox\Profiles\1e72krly.default\cookies.sqlite:kontera.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Gagarin\AppData\Roaming\Mozilla\Firefox\Profiles\1e72krly.default\cookies.sqlite:mediaplex.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Gagarin\AppData\Roaming\Mozilla\Firefox\Profiles\1e72krly.default\cookies.sqlite:msnportal.112.2o7.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Gagarin\AppData\Roaming\Mozilla\Firefox\Profiles\1e72krly.default\cookies.sqlite:revsci.net" />
</Item>
</Log>

[Franco72]

questo quello di TDSS

00:07:11.0410 3688 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
00:07:11.0535 3688 ============================================================
00:07:11.0535 3688 Current date / time: 2011/12/30 00:07:11.0535
00:07:11.0535 3688 SystemInfo:
00:07:11.0535 3688
00:07:11.0535 3688 OS Version: 6.1.7601 ServicePack: 1.0
00:07:11.0535 3688 Product type: Workstation
00:07:11.0535 3688 ComputerName: SOYUZ27
00:07:11.0535 3688 UserName: Andropov
00:07:11.0535 3688 Windows directory: C:\Windows
00:07:11.0535 3688 System windows directory: C:\Windows
00:07:11.0535 3688 Running under WOW64
00:07:11.0535 3688 Processor architecture: Intel x64
00:07:11.0535 3688 Number of processors: 2
00:07:11.0535 3688 Page size: 0x1000
00:07:11.0535 3688 Boot type: Normal boot
00:07:11.0535 3688 ============================================================
00:07:12.0486 3688 Initialize success
00:07:21.0129 1868 ============================================================
00:07:21.0129 1868 Scan started
00:07:21.0129 1868 Mode: Manual;
00:07:21.0129 1868 ============================================================
00:07:22.0174 1868 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:07:22.0189 1868 1394ohci - ok
00:07:22.0221 1868 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:07:22.0221 1868 ACPI - ok
00:07:22.0252 1868 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:07:22.0267 1868 AcpiPmi - ok
00:07:22.0314 1868 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:07:22.0330 1868 adp94xx - ok
00:07:22.0361 1868 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:07:22.0377 1868 adpahci - ok
00:07:22.0392 1868 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:07:22.0408 1868 adpu320 - ok
00:07:22.0455 1868 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
00:07:22.0470 1868 AFD - ok
00:07:22.0501 1868 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:07:22.0517 1868 agp440 - ok
00:07:22.0533 1868 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:07:22.0533 1868 aliide - ok
00:07:22.0564 1868 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:07:22.0564 1868 amdide - ok
00:07:22.0595 1868 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:07:22.0611 1868 AmdK8 - ok
00:07:22.0626 1868 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:07:22.0626 1868 AmdPPM - ok
00:07:22.0657 1868 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:07:22.0657 1868 amdsata - ok
00:07:22.0689 1868 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:07:22.0704 1868 amdsbs - ok
00:07:22.0720 1868 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:07:22.0720 1868 amdxata - ok
00:07:22.0782 1868 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:07:22.0798 1868 AppID - ok
00:07:22.0813 1868 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:07:22.0829 1868 arc - ok
00:07:22.0845 1868 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:07:22.0845 1868 arcsas - ok
00:07:22.0907 1868 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:07:22.0907 1868 AsyncMac - ok
00:07:22.0938 1868 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:07:22.0938 1868 atapi - ok
00:07:22.0985 1868 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
00:07:22.0985 1868 avgntflt - ok
00:07:23.0047 1868 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
00:07:23.0047 1868 avipbb - ok
00:07:23.0125 1868 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:07:23.0157 1868 b06bdrv - ok
00:07:23.0188 1868 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:07:23.0203 1868 b57nd60a - ok
00:07:23.0219 1868 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:07:23.0219 1868 Beep - ok
00:07:23.0281 1868 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:07:23.0281 1868 blbdrive - ok
00:07:23.0328 1868 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:07:23.0344 1868 bowser - ok
00:07:23.0359 1868 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:07:23.0359 1868 BrFiltLo - ok
00:07:23.0375 1868 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:07:23.0375 1868 BrFiltUp - ok
00:07:23.0437 1868 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:07:23.0453 1868 Brserid - ok
00:07:23.0484 1868 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:07:23.0484 1868 BrSerWdm - ok
00:07:23.0531 1868 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:07:23.0531 1868 BrUsbMdm - ok
00:07:23.0547 1868 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:07:23.0562 1868 BrUsbSer - ok
00:07:23.0578 1868 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:07:23.0593 1868 BTHMODEM - ok
00:07:23.0625 1868 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:07:23.0625 1868 cdfs - ok
00:07:23.0687 1868 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
00:07:23.0687 1868 cdrom - ok
00:07:23.0734 1868 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:07:23.0749 1868 circlass - ok
00:07:23.0781 1868 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:07:23.0796 1868 CLFS - ok
00:07:23.0890 1868 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:07:23.0890 1868 CmBatt - ok
