SECURITY SHIELD AIUTO

[ciccipei]

Buongiorno a tutti, come da oggetto mi si è infilato nel pc portatile questo bastardo che continua ad aprirmi finestre segnalandomi virus su mio computer che dovrebbero (a suo dire) essere rimossi acquistando il software in questione. Ovviamente so che è una truffa. Qualche anima pia mi spiegherebbe come procedere per rimuovere il bastardo in questione?Qualsiasi cosa faccia sul pc (aprire CC cleaner piuttosto che Spyhunter ecc.) viene bloccata ed appare la finestra di cui sopra con segnalazione di virus e richiesta di lanciare il prima possibile il "programma a delinquere".
Attendo con speranza e fiducia qualcuno che mi dia una mano, altrimenti non so cosa fare se non farmi spennare da qualche centro assistenza improvvisato.
Grazie ancora

[ciccipei]

Nessuno che gentilmente mi può aiutare?

[FrancescoFDAC]

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
● disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
● disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un doppio click
● segui le istruzioni che verranno rilasciate per eseguire la scansione
● in caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare
● senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
● sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato dopo l'utilizzo del programma stesso.
Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
● ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette, Hard Disk Esterni, Lettori MP3...) per prevenire future minacce: quando inserisci una Pendrive, dovrai avviarla manualmente dalle Risorse del computer.

Se non riesci in modalità normale, prova in provvisoria:
Avvia il sistema in modalità provvisoria, cliccando sui seguenti link:
● modalità provvisoria in Windows XP: http://support.microsoft.com/kb/316434/it#3
● modalità provvisoria in Windows Vista e Seven: http://windowshelp.microsoft.com/Window ... 11040.mspx

P.S. Puoi evitare di sollecitare una risposta dopo 1 ora che hai postato il tuo problema? Mica tutti sono connessi quando posti la tua richiesta di aiuto..

[ciccipei]

Intanto ti ringrazio per l'esaustiva risposta e i dettagli che avrò premura di seguire meticolosamente. Quanro alla mia seconda richiesta chiedo scusa, non volevo essere presuntuoso nè maluducato:pensavo solamente che venisse ignorata (perchè cmq letta) per il semplice fatto di appartenere (come sicuramente è) alla categoria degli argomenti triti e ritriti (garantisco di aver usato la funzione cerca nel forum) e, ovviamente, per scarsa conoscenza dell'argomento da parte di chi ha visitato il topic...tutto quì.
Grazie ancora e se dovessi avere dei dubbi posso chiederti nuove delucidazioni?Grazie.

[FrancescoFDAC]

Certo. Attendo il report di ComboFix.

[ciccipei]

Francesco, ecco il report prodotto da Combofix (che non so allegare...pardon)
ComboFix 12-04-04.01 - Matteo 04/04/2012 14.45.17.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2550.1899 [GMT 2:00]
Eseguito da: c:\documents and settings\Matteo\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\Matteo\Impostazioni locali\Dati applicazioni\ecpboypw.dat
c:\documents and settings\Matteo\Impostazioni locali\Dati applicazioni\ecpboypw_nav.dat
c:\documents and settings\Matteo\Impostazioni locali\Dati applicazioni\ecpboypw_navps.dat
c:\documents and settings\Matteo\Impostazioni locali\Dati applicazioni\vwmpby.exe
c:\documents and settings\Matteo\System
c:\documents and settings\Matteo\System\win_qs8.jqx
c:\windows\3F32A78A.exe
c:\windows\system32\14400b58.dat
c:\windows\system32\4b566489.dll
c:\windows\system32\b805ba68.dll
c:\windows\system32\ctfmon .exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\e74d7bb7.dll
c:\windows\system32\SET44.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET4B.tmp
c:\windows\system32\SET52.tmp
c:\windows\system32\SET9A.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASC3550P
.
.
((((((((((((((((((((((((( Files Creati Da 2012-03-04 al 2012-04-04 )))))))))))))))))))))))))))))))))))
.
.
2012-03-15 23:42 . 2012-03-22 19:05 -------- d-----w- c:\documents and settings\Matteo\Dati applicazioni\Neem
2012-03-15 23:42 . 2012-03-15 23:58 -------- d-----w- c:\documents and settings\Matteo\Dati applicazioni\Ebluhau
2012-03-15 21:44 . 2012-03-15 21:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

Codice: Seleziona tutto

<pre>
c:\programmi\CyberLink\PowerDVD\pdvdserv .exe
c:\programmi\CyberLink\PowerDVD\Language\language .exe
c:\programmi\File comuni\Ahead\Lib\nerocheck .exe
c:\programmi\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\programmi\Windows Media Player\wmpnscfg .exe
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
</pre>

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-15 39408]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Google Quick Search Box"="c:\programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-15 122368]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"IMBooster"="c:\programmi\Iminent\IMBooster\imbooster.exe" [2011-03-30 1324008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Matteo^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\documents and settings\Matteo\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:14 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E07IXLRD_10036640]
c:\programmi\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E07IXLRD_8148468]
c:\programmi\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-08-15 15:29 122368 ----a-w- c:\programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
c:\programmi\HP\hpcoretech\hpcmpmgr.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 10:24 49152 ----a-w- c:\programmi\Hewlett-Packard\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 08:14 206112 ----a-w- c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2008-10-24 08:14 206112 ----a-w- c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 13:33 421160 ----a-w- c:\programmi\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
c:\programmi\CyberLink\PowerDVD\Language\Language.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
c:\programmi\CyberLink\PowerDVD\PDVDServ.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 16:04 2879488 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-15 15:29 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ygggoei]
c:\documents and settings\matteo\impostazioni locali\dati applicazioni\ygggoei.exe [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Iminent\\IMBooster\\IMBooster.exe"=
"c:\\Programmi\\Iminent\\MMServer\\Iminent.MMServer.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:e mule TPC
"4672:UDP"= 4672:UDP:e mule UDP
"7818:TCP"= 7818:TCP:messenger
"7181:TCP"= 7181:TCP:messenger
"5558:TCP"= 5558:TCP:messenger
"1158:TCP"= 1158:TCP:messenger
"3863:TCP"= 3863:TCP:messenger
"6725:TCP"= 6725:TCP:messenger
"7724:TCP"= 7724:TCP:messenger
"6115:TCP"= 6115:TCP:messenger
"4116:TCP"= 4116:TCP:messenger
"7624:TCP"= 7624:TCP:messenger
"8777:TCP"= 8777:TCP:messenger
"3438:TCP"= 3438:TCP:messenger
"8161:TCP"= 8161:TCP:messenger
"6177:TCP"= 6177:TCP:messenger
"3323:TCP"= 3323:TCP:messenger
"3436:TCP"= 3436:TCP:messenger
"5176:TCP"= 5176:TCP:messenger
"8812:TCP"= 8812:TCP:messenger
"5627:TCP"= 5627:TCP:messenger
"6278:TCP"= 6278:TCP:messenger
"3261:TCP"= 3261:TCP:messenger
"6616:TCP"= 6616:TCP:messenger
"3237:TCP"= 3237:TCP:messenger
"7633:TCP"= 7633:TCP:messenger
"1675:TCP"= 1675:TCP:messenger
"6852:TCP"= 6852:TCP:messenger
"1235:TCP"= 1235:TCP:messenger
"4881:TCP"= 4881:TCP:messenger
"7333:TCP"= 7333:TCP:messenger
"7356:TCP"= 7356:TCP:messenger
"8722:TCP"= 8722:TCP:messenger
"7635:TCP"= 7635:TCP:messenger
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29/07/2009 12.35.21 721904]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [30/06/2010 17.27.56 136360]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [25/05/2009 20.36.46 33792]
S2 esunid32;EPSON WIA USD;rundll32.exe c:\windows\system32\esunid32.dll,akek --> rundll32.exe c:\windows\system32\esunid32.dll,akek [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [06/02/2010 16.14.39 135664]
S2 pkuuxjci;pkuuxjci; [x]
S3 bsusbser;PHD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\bsusbser.sys [28/06/2008 11.55.33 94848]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [06/02/2010 16.14.39 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30/08/2011 13.42.45 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\Matteo\IMPOST~1\Temp\00000bcd.nmc\nse\bin\ndiskio.sys --> c:\docume~1\Matteo\IMPOST~1\Temp\00000bcd.nmc\nse\bin\ndiskio.sys [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [14/05/2007 11.26.10 508288]
S4 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [30/08/2011 13.42.49 366152]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-06 14:14]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-06 14:14]
.
2012-04-04 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
2012-04-04 c:\windows\Tasks\User_Feed_Synchronization-{271805D7-8EBA-415D-8CC2-30C764D35978}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Scarica con Mipony - file://c:\programmi\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
TCP: Interfaces\{D908FF38-01B1-4E4A-A60C-4B877EFDBAA0}: NameServer = 192.168.2.1
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game08.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Matteo\Dati applicazioni\Mozilla\Firefox\Profiles\jjhmyd41.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|ht ... t:official\n
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Iminent WebBooster: webbooster@iminent.com - c:\programmi\Mozilla Firefox\extensions\webbooster@iminent.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Notify-esunid32 - esunid32.dll
SafeBoot-ddnxfisc
SafeBoot-pkuuxjci
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-04 14:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\vsdatant]
"ImagePath"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(304)
c:\windows\system32\WININET.dll
c:\programmi\Iminent\IMBooster\Iminent.WinCore.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\programmi\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\Windows Media Player\WMPNetwk.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Ora fine scansione: 2012-04-04 14:57:19 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-04-04 12:57
.
Pre-Run: 15.758.200.832 byte disponibili
Post-Run: 15.806.533.632 byte disponibili
.
- - End Of File - - 3A456ABD6C73303CBF248C43AA4489D4

[ciccipei]

E' sparita l'icona dalla toolbar e non compaiono quelle fastidiose pop up. Vorrei sapere solo se posso considerarmi di nuovo "libero", oppure c'è qualche altra cosa da fare visto che mi avevi chiesto in allegato il report prodotto dal programma lanciato. Ti ringrazio.

[FrancescoFDAC]

Script personalizzato di ComboFix

Avviso: non eseguire ComboFix di tua iniziativa; questo tool non è un giocattolo e non è adatto ad un uso quotidiano.

Apri il Block Note: Start> Tutti i programmi> Accessori> Blocco note
● all'interno del nuovo documento di testo, copia ed incolla le seguenti righe:

File::
c:\windows\system32\esunid32.dll
c:\documents and settings\matteo\impostazioni locali\dati applicazioni\ygggoei.exe

Folder::
c:\documents and settings\Matteo\Dati applicazioni\Neem
c:\documents and settings\Matteo\Dati applicazioni\Ebluhau

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ygggoei]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7818:TCP"=-
"7181:TCP"=-
"5558:TCP"=-
"1158:TCP"=-
"3863:TCP"=-
"6725:TCP"=-
"7724:TCP"=-
"6115:TCP"=-
"4116:TCP"=-
"7624:TCP"=-
"8777:TCP"=-
"3438:TCP"=-
"8161:TCP"=-
"6177:TCP"=-
"3323:TCP"=-
"3436:TCP"=-
"5176:TCP"=-
"8812:TCP"=-
"5627:TCP"=-
"6278:TCP"=-
"3261:TCP"=-
"6616:TCP"=-
"3237:TCP"=-
"7633:TCP"=-
"1675:TCP"=-
"6852:TCP"=-
"1235:TCP"=-
"4881:TCP"=-
"7333:TCP"=-
"7356:TCP"=-
"8722:TCP"=-
"7635:TCP"=-

Driver::
pkuuxjci
esunid32

RenV::
c:\programmi\CyberLink\PowerDVD\pdvdserv .exe
c:\programmi\CyberLink\PowerDVD\Language\language .exe
c:\programmi\File comuni\Ahead\Lib\nerocheck .exe
c:\programmi\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\programmi\Windows Media Player\wmpnscfg .exe
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe

● chiama questo file CFScript.txt, e posizionalo sul Desktop

Molto importante! Disabilita temporaneamente il tuo antivirus e firewall prima di seguire la procedura indicata. Potrebbero infatti interferire con ComboFix o rimuovere alcuni dei suoi file incorporati che possono portare a risultati imprevedibili.
Facendo riferimento all'immagine presente qui sotto, trascina con il puntatore del mouse CFScript.txt sull'icona di ComboFix
ComboFix ora eseguirà una scansione del tuo sistema. Una volta terminata, potrebbe riavviare automaticamente il sistema: in caso contrario, procedi tu manualmente.
A questo punto, il programma produrrà un Report. Copia ed incolla il log nel tuo prossimo post.



