pc lento che si blocca

[hans22]

salve amici, apro questa discussione perchè da un pò di tempo il pc mi va lento e soprattutto le pagine di firefox si bloccano e non sono mai belle scorrevoli, inoltre ogni tanto esce qualche pop up e schermata strana, tipo pubblicità.

ho avira come antivirus, ad-aware e spyboth, da qualche giono ho disattivato il firewall di windows ed ho installato Pctools firewall plus.
ho scansionato con malware ed eliminato alcuni file che il programma mi ha trovato, ora và leggermente meglio ma le pagine si bloccano sempre, tipo per 5-10 secondi e poi ripartono... lo fa spesso ed è molto snervante, oltre a darmi preoccupazione su eventuale furto di dati di accesso.

posto di seguito il log di hijackthis.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15.58.29, on 06/04/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\utente\Dati applicazioni\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{32F0736B-E23C-4262-9E50-20780BC5209D}: NameServer = 193.70.152.15 212.52.97.15
O17 - HKLM\System\CS3\Services\Tcpip\..\{32F0736B-E23C-4262-9E50-20780BC5209D}: NameServer = 193.70.152.15 212.52.97.15
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5157 bytes


in particolare mi insospettiscono le voci O17, che ho provato a fixare, ma poi sono riapparse...

grazie in anticipo a tutti coloro che mi consiglieranno!!!

[COCCOBELLO]

ciao
fixa queste voci

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (file missing)

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\utente\Dati applicazioni\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm


disinstalla spybot e ad-aware
sono programmi pesanti e scadenti
lasciati sul pc solo Avira e malwarebytes

poi
Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
scaricalo con  ( Internet Explorer) no con Firefox o se lo scarichi con Firefox assicurati di salvarlo suk Desktop
quindi posizionalo sul Desktop obbligatoriamente
Adesso e Molto Importante che tu
disattiva l'Antivirus in uso
disattiva il Firewall
chiudi tutti i programmi aperti
chiudi la connessione. prima di fare la scansione

lancia ComboFix con doppio clik
segui le istruzioni di combofix
verrà richiesta l'installazione della Console di ripristino :clicca su NO
senza eseguire nessuna altra operazione sul pc, lascia che  ComboFix completi la scansione non usare ne anche il mouse
altrimenti potrebbe Bloccarsi il Pc
se vengono rilasciati dei  messaggi durante la scansione Riguardo all' Antivirus e il Firewall
ignorali prosegui
Quando ComboFix avrà concluso la scansione:
il sistema verrà riavviato automaticamente: in caso contrario, riavvialo tu
vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

[FrancescoFDAC]

Ciao.
Prima di iniziare ad analizzare a basso livello il tuo sistema, disinstalla i seguenti programmi, perchè oramai inutili:
Lavasoft Ad-Aware
Spybot-S&D

Se la lentezza ancora non fosse svanita, prendi in considerazione l'idea di disinstallare anche PC Tools Firewall Plus, e affidarti solamente al firewall di Windows, che sarà indietro anni luce rispetto agli altri, ma il suo lavoro lo fa, minimanente ma lo fa.

Il PC non mostra infezioni attive.

Le voci O17 sono legittime.

[hans22]

ciao
fixa queste voci

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (file missing)

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\utente\Dati applicazioni\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm


disinstalla spybot e ad-aware
sono programmi pesanti e scadenti
lasciati sul pc solo Avira e malwarebytes

poi
Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
scaricalo con  ( Internet Explorer) no con Firefox o se lo scarichi con Firefox assicurati di salvarlo suk Desktop
quindi posizionalo sul Desktop obbligatoriamente
Adesso e Molto Importante che tu
disattiva l'Antivirus in uso
disattiva il Firewall
chiudi tutti i programmi aperti
chiudi la connessione. prima di fare la scansione

lancia ComboFix con doppio clik
segui le istruzioni di combofix
verrà richiesta l'installazione della Console di ripristino :clicca su NO
senza eseguire nessuna altra operazione sul pc, lascia che  ComboFix completi la scansione non usare ne anche il mouse
altrimenti potrebbe Bloccarsi il Pc
se vengono rilasciati dei  messaggi durante la scansione Riguardo all' Antivirus e il Firewall
ignorali prosegui
Quando ComboFix avrà concluso la scansione:
il sistema verrà riavviato automaticamente: in caso contrario, riavvialo tu
vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

tutto fatto ecco il log di combofix:

ComboFix 12-04-06.03 - utente 06/04/2012 23.13.45.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1015.589 [GMT 2:00]
Eseguito da: c:\documents and settings\utente\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\utente\Dati applicazioni\PriceGong
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\1.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\2229.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\2257.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\2620.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\4489.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\a.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\b.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\c.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\d.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\e.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\f.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\g.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\h.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\i.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\j.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\k.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\l.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\m.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\mru.xml
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\n.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\o.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\p.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\q.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\r.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\s.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\t.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\u.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\v.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\w.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\wlu.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\x.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\y.txt
c:\documents and settings\utente\Dati applicazioni\PriceGong\Data\z.txt
c:\documents and settings\utente\WINDOWS
c:\windows\$NtUninstallKB61353$
c:\windows\$NtUninstallKB61353$\1632926317
c:\windows\$NtUninstallKB61353$\827465988\@
c:\windows\$NtUninstallKB61353$\827465988\L\elxuktli
c:\windows\$NtUninstallKB61353$\827465988\loader.tlb
c:\windows\$NtUninstallKB61353$\827465988\U\@00000001
c:\windows\$NtUninstallKB61353$\827465988\U\@000000c0
c:\windows\$NtUninstallKB61353$\827465988\U\@000000cb
c:\windows\$NtUninstallKB61353$\827465988\U\@000000cf
c:\windows\$NtUninstallKB61353$\827465988\U\@80000000
c:\windows\$NtUninstallKB61353$\827465988\U\@800000c0
c:\windows\$NtUninstallKB61353$\827465988\U\@800000cb
c:\windows\$NtUninstallKB61353$\827465988\U\@800000cf
c:\windows\system32\dds_log_trash.cmd
c:\windows\system32\SET5D.tmp
c:\windows\system32\SET61.tmp
c:\windows\system32\SET69.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_SERVICE
-------\Legacy_SSHNAS
-------\Legacy_USNJSVC
-------\Service_6to4
-------\Service_service
-------\Service_usnjsvc
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Files Creati Da 2012-03-06 al 2012-04-06 )))))))))))))))))))))))))))))))))))
.
.
2012-04-06 13:57 . 2012-04-06 13:57 388096 ----a-r- c:\documents and settings\utente\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-06 13:57 . 2012-04-06 13:57 -------- d-----w- c:\programmi\Trend Micro