00:07:23.0937 1868 cmderd (fa26df95bfbeccbd44c961834789c549) C:\Windows\system32\DRIVERS\cmderd.sys
00:07:23.0937 1868 cmderd - ok
00:07:23.0968 1868 cmdGuard (efd76d1c9a28b75ff05b23cb0e7f79cd) C:\Windows\system32\DRIVERS\cmdguard.sys
00:07:23.0968 1868 cmdGuard - ok
00:07:23.0983 1868 cmdHlp (4b5b1688ab86ebced4bef8d337e9a722) C:\Windows\system32\DRIVERS\cmdhlp.sys
00:07:23.0983 1868 cmdHlp - ok
00:07:24.0030 1868 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:07:24.0030 1868 cmdide - ok
00:07:24.0077 1868 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
00:07:24.0093 1868 CNG - ok
00:07:24.0124 1868 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:07:24.0124 1868 Compbatt - ok
00:07:24.0171 1868 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:07:24.0186 1868 CompositeBus - ok
00:07:24.0217 1868 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:07:24.0233 1868 crcdisk - ok
00:07:24.0280 1868 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:07:24.0295 1868 DfsC - ok
00:07:24.0342 1868 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:07:24.0342 1868 discache - ok
00:07:24.0373 1868 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:07:24.0389 1868 Disk - ok
00:07:24.0451 1868 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
00:07:24.0467 1868 Dot4 - ok
00:07:24.0514 1868 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
00:07:24.0514 1868 Dot4Print - ok
00:07:24.0545 1868 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
00:07:24.0561 1868 dot4usb - ok
00:07:24.0576 1868 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:07:24.0592 1868 drmkaud - ok
00:07:24.0654 1868 dump_wmimmc - ok
00:07:24.0748 1868 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:07:24.0779 1868 DXGKrnl - ok
00:07:24.0873 1868 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:07:24.0904 1868 ebdrv - ok
00:07:24.0966 1868 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:07:24.0966 1868 elxstor - ok
00:07:25.0013 1868 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:07:25.0013 1868 ErrDev - ok
00:07:25.0060 1868 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:07:25.0075 1868 exfat - ok
00:07:25.0107 1868 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:07:25.0122 1868 fastfat - ok
00:07:25.0169 1868 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:07:25.0185 1868 fdc - ok
00:07:25.0216 1868 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:07:25.0216 1868 FileInfo - ok
00:07:25.0231 1868 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:07:25.0247 1868 Filetrace - ok
00:07:25.0263 1868 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:07:25.0263 1868 flpydisk - ok
00:07:25.0309 1868 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:07:25.0341 1868 FltMgr - ok
00:07:25.0372 1868 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:07:25.0372 1868 FsDepends - ok
00:07:25.0419 1868 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
00:07:25.0419 1868 fssfltr - ok
00:07:25.0465 1868 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:07:25.0481 1868 Fs_Rec - ok
00:07:25.0528 1868 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:07:25.0543 1868 fvevol - ok
00:07:25.0575 1868 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:07:25.0590 1868 gagp30kx - ok
00:07:25.0684 1868 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:07:25.0684 1868 hcw85cir - ok
00:07:25.0746 1868 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:07:25.0746 1868 HDAudBus - ok
00:07:25.0777 1868 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:07:25.0777 1868 HidBatt - ok
00:07:25.0824 1868 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:07:25.0824 1868 HidBth - ok
00:07:25.0871 1868 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:07:25.0871 1868 HidIr - ok
00:07:25.0918 1868 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:07:25.0918 1868 HidUsb - ok
00:07:25.0996 1868 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:07:26.0011 1868 HpSAMD - ok
00:07:26.0074 1868 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:07:26.0105 1868 HTTP - ok
00:07:26.0136 1868 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:07:26.0136 1868 hwpolicy - ok
00:07:26.0183 1868 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:07:26.0183 1868 i8042prt - ok
00:07:26.0230 1868 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:07:26.0245 1868 iaStorV - ok
00:07:26.0277 1868 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:07:26.0277 1868 iirsp - ok
00:07:26.0323 1868 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
00:07:26.0323 1868 inspect - ok
00:07:26.0417 1868 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys
00:07:26.0433 1868 IntcAzAudAddService - ok
00:07:26.0448 1868 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:07:26.0448 1868 intelide - ok
00:07:26.0479 1868 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:07:26.0495 1868 intelppm - ok
00:07:26.0542 1868 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:07:26.0557 1868 IpFilterDriver - ok
00:07:26.0573 1868 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:07:26.0589 1868 IPMIDRV - ok
00:07:26.0620 1868 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:07:26.0635 1868 IPNAT - ok
00:07:26.0667 1868 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:07:26.0667 1868 IRENUM - ok
00:07:26.0698 1868 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:07:26.0698 1868 isapnp - ok
00:07:26.0729 1868 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:07:26.0745 1868 iScsiPrt - ok
00:07:26.0760 1868 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:07:26.0776 1868 kbdclass - ok