Nota - riguardo alla procedura:
● non toccare assolutamente il mouse e la tastiera durante la scansione: potrebbe interrompersi

Disinstalla IMBooster

Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● clicca due volte sul file TDSSKiller.exe per avviare l'applicazione
● successivamente premi il pulsante Start scan

Nota - riguardo al programma:
● non cliccare sul pulsante Stop scan per nessun motivo, la scansione si interromperebbe

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure: clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip: clicca quindi su Continua
● se non viene rilevato nulla, chiudi semplicemente il programma al termine della scansione

Una volta terminata la scansione, si presenterà una di queste due opzioni:
● non è necessario il riavvio del sistema: allega il Report situato nel Disco Locale C:\, di nome TDSSKiller.[Version]_[Date]_[Time]_log.txt
● è necessario riavviare il sistema: clicca su Riavvia ora, infine allega il risultato della scansione (si trova nello stesso percorso menzionato poco fa')

[ciccipei]

Ciao Francesco, ecco il log di Combofix:

ComboFix 12-04-04.01 - Matteo 05/04/2012 21.20.03.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2550.1926 [GMT 2:00]
Eseguito da: c:\documents and settings\Matteo\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Matteo\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
FILE ::
"c:\documents and settings\matteo\impostazioni locali\dati applicazioni\ygggoei.exe"
"c:\windows\system32\esunid32.dll"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Matteo\Dati applicazioni\Ebluhau
c:\documents and settings\Matteo\Dati applicazioni\Ebluhau\raobeqa.rao
c:\documents and settings\Matteo\Dati applicazioni\Ebluhau\raobeqa.tmp
c:\documents and settings\Matteo\Dati applicazioni\Neem
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ESUNID32
-------\Legacy_PKUUXJCI
-------\Service_esunid32
-------\Service_pkuuxjci
.
.
((((((((((((((((((((((((( Files Creati Da 2012-03-05 al 2012-04-05 )))))))))))))))))))))))))))))))))))
.
.
2012-03-15 21:44 . 2012-03-15 21:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((( SnapShot@2012-04-04_12.52.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-29 06:11 . 2007-08-07 19:18 135168 c:\windows\system32\igfxtray.exe
+ 2007-08-29 06:11 . 2007-08-07 19:17 131072 c:\windows\system32\igfxpers.exe
+ 2007-08-29 06:11 . 2007-08-07 19:18 159744 c:\windows\system32\hkcmd.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-21 68856]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Google Quick Search Box"="c:\programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-15 122368]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"IMBooster"="c:\programmi\Iminent\IMBooster\imbooster.exe" [2011-03-30 1324008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Matteo^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\documents and settings\Matteo\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:14 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-08-15 15:29 122368 ----a-w- c:\programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 10:24 49152 ----a-w- c:\programmi\Hewlett-Packard\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 08:14 206112 ----a-w- c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2008-10-24 08:14 206112 ----a-w- c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 13:33 421160 ----a-w- c:\programmi\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17 52256 -c--a-w- c:\programmi\CyberLink\PowerDVD\Language\language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 -c--a-w- c:\programmi\File comuni\Ahead\Lib\nerocheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 20:26 68640 -c--a-w- c:\programmi\CyberLink\PowerDVD\pdvdserv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 16:04 2879488 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-21 17:15 68856 -c--a-w- c:\programmi\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Iminent\\IMBooster\\IMBooster.exe"=
"c:\\Programmi\\Iminent\\MMServer\\Iminent.MMServer.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:e mule TPC
"4672:UDP"= 4672:UDP:e mule UDP
.
R2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 bsusbser;PHD USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\bsusbser.sys [2006-12-20 94848]
R3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NDISKIO;NDISKIO;c:\docume~1\Matteo\IMPOST~1\Temp\00000bcd.nmc\nse\bin\ndiskio.sys [x]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2007-05-14 508288]
R4 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-29 721904]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-06 14:14]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-06 14:14]
.
2012-04-05 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
2012-04-05 c:\windows\Tasks\User_Feed_Synchronization-{271805D7-8EBA-415D-8CC2-30C764D35978}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Scarica con Mipony - file://c:\programmi\MiPony\Browser\IEContext.htm
TCP: Interfaces\{D908FF38-01B1-4E4A-A60C-4B877EFDBAA0}: NameServer = 192.168.2.1
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game08.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Matteo\Dati applicazioni\Mozilla\Firefox\Profiles\jjhmyd41.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|ht ... t:official\n
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Iminent WebBooster: webbooster@iminent.com - c:\programmi\Mozilla Firefox\extensions\webbooster@iminent.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
SafeBoot-Wdf01000.sys
MSConfigStartUp-E07IXLRD_10036640 - c:\programmi\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE
MSConfigStartUp-E07IXLRD_8148468 - c:\programmi\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE
MSConfigStartUp-HP Component Manager - c:\programmi\HP\hpcoretech\hpcmpmgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-05 21:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\vsdatant]
"ImagePath"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(3708)
c:\windows\system32\WININET.dll
c:\programmi\Iminent\IMBooster\Iminent.WinCore.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\programmi\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\Windows Media Player\WMPNetwk.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Ora fine scansione: 2012-04-05 21:31:23 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-04-05 19:31
ComboFix2.txt 2012-04-04 12:57
.
Pre-Run: 15.712.227.328 byte disponibili
Post-Run: 15.699.877.888 byte disponibili
.
- - End Of File - - CABD104D4388FE26F4DF514E11F95227




Ti ringrazio

[ciccipei]

e questo è del TDSS (CHE DIVIDO IN DUE PARTI PERCHè ALTRIMENTI NON ME LO INVIA):