2012-04-05 12:19 . 2012-04-05 12:20 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\PCToolsFirewallPlus
2012-04-05 12:19 . 2011-03-02 10:40 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-04-05 12:19 . 2010-03-29 09:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-04-05 12:19 . 2011-01-17 07:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-04-05 12:18 . 2012-04-05 12:19 -------- d-----w- c:\programmi\File comuni\PC Tools
2012-04-05 12:18 . 2011-01-12 08:36 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2012-04-05 12:18 . 2010-07-08 06:49 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2012-04-05 12:18 . 2010-02-05 06:26 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2012-04-05 12:18 . 2011-01-17 06:11 125248 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2012-04-05 12:18 . 2012-04-06 20:35 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2012-03-31 13:15 . 2012-03-31 13:15 -------- dc----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Mozilla
2012-03-31 12:42 . 2012-03-31 12:42 -------- dc----w- c:\documents and settings\Administrator\Dati applicazioni\Nero
2012-03-18 07:49 . 2012-03-18 07:49 592824 ----a-w- c:\programmi\Mozilla Firefox\gkmedias.dll
2012-03-18 07:49 . 2012-03-18 07:49 44472 ----a-w- c:\programmi\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 19:58 . 2007-10-31 17:21 90112 ----a-w- c:\windows\DUMP2e91.tmp
2012-02-15 13:37 . 2011-10-21 12:48 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-03 09:57 . 2007-08-02 12:00 1860096 ------w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 10:54 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2007-10-31 16:36 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-03-18 07:48 . 2012-03-05 16:00 97208 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"CnxDslTaskBar"="c:\programmi\ZyXEL\ADSL USB Modem\CnxDslTb.exe" [2003-07-31 458752]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
.
c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.2.lnk - c:\programmi\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ArgobwucNuqs.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Watch.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Watch.lnk
backup=c:\windows\pss\Watch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 18:14 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [02/07/2008 23.38.05 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [02/07/2008 23.38.05 5248]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [21/10/2011 14.48.24 36000]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [05/04/2012 14.19.23 251560]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [21/10/2011 14.48.29 86224]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [28/02/2012 14.43.37 652360]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [05/04/2012 14.19.25 160576]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [08/12/2011 2.57.34 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [08/12/2011 2.57.34 642944]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [08/12/2011 2.57.34 108675]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28/02/2012 14.43.36 20464]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [05/04/2012 14.18.14 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [05/04/2012 14.18.14 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [05/04/2012 14.18.10 125248]