00:07:26.0807 1868 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:07:26.0807 1868 kbdhid - ok
00:07:26.0823 1868 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
00:07:26.0838 1868 KSecDD - ok
00:07:26.0869 1868 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
00:07:26.0869 1868 KSecPkg - ok
00:07:26.0885 1868 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:07:26.0901 1868 ksthunk - ok
00:07:26.0947 1868 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:07:26.0963 1868 lltdio - ok
00:07:27.0010 1868 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:07:27.0025 1868 LSI_FC - ok
00:07:27.0057 1868 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:07:27.0072 1868 LSI_SAS - ok
00:07:27.0135 1868 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:07:27.0150 1868 LSI_SAS2 - ok
00:07:27.0181 1868 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:07:27.0197 1868 LSI_SCSI - ok
00:07:27.0228 1868 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:07:27.0228 1868 luafv - ok
00:07:27.0259 1868 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:07:27.0259 1868 megasas - ok
00:07:27.0291 1868 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:07:27.0291 1868 MegaSR - ok
00:07:27.0322 1868 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:07:27.0322 1868 Modem - ok
00:07:27.0337 1868 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:07:27.0337 1868 monitor - ok
00:07:27.0384 1868 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
00:07:27.0400 1868 mouclass - ok
00:07:27.0431 1868 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:07:27.0431 1868 mouhid - ok
00:07:27.0478 1868 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:07:27.0493 1868 mountmgr - ok
00:07:27.0525 1868 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:07:27.0540 1868 mpio - ok
00:07:27.0556 1868 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:07:27.0571 1868 mpsdrv - ok
00:07:27.0603 1868 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:07:27.0618 1868 MRxDAV - ok
00:07:27.0665 1868 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:07:27.0681 1868 mrxsmb - ok
00:07:27.0727 1868 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:07:27.0743 1868 mrxsmb10 - ok
00:07:27.0774 1868 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:07:27.0790 1868 mrxsmb20 - ok
00:07:27.0821 1868 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:07:27.0821 1868 msahci - ok
00:07:27.0852 1868 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:07:27.0868 1868 msdsm - ok
00:07:27.0899 1868 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:07:27.0899 1868 Msfs - ok
00:07:27.0930 1868 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:07:27.0946 1868 mshidkmdf - ok
00:07:27.0961 1868 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:07:27.0961 1868 msisadrv - ok
00:07:28.0008 1868 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:07:28.0008 1868 MSKSSRV - ok
00:07:28.0024 1868 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:07:28.0039 1868 MSPCLOCK - ok
00:07:28.0055 1868 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:07:28.0055 1868 MSPQM - ok
00:07:28.0102 1868 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:07:28.0117 1868 MsRPC - ok
00:07:28.0149 1868 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:07:28.0149 1868 mssmbios - ok
00:07:28.0180 1868 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:07:28.0180 1868 MSTEE - ok
00:07:28.0211 1868 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:07:28.0211 1868 MTConfig - ok
00:07:28.0242 1868 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:07:28.0242 1868 Mup - ok
00:07:28.0289 1868 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:07:28.0305 1868 NativeWifiP - ok
00:07:28.0351 1868 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:07:28.0351 1868 NDIS - ok
00:07:28.0367 1868 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:07:28.0383 1868 NdisCap - ok
00:07:28.0414 1868 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:07:28.0414 1868 NdisTapi - ok
00:07:28.0445 1868 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:07:28.0445 1868 Ndisuio - ok
00:07:28.0492 1868 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:07:28.0492 1868 NdisWan - ok
00:07:28.0539 1868 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:07:28.0539 1868 NDProxy - ok
00:07:28.0585 1868 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:07:28.0601 1868 NetBIOS - ok
00:07:28.0632 1868 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:07:28.0648 1868 NetBT - ok
00:07:28.0773 1868 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:07:28.0773 1868 nfrd960 - ok
00:07:28.0788 1868 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:07:28.0804 1868 Npfs - ok
00:07:28.0835 1868 NPPTNT2 - ok
00:07:28.0851 1868 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:07:28.0866 1868 nsiproxy - ok
00:07:28.0929 1868 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:07:28.0960 1868 Ntfs - ok
00:07:28.0991 1868 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:07:28.0991 1868 Null - ok
00:07:29.0209 1868 nvlddmkm (181b6e6f49f9f3ad05589b48e29ba167) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:07:29.0256 1868 nvlddmkm - ok
00:07:29.0365 1868 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
00:07:29.0365 1868 NVNET - ok
00:07:29.0412 1868 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:07:29.0412 1868 nvraid - ok
00:07:29.0443 1868 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:07:29.0443 1868 nvstor - ok
00:07:29.0490 1868 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
00:07:29.0490 1868 nvstor64 - ok