22:24:47.0500 3656 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
22:24:47.0515 3656 ============================================================
22:24:47.0515 3656 Current date / time: 2012/04/05 22:24:47.0515
22:24:47.0515 3656 SystemInfo:
22:24:47.0515 3656
22:24:47.0515 3656 OS Version: 5.1.2600 ServicePack: 3.0
22:24:47.0515 3656 Product type: Workstation
22:24:47.0515 3656 ComputerName: WINDOWS-FEED50C
22:24:47.0515 3656 UserName: Matteo
22:24:47.0515 3656 Windows directory: C:\WINDOWS
22:24:47.0515 3656 System windows directory: C:\WINDOWS
22:24:47.0515 3656 Processor architecture: Intel x86
22:24:47.0515 3656 Number of processors: 2
22:24:47.0515 3656 Page size: 0x1000
22:24:47.0515 3656 Boot type: Normal boot
22:24:47.0515 3656 ============================================================
22:24:48.0250 3656 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:24:48.0250 3656 \Device\Harddisk0\DR0:
22:24:48.0250 3656 MBR used
22:24:48.0250 3656 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
22:24:48.0281 3656 Initialize success
22:24:48.0281 3656 ============================================================
22:25:00.0250 1604 ============================================================
22:25:00.0250 1604 Scan started
22:25:00.0250 1604 Mode: Manual;
22:25:00.0250 1604 ============================================================
22:25:00.0765 1604 Abiosdsk - ok
22:25:00.0796 1604 abp480n5 - ok
22:25:00.0843 1604 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:25:00.0859 1604 ACPI - ok
22:25:00.0921 1604 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:25:00.0921 1604 ACPIEC - ok
22:25:00.0937 1604 adpu160m - ok
22:25:01.0015 1604 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:25:01.0031 1604 aec - ok
22:25:01.0062 1604 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
22:25:01.0062 1604 Afc - ok
22:25:01.0140 1604 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
22:25:01.0156 1604 AFD - ok
22:25:01.0171 1604 Aha154x - ok
22:25:01.0187 1604 aic78u2 - ok
22:25:01.0203 1604 aic78xx - ok
22:25:01.0250 1604 Alerter (14a077ad0cf6116d1102631d8e1edee8) C:\WINDOWS\system32\alrsvc.dll
22:25:01.0265 1604 Alerter - ok
22:25:01.0296 1604 ALG (79fe2e0d7859738225816658f0bb2a0d) C:\WINDOWS\System32\alg.exe
22:25:01.0296 1604 ALG - ok
22:25:01.0312 1604 AliIde - ok
22:25:01.0328 1604 amsint - ok
22:25:01.0468 1604 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Programmi\Avira\AntiVir Desktop\sched.exe
22:25:01.0468 1604 AntiVirSchedulerService - ok
22:25:01.0531 1604 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Programmi\Avira\AntiVir Desktop\avguard.exe
22:25:01.0531 1604 AntiVirService - ok
22:25:01.0625 1604 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:25:01.0625 1604 Apple Mobile Device - ok
22:25:01.0671 1604 AppMgmt (9062ed05b7519324fd7f0d6afb9d1147) C:\WINDOWS\System32\appmgmts.dll
22:25:01.0687 1604 AppMgmt - ok
22:25:01.0703 1604 asc - ok
22:25:01.0718 1604 asc3350p - ok
22:25:01.0734 1604 asc3550 - ok
22:25:01.0828 1604 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:25:01.0843 1604 aspnet_state - ok
22:25:01.0906 1604 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:25:01.0906 1604 AsyncMac - ok
22:25:01.0937 1604 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:25:01.0937 1604 atapi - ok
22:25:01.0953 1604 Atdisk - ok
22:25:01.0984 1604 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:25:02.0000 1604 Atmarpc - ok
22:25:02.0046 1604 AudioSrv (1b58d118049304e88464be614c6d0014) C:\WINDOWS\System32\audiosrv.dll
22:25:02.0062 1604 AudioSrv - ok
22:25:02.0109 1604 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:25:02.0125 1604 audstub - ok
22:25:02.0218 1604 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programmi\Avira\AntiVir Desktop\avgio.sys
22:25:02.0234 1604 avgio - ok
22:25:02.0250 1604 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:25:02.0250 1604 avgntflt - ok
22:25:02.0281 1604 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:25:02.0296 1604 avipbb - ok
22:25:02.0343 1604 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:25:02.0343 1604 Beep - ok
22:25:02.0406 1604 BITS (48c4763a9c8990fb48b73445beb15d6a) C:\WINDOWS\system32\qmgr.dll
22:25:02.0421 1604 BITS - ok
22:25:02.0515 1604 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Programmi\Bonjour\mDNSResponder.exe
22:25:02.0531 1604 Bonjour Service - ok
22:25:02.0562 1604 Browser (4314623fd836e96a51343ce5c74b48a8) C:\WINDOWS\System32\browser.dll
22:25:02.0593 1604 Browser - ok
22:25:02.0640 1604 bsusbser (3ed6ead26ca9fda0aeaca8f6e822b634) C:\WINDOWS\system32\DRIVERS\bsusbser.sys
22:25:02.0656 1604 bsusbser - ok
22:25:02.0671 1604 catchme - ok
22:25:02.0718 1604 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:25:02.0718 1604 cbidf2k - ok
22:25:02.0765 1604 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:25:02.0781 1604 CCDECODE - ok
22:25:02.0796 1604 cd20xrnt - ok
22:25:02.0812 1604 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:25:02.0828 1604 Cdaudio - ok
22:25:02.0859 1604 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:25:02.0859 1604 Cdfs - ok
22:25:02.0890 1604 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:25:02.0890 1604 Cdrom - ok
22:25:02.0906 1604 Changer - ok
22:25:02.0968 1604 CiSvc (d04f2beb5ea63d0766e12e44aef7c38d) C:\WINDOWS\system32\cisvc.exe
22:25:02.0968 1604 CiSvc - ok
22:25:03.0015 1604 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\WINDOWS\system32\DRIVERS\cledx.sys
22:25:03.0031 1604 CLEDX - ok
22:25:03.0046 1604 ClipSrv (48cb1defa1a6506c3cf09e4950f82ef6) C:\WINDOWS\system32\clipsrv.exe
22:25:03.0062 1604 ClipSrv - ok
22:25:03.0156 1604 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:25:03.0171 1604 clr_optimization_v2.0.50727_32 - ok
22:25:03.0203 1604 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:25:03.0203 1604 CmBatt - ok
22:25:03.0218 1604 CmdIde - ok
22:25:03.0250 1604 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:25:03.0250 1604 Compbatt - ok
22:25:03.0265 1604 COMSysApp - ok
22:25:03.0296 1604 Cpqarray - ok
22:25:03.0343 1604 CryptSvc (b6fcbb157e9c8abdca4134c535535a8b) C:\WINDOWS\System32\cryptsvc.dll
22:25:03.0359 1604 CryptSvc - ok
22:25:03.0375 1604 dac2w2k - ok
22:25:03.0390 1604 dac960nt - ok
22:25:03.0453 1604 DcomLaunch (bc4e0226341aaec1222336b3aed86bab) C:\WINDOWS\system32\rpcss.dll
22:25:03.0468 1604 DcomLaunch - ok
22:25:03.0515 1604 Dhcp (699ee7f752a25180aeb92c3a0eaee440) C:\WINDOWS\System32\dhcpcsvc.dll
22:25:03.0515 1604 Dhcp - ok
22:25:03.0531 1604 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:25:03.0531 1604 Disk - ok
22:25:03.0546 1604 dmadmin - ok
22:25:03.0640 1604 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
22:25:03.0671 1604 dmboot - ok
22:25:03.0734 1604 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
22:25:03.0734 1604 dmio - ok
22:25:03.0765 1604 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:25:03.0765 1604 dmload - ok
22:25:03.0796 1604 dmserver (a01858c50704b2d2edeebbf6bbbced2a) C:\WINDOWS\System32\dmserver.dll
22:25:03.0812 1604 dmserver - ok
22:25:03.0828 1604 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:25:03.0843 1604 DMusic - ok
22:25:03.0890 1604 Dnscache (b7a1162b1a26df7b60d5d9500006096c) C:\WINDOWS\System32\dnsrslvr.dll
22:25:03.0906 1604 Dnscache - ok
22:25:03.0953 1604 Dot3svc (d580d77dff316bd8c9d73b38695de8dc) C:\WINDOWS\System32\dot3svc.dll
22:25:03.0968 1604 Dot3svc - ok
22:25:03.0984 1604 dpti2o - ok
22:25:04.0015 1604 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:25:04.0031 1604 drmkaud - ok
22:25:04.0062 1604 EapHost (86b1f123bacd444e81960b339bae3ff2) C:\WINDOWS\System32\eapsvc.dll
22:25:04.0078 1604 EapHost - ok
22:25:04.0125 1604 ERSvc (b6599eda9f3ebef064504ee35bbeca1c) C:\WINDOWS\System32\ersvc.dll
22:25:04.0140 1604 ERSvc - ok
22:25:04.0187 1604 Eventlog (26845f272435302e0f3322e660a24f7d) C:\WINDOWS\system32\services.exe
22:25:04.0187 1604 Eventlog - ok
22:25:04.0250 1604 EventSystem (8360cb9756e598a5c6214eacfb3677c3) C:\WINDOWS\system32\es.dll
22:25:04.0265 1604 EventSystem - ok
22:25:04.0296 1604 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:25:04.0312 1604 Fastfat - ok
22:25:04.0375 1604 FastUserSwitchingCompatibility (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
22:25:04.0390 1604 FastUserSwitchingCompatibility - ok
22:25:04.0437 1604 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:25:04.0453 1604 Fdc - ok
22:25:04.0468 1604 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
22:25:04.0484 1604 Fips - ok
22:25:04.0531 1604 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:25:04.0531 1604 Flpydisk - ok
22:25:04.0578 1604 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:25:04.0593 1604 FltMgr - ok
22:25:04.0718 1604 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:25:04.0718 1604 FontCache3.0.0.0 - ok
22:25:04.0781 1604 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
22:25:04.0781 1604 fssfltr - ok
22:25:04.0890 1604 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Programmi\Windows Live\Family Safety\fsssvc.exe
22:25:04.0937 1604 fsssvc - ok
22:25:04.0968 1604 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:25:04.0984 1604 Fs_Rec - ok
22:25:05.0015 1604 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:25:05.0031 1604 Ftdisk - ok
22:25:05.0078 1604 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:25:05.0093 1604 GEARAspiWDM - ok
22:25:05.0156 1604 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:25:05.0156 1604 Gpc - ok
22:25:05.0328 1604 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Programmi\Google\Update\GoogleUpdate.exe
22:25:05.0328 1604 gupdate - ok
22:25:05.0343 1604 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Programmi\Google\Update\GoogleUpdate.exe
22:25:05.0343 1604 gupdatem - ok
22:25:05.0390 1604 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
22:25:05.0421 1604 gusvc - ok
22:25:05.0484 1604 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:25:05.0484 1604 HDAudBus - ok
22:25:05.0562 1604 helpsvc (6ce66b51b4eb23d9d073f92698c55c8d) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:25:05.0578 1604 helpsvc - ok
22:25:05.0640 1604 HidServ (43d985a9a51e0295091b6ebe84c96b78) C:\WINDOWS\System32\hidserv.dll
22:25:05.0656 1604 HidServ - ok
22:25:05.0718 1604 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:25:05.0734 1604 HidUsb - ok
22:25:05.0781 1604 hkmsvc (00cad842f48947887a972828aca665f7) C:\WINDOWS\System32\kmsvc.dll
22:25:05.0796 1604 hkmsvc - ok
22:25:05.0812 1604 hpn - ok
22:25:05.0875 1604 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:25:05.0875 1604 HTTP - ok
22:25:05.0937 1604 HTTPFilter (450091aebfcd08e5858533eab5b9a436) C:\WINDOWS\System32\w3ssl.dll
22:25:05.0937 1604 HTTPFilter - ok
22:25:05.0953 1604 hwdatacard - ok
22:25:05.0984 1604 i2omgmt - ok
22:25:06.0000 1604 i2omp - ok
22:25:06.0062 1604 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:25:06.0078 1604 i8042prt - ok
22:25:06.0171 1604 IAANTMON (582f2d900a3ac34c98fbdc2c0abef6b9) C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
22:25:06.0187 1604 IAANTMON - ok
22:25:06.0421 1604 ialm (8b998e6c0aebbaecd6da33df947695d3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:25:06.0687 1604 ialm - ok
22:25:06.0781 1604 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys
22:25:06.0781 1604 iaStor - ok
22:25:06.0875 1604 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:25:06.0890 1604 IDriverT - ok
22:25:07.0046 1604 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:25:07.0156 1604 idsvc - ok
22:25:07.0203 1604 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:25:07.0218 1604 Imapi - ok
22:25:07.0265 1604 ImapiService (db491237445f172fdddf00541de1a51d) C:\WINDOWS\system32\imapi.exe
22:25:07.0265 1604 ImapiService - ok
22:25:07.0296 1604 ini910u - ok
22:25:07.0515 1604 IntcAzAudAddService (a5d5b8c427f4b67580fb2b511291a89d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:25:07.0609 1604 IntcAzAudAddService - ok
22:25:07.0640 1604 IntelIde - ok
22:25:07.0687 1604 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:25:07.0687 1604 intelppm - ok
22:25:07.0734 1604 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:25:07.0750 1604 Ip6Fw - ok
22:25:07.0796 1604 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:25:07.0796 1604 IpFilterDriver - ok
22:25:07.0843 1604 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:25:07.0843 1604 IpInIp - ok
22:25:07.0890 1604 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:25:07.0890 1604 IpNat - ok
22:25:08.0000 1604 iPod Service (9033d67b7112d23eded6789bacded128) C:\Programmi\iPod\bin\iPodService.exe
22:25:08.0015 1604 iPod Service - ok
22:25:08.0046 1604 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:25:08.0046 1604 IPSec - ok
22:25:08.0062 1604 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:25:08.0062 1604 IRENUM - ok
22:25:08.0125 1604 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:25:08.0125 1604 isapnp - ok
22:25:08.0171 1604 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:25:08.0187 1604 Kbdclass - ok
22:25:08.0218 1604 kbdhid (4c61c226bdda2ef1672b2c5f4e56625e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:25:08.0218 1604 kbdhid - ok
22:25:08.0250 1604 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:25:08.0281 1604 kmixer - ok
22:25:08.0328 1604 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:25:08.0328 1604 KSecDD - ok
22:25:08.0390 1604 lanmanserver (0f726d49c0b19e5a506a1cdfce0ee42f) C:\WINDOWS\System32\srvsvc.dll
22:25:08.0406 1604 lanmanserver - ok
22:25:08.0468 1604 lanmanworkstation (e13b0181dda60b93e3253eff52a79cbe) C:\WINDOWS\System32\wkssvc.dll
22:25:08.0484 1604 lanmanworkstation - ok
22:25:08.0500 1604 lbrtfdc - ok
22:25:08.0562 1604 LmHosts (e01255727d0b158538d7c2b469b533a8) C:\WINDOWS\System32\lmhsvc.dll
22:25:08.0578 1604 LmHosts - ok
22:25:08.0609 1604 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
22:25:08.0609 1604 MBAMProtector - ok
22:25:08.0734 1604 MBAMService (94e920be59b9ab65d95e582dbaa136ac) C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
22:25:08.0765 1604 MBAMService - ok
22:25:08.0765 1604 MBAMSwissArmy - ok
22:25:08.0875 1604 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
22:25:08.0875 1604 MDM - ok
22:25:08.0937 1604 Messenger (3b32f662c8607e891f325e41f7ee225c) C:\WINDOWS\System32\msgsvc.dll
22:25:08.0953 1604 Messenger - ok
22:25:09.0015 1604 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe
22:25:09.0031 1604 Microsoft Office Groove Audit Service - ok
22:25:09.0078 1604 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:25:09.0093 1604 mnmdd - ok
22:25:09.0140 1604 mnmsrvc (514a299ec926baada3c718b171476aa4) C:\WINDOWS\system32\mnmsrvc.exe
22:25:09.0156 1604 mnmsrvc - ok
22:25:09.0203 1604 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
22:25:09.0218 1604 Modem - ok
22:25:09.0250 1604 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:25:09.0250 1604 Mouclass - ok
22:25:09.0312 1604 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:25:09.0312 1604 mouhid - ok
22:25:09.0359 1604 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:25:09.0359 1604 MountMgr - ok
22:25:09.0375 1604 mraid35x - ok
22:25:09.0406 1604 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:25:09.0421 1604 MRxDAV - ok
22:25:09.0468 1604 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:25:09.0468 1604 MRxSmb - ok
22:25:09.0515 1604 MSDTC (01f77e9e473235c31796ade46107b0ad) C:\WINDOWS\system32\msdtc.exe
22:25:09.0531 1604 MSDTC - ok
22:25:09.0562 1604 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:25:09.0562 1604 Msfs - ok
22:25:09.0578 1604 MSIServer - ok
22:25:09.0640 1604 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:25:09.0640 1604 MSKSSRV - ok
22:25:09.0734 1604 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:25:09.0734 1604 MSPCLOCK - ok
22:25:09.0750 1604 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:25:09.0765 1604 MSPQM - ok
22:25:09.0796 1604 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:25:09.0796 1604 mssmbios - ok
22:25:09.0921 1604 MSSQL$SONY_MEDIAMGR - ok
22:25:09.0984 1604 MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
22:25:10.0000 1604 MSSQLServerADHelper - ok
22:25:10.0046 1604 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:25:10.0062 1604 MSTEE - ok
22:25:10.0109 1604 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:25:10.0109 1604 Mup - ok
22:25:10.0140 1604 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:25:10.0156 1604 NABTSFEC - ok
22:25:10.0203 1604 napagent (911587fd303c9690a428bb4b04732b61) C:\WINDOWS\System32\qagentrt.dll
22:25:10.0234 1604 napagent - ok
22:25:10.0375 1604 NBService (89844c3d3a7aae8999e229c88e452633) C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
22:25:10.0421 1604 NBService - ok
22:25:10.0468 1604 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:25:10.0484 1604 NDIS - ok
22:25:10.0531 1604 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:25:10.0531 1604 NdisIP - ok
22:25:10.0625 1604 NDISKIO - ok
22:25:10.0671 1604 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:25:10.0687 1604 NdisTapi - ok