R3 xpsec;Driver IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S3 2ax6m.sys;2ax6m.sys;\??\c:\windows\system32\drivers\2ax6m.sys --> c:\windows\system32\drivers\2ax6m.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [05/02/2012 21.14.52 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [05/02/2012 21.14.53 8576]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [05/04/2012 14.18.14 57536]
.
--- Altri Servizi/Drivers In Memoria ---
.
*Deregistered* - xcpip
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
TCtrlIO
palmusbd
dtsrvc
PdiPorts
odclientservice
awservice
CdaC15BA
NPDriver
bjmcmng
se59bus
lirsgt
sonicatheaterinstallerservice
aswmon2
NtMtlFax
amfilter
GTF32BUS
svcwmu
rp32service
TICalc
bthidmgr
z800obex
tng-doba
iaimfp2
UsbDiag
tmcomm
vxsvc
SRTSP
qconsvc
ctxcpubal
bglivesvc
lmouflt2
dirms_defragmentation
ha10kx2k
vncdrv
{d31a0762-0ceb-444e-acff-b049a1f6fe91}
SQLAgent$MICROSOFTBCM
rpaservice
netmdsb
WISTechVIDCAP
nvatabus
mbr
wwnetdde
QWAVEDRV
ctusfsyn
slee_503_service
BrScnUsb
mpfservice
eectrl
kbstuff
avidsdmservice
el90xbc
isdrv120
Appn
ltck000c
wcontrol
slpmonx
UlSata
CTEAPSFX.DLL
symwsc
dlaifs_m
stirusb
nvcap
oracle_load_balancer_60_client-forms6ip9
wpsdrvnt
PGPwded
sffp_sd
VrAcFil
pcx1nd5
ovmsmaccessmanager
NWUSBPort
aswupdsv
WmHidLo
avgfwsrv
automate6
ntuneservice
ifp800
camdrl
agnwifi
ppped
se44mdfl
vhidmini
EPOWER
etoksrv
EpmShd
SiS300i
AVerBDA
s217mgmt
Si3132
bdfdll
maxbackserviceint
UimBus
SaiClass
scramby
iAimFP7
drvnddm
USB_NDIS_51
UCTblHid
dlapoolm
nmsaccess
s616mgmt
pav_security
nsausvc
Nsynas32
cwcspud
vrmonsvc
smartscaps
SMNDIS5
NetwareWorkstation
UPATC
VMAUDIO
sentinel
Mtlstrm
SrvcSSIOMngr
ipssvc
DSDrv4
upnp
protectionservice
pshost
fsssvc
FET5X86V
belmonitorservice
61883
MSSQL$MSSMLBIZ
tfsncofs
acprfmgrsvc
vulfnths
CBTNDIS5
flashpnt
ctdvda2k
CXTUNE
iisadmin
iolo_srv
O2SCBUS
pnarp
GT890x
paamsrv
UBHelper
enum1394
ngserver
filemon701
gs30s
emupia
RMCAST
Eplpdx02
VSP1284D
avupdsvc
pmj151la
susbser
epgspooler
zebrceb
licensemanagersocket
AffinegyService
uagp35
mwsejcap
SiS7018
CTMMOUNT
cvspydr2
sysenforce
s217mdfl
pmem
ccevtmgr
ar5211
mcpromgr
mgisvr
ntgrip
smcservice
vxd
rksample
Packet
USBVCD
ha20x2k
PSDNServ
dlaboiom
avcgbfl
IntelC52
prodrv06
L6POD
dcpflics
atmeltpm
aic116x
OEM02Afx
ms_mpu401
TMKEmu
WinDriver6
clnt_clientman
npkcsvc
hsfhwbs2
moufiltr
netwg311
rampartsvc
EagleNT
PAR1284
mwssched
ibmasrex
AR5416
MA8032C
PCASp50
TcUsb
lxda_device
cypresslink
rchost
ddxgb
uscbs108
ssm_mdm
SaiNtHid
sdbus
pfmodnt
iaimtv2
bltrust
s117unic
Via4in1
lwwlicenseservice
Evian
Spsmqvsm
se59nd5
jconfigd
iaantmon
naiavfilter1
NMSCFG
symantecantibotdriver
SIODRV
niorbk
ownershipprotocol
tosrfcom
SerTVOutCtlr
USIUDF
PSDFilter
alcxsens
com0com
tbiosdrv
DC21x4
s716mdfl
spsslm
xfactorae1
iteatapi
s125mgmt
enethusb
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
olapserver
AKSIFDH
NWUSBModem
wg6n
rootmodem
BrUsbSer
sfman
acedrv07
hpqddsvc
bmuservice
Rawwan
aavmker4
a8djusb
DynDNS_Updater_Service
prosync1
pdlnacom
vmware
atierecord
USB_RNDIS
backupexecalertserver
mksupdateint
WmUsbHid
GV600_4
hpwirelessmgr
pdlnemsg
cics.region2
asmagent
speakerphone
fcprintservice
actser
qbcfmonitorservice
Hotkey
unlockerdriver5
wanatw
SE27obex
qbposdbextservices
hap17v2k
AmeLanPc
dcsloader
rrspy