00:07:29.0521 1868 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:07:29.0537 1868 nv_agp - ok
00:07:29.0553 1868 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:07:29.0553 1868 ohci1394 - ok
00:07:29.0599 1868 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:07:29.0599 1868 Parport - ok
00:07:29.0646 1868 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:07:29.0646 1868 partmgr - ok
00:07:29.0740 1868 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
00:07:29.0974 1868 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
00:07:30.0005 1868 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:07:30.0021 1868 pci - ok
00:07:30.0036 1868 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:07:30.0052 1868 pciide - ok
00:07:30.0083 1868 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:07:30.0099 1868 pcmcia - ok
00:07:30.0145 1868 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:07:30.0145 1868 pcw - ok
00:07:30.0177 1868 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:07:30.0208 1868 PEAUTH - ok
00:07:30.0301 1868 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:07:30.0317 1868 PptpMiniport - ok
00:07:30.0364 1868 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:07:30.0364 1868 Processor - ok
00:07:30.0442 1868 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:07:30.0442 1868 Psched - ok
00:07:30.0504 1868 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:07:30.0535 1868 ql2300 - ok
00:07:30.0567 1868 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:07:30.0582 1868 ql40xx - ok
00:07:30.0613 1868 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:07:30.0613 1868 QWAVEdrv - ok
00:07:30.0645 1868 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:07:30.0645 1868 RasAcd - ok
00:07:30.0691 1868 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:07:30.0707 1868 RasAgileVpn - ok
00:07:30.0738 1868 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:07:30.0754 1868 Rasl2tp - ok
00:07:30.0785 1868 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:07:30.0785 1868 RasPppoe - ok
00:07:30.0816 1868 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:07:30.0816 1868 RasSstp - ok
00:07:30.0847 1868 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:07:30.0863 1868 rdbss - ok
00:07:30.0879 1868 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:07:30.0894 1868 rdpbus - ok
00:07:30.0925 1868 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:07:30.0925 1868 RDPCDD - ok
00:07:30.0941 1868 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:07:30.0941 1868 RDPENCDD - ok
00:07:30.0972 1868 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:07:30.0972 1868 RDPREFMP - ok
00:07:31.0003 1868 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
00:07:31.0019 1868 RDPWD - ok
00:07:31.0050 1868 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:07:31.0066 1868 rdyboost - ok
00:07:31.0113 1868 RMCAST (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys
00:07:31.0128 1868 RMCAST - ok
00:07:31.0175 1868 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:07:31.0191 1868 rspndr - ok
00:07:31.0237 1868 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:07:31.0237 1868 sbp2port - ok
00:07:31.0284 1868 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:07:31.0300 1868 scfilter - ok
00:07:31.0331 1868 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:07:31.0347 1868 secdrv - ok
00:07:31.0378 1868 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:07:31.0378 1868 Serenum - ok
00:07:31.0425 1868 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:07:31.0440 1868 Serial - ok
00:07:31.0456 1868 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:07:31.0471 1868 sermouse - ok
00:07:31.0503 1868 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:07:31.0503 1868 sffdisk - ok
00:07:31.0534 1868 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:07:31.0534 1868 sffp_mmc - ok
00:07:31.0549 1868 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:07:31.0565 1868 sffp_sd - ok
00:07:31.0581 1868 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:07:31.0596 1868 sfloppy - ok
00:07:31.0627 1868 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:07:31.0643 1868 SiSRaid2 - ok
00:07:31.0659 1868 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:07:31.0674 1868 SiSRaid4 - ok
00:07:31.0705 1868 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:07:31.0705 1868 Smb - ok
00:07:31.0737 1868 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:07:31.0752 1868 spldr - ok
00:07:31.0830 1868 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\system32\Drivers\sptd.sys
00:07:31.0830 1868 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34f974f8b3c86de03a30dcbe79091c97
00:07:31.0830 1868 sptd ( LockedFile.Multi.Generic ) - warning
00:07:31.0830 1868 sptd - detected LockedFile.Multi.Generic (1)
00:07:31.0877 1868 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:07:31.0908 1868 srv - ok
00:07:31.0955 1868 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:07:31.0986 1868 srv2 - ok
00:07:32.0002 1868 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:07:32.0017 1868 srvnet - ok
00:07:32.0064 1868 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:07:32.0064 1868 stexstor - ok
00:07:32.0111 1868 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:07:32.0111 1868 swenum - ok
00:07:32.0220 1868 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:07:32.0236 1868 Tcpip - ok
00:07:32.0283 1868 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:07:32.0298 1868 TCPIP6 - ok
00:07:32.0329 1868 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:07:32.0329 1868 tcpipreg - ok