22:25:10.0734 1604 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:25:10.0750 1604 Ndisuio - ok
22:25:10.0812 1604 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:25:10.0828 1604 NdisWan - ok
22:25:10.0875 1604 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:25:10.0875 1604 NDProxy - ok
22:25:10.0906 1604 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:25:10.0906 1604 NetBIOS - ok
22:25:10.0937 1604 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:25:10.0953 1604 NetBT - ok
22:25:10.0984 1604 NetDDE (1b09227e41f414a93dbc0baf80c4d527) C:\WINDOWS\system32\netdde.exe
22:25:11.0000 1604 NetDDE - ok
22:25:11.0015 1604 NetDDEdsdm (1b09227e41f414a93dbc0baf80c4d527) C:\WINDOWS\system32\netdde.exe
22:25:11.0015 1604 NetDDEdsdm - ok
22:25:11.0062 1604 Netlogon (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
22:25:11.0078 1604 Netlogon - ok
22:25:11.0093 1604 Netman (02815b70fc4ca8611a926176f1c39fc2) C:\WINDOWS\System32\netman.dll
22:25:11.0109 1604 Netman - ok
22:25:11.0218 1604 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:25:11.0250 1604 NetTcpPortSharing - ok
22:25:11.0390 1604 NETw4x32 (18b2d3e11ed7a3c898ade6a6692b6929) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
22:25:11.0468 1604 NETw4x32 - ok
22:25:11.0531 1604 Nla (c6b69a18d39744725fb73ac85e46032b) C:\WINDOWS\System32\mswsock.dll
22:25:11.0546 1604 Nla - ok
22:25:11.0656 1604 NMIndexingService (8dd0cdb0c700992d10169d8769ef5f43) C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
22:25:11.0656 1604 NMIndexingService - ok
22:25:11.0703 1604 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:25:11.0718 1604 Npfs - ok
22:25:11.0781 1604 Nsynas32 (4b4a21e158c039ee0888741bfe1d24e0) C:\WINDOWS\system32\drivers\Nsynas32.sys
22:25:11.0781 1604 Nsynas32 - ok
22:25:11.0859 1604 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:25:11.0875 1604 Ntfs - ok
22:25:11.0937 1604 NtLmSsp (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
22:25:11.0953 1604 NtLmSsp - ok
22:25:12.0000 1604 NtmsSvc (89db90b5f35d2795d9fc56d933cc72b8) C:\WINDOWS\system32\ntmssvc.dll
22:25:12.0031 1604 NtmsSvc - ok
22:25:12.0078 1604 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:25:12.0078 1604 Null - ok
22:25:12.0109 1604 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:25:12.0109 1604 NwlnkFlt - ok
22:25:12.0140 1604 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:25:12.0156 1604 NwlnkFwd - ok
22:25:12.0265 1604 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE
22:25:12.0312 1604 odserv - ok
22:25:12.0343 1604 ose (5a432a042dae460abe7199b758e8606c) C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
22:25:12.0375 1604 ose - ok
22:25:12.0437 1604 PAC207 (54183d1ec4a8658bbacb31acd0c8f6df) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
22:25:12.0468 1604 PAC207 - ok
22:25:12.0531 1604 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\drivers\Parport.sys
22:25:12.0546 1604 Parport - ok
22:25:12.0593 1604 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:25:12.0593 1604 PartMgr - ok
22:25:12.0625 1604 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
22:25:12.0625 1604 ParVdm - ok
22:25:12.0671 1604 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
22:25:12.0687 1604 pccsmcfd - ok
22:25:12.0750 1604 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
22:25:12.0750 1604 PCI - ok
22:25:12.0765 1604 PCIDump - ok
22:25:12.0812 1604 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:25:12.0828 1604 PCIIde - ok
22:25:12.0843 1604 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:25:12.0859 1604 Pcmcia - ok
22:25:12.0875 1604 PDCOMP - ok
22:25:12.0890 1604 PDFRAME - ok
22:25:12.0921 1604 PDRELI - ok
22:25:12.0937 1604 PDRFRAME - ok
22:25:12.0953 1604 perc2 - ok
22:25:12.0968 1604 perc2hib - ok
22:25:13.0031 1604 PlugPlay (26845f272435302e0f3322e660a24f7d) C:\WINDOWS\system32\services.exe
22:25:13.0031 1604 PlugPlay - ok
22:25:13.0093 1604 PolicyAgent (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
22:25:13.0093 1604 PolicyAgent - ok
22:25:13.0140 1604 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:25:13.0156 1604 PptpMiniport - ok
22:25:13.0171 1604 ProtectedStorage (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
22:25:13.0171 1604 ProtectedStorage - ok
22:25:13.0203 1604 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:25:13.0218 1604 PSched - ok
22:25:13.0250 1604 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:25:13.0265 1604 Ptilink - ok
22:25:13.0296 1604 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:25:13.0296 1604 PxHelp20 - ok
22:25:13.0312 1604 ql1080 - ok
22:25:13.0328 1604 Ql10wnt - ok
22:25:13.0343 1604 ql12160 - ok
22:25:13.0375 1604 ql1240 - ok
22:25:13.0390 1604 ql1280 - ok
22:25:13.0421 1604 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:25:13.0437 1604 RasAcd - ok
22:25:13.0468 1604 RasAuto (9839b418343d6e6e52659bdf3ff1fe67) C:\WINDOWS\System32\rasauto.dll
22:25:13.0484 1604 RasAuto - ok
22:25:13.0515 1604 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:25:13.0531 1604 Rasl2tp - ok
22:25:13.0562 1604 RasMan (62ad41548e720db4763b86f95e44f3fa) C:\WINDOWS\System32\rasmans.dll
22:25:13.0578 1604 RasMan - ok
22:25:13.0593 1604 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:25:13.0593 1604 RasPppoe - ok
22:25:13.0625 1604 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:25:13.0625 1604 Raspti - ok
22:25:13.0703 1604 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:25:13.0703 1604 Rdbss - ok
22:25:13.0734 1604 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:25:13.0734 1604 RDPCDD - ok
22:25:13.0796 1604 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:25:13.0828 1604 rdpdr - ok
22:25:13.0875 1604 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:25:13.0890 1604 RDPWD - ok
22:25:13.0921 1604 RDSessMgr (cc72e6ae90245f0ae48bf1236a7e1f9c) C:\WINDOWS\system32\sessmgr.exe
22:25:13.0937 1604 RDSessMgr - ok
22:25:13.0953 1604 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:25:13.0968 1604 redbook - ok
22:25:14.0015 1604 RemoteAccess (7ebbf16fbd3e0e34f084fa635c1844e3) C:\WINDOWS\System32\mprdim.dll
22:25:14.0031 1604 RemoteAccess - ok
22:25:14.0062 1604 RemoteRegistry (f667a41bced959988e53feecc8bf5da0) C:\WINDOWS\system32\regsvc.dll
22:25:14.0078 1604 RemoteRegistry - ok
22:25:14.0187 1604 RichVideo (2af094b1ce4725e4551f38fda2348637) C:\Programmi\CyberLink\Shared Files\RichVideo.exe
22:25:14.0187 1604 RichVideo - ok
22:25:14.0203 1604 RimUsb - ok
22:25:14.0250 1604 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
22:25:14.0265 1604 RimVSerPort - ok
22:25:14.0312 1604 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
22:25:14.0312 1604 ROOTMODEM - ok
22:25:14.0375 1604 RpcLocator (dc97f6c8a94691834439872b9e8ff2b3) C:\WINDOWS\system32\locator.exe
22:25:14.0390 1604 RpcLocator - ok
22:25:14.0437 1604 RpcSs (bc4e0226341aaec1222336b3aed86bab) C:\WINDOWS\System32\rpcss.dll
22:25:14.0437 1604 RpcSs - ok
22:25:14.0468 1604 RSVP (dce0d20f8fb66df41d53734bff9d66f0) C:\WINDOWS\system32\rsvp.exe
22:25:14.0500 1604 RSVP - ok
22:25:14.0546 1604 RTLE8023xp (27341186a5b0ae078cb944a3b002624d) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:25:14.0562 1604 RTLE8023xp - ok
22:25:14.0609 1604 SamSs (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
22:25:14.0609 1604 SamSs - ok
22:25:14.0671 1604 SCardSvr (1d456f1cd76a80793c07ba52cf3a7455) C:\WINDOWS\System32\SCardSvr.exe
22:25:14.0703 1604 SCardSvr - ok
22:25:14.0750 1604 Schedule (511886e5bd060046cce8373e92e62edf) C:\WINDOWS\system32\schedsvc.dll
22:25:14.0765 1604 Schedule - ok
22:25:14.0906 1604 SeaPort (271077b91d7ad1b616f8afdfe8e3f981) C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:25:14.0906 1604 SeaPort - ok
22:25:14.0968 1604 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:25:14.0968 1604 Secdrv - ok
22:25:15.0015 1604 seclogon (17c6354ca08e7c7972e12c67478ae134) C:\WINDOWS\System32\seclogon.dll
22:25:15.0031 1604 seclogon - ok
22:25:15.0078 1604 SENS (a0eca1ce0fccb29c5e4e1f416e95e73e) C:\WINDOWS\system32\sens.dll
22:25:15.0093 1604 SENS - ok
22:25:15.0125 1604 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\drivers\Serial.sys
22:25:15.0125 1604 Serial - ok
22:25:15.0250 1604 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Programmi\Nokia\PC Connectivity Solution\ServiceLayer.exe
22:25:15.0312 1604 ServiceLayer - ok
22:25:15.0375 1604 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:25:15.0390 1604 Sfloppy - ok
22:25:15.0453 1604 SharedAccess (152c0555925dfe028e3148fd215146bb) C:\WINDOWS\System32\ipnathlp.dll
22:25:15.0453 1604 SharedAccess - ok
22:25:15.0515 1604 ShellHWDetection (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
22:25:15.0515 1604 ShellHWDetection - ok
22:25:15.0531 1604 Simbad - ok
22:25:15.0593 1604 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:25:15.0593 1604 SLIP - ok
22:25:15.0609 1604 smserial - ok
22:25:15.0656 1604 Sparrow - ok
22:25:15.0718 1604 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:25:15.0718 1604 splitter - ok
22:25:15.0812 1604 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:25:15.0812 1604 Spooler - ok
22:25:15.0890 1604 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
22:25:15.0890 1604 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
22:25:15.0890 1604 sptd ( LockedFile.Multi.Generic ) - warning
22:25:15.0890 1604 sptd - detected LockedFile.Multi.Generic (1)
22:25:15.0984 1604 SQLAgent$SONY_MEDIAMGR - ok
22:25:16.0031 1604 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
22:25:16.0046 1604 sr - ok
22:25:16.0078 1604 srservice (b3e3da70a7a76e69b872de3d06d32c19) C:\WINDOWS\system32\srsvc.dll
22:25:16.0093 1604 srservice - ok
22:25:16.0171 1604 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:25:16.0187 1604 Srv - ok
22:25:16.0234 1604 sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
22:25:16.0250 1604 sscdbus - ok
22:25:16.0296 1604 sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
22:25:16.0312 1604 sscdmdfl - ok
22:25:16.0359 1604 sscdmdm (71d348d53597379dfe1de255d70af13c) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
22:25:16.0390 1604 sscdmdm - ok
22:25:16.0421 1604 SSDPSRV (5215569dd3a8fbc65a85e85f3c12258b) C:\WINDOWS\System32\ssdpsrv.dll
22:25:16.0421 1604 SSDPSRV - ok
22:25:16.0468 1604 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:25:16.0484 1604 ssmdrv - ok
22:25:16.0546 1604 stisvc (3b9263e137896e4d303494f116e00608) C:\WINDOWS\system32\wiaservc.dll
22:25:16.0562 1604 stisvc - ok
22:25:16.0593 1604 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:25:16.0593 1604 streamip - ok
22:25:16.0640 1604 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:25:16.0656 1604 swenum - ok
22:25:16.0703 1604 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:25:16.0703 1604 swmidi - ok
22:25:16.0718 1604 SwPrv - ok
22:25:16.0750 1604 symc810 - ok
22:25:16.0765 1604 symc8xx - ok
22:25:16.0781 1604 sym_hi - ok
22:25:16.0796 1604 sym_u3 - ok
22:25:16.0843 1604 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:25:16.0859 1604 sysaudio - ok
22:25:16.0906 1604 SysmonLog (a34a9a872eec4c026fd542ac7156fe0b) C:\WINDOWS\system32\smlogsvc.exe
22:25:16.0921 1604 SysmonLog - ok
22:25:16.0953 1604 TapiSrv (6b85f1a9dce45d45bffad3222c21f297) C:\WINDOWS\System32\tapisrv.dll
22:25:16.0968 1604 TapiSrv - ok
22:25:16.0984 1604 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:25:17.0015 1604 Tcpip - ok
22:25:17.0062 1604 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:25:17.0062 1604 TDPIPE - ok
22:25:17.0109 1604 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:25:17.0109 1604 TDTCP - ok
22:25:17.0171 1604 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:25:17.0171 1604 TermDD - ok
22:25:17.0234 1604 TermService (fe5a5329ccfc33d645c33077ff04f052) C:\WINDOWS\System32\termsrv.dll
22:25:17.0250 1604 TermService - ok
22:25:17.0312 1604 Themes (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
22:25:17.0312 1604 Themes - ok
22:25:17.0343 1604 TlntSvr (2fff150ea4396956f10b66211687f335) C:\WINDOWS\system32\tlntsvr.exe
22:25:17.0375 1604 TlntSvr - ok
22:25:17.0390 1604 TosIde - ok
22:25:17.0421 1604 TrkWks (690294999df1248faf85d95b31955d0c) C:\WINDOWS\system32\trkwks.dll
22:25:17.0453 1604 TrkWks - ok
22:25:17.0484 1604 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:25:17.0500 1604 Udfs - ok
22:25:17.0515 1604 ultra - ok
22:25:17.0562 1604 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:25:17.0593 1604 Update - ok
22:25:17.0640 1604 upnphost (8057b0744d9842a090e51d2845861d5f) C:\WINDOWS\System32\upnphost.dll
22:25:17.0640 1604 upnphost - ok
22:25:17.0687 1604 UPS (f5e8b846ec10e1df8dca64119e2eb709) C:\WINDOWS\System32\ups.exe
22:25:17.0703 1604 UPS - ok
22:25:17.0718 1604 USBAAPL - ok
22:25:17.0781 1604 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
22:25:17.0781 1604 usbbus - ok
22:25:17.0859 1604 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:25:17.0875 1604 usbccgp - ok
22:25:17.0906 1604 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
22:25:17.0921 1604 UsbDiag - ok
22:25:17.0953 1604 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:25:17.0968 1604 usbehci - ok
22:25:18.0031 1604 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:25:18.0031 1604 usbhub - ok
22:25:18.0078 1604 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
22:25:18.0093 1604 USBModem - ok
22:25:18.0125 1604 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:25:18.0140 1604 usbprint - ok
22:25:18.0187 1604 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:25:18.0187 1604 usbscan - ok
22:25:18.0234 1604 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
22:25:18.0234 1604 usbser - ok
22:25:18.0265 1604 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:25:18.0281 1604 USBSTOR - ok
22:25:18.0312 1604 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:25:18.0328 1604 usbuhci - ok
22:25:18.0343 1604 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:25:18.0359 1604 VgaSave - ok
22:25:18.0375 1604 ViaIde - ok
22:25:18.0406 1604 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
22:25:18.0406 1604 VolSnap - ok
22:25:18.0421 1604 vsdatant - ok
22:25:18.0500 1604 VSS (c2fe17125256102f5b44194d5db0a799) C:\WINDOWS\System32\vssvc.exe
22:25:18.0531 1604 VSS - ok
22:25:18.0562 1604 W32Time (2969dd84b584a6bb541a5273103957a3) C:\WINDOWS\system32\w32time.dll
22:25:18.0593 1604 W32Time - ok
22:25:18.0625 1604 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:25:18.0625 1604 Wanarp - ok
22:25:18.0687 1604 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:25:18.0718 1604 Wdf01000 - ok
22:25:18.0734 1604 WDICA - ok
22:25:18.0781 1604 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:25:18.0796 1604 wdmaud - ok
22:25:18.0812 1604 WebClient (2ec50ee79b65f60c8e8b4a03bbb3a42f) C:\WINDOWS\System32\webclnt.dll
22:25:18.0828 1604 WebClient - ok
22:25:18.0890 1604 winmgmt (40911e98d0f1cbb1015f2101982f1ddf) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:25:18.0906 1604 winmgmt - ok
22:25:18.0968 1604 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:25:18.0984 1604 WmdmPmSN - ok
22:25:19.0062 1604 Wmi (f63cb6dbe268ea0620c67a90cf43885e) C:\WINDOWS\System32\advapi32.dll
22:25:19.0078 1604 Wmi - ok
22:25:19.0140 1604 WmiApSrv (81fd02839fdb10acf0ec40b809b9f8cc) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:25:19.0156 1604 WmiApSrv - ok
22:25:19.0312 1604 WMPNetworkSvc (f30dc8f80cf65a323e8b6a2db81561e3) C:\Programmi\Windows Media Player\WMPNetwk.exe
22:25:19.0312 1604 WMPNetworkSvc - ok
22:25:19.0343 1604 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:25:19.0359 1604 WpdUsb - ok
22:25:19.0406 1604 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:25:19.0406 1604 WS2IFSL - ok
22:25:19.0468 1604 wscsvc (926d921c93cff1e19ef4de3e4c8368ca) C:\WINDOWS\system32\wscsvc.dll
22:25:19.0484 1604 wscsvc - ok
22:25:19.0531 1604 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:25:19.0546 1604 WSTCODEC - ok
22:25:19.0578 1604 wuauserv (cc48415e6c7cbaa441a3d6a6dccbcfa6) C:\WINDOWS\system32\wuauserv.dll
22:25:19.0593 1604 wuauserv - ok
22:25:19.0625 1604 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:25:19.0625 1604 WudfPf - ok
22:25:19.0687 1604 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:25:19.0703 1604 WudfRd - ok
22:25:19.0750 1604 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
22:25:19.0765 1604 WudfSvc - ok
22:25:19.0828 1604 WZCSVC (053e0307a08cac60793e27e921b46b3e) C:\WINDOWS\System32\wzcsvc.dll
22:25:19.0843 1604 WZCSVC - ok
22:25:19.0906 1604 xmlprov (5526482dcba6047641b13bf9c75a74e0) C:\WINDOWS\System32\xmlprov.dll
22:25:19.0921 1604 xmlprov - ok
22:25:19.0937 1604 ZTEusbmdm6k - ok
22:25:19.0953 1604 ZTEusbnmea - ok
22:25:19.0984 1604 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
22:25:20.0250 1604 \Device\Harddisk0\DR0 - ok
22:25:20.0250 1604 Boot (0x1200) (9cafa22e6559224c1707f9381ed63711) \Device\Harddisk0\DR0\Partition0
22:25:20.0250 1604 \Device\Harddisk0\DR0\Partition0 - ok
22:25:20.0265 1604 ============================================================
22:25:20.0265 1604 Scan finished
22:25:20.0265 1604 ============================================================