hotspotshieldservice
cqcpu
pnmsrv
SISNICXP
QPSched
RESMGR
kpf4
rca
mdmxsdk
emu10k
AGV
MA8032U
Ndisipo
n3900
WINUSB
s116mdfl
mssqlserverolapservice
BASFND
ps2
advantage
GBDevice
WLAN_USB
vsdatant
datasvr
CXAVXBAR
tfsnboio
genmcmn
trioservice
EU3_USB
k750obex
liveupdate
autocomplete
NWDNS
CTERFXFX.DLL
vc8secs
MRESP50
mpservice
tavsvc
RadProbe
PCTINDIS5
slave
dvd-ram_service
acmservice
racsvc
Cam5603D
sscdbhk5
penclass
LMIRfsClientNP
spmd
cdvp
starwindservice
incdrm
R300
procexp111
zpcollector
rdnaoflsvc
cis1284
regdefend
lxcd_device
curtainssyssvc
JRAID
lvcomser
USBDongle
areschatserver
appnnode
prevxagent
NetTcpActivator
cmigameport
netdevio
pdfcreatormessages
cdralw2k
avp
s7oppitx
Epiusb
eelogsvc
wltwo51b
kpfwsvc
btwusb
lxdj_device
enxpsvc
xusb21
HpqKbFiltr
cwafnotesservice
neokdss
aclient
iAimFP6
toshidpt
se58mdm
bt
umxfwhlp
bufserv
MSFWHLPR
btfirst
s217obex
acsvc
usbsermpt
DumaNT
imonitor
StickyMesger
CTMFLT
SiSRaid
addfiltr
WINIO
iPassPeriodicUpdateService
lusbaudio
VHidMinidrv
dsNcAdpt
avfilter
oracleorahomepagingserver
nimdbgk
srvdpi
quickhealfirewall
XDva004
MS1000
mssql$microsoftsmlbiz
nhcDriverDevice
CA561
ctxcpusched
sfusvc
pinnaclemarvinusb
NeroMediaHomeService.4
incdpass
DM9102
s716mgmt
spcflt
msdv
PcdrNt
dcstor32
VAIOMediaPlatform-MusicServer-UPnP
XTrapD12
hpconfig
passthru
zfdwm
cwafadmincontroller
NTSIM
vmnetdhcp
mrpostman
ATWPKT2
psimsvc
mcvsrte
ZuneWlanCfgSvc
L8042Kbd
ehsched
LHidKe
SE2Emgmt
NMSAccessU
service1
EUSBMSD
TVALG
w810bus
ifxspmgtsrv
mwstick
s217unic
usbaudio
ATIVTUTW
naveng
lxrsge10s
ifxtcs
wlancfg
w550bus
sprtsvc_dellsupportcenter
Si3132r5
Ktp
tpkmpsvc
evteng
opcenum
sfdrv01
osaio
mfcom
elotouchscreen
bridge
cdr4_xp
NETw3x32
ZSMC211
MTDVC2
steamdvr
lvhidsvc
avg7rsxp
ELmou
netmnt
atirage3
psdistributionagent
amdk77
ntpr_nic_service2
EMSCR
ZuneBusEnum
winachcf
TIEHDUSB
retinaengine
sonypvs1
hcwPVRP2
tsscoreservice
wintabservice
WUSB54GCSVC
pacsptisvr
beatjammusicstreamingserver
purgeieservice
harmony
EQDRV5
qmofiltr
yukonwlh
nsvcip
SE2Cmgmt
alcaudsl
DritekPortIO
vmm
mgabgexe
LVVI500A
iap
w300mdfl
s716bus
pepifilter
ldlcserv
msi_wlan_service
lgsnd_filter
vcommmgr
dlacdbhm
w810mdm
gameenum
qfcoresvc
cpqnicmgmt
amon
klblmain
RMSvc
sentinelprotectionserver
lxcgcustomerconnect
ultra66
hpzius12
ATMsg
dlcq_device
se44unic
Cardex
ftpds
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2275731263-3062746696-666692273-1003Core.job
- c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-04-06 14:17]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2275731263-3062746696-666692273-1003UA.job
- c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-04-06 14:17]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:56061
IE: Free YouTube to MP3 Converter - c:\documents and settings\utente\Dati applicazioni\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\documents and settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\qwu3pvc7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-06 23:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(3120)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\PC Tools Firewall Plus\FWService.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2012-04-06 23:47:56 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-04-06 21:47
.
Pre-Run: 52.821.315.584 byte disponibili
Post-Run: 52.800.512.000 byte disponibili
.
- - End Of File - - 161D894697888AFEF661D4232E1967E2