00:07:32.0361 1868 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:07:32.0361 1868 TDPIPE - ok
00:07:32.0376 1868 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:07:32.0376 1868 TDTCP - ok
00:07:32.0423 1868 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:07:32.0439 1868 tdx - ok
00:07:32.0470 1868 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:07:32.0470 1868 TermDD - ok
00:07:32.0532 1868 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:07:32.0532 1868 tssecsrv - ok
00:07:32.0579 1868 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:07:32.0579 1868 TsUsbFlt - ok
00:07:32.0626 1868 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:07:32.0657 1868 tunnel - ok
00:07:32.0688 1868 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:07:32.0704 1868 uagp35 - ok
00:07:32.0751 1868 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:07:32.0766 1868 udfs - ok
00:07:32.0797 1868 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:07:32.0797 1868 uliagpkx - ok
00:07:32.0860 1868 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:07:32.0875 1868 umbus - ok
00:07:32.0907 1868 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:07:32.0907 1868 UmPass - ok
00:07:32.0938 1868 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:07:32.0953 1868 usbccgp - ok
00:07:32.0985 1868 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:07:33.0000 1868 usbcir - ok
00:07:33.0031 1868 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:07:33.0031 1868 usbehci - ok
00:07:33.0063 1868 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:07:33.0078 1868 usbhub - ok
00:07:33.0094 1868 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
00:07:33.0109 1868 usbohci - ok
00:07:33.0141 1868 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:07:33.0156 1868 usbprint - ok
00:07:33.0203 1868 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:07:33.0219 1868 usbscan - ok
00:07:33.0250 1868 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:07:33.0250 1868 USBSTOR - ok
00:07:33.0265 1868 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:07:33.0281 1868 usbuhci - ok
00:07:33.0312 1868 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
00:07:33.0312 1868 usb_rndisx - ok
00:07:33.0359 1868 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:07:33.0359 1868 vdrvroot - ok
00:07:33.0390 1868 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:07:33.0390 1868 vga - ok
00:07:33.0406 1868 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:07:33.0406 1868 VgaSave - ok
00:07:33.0453 1868 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:07:33.0453 1868 vhdmp - ok
00:07:33.0484 1868 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:07:33.0484 1868 viaide - ok
00:07:33.0515 1868 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:07:33.0531 1868 volmgr - ok
00:07:33.0562 1868 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:07:33.0593 1868 volmgrx - ok
00:07:33.0609 1868 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:07:33.0624 1868 volsnap - ok
00:07:33.0655 1868 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:07:33.0671 1868 vsmraid - ok
00:07:33.0687 1868 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
00:07:33.0687 1868 vwifibus - ok
00:07:33.0733 1868 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:07:33.0733 1868 WacomPen - ok
00:07:33.0749 1868 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:07:33.0765 1868 WANARP - ok
00:07:33.0765 1868 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:07:33.0765 1868 Wanarpv6 - ok
00:07:33.0827 1868 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:07:33.0843 1868 Wd - ok
00:07:33.0858 1868 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:07:33.0874 1868 Wdf01000 - ok
00:07:33.0921 1868 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:07:33.0936 1868 WfpLwf - ok
00:07:33.0952 1868 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:07:33.0952 1868 WIMMount - ok
00:07:34.0045 1868 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:07:34.0045 1868 WmiAcpi - ok
00:07:34.0077 1868 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:07:34.0077 1868 ws2ifsl - ok
00:07:34.0139 1868 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:07:34.0139 1868 WudfPf - ok
00:07:34.0170 1868 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:07:34.0170 1868 WUDFRd - ok
00:07:34.0201 1868 MBR (0x1B8) (f1f4cf6a66f4d0b45aca3d2b5ceef5e3) \Device\Harddisk0\DR0
00:07:34.0435 1868 \Device\Harddisk0\DR0 - ok
00:07:34.0435 1868 Boot (0x1200) (b964368a5d54d650d4d8d8a76b07577b) \Device\Harddisk0\DR0\Partition0
00:07:34.0435 1868 \Device\Harddisk0\DR0\Partition0 - ok
00:07:34.0451 1868 Boot (0x1200) (da0043473036e4814a3dd5841db41d08) \Device\Harddisk0\DR0\Partition1
00:07:34.0451 1868 \Device\Harddisk0\DR0\Partition1 - ok
00:07:34.0482 1868 Boot (0x1200) (362de31743f77bee9727b4046ef4950c) \Device\Harddisk0\DR0\Partition2
00:07:34.0482 1868 \Device\Harddisk0\DR0\Partition2 - ok
00:07:34.0498 1868 Boot (0x1200) (77d8882b0e6acd9616abf9b570ba3953) \Device\Harddisk0\DR0\Partition3
00:07:34.0498 1868 \Device\Harddisk0\DR0\Partition3 - ok
00:07:34.0498 1868 ============================================================
00:07:34.0498 1868 Scan finished
00:07:34.0498 1868 ============================================================
00:07:34.0513 4140 Detected object count: 1
00:07:34.0513 4140 Actual detected object count: 1
00:07:46.0650 4140 sptd ( LockedFile.Multi.Generic ) - skipped by user
00:07:46.0650 4140 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
00:07:57.0180 4168 Deinitialize success