[ciccipei]

22:25:20.0281 4028 Detected object count: 1
22:25:20.0281 4028 Actual detected object count: 1
22:25:52.0703 4028 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:25:52.0703 4028 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:25:59.0968 3768 ============================================================
22:25:59.0968 3768 Scan started
22:25:59.0968 3768 Mode: Manual;
22:25:59.0968 3768 ============================================================
22:26:00.0234 3768 Abiosdsk - ok
22:26:00.0250 3768 abp480n5 - ok
22:26:00.0296 3768 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:26:00.0296 3768 ACPI - ok
22:26:00.0343 3768 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:26:00.0343 3768 ACPIEC - ok
22:26:00.0343 3768 adpu160m - ok
22:26:00.0406 3768 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:26:00.0421 3768 aec - ok
22:26:00.0453 3768 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
22:26:00.0453 3768 Afc - ok
22:26:00.0515 3768 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
22:26:00.0515 3768 AFD - ok
22:26:00.0515 3768 Aha154x - ok
22:26:00.0531 3768 aic78u2 - ok
22:26:00.0546 3768 aic78xx - ok
22:26:00.0578 3768 Alerter (14a077ad0cf6116d1102631d8e1edee8) C:\WINDOWS\system32\alrsvc.dll
22:26:00.0578 3768 Alerter - ok
22:26:00.0609 3768 ALG (79fe2e0d7859738225816658f0bb2a0d) C:\WINDOWS\System32\alg.exe
22:26:00.0609 3768 ALG - ok
22:26:00.0625 3768 AliIde - ok
22:26:00.0640 3768 amsint - ok
22:26:00.0781 3768 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Programmi\Avira\AntiVir Desktop\sched.exe
22:26:00.0781 3768 AntiVirSchedulerService - ok
22:26:00.0828 3768 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Programmi\Avira\AntiVir Desktop\avguard.exe
22:26:00.0843 3768 AntiVirService - ok
22:26:00.0921 3768 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:26:00.0921 3768 Apple Mobile Device - ok
22:26:00.0953 3768 AppMgmt (9062ed05b7519324fd7f0d6afb9d1147) C:\WINDOWS\System32\appmgmts.dll
22:26:00.0953 3768 AppMgmt - ok
22:26:00.0968 3768 asc - ok
22:26:00.0984 3768 asc3350p - ok
22:26:01.0000 3768 asc3550 - ok
22:26:01.0093 3768 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:26:01.0093 3768 aspnet_state - ok
22:26:01.0140 3768 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:26:01.0140 3768 AsyncMac - ok
22:26:01.0187 3768 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:26:01.0187 3768 atapi - ok
22:26:01.0203 3768 Atdisk - ok
22:26:01.0218 3768 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:26:01.0234 3768 Atmarpc - ok
22:26:01.0281 3768 AudioSrv (1b58d118049304e88464be614c6d0014) C:\WINDOWS\System32\audiosrv.dll
22:26:01.0281 3768 AudioSrv - ok
22:26:01.0328 3768 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:26:01.0328 3768 audstub - ok
22:26:01.0437 3768 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programmi\Avira\AntiVir Desktop\avgio.sys
22:26:01.0437 3768 avgio - ok
22:26:01.0453 3768 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:26:01.0453 3768 avgntflt - ok
22:26:01.0484 3768 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:26:01.0484 3768 avipbb - ok
22:26:01.0531 3768 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:26:01.0531 3768 Beep - ok
22:26:01.0609 3768 BITS (48c4763a9c8990fb48b73445beb15d6a) C:\WINDOWS\system32\qmgr.dll
22:26:01.0609 3768 BITS - ok
22:26:01.0703 3768 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Programmi\Bonjour\mDNSResponder.exe
22:26:01.0718 3768 Bonjour Service - ok
22:26:01.0781 3768 Browser (4314623fd836e96a51343ce5c74b48a8) C:\WINDOWS\System32\browser.dll
22:26:01.0781 3768 Browser - ok
22:26:01.0812 3768 bsusbser (3ed6ead26ca9fda0aeaca8f6e822b634) C:\WINDOWS\system32\DRIVERS\bsusbser.sys
22:26:01.0828 3768 bsusbser - ok
22:26:01.0843 3768 catchme - ok
22:26:01.0875 3768 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:26:01.0875 3768 cbidf2k - ok
22:26:01.0937 3768 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:26:01.0937 3768 CCDECODE - ok
22:26:01.0953 3768 cd20xrnt - ok
22:26:01.0984 3768 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:26:01.0984 3768 Cdaudio - ok
22:26:02.0000 3768 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:26:02.0000 3768 Cdfs - ok
22:26:02.0031 3768 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:26:02.0031 3768 Cdrom - ok
22:26:02.0046 3768 Changer - ok
22:26:02.0093 3768 CiSvc (d04f2beb5ea63d0766e12e44aef7c38d) C:\WINDOWS\system32\cisvc.exe
22:26:02.0093 3768 CiSvc - ok
22:26:02.0140 3768 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\WINDOWS\system32\DRIVERS\cledx.sys
22:26:02.0140 3768 CLEDX - ok
22:26:02.0156 3768 ClipSrv (48cb1defa1a6506c3cf09e4950f82ef6) C:\WINDOWS\system32\clipsrv.exe
22:26:02.0156 3768 ClipSrv - ok
22:26:02.0265 3768 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:26:02.0265 3768 clr_optimization_v2.0.50727_32 - ok
22:26:02.0296 3768 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:26:02.0296 3768 CmBatt - ok
22:26:02.0312 3768 CmdIde - ok
22:26:02.0343 3768 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:26:02.0343 3768 Compbatt - ok
22:26:02.0359 3768 COMSysApp - ok
22:26:02.0390 3768 Cpqarray - ok
22:26:02.0406 3768 CryptSvc (b6fcbb157e9c8abdca4134c535535a8b) C:\WINDOWS\System32\cryptsvc.dll
22:26:02.0421 3768 CryptSvc - ok
22:26:02.0421 3768 dac2w2k - ok
22:26:02.0453 3768 dac960nt - ok
22:26:02.0515 3768 DcomLaunch (bc4e0226341aaec1222336b3aed86bab) C:\WINDOWS\system32\rpcss.dll
22:26:02.0531 3768 DcomLaunch - ok
22:26:02.0578 3768 Dhcp (699ee7f752a25180aeb92c3a0eaee440) C:\WINDOWS\System32\dhcpcsvc.dll
22:26:02.0578 3768 Dhcp - ok
22:26:02.0593 3768 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:26:02.0593 3768 Disk - ok
22:26:02.0609 3768 dmadmin - ok
22:26:02.0703 3768 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
22:26:02.0703 3768 dmboot - ok
22:26:02.0765 3768 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
22:26:02.0765 3768 dmio - ok
22:26:02.0796 3768 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:26:02.0796 3768 dmload - ok
22:26:02.0828 3768 dmserver (a01858c50704b2d2edeebbf6bbbced2a) C:\WINDOWS\System32\dmserver.dll
22:26:02.0828 3768 dmserver - ok
22:26:02.0859 3768 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:26:02.0859 3768 DMusic - ok
22:26:02.0906 3768 Dnscache (b7a1162b1a26df7b60d5d9500006096c) C:\WINDOWS\System32\dnsrslvr.dll
22:26:02.0906 3768 Dnscache - ok
22:26:02.0953 3768 Dot3svc (d580d77dff316bd8c9d73b38695de8dc) C:\WINDOWS\System32\dot3svc.dll
22:26:02.0968 3768 Dot3svc - ok
22:26:02.0984 3768 dpti2o - ok
22:26:03.0015 3768 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:26:03.0015 3768 drmkaud - ok
22:26:03.0062 3768 EapHost (86b1f123bacd444e81960b339bae3ff2) C:\WINDOWS\System32\eapsvc.dll
22:26:03.0062 3768 EapHost - ok
22:26:03.0109 3768 ERSvc (b6599eda9f3ebef064504ee35bbeca1c) C:\WINDOWS\System32\ersvc.dll
22:26:03.0109 3768 ERSvc - ok
22:26:03.0156 3768 Eventlog (26845f272435302e0f3322e660a24f7d) C:\WINDOWS\system32\services.exe
22:26:03.0171 3768 Eventlog - ok
22:26:03.0218 3768 EventSystem (8360cb9756e598a5c6214eacfb3677c3) C:\WINDOWS\system32\es.dll
22:26:03.0234 3768 EventSystem - ok
22:26:03.0265 3768 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:26:03.0265 3768 Fastfat - ok
22:26:03.0328 3768 FastUserSwitchingCompatibility (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
22:26:03.0328 3768 FastUserSwitchingCompatibility - ok
22:26:03.0375 3768 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:26:03.0390 3768 Fdc - ok
22:26:03.0406 3768 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
22:26:03.0406 3768 Fips - ok
22:26:03.0453 3768 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:26:03.0453 3768 Flpydisk - ok
22:26:03.0515 3768 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:26:03.0515 3768 FltMgr - ok
22:26:03.0625 3768 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:26:03.0625 3768 FontCache3.0.0.0 - ok
22:26:03.0687 3768 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
22:26:03.0687 3768 fssfltr - ok
22:26:03.0828 3768 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Programmi\Windows Live\Family Safety\fsssvc.exe
22:26:03.0828 3768 fsssvc - ok
22:26:03.0875 3768 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:26:03.0875 3768 Fs_Rec - ok
22:26:03.0937 3768 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:26:03.0937 3768 Ftdisk - ok
22:26:03.0984 3768 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:26:03.0984 3768 GEARAspiWDM - ok
22:26:04.0031 3768 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:26:04.0031 3768 Gpc - ok
22:26:04.0156 3768 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Programmi\Google\Update\GoogleUpdate.exe
22:26:04.0156 3768 gupdate - ok
22:26:04.0171 3768 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Programmi\Google\Update\GoogleUpdate.exe
22:26:04.0171 3768 gupdatem - ok
22:26:04.0234 3768 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
22:26:04.0234 3768 gusvc - ok
22:26:04.0281 3768 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:26:04.0281 3768 HDAudBus - ok
22:26:04.0359 3768 helpsvc (6ce66b51b4eb23d9d073f92698c55c8d) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:26:04.0375 3768 helpsvc - ok
22:26:04.0421 3768 HidServ (43d985a9a51e0295091b6ebe84c96b78) C:\WINDOWS\System32\hidserv.dll
22:26:04.0421 3768 HidServ - ok
22:26:04.0468 3768 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:26:04.0468 3768 HidUsb - ok
22:26:04.0515 3768 hkmsvc (00cad842f48947887a972828aca665f7) C:\WINDOWS\System32\kmsvc.dll
22:26:04.0531 3768 hkmsvc - ok
22:26:04.0546 3768 hpn - ok
22:26:04.0609 3768 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:26:04.0609 3768 HTTP - ok
22:26:04.0671 3768 HTTPFilter (450091aebfcd08e5858533eab5b9a436) C:\WINDOWS\System32\w3ssl.dll
22:26:04.0671 3768 HTTPFilter - ok
22:26:04.0687 3768 hwdatacard - ok
22:26:04.0718 3768 i2omgmt - ok
22:26:04.0734 3768 i2omp - ok
22:26:04.0781 3768 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:26:04.0781 3768 i8042prt - ok
22:26:04.0875 3768 IAANTMON (582f2d900a3ac34c98fbdc2c0abef6b9) C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
22:26:04.0890 3768 IAANTMON - ok
22:26:05.0125 3768 ialm (8b998e6c0aebbaecd6da33df947695d3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:26:05.0218 3768 ialm - ok
22:26:05.0296 3768 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys
22:26:05.0296 3768 iaStor - ok
22:26:05.0343 3768 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:26:05.0359 3768 IDriverT - ok
22:26:05.0500 3768 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:26:05.0500 3768 idsvc - ok
22:26:05.0515 3768 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:26:05.0515 3768 Imapi - ok
22:26:05.0546 3768 ImapiService (db491237445f172fdddf00541de1a51d) C:\WINDOWS\system32\imapi.exe
22:26:05.0546 3768 ImapiService - ok
22:26:05.0562 3768 ini910u - ok
22:26:05.0750 3768 IntcAzAudAddService (a5d5b8c427f4b67580fb2b511291a89d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:26:05.0781 3768 IntcAzAudAddService - ok
22:26:05.0796 3768 IntelIde - ok
22:26:05.0828 3768 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:26:05.0828 3768 intelppm - ok
22:26:05.0875 3768 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:26:05.0875 3768 Ip6Fw - ok
22:26:05.0921 3768 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:26:05.0921 3768 IpFilterDriver - ok
22:26:05.0953 3768 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:26:05.0953 3768 IpInIp - ok
22:26:05.0984 3768 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:26:06.0000 3768 IpNat - ok
22:26:06.0093 3768 iPod Service (9033d67b7112d23eded6789bacded128) C:\Programmi\iPod\bin\iPodService.exe
22:26:06.0093 3768 iPod Service - ok
22:26:06.0125 3768 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:26:06.0125 3768 IPSec - ok
22:26:06.0156 3768 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:26:06.0156 3768 IRENUM - ok
22:26:06.0187 3768 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:26:06.0187 3768 isapnp - ok
22:26:06.0250 3768 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:26:06.0250 3768 Kbdclass - ok
22:26:06.0281 3768 kbdhid (4c61c226bdda2ef1672b2c5f4e56625e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:26:06.0281 3768 kbdhid - ok
22:26:06.0312 3768 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:26:06.0312 3768 kmixer - ok
22:26:06.0359 3768 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:26:06.0359 3768 KSecDD - ok
22:26:06.0406 3768 lanmanserver (0f726d49c0b19e5a506a1cdfce0ee42f) C:\WINDOWS\System32\srvsvc.dll
22:26:06.0406 3768 lanmanserver - ok
22:26:06.0453 3768 lanmanworkstation (e13b0181dda60b93e3253eff52a79cbe) C:\WINDOWS\System32\wkssvc.dll
22:26:06.0468 3768 lanmanworkstation - ok
22:26:06.0468 3768 lbrtfdc - ok
22:26:06.0531 3768 LmHosts (e01255727d0b158538d7c2b469b533a8) C:\WINDOWS\System32\lmhsvc.dll
22:26:06.0531 3768 LmHosts - ok
22:26:06.0546 3768 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
22:26:06.0546 3768 MBAMProtector - ok
22:26:06.0671 3768 MBAMService (94e920be59b9ab65d95e582dbaa136ac) C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
22:26:06.0671 3768 MBAMService - ok
22:26:06.0671 3768 MBAMSwissArmy - ok
22:26:06.0765 3768 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
22:26:06.0765 3768 MDM - ok
22:26:06.0812 3768 Messenger (3b32f662c8607e891f325e41f7ee225c) C:\WINDOWS\System32\msgsvc.dll
22:26:06.0812 3768 Messenger - ok
22:26:06.0875 3768 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe
22:26:06.0875 3768 Microsoft Office Groove Audit Service - ok
22:26:06.0937 3768 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:26:06.0937 3768 mnmdd - ok
22:26:07.0000 3768 mnmsrvc (514a299ec926baada3c718b171476aa4) C:\WINDOWS\system32\mnmsrvc.exe
22:26:07.0000 3768 mnmsrvc - ok
22:26:07.0046 3768 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
22:26:07.0046 3768 Modem - ok
22:26:07.0078 3768 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:26:07.0078 3768 Mouclass - ok
22:26:07.0125 3768 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:26:07.0125 3768 mouhid - ok
22:26:07.0171 3768 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:26:07.0187 3768 MountMgr - ok
22:26:07.0187 3768 mraid35x - ok
22:26:07.0218 3768 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:26:07.0218 3768 MRxDAV - ok
22:26:07.0281 3768 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:26:07.0281 3768 MRxSmb - ok
22:26:07.0328 3768 MSDTC (01f77e9e473235c31796ade46107b0ad) C:\WINDOWS\system32\msdtc.exe
22:26:07.0343 3768 MSDTC - ok
22:26:07.0375 3768 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:26:07.0375 3768 Msfs - ok
22:26:07.0375 3768 MSIServer - ok
22:26:07.0421 3768 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:26:07.0421 3768 MSKSSRV - ok
22:26:07.0453 3768 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:26:07.0453 3768 MSPCLOCK - ok
22:26:07.0468 3768 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:26:07.0468 3768 MSPQM - ok
22:26:07.0500 3768 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:26:07.0500 3768 mssmbios - ok
22:26:07.0593 3768 MSSQL$SONY_MEDIAMGR - ok
22:26:07.0656 3768 MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
22:26:07.0656 3768 MSSQLServerADHelper - ok
22:26:07.0703 3768 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:26:07.0703 3768 MSTEE - ok
22:26:07.0734 3768 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:26:07.0750 3768 Mup - ok
22:26:07.0781 3768 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:26:07.0781 3768 NABTSFEC - ok
22:26:07.0828 3768 napagent (911587fd303c9690a428bb4b04732b61) C:\WINDOWS\System32\qagentrt.dll
22:26:07.0828 3768 napagent - ok
22:26:07.0937 3768 NBService (89844c3d3a7aae8999e229c88e452633) C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
22:26:07.0953 3768 NBService - ok
22:26:07.0984 3768 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:26:08.0000 3768 NDIS - ok
22:26:08.0031 3768 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:26:08.0031 3768 NdisIP - ok
22:26:08.0140 3768 NDISKIO - ok
22:26:08.0187 3768 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:26:08.0187 3768 NdisTapi - ok
22:26:08.0234 3768 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:26:08.0234 3768 Ndisuio - ok
22:26:08.0265 3768 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:26:08.0265 3768 NdisWan - ok
22:26:08.0312 3768 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:26:08.0312 3768 NDProxy - ok
22:26:08.0328 3768 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:26:08.0328 3768 NetBIOS - ok
22:26:08.0359 3768 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:26:08.0359 3768 NetBT - ok
22:26:08.0375 3768 NetDDE (1b09227e41f414a93dbc0baf80c4d527) C:\WINDOWS\system32\netdde.exe