ho disistallato ad-aware e spyboth, al loro posto non metto nulla?

inoltre all'inizio mi ha segnalato un rookit dal nome zero.access o roba simile che interferisce con il tcp. risulta dal log? è stato eliminato?

[COCCOBELLO]

ciao si ha trovato zero access
ha rimosso qualcosa di zero access
questo e un rootkit bastardo,si devono fare altre operazioni
no non mettere nulla al loro posto

segui queste operazioni

importante! Disabilita temporaneamente il tuo antivirus e firewall
Fai un click destro in un punto vuoto del Desktop
crea un Nuovo Documento di testo
Ci copi e incolli dentro il Nuovo Documento di testo il codice che vedi sotto,
e lo salvi con il nome CFScript.txt
e trascinalo sull'icona di ComboFix.
partirà la scansione attendi la fine senza toccare niente
se chiede il riavvio del pc riavvia
Posta il log aggiornato di combofix

Codice: Seleziona tutto

KillAll::

Driver::
xpsec
2ax6m

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-

[hans22]

ciao si ha trovato zero access
ha rimosso qualcosa di zero access
questo e un rootkit bastardo,si devono fare altre operazioni
no non mettere nulla al loro posto

segui queste operazioni

importante! Disabilita temporaneamente il tuo antivirus e firewall
Fai un click destro in un punto vuoto del Desktop
crea un Nuovo Documento di testo
Ci copi e incolli dentro il Nuovo Documento di testo il codice che vedi sotto,
e lo salvi con il nome CFScript.txt
e trascinalo sull'icona di ComboFix.
partirà la scansione attendi la fine senza toccare niente
se chiede il riavvio del pc riavvia
Posta il log aggiornato di combofix

Codice: Seleziona tutto

KillAll::

Driver::
xpsec
2ax6m

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-

tutto fatto, ecco il log, speriamo bene...