[FrancescoFDAC]

Ok il pc sembra essere pulito. Esegui questa ultima scansione:
Scarica ed installa Vir.IT eXplorer Lite: http://www.tgsoft.it/scripts/getfile.asp?lang=ITA
● aggiorna il programma, cliccando in alto su Tools e successivamente su Aggiornamenti OnLine: controlla che sia spuntata la voce Aggiorna con il modo servizio, e clicca su Aggiorna
● esegui una scansione completa, cliccando in alto su Scan e successivamente su Ricerca
● clicca su Scan e successivamente su Visualizza file Log: in questo modo potrai allegare il file di testo per un controllo

[Franco72]

non posso spuntare la voce aggiorna con il modo servizio

[Franco72]

comunque questo è il log, sfortunatamente mancavano pure i privilegi da amministratore (per quanto l'utente è amministratore)
VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
30/12/2011 - 14:23:19

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: Non analizzato, mancano i privilegi di amministratore
BOOT SECTOR: Non analizzato, mancano i privilegi di amministratore


[D:]
MASTER BOOT RECORD: Non analizzato, mancano i privilegi di amministratore
BOOT SECTOR: Non analizzato, mancano i privilegi di amministratore


[E:]


[G:]
MASTER BOOT RECORD: Non analizzato, mancano i privilegi di amministratore
BOOT SECTOR: Non analizzato, mancano i privilegi di amministratore


[H:]
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 268356.
Files Totali: 268356.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.