22:26:08.0390 3768 NetDDE - ok
22:26:08.0390 3768 NetDDEdsdm (1b09227e41f414a93dbc0baf80c4d527) C:\WINDOWS\system32\netdde.exe
22:26:08.0390 3768 NetDDEdsdm - ok
22:26:08.0437 3768 Netlogon (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
22:26:08.0437 3768 Netlogon - ok
22:26:08.0468 3768 Netman (02815b70fc4ca8611a926176f1c39fc2) C:\WINDOWS\System32\netman.dll
22:26:08.0468 3768 Netman - ok
22:26:08.0593 3768 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:26:08.0593 3768 NetTcpPortSharing - ok
22:26:08.0718 3768 NETw4x32 (18b2d3e11ed7a3c898ade6a6692b6929) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
22:26:08.0734 3768 NETw4x32 - ok
22:26:08.0781 3768 Nla (c6b69a18d39744725fb73ac85e46032b) C:\WINDOWS\System32\mswsock.dll
22:26:08.0796 3768 Nla - ok
22:26:08.0906 3768 NMIndexingService (8dd0cdb0c700992d10169d8769ef5f43) C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
22:26:08.0906 3768 NMIndexingService - ok
22:26:08.0953 3768 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:26:08.0953 3768 Npfs - ok
22:26:09.0000 3768 Nsynas32 (4b4a21e158c039ee0888741bfe1d24e0) C:\WINDOWS\system32\drivers\Nsynas32.sys
22:26:09.0015 3768 Nsynas32 - ok
22:26:09.0062 3768 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:26:09.0078 3768 Ntfs - ok
22:26:09.0125 3768 NtLmSsp (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
22:26:09.0125 3768 NtLmSsp - ok
22:26:09.0171 3768 NtmsSvc (89db90b5f35d2795d9fc56d933cc72b8) C:\WINDOWS\system32\ntmssvc.dll
22:26:09.0171 3768 NtmsSvc - ok
22:26:09.0218 3768 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:26:09.0218 3768 Null - ok
22:26:09.0265 3768 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:26:09.0265 3768 NwlnkFlt - ok
22:26:09.0281 3768 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:26:09.0281 3768 NwlnkFwd - ok
22:26:09.0390 3768 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE
22:26:09.0406 3768 odserv - ok
22:26:09.0453 3768 ose (5a432a042dae460abe7199b758e8606c) C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
22:26:09.0453 3768 ose - ok
22:26:09.0500 3768 PAC207 (54183d1ec4a8658bbacb31acd0c8f6df) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
22:26:09.0515 3768 PAC207 - ok
22:26:09.0531 3768 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\drivers\Parport.sys
22:26:09.0531 3768 Parport - ok
22:26:09.0578 3768 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:26:09.0578 3768 PartMgr - ok
22:26:09.0609 3768 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
22:26:09.0609 3768 ParVdm - ok
22:26:09.0656 3768 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
22:26:09.0656 3768 pccsmcfd - ok
22:26:09.0671 3768 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
22:26:09.0687 3768 PCI - ok
22:26:09.0687 3768 PCIDump - ok
22:26:09.0765 3768 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:26:09.0765 3768 PCIIde - ok
22:26:09.0781 3768 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:26:09.0796 3768 Pcmcia - ok
22:26:09.0796 3768 PDCOMP - ok
22:26:09.0812 3768 PDFRAME - ok
22:26:09.0828 3768 PDRELI - ok
22:26:09.0843 3768 PDRFRAME - ok
22:26:09.0859 3768 perc2 - ok
22:26:09.0859 3768 perc2hib - ok
22:26:09.0906 3768 PlugPlay (26845f272435302e0f3322e660a24f7d) C:\WINDOWS\system32\services.exe
22:26:09.0906 3768 PlugPlay - ok
22:26:09.0968 3768 PolicyAgent (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
22:26:09.0968 3768 PolicyAgent - ok
22:26:10.0015 3768 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:26:10.0015 3768 PptpMiniport - ok
22:26:10.0015 3768 ProtectedStorage (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
22:26:10.0031 3768 ProtectedStorage - ok
22:26:10.0062 3768 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:26:10.0062 3768 PSched - ok
22:26:10.0093 3768 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:26:10.0093 3768 Ptilink - ok
22:26:10.0125 3768 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:26:10.0125 3768 PxHelp20 - ok
22:26:10.0140 3768 ql1080 - ok
22:26:10.0156 3768 Ql10wnt - ok
22:26:10.0156 3768 ql12160 - ok
22:26:10.0171 3768 ql1240 - ok
22:26:10.0187 3768 ql1280 - ok
22:26:10.0218 3768 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:26:10.0218 3768 RasAcd - ok
22:26:10.0250 3768 RasAuto (9839b418343d6e6e52659bdf3ff1fe67) C:\WINDOWS\System32\rasauto.dll
22:26:10.0250 3768 RasAuto - ok
22:26:10.0296 3768 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:26:10.0296 3768 Rasl2tp - ok
22:26:10.0312 3768 RasMan (62ad41548e720db4763b86f95e44f3fa) C:\WINDOWS\System32\rasmans.dll
22:26:10.0312 3768 RasMan - ok
22:26:10.0328 3768 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:26:10.0328 3768 RasPppoe - ok
22:26:10.0359 3768 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:26:10.0359 3768 Raspti - ok
22:26:10.0406 3768 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:26:10.0406 3768 Rdbss - ok
22:26:10.0421 3768 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:26:10.0421 3768 RDPCDD - ok
22:26:10.0484 3768 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:26:10.0484 3768 rdpdr - ok
22:26:10.0515 3768 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:26:10.0515 3768 RDPWD - ok
22:26:10.0562 3768 RDSessMgr (cc72e6ae90245f0ae48bf1236a7e1f9c) C:\WINDOWS\system32\sessmgr.exe
22:26:10.0578 3768 RDSessMgr - ok
22:26:10.0578 3768 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:26:10.0578 3768 redbook - ok
22:26:10.0640 3768 RemoteAccess (7ebbf16fbd3e0e34f084fa635c1844e3) C:\WINDOWS\System32\mprdim.dll
22:26:10.0640 3768 RemoteAccess - ok
22:26:10.0687 3768 RemoteRegistry (f667a41bced959988e53feecc8bf5da0) C:\WINDOWS\system32\regsvc.dll
22:26:10.0687 3768 RemoteRegistry - ok
22:26:10.0781 3768 RichVideo (2af094b1ce4725e4551f38fda2348637) C:\Programmi\CyberLink\Shared Files\RichVideo.exe
22:26:10.0781 3768 RichVideo - ok
22:26:10.0796 3768 RimUsb - ok
22:26:10.0859 3768 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
22:26:10.0859 3768 RimVSerPort - ok
22:26:10.0906 3768 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
22:26:10.0906 3768 ROOTMODEM - ok
22:26:10.0921 3768 RpcLocator (dc97f6c8a94691834439872b9e8ff2b3) C:\WINDOWS\system32\locator.exe
22:26:10.0921 3768 RpcLocator - ok
22:26:10.0968 3768 RpcSs (bc4e0226341aaec1222336b3aed86bab) C:\WINDOWS\System32\rpcss.dll
22:26:10.0968 3768 RpcSs - ok
22:26:11.0000 3768 RSVP (dce0d20f8fb66df41d53734bff9d66f0) C:\WINDOWS\system32\rsvp.exe
22:26:11.0000 3768 RSVP - ok
22:26:11.0046 3768 RTLE8023xp (27341186a5b0ae078cb944a3b002624d) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:26:11.0046 3768 RTLE8023xp - ok
22:26:11.0109 3768 SamSs (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
22:26:11.0109 3768 SamSs - ok
22:26:11.0140 3768 SCardSvr (1d456f1cd76a80793c07ba52cf3a7455) C:\WINDOWS\System32\SCardSvr.exe
22:26:11.0140 3768 SCardSvr - ok
22:26:11.0203 3768 Schedule (511886e5bd060046cce8373e92e62edf) C:\WINDOWS\system32\schedsvc.dll
22:26:11.0203 3768 Schedule - ok
22:26:11.0312 3768 SeaPort (271077b91d7ad1b616f8afdfe8e3f981) C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:26:11.0312 3768 SeaPort - ok
22:26:11.0359 3768 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:26:11.0359 3768 Secdrv - ok
22:26:11.0406 3768 seclogon (17c6354ca08e7c7972e12c67478ae134) C:\WINDOWS\System32\seclogon.dll
22:26:11.0406 3768 seclogon - ok
22:26:11.0453 3768 SENS (a0eca1ce0fccb29c5e4e1f416e95e73e) C:\WINDOWS\system32\sens.dll
22:26:11.0453 3768 SENS - ok
22:26:11.0484 3768 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\drivers\Serial.sys
22:26:11.0484 3768 Serial - ok
22:26:11.0593 3768 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Programmi\Nokia\PC Connectivity Solution\ServiceLayer.exe
22:26:11.0593 3768 ServiceLayer - ok
22:26:11.0625 3768 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:26:11.0625 3768 Sfloppy - ok
22:26:11.0671 3768 SharedAccess (152c0555925dfe028e3148fd215146bb) C:\WINDOWS\System32\ipnathlp.dll
22:26:11.0671 3768 SharedAccess - ok
22:26:11.0718 3768 ShellHWDetection (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
22:26:11.0718 3768 ShellHWDetection - ok
22:26:11.0734 3768 Simbad - ok
22:26:11.0781 3768 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:26:11.0781 3768 SLIP - ok
22:26:11.0796 3768 smserial - ok
22:26:11.0796 3768 Sparrow - ok
22:26:11.0843 3768 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:26:11.0843 3768 splitter - ok
22:26:11.0906 3768 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:26:11.0906 3768 Spooler - ok
22:26:11.0984 3768 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
22:26:11.0984 3768 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
22:26:11.0984 3768 sptd ( LockedFile.Multi.Generic ) - warning
22:26:11.0984 3768 sptd - detected LockedFile.Multi.Generic (1)
22:26:12.0093 3768 SQLAgent$SONY_MEDIAMGR - ok
22:26:12.0140 3768 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
22:26:12.0140 3768 sr - ok
22:26:12.0187 3768 srservice (b3e3da70a7a76e69b872de3d06d32c19) C:\WINDOWS\system32\srsvc.dll
22:26:12.0203 3768 srservice - ok
22:26:12.0265 3768 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:26:12.0265 3768 Srv - ok
22:26:12.0312 3768 sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
22:26:12.0312 3768 sscdbus - ok
22:26:12.0359 3768 sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
22:26:12.0359 3768 sscdmdfl - ok
22:26:12.0406 3768 sscdmdm (71d348d53597379dfe1de255d70af13c) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
22:26:12.0406 3768 sscdmdm - ok
22:26:12.0437 3768 SSDPSRV (5215569dd3a8fbc65a85e85f3c12258b) C:\WINDOWS\System32\ssdpsrv.dll
22:26:12.0437 3768 SSDPSRV - ok
22:26:12.0500 3768 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:26:12.0500 3768 ssmdrv - ok
22:26:12.0546 3768 stisvc (3b9263e137896e4d303494f116e00608) C:\WINDOWS\system32\wiaservc.dll
22:26:12.0546 3768 stisvc - ok
22:26:12.0578 3768 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:26:12.0578 3768 streamip - ok
22:26:12.0625 3768 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:26:12.0625 3768 swenum - ok
22:26:12.0687 3768 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:26:12.0687 3768 swmidi - ok
22:26:12.0687 3768 SwPrv - ok
22:26:12.0703 3768 symc810 - ok
22:26:12.0718 3768 symc8xx - ok
22:26:12.0734 3768 sym_hi - ok
22:26:12.0750 3768 sym_u3 - ok
22:26:12.0765 3768 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:26:12.0781 3768 sysaudio - ok
22:26:12.0828 3768 SysmonLog (a34a9a872eec4c026fd542ac7156fe0b) C:\WINDOWS\system32\smlogsvc.exe
22:26:12.0828 3768 SysmonLog - ok
22:26:12.0843 3768 TapiSrv (6b85f1a9dce45d45bffad3222c21f297) C:\WINDOWS\System32\tapisrv.dll
22:26:12.0859 3768 TapiSrv - ok
22:26:12.0875 3768 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:26:12.0875 3768 Tcpip - ok
22:26:12.0921 3768 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:26:12.0921 3768 TDPIPE - ok
22:26:12.0953 3768 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:26:12.0968 3768 TDTCP - ok
22:26:12.0984 3768 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:26:12.0984 3768 TermDD - ok
22:26:13.0031 3768 TermService (fe5a5329ccfc33d645c33077ff04f052) C:\WINDOWS\System32\termsrv.dll
22:26:13.0046 3768 TermService - ok
22:26:13.0093 3768 Themes (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
22:26:13.0093 3768 Themes - ok
22:26:13.0109 3768 TlntSvr (2fff150ea4396956f10b66211687f335) C:\WINDOWS\system32\tlntsvr.exe
22:26:13.0109 3768 TlntSvr - ok
22:26:13.0125 3768 TosIde - ok
22:26:13.0156 3768 TrkWks (690294999df1248faf85d95b31955d0c) C:\WINDOWS\system32\trkwks.dll
22:26:13.0156 3768 TrkWks - ok
22:26:13.0203 3768 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:26:13.0203 3768 Udfs - ok
22:26:13.0203 3768 ultra - ok
22:26:13.0234 3768 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:26:13.0250 3768 Update - ok
22:26:13.0281 3768 upnphost (8057b0744d9842a090e51d2845861d5f) C:\WINDOWS\System32\upnphost.dll
22:26:13.0281 3768 upnphost - ok
22:26:13.0312 3768 UPS (f5e8b846ec10e1df8dca64119e2eb709) C:\WINDOWS\System32\ups.exe
22:26:13.0312 3768 UPS - ok
22:26:13.0328 3768 USBAAPL - ok
22:26:13.0359 3768 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
22:26:13.0359 3768 usbbus - ok
22:26:13.0390 3768 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:26:13.0390 3768 usbccgp - ok
22:26:13.0421 3768 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
22:26:13.0421 3768 UsbDiag - ok
22:26:13.0468 3768 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:26:13.0468 3768 usbehci - ok
22:26:13.0515 3768 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:26:13.0515 3768 usbhub - ok
22:26:13.0562 3768 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
22:26:13.0562 3768 USBModem - ok
22:26:13.0593 3768 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:26:13.0593 3768 usbprint - ok
22:26:13.0640 3768 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:26:13.0640 3768 usbscan - ok
22:26:13.0671 3768 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
22:26:13.0671 3768 usbser - ok
22:26:13.0703 3768 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:26:13.0703 3768 USBSTOR - ok
22:26:13.0734 3768 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:26:13.0734 3768 usbuhci - ok
22:26:13.0796 3768 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:26:13.0796 3768 VgaSave - ok
22:26:13.0796 3768 ViaIde - ok
22:26:13.0828 3768 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
22:26:13.0828 3768 VolSnap - ok
22:26:13.0843 3768 vsdatant - ok
22:26:13.0906 3768 VSS (c2fe17125256102f5b44194d5db0a799) C:\WINDOWS\System32\vssvc.exe
22:26:13.0906 3768 VSS - ok
22:26:13.0937 3768 W32Time (2969dd84b584a6bb541a5273103957a3) C:\WINDOWS\system32\w32time.dll
22:26:13.0937 3768 W32Time - ok
22:26:13.0968 3768 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:26:13.0968 3768 Wanarp - ok
22:26:14.0015 3768 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:26:14.0015 3768 Wdf01000 - ok
22:26:14.0031 3768 WDICA - ok
22:26:14.0062 3768 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:26:14.0062 3768 wdmaud - ok
22:26:14.0093 3768 WebClient (2ec50ee79b65f60c8e8b4a03bbb3a42f) C:\WINDOWS\System32\webclnt.dll
22:26:14.0093 3768 WebClient - ok
22:26:14.0171 3768 winmgmt (40911e98d0f1cbb1015f2101982f1ddf) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:26:14.0171 3768 winmgmt - ok
22:26:14.0218 3768 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:26:14.0218 3768 WmdmPmSN - ok
22:26:14.0281 3768 Wmi (f63cb6dbe268ea0620c67a90cf43885e) C:\WINDOWS\System32\advapi32.dll
22:26:14.0296 3768 Wmi - ok
22:26:14.0343 3768 WmiApSrv (81fd02839fdb10acf0ec40b809b9f8cc) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:26:14.0359 3768 WmiApSrv - ok
22:26:14.0500 3768 WMPNetworkSvc (f30dc8f80cf65a323e8b6a2db81561e3) C:\Programmi\Windows Media Player\WMPNetwk.exe
22:26:14.0500 3768 WMPNetworkSvc - ok
22:26:14.0531 3768 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:26:14.0531 3768 WpdUsb - ok
22:26:14.0578 3768 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:26:14.0578 3768 WS2IFSL - ok
22:26:14.0625 3768 wscsvc (926d921c93cff1e19ef4de3e4c8368ca) C:\WINDOWS\system32\wscsvc.dll
22:26:14.0640 3768 wscsvc - ok
22:26:14.0671 3768 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:26:14.0687 3768 WSTCODEC - ok
22:26:14.0703 3768 wuauserv (cc48415e6c7cbaa441a3d6a6dccbcfa6) C:\WINDOWS\system32\wuauserv.dll
22:26:14.0718 3768 wuauserv - ok
22:26:14.0765 3768 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:26:14.0765 3768 WudfPf - ok
22:26:14.0812 3768 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:26:14.0812 3768 WudfRd - ok
22:26:14.0859 3768 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
22:26:14.0859 3768 WudfSvc - ok
22:26:14.0890 3768 WZCSVC (053e0307a08cac60793e27e921b46b3e) C:\WINDOWS\System32\wzcsvc.dll
22:26:14.0890 3768 WZCSVC - ok
22:26:14.0937 3768 xmlprov (5526482dcba6047641b13bf9c75a74e0) C:\WINDOWS\System32\xmlprov.dll
22:26:14.0937 3768 xmlprov - ok
22:26:14.0953 3768 ZTEusbmdm6k - ok
22:26:14.0968 3768 ZTEusbnmea - ok
22:26:14.0984 3768 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
22:26:15.0234 3768 \Device\Harddisk0\DR0 - ok
22:26:15.0234 3768 Boot (0x1200) (9cafa22e6559224c1707f9381ed63711) \Device\Harddisk0\DR0\Partition0
22:26:15.0234 3768 \Device\Harddisk0\DR0\Partition0 - ok
22:26:15.0234 3768 ============================================================
22:26:15.0234 3768 Scan finished
22:26:15.0234 3768 ============================================================
22:26:15.0250 3772 Detected object count: 1
22:26:15.0250 3772 Actual detected object count: 1
22:26:32.0687 3772 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:26:32.0687 3772 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:28:27.0593 2344 Deinitialize success

[FrancescoFDAC]

Disinstalla IMBooster, e Emule.

Allega un log di questo programma:
Scarica ed installa Hijackthis: http://www.trendmicro.com/ftp/products/ ... ckThis.msi
● lancia Hijackthis
● clicca sul pulsante Do a system scan and save a logfile
● verrà rilasciato automaticamente un file di testo: allegalo

[ciccipei]

Imbooster non riesco a toglierlo (sono entrato nella cartella ma non c'è un file uninst....e non compare nemmeno nelle applicazioni installate. Lo vedo nei processi in esecuzione mediante Task Manager). Tolto emule.

Ecco in allegato il log che mi hai chiesto:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12.18.56, on 06/04/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Iminent\IMBooster\imbooster.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programmi\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Programmi\Iminent\IMBooster4Web\Iminent.WebBooster.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programmi\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMBooster] C:\Programmi\Iminent\IMBooster\imbooster.exe /warmup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Mipony - file://C:\Programmi\MiPony\Browser\IEContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D908FF38-01B1-4E4A-A60C-4B877EFDBAA0}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\Nokia\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Matteo/IMPOST~1/Temp/msohtmlclip1/01/clip_image002.gif

--
End of file - 11455 bytes

[FrancescoFDAC]

Esegui la procedura descritta, rigorosamente nel suo ordine, al fine di:
● guadagnare spazio su disco
● ottimizzare le prestazioni del sistema
● mantenere il corretto funzionamento di Windows

Ottimizzazione - post rimozione malware

Il mio consiglio è quello di stampare questa procedura, perché tornerà senz'altro utile in futuro, a te ed ai tuoi conoscenti: condividila pure con loro, non ha controindicazioni di alcun genere ed andrebbe eseguita dopo aver rimosso tutte le infezione presenti nel sistema.
Queste operazioni infatti, andrebbero eseguite almeno una volta al mese (per utilizzatori di Computer assidui il tempo è ridotto a due settimane, eccetto per lo Scandisk, punto 13. della procedura).

Tieni presente che la maggior parte delle chiavi di registro corrotte e danneggiate non si possono ripristinare e riparare correttamente, e l'installazione e la disinstallazione continua dei programmi può causare crash di sistema e fastidiose schermate blu.

Una formattazione consente di ottenere dei massimi benefici, in termini di velocità, stabilità e prestazioni: questa procedura si avvicina maggiormente ai risultati ottenuti tramite una formattazione del disco fisso.

1. Rimuovi le voci di avvio non necessarie

Questa procedura è puramente facoltativa: questi sono programmi che si avviano quando accendi il computer, ma puoi eseguirli una volta caricato il sistema operativo.
Togliendo questi software dall'esecuzione automatica, l'avvio sarà più veloce ed il computer funzionerà meglio.

Avvia HiJackThis e:
● clicca sul pulsante Do a system scan only/Scan
● metti la spunta accanto ad ogni singola voce indicata sotto
● spuntate le voci, termina tutti i programmi attivi, comprese le pagine Internet
● clicca, in basso a sinistra, sul pulsante Fix checked; potrebbe comparire un'ulteriore finestra durante il fix delle voci: clicca su Sì
Queste sono le voci da fixare:



O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [IAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMBooster] C:\Programmi\Iminent\IMBooster\imbooster.exe /warmup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab

Nota: per lanciare HiJackThis su Windows Vista e Windows 7, clicca con il tasto destro del mouse sulla icona di HiJackThis (rappresentata da un omino vestito di rosso con una lente di ingrandimento, nota il file eseguibile in grassetto sotto) e, dal menù contestuale, scegli la voce Esegui come Amministratore: conferma la richiesta proposta

Il percorso da seguire per trovare l'eseguibile del programma è: Start/ Computer/ Programmi/ Trend Micro/ HiJackThis/ HiJackThis.exe

******************************

2. Disinstalla i programmi inutilizzati, e tutte le Toolbar (in particolare, Babylon Toolbar, Windows Live Toolbar e la Google Toolbar se non la usi).

Procedura per Windows XP:
● clicca sul pulsante Start
● apri il Pannello di controllo
● clicca su Installazione applicazioni
● seleziona il programma da disinstallare, e clicca sul tasto Cambia/Rimuovi: partirà la procedura di disinstallazione

Procedura per Windows Vista e Windows Seven:
● clicca sul pulsante Start
● apri il Pannello di controllo
● clicca su Programmi, e su Programmi e funzionalità
● seleziona il programma da disinstallare, e clicca sul tasto Cambia/Disinstalla: partirà la procedura di disinstallazione

******************************

3. Disinstalla dal Pannello di controllo, in particolare, le seguenti applicazioni:
● Adobe Flash Player
● Adobe Reader
● Java (tutte le versioni installate)

Scarica ed installa, dai siti proposti, le versioni aggiornate dei programmi appena disinstallati:
● Adobe Flash Player: http://get.adobe.com/it/flashplayer
● Adobe Reader : http://get.adobe.com/it/reader
● Java: http://java.com/it/download/index.jsp

Note - riguardo alla procedura:
● non consentire l'installazione di componenti aggiuntivi (Toolbar in particolare): non installarne alcuno, quindi togli la spunta alla relativa voce
● alternativamente ad Abobe Reader, software pesante e soprattutto soggetto a vulnerabilità sfruttabili dai malware presenti nella rete per infettare il sistema, puoi scaricare il veloce e leggerissimo Sumatra PDF Reader, che nulla ha da invidiare al prodotto di casa Adobe: http://blog.kowalczyk.info/software/sum ... eader.html

******************************

4. Disattiva il Ripristino Configurazione di Sistema

Procedura per Windows XP:
● clicca sul pulsante Start
● tasto destro del mouse sull'icona Risorse del computer
● seleziona, dal menù a tendina, la voce Proprietà
● apri la scheda Ripristino configurazione di sistema
● metti la spunta alla voce Disattiva Ripristino configurazione di sistema su tutte le unità
● conferma la modifica, con Applica e OK

Procedura per Windows Vista e Windows Seven:
● clicca sul pulsante Start
● tasto destro del mouse sull'icona Computer
● seleziona, dal menù a tendina, la voce Proprietà
● clicca, nel menù a sinistra, su Protezione sistema; compare un avviso relativo al Controllo Account Utente: clicca su Continua
● deseleziona la casella di controllo visualizzata accanto al Disco Locale C:
● clicca sul pulsante OK
● conferma la modifica apportata, cliccando sul pulsante Applica e OK

******************************

5. Svuota del suo contenuto la cartella Prefetch

Procedura per Windows XP:
● clicca sul pulsante Start
● clicca su Risorse del computer
● apri il Disco locale C:
● individua ed apri la cartella Windows
● individua ed apri la cartella Prefetch
● elimina tutte le voci conservate al suo interno: fai attenzione però, a non eliminare la cartella

Procedura per Windows Vista e Windows Seven:
● clicca sul pulsante Start
● clicca su Computer
● apri il Disco locale C:
● individua ed apri la cartella Windows
● individua ed apri la cartella Prefetch
● elimina tutte le voci conservate al suo interno, tranne il file Layout.ini: fai attenzione però, a non eliminare la cartella

Nota - riguardo alla procedura:
● la cartella Prefetch contiene i file che il sistema operativo esegue; un'operazione di prefetch consiste nel rendere immediatamente disponibili, nella memoria cache, i file utilizzati più spesso e quelli necessari per il processo di avvio del personal computer.
Il riavvio successivo sarà un po' lento, ma quelli seguenti saranno senza dubbio più veloci

******************************

6. Svuota del suo contenuto la cartella Download

Procedura per Windows XP:
● clicca sul pulsante Start
● clicca su Risorse del computer
● apri il Disco locale C:
● individua ed apri la cartella Windows
● individua ed apri la cartella SoftwareDistribution
● individua ed apri la cartella Download
● elimina tutte le voci conservate al suo interno: fai attenzione però, a non eliminare la cartella

Procedura per Windows Vista e Windows Seven:
● clicca sul pulsante Start
● clicca su Computer
● apri il Disco locale C:
● individua ed apri la cartella Windows
● individua ed apri la cartella SoftwareDistribution
● individua ed apri la cartella Download
● elimina tutte le voci conservate al suo interno: fai attenzione però, a non eliminare la cartella

Nota - riguardo alla procedura:
● la cartella Download contiene i file di installazione degli aggiornamenti di Windows, che possono essere eliminati senza problemi per recuperare spazio su disco e risolvere fastidiosi problemi di aggiornamenti

******************************

7. Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe
● posiziona il tool sul Desktop
● termina tutti i programmi attivi, comprese le pagine Internet
● avvia il tool con un doppio click
● clicca, in basso a sinistra, sul pulsante Start
● scomparirà, per qualche istante, il Desktop: nulla di cui preoccuparsi
● attendi pazientemente il termine delle operazioni
● clicca, in basso a destra, sul pulsante Exit
● una volta terminate le operazioni, chiudi il programma

Nota: per eseguire correttamente TFC by OldTimer su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore: conferma la richiesta proposta

******************************

8. Scarica ed installa CCleaner: http://www.piriform.com/ccleaner/download
Nota - durante l'installazione: non consentire l'installazione di componenti aggiuntivi (Toolbar in particolare): non installarne alcuno, quindi togli la spunta alla relativa voce

Una volta installato ed avviato, esegui queste operazioni:
● nel menù di sinistra, clicca su Opzioni
● nella finestra successiva, clicca su Impostazioni
● spunta la voce Tipo cancellazione: Sicura (lenta) e nel menù a tendina seleziona la voce DOD 5220.22-M (3 passaggi)
● clicca su Avanzate
● togli la spunta alla voce Cancella file in Windows Temp solo se più vecchi di 24 ore e alla voce Chiedi se salvare un backup dei problemi del registro
● clicca, nel menù a sinistra, su Pulizia: nella sezione Avanzate, metti la spunta alle voci Vecchi dati Prefetch, Disinstallatori Aggiornamenti di Windows e File Log IIS
● apri, in alto, il tab Applicazioni: spunta tutte le voci presenti
● termina tutti i programmi attivi, comprese le pagine Internet
● clicca, in basso a sinistra, sul bottone Analizza, per cercare i file temporanei
● clicca, in basso a destra, sul bottone Avvia Pulizia, per avviare la pulizia dei file temporanei
● nella finestra che compare, metti la spunta alla voce Non mostrare più questo messaggio, e conferma cliccando sul pulsante OK
● terminata la pulizia, nel menù a sinistra, clicca sulla voce Registro
● clicca sul bottone Trova Problemi, per avviare la ricerca delle voci di registro corrotte e danneggiate
● clicca sul bottone Ripara selezionati... e prosegui con la riparazione: la pulizia del registro ripetila più volte, fino a quando non verranno più rilevati problemi da correggere
● una volta terminate le operazioni, chiudi il programma

Nota: in Windows Seven, manca la voce Disinstallatori Aggiornamenti di Windows, e la voce Tipo cancellazione: Sicura (lenta) DOD 5220.22-M (3 passaggi) è stata sostituita dalla dicitura Sovrascrittura avanzata 83 passaggi

******************************

9. Lancia Hijackthis e pulisci gli ADS (esclusivamente su partizioni formattate in NTFS):
● clicca sulla voce Open the Misc Tools section
● clicca su Open ADS Spy..., nel tab System tools
● in alto, togli la spunta alla voce Quick scan (Windows base folder only)
● clicca, in basso, sul pulsante Scan
● attendi pazientemente il termine della scansione
● se venissero rilevati molti ADS, clicca con il tasto destro sulla prima casellina, e scegli la voce Select all
● clicca, in basso, sul pulsante Remove selected: conferma con Sì
● una volta terminate le operazioni, chiudi il programma

Nota - riguardo al programma:
● in caso avessi un sistema operativo a 64 Bit, tralascia la procedura. Fai click qui per scoprire se il tuo sistema operativo è a 32 o 64 Bit: http://support.microsoft.com/kb/827218/it

******************************

10. Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
● posiziona il tool sul Desktop
● chiudi tutti i programmi attivi
● avvia il tool con un doppio click
● clicca sul pulsante CleanUp!
● il programma chiede di riavviare il sistema: consenti, cliccando su Yes per due volte

Note - riguardo al programma:
● OTC by OldTimer va eseguito solamente nel caso tu abbia utilizzato in precedenza particolari programmi che richiedono una particolare procedura di disinstallazione, come ComboFix, FindAWF, GMER, RSIT e TDSS Killer.
● per eseguire correttamente OTC by OldTimer su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore: conferma la richiesta proposta

******************************

11. Riabilita il Ripristino Configurazione di Sistema, seguendo la procedura inversa al punto 4

******************************

12. Scarica ed installa Defraggler: http://www.piriform.com/defraggler/download

Nota - durante l'installazione:
● non consentire l'installazione di componenti aggiuntivi (Toolbar in particolare): non installarne alcuno, quindi togli la spunta alla relativa voce

Una volta installato, esegui queste operazioni:
● avvia il programma con un doppio click
● seleziona con il tasto sinistro del mouse l'unità Disco Locale C:
● clicca, in basso a sinistra, sul bottone Deframmenta
● attendi pazientemente il termine delle operazioni

******************************

13. Controlla l'Hard Disk per eventuali errori

Procedura per Windows XP:
● clicca sul pulsante Start
● clicca su Esegui
● nello spazio bianco, copia ed incolla questa riga:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
● clicca sul pulsante OK
● attendi pazientemente il termine delle operazioni
● una finestra DOS vuota si aprirà sul Desktop, per poi chiudersi automaticamente: nulla di cui preoccuparsi
● allega il file checkhd.txt presente sul Desktop per un controllo

Procedura per Windows Vista e Windows Seven:
● clicca sul pulsante Start
● scegli la voce Tutti i programmi
● clicca su Accessori
● clicca su Esegui
● nello spazio bianco, copia ed incolla questa riga:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
● clicca sul pulsante OK
● attendi pazientemente il termine delle operazioni
● una finestra DOS vuota si aprirà sul Desktop, per poi chiudersi automaticamente: nulla di cui preoccuparsi
● allega il file checkhd.txt presente sul Desktop per un controllo

******************************

Note - al termine della procedura:
● riavvia il sistema
● allega un nuovo log di HijackThis
● comunica come funziona il sistema, e quali problemi riscontri attualmente

[ciccipei]

allego primo log (checkhd):
Il file system Š di tipo NTFS.

Avvertenza! Parametro F non specificato
CHKDSK eseguito in modalit… sola lettura.

Verifica dei file in corso (fase 1 di 3)...
Verifica degli indici in corso (fase 2 di 3)...
CHKDSK sta recuperando i file perduti.
Verifica dei descrittori di protezione in corso (fase 3 di 3)...
CHKDSK sta verificando il diario USN...
Verifica del diario USN completata.
CHKDSK ha rilevato spazio libero su disco contrassegnato come allocato
nella bitmap della Tabella file master (MFT).
CHKDSK ha rilevato spazio libero su disco contrassegnato come allocato nella bitmap del volume.
Nessun problema rilevato nel file system.
Eseguire CHKDSK con l'opzione /F per le correzioni.

156280288 KB di spazio totale su disco.
138003784 KB in 63991 file.
27520 KB in 8482 indici.
0 KB in settori danneggiati.
315156 KB in uso dal sistema.
65536 KB occupati dal file registro.
17933828 KB disponibili su disco.

4096 byte in ogni unit… di allocazione.
39070072 unit… totali di allocazione su disco.
4483457 unit… di allocazione disponibili su disco.

[ciccipei]

Allego secondo log (Hijackthis):
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23.30.14, on 06/04/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Mipony - file://C:\Programmi\MiPony\Browser\IEContext.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D908FF38-01B1-4E4A-A60C-4B877EFDBAA0}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\Nokia\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Matteo/IMPOST~1/Temp/msohtmlclip1/01/clip_image002.gif

--
End of file - 8786 bytes


Il sistema sembra essere tornato a posto. Attendo tuo riscontro e ti ringrazio di cuore.

[FrancescoFDAC]

Avvia HiJackThis e:
● clicca sul pulsante Do a system scan only/Scan
● a sinistra, metti la spunta accanto ad ogni singola voce che ti indicherò sotto (non spuntare tutte le voce , solo quelle riportate sotto, mi raccomando)
● spuntate le voci, termina tutti i programmi attivi, comprese le pagine Internet
● clicca, in basso a sinistra, sul pulsante Fix checked; potrebbe comparire un'ulteriore finestra durante il fix delle voci: clicca su Sì
Queste sono le voci da fixare:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

Disinstalla, se non utilizzi, il software Mipony.

Abbiamo finito: ciao e buona Pasqua

[ciccipei]

Ciao Francesco, volevo solo ringraziarti per ciò che hai fatto e per la pazienza (soprattutto). Il pc non mi da problemi e sembra funzionare correttamente:l'unica cosa è che non riesco ad installare Adobe Flash (e non poso far vedere a mio figlio i cartoni di rai YoYO)perchè una volta selezionata la casella "downoad, disinstallato pure l'antivirus, non parte nulla...boh, sarà Firefox.
Cmq. grazie veramente tanto e anche se in ritardo (ero fuori) ti faccio gli auguri di Buona Pasqua.