ComboFix 12-04-06.03 - utente 07/04/2012 1.00.39.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1015.563 [GMT 2:00]
Eseguito da: c:\documents and settings\utente\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\utente\Desktop\CFScript.txt.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\windows\system32\fetnd5bv.dll
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SQLAGENT$MICROSOFTBCM
-------\Service_SQLAgent$MICROSOFTBCM
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Files Creati Da 2012-03-06 al 2012-04-06 )))))))))))))))))))))))))))))))))))
.
.
2012-04-06 23:24 . 2012-04-06 23:24 -------- dc--a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2012-04-06 13:57 . 2012-04-06 13:57 388096 ----a-r- c:\documents and settings\utente\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-06 13:57 . 2012-04-06 13:57 -------- d-----w- c:\programmi\Trend Micro
2012-04-05 12:19 . 2012-04-05 12:20 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\PCToolsFirewallPlus
2012-04-05 12:19 . 2011-03-02 10:40 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-04-05 12:19 . 2010-03-29 09:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-04-05 12:19 . 2011-01-17 07:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-04-05 12:18 . 2012-04-05 12:19 -------- d-----w- c:\programmi\File comuni\PC Tools
2012-04-05 12:18 . 2011-01-12 08:36 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2012-04-05 12:18 . 2010-07-08 06:49 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2012-04-05 12:18 . 2010-02-05 06:26 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2012-04-05 12:18 . 2011-01-17 06:11 125248 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2012-04-05 12:18 . 2012-04-06 20:35 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2012-03-31 13:15 . 2012-03-31 13:15 -------- dc----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Mozilla
2012-03-31 12:42 . 2012-03-31 12:42 -------- dc----w- c:\documents and settings\Administrator\Dati applicazioni\Nero
2012-03-18 07:49 . 2012-03-18 07:49 592824 ----a-w- c:\programmi\Mozilla Firefox\gkmedias.dll
2012-03-18 07:49 . 2012-03-18 07:49 44472 ----a-w- c:\programmi\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 19:58 . 2007-10-31 17:21 90112 ----a-w- c:\windows\DUMP2e91.tmp
2012-02-15 13:37 . 2011-10-21 12:48 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-03 09:57 . 2007-08-02 12:00 1860096 ------w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 10:54 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2007-10-31 16:36 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-03-18 07:48 . 2012-03-05 16:00 97208 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"CnxDslTaskBar"="c:\programmi\ZyXEL\ADSL USB Modem\CnxDslTb.exe" [2003-07-31 458752]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
.
c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.2.lnk - c:\programmi\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ArgobwucNuqs.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Watch.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Watch.lnk
backup=c:\windows\pss\Watch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 18:14 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [02/07/2008 23.38.05 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [02/07/2008 23.38.05 5248]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [21/10/2011 14.48.24 36000]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [05/04/2012 14.19.23 251560]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [21/10/2011 14.48.29 86224]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [28/02/2012 14.43.37 652360]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [05/04/2012 14.19.25 160576]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [08/12/2011 2.57.34 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [08/12/2011 2.57.34 642944]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [08/12/2011 2.57.34 108675]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28/02/2012 14.43.36 20464]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [05/04/2012 14.18.14 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [05/04/2012 14.18.14 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [05/04/2012 14.18.10 125248]
S3 2ax6m.sys;2ax6m.sys;\??\c:\windows\system32\drivers\2ax6m.sys --> c:\windows\system32\drivers\2ax6m.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [05/02/2012 21.14.52 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [05/02/2012 21.14.53 8576]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [05/04/2012 14.18.14 57536]
.
--- Altri Servizi/Drivers In Memoria ---
.
*Deregistered* - xcpip
*Deregistered* - xpsec
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
TCtrlIO
palmusbd
dtsrvc
PdiPorts
odclientservice
awservice
CdaC15BA
NPDriver
bjmcmng
se59bus
lirsgt
sonicatheaterinstallerservice
aswmon2
NtMtlFax
amfilter
GTF32BUS
svcwmu
rp32service
TICalc
bthidmgr
z800obex
tng-doba
iaimfp2
UsbDiag
tmcomm
vxsvc
SRTSP
qconsvc
ctxcpubal
bglivesvc
lmouflt2
dirms_defragmentation
ha10kx2k
vncdrv
{d31a0762-0ceb-444e-acff-b049a1f6fe91}
rpaservice
netmdsb
WISTechVIDCAP
nvatabus
mbr
wwnetdde
QWAVEDRV
ctusfsyn
slee_503_service
BrScnUsb
mpfservice
eectrl
kbstuff
avidsdmservice
el90xbc
isdrv120
Appn
ltck000c
wcontrol
slpmonx
UlSata
CTEAPSFX.DLL
symwsc
dlaifs_m
stirusb
nvcap
oracle_load_balancer_60_client-forms6ip9
wpsdrvnt
PGPwded
sffp_sd
VrAcFil
pcx1nd5
ovmsmaccessmanager
NWUSBPort
aswupdsv
WmHidLo
avgfwsrv
automate6
ntuneservice
ifp800
camdrl
agnwifi
ppped
se44mdfl
vhidmini
EPOWER
etoksrv
EpmShd
SiS300i
AVerBDA
s217mgmt
Si3132
bdfdll
maxbackserviceint
UimBus
SaiClass
scramby
iAimFP7
drvnddm
USB_NDIS_51
UCTblHid
dlapoolm
nmsaccess
s616mgmt
pav_security
nsausvc
Nsynas32
cwcspud
vrmonsvc
smartscaps
SMNDIS5
NetwareWorkstation
UPATC
VMAUDIO
sentinel
Mtlstrm
SrvcSSIOMngr
ipssvc
DSDrv4
upnp
protectionservice
pshost
fsssvc
FET5X86V
belmonitorservice
61883
MSSQL$MSSMLBIZ
tfsncofs
acprfmgrsvc
vulfnths
CBTNDIS5
flashpnt
ctdvda2k
CXTUNE
iisadmin
iolo_srv
O2SCBUS
pnarp
GT890x
paamsrv
UBHelper
enum1394
ngserver
filemon701
gs30s
emupia
RMCAST
Eplpdx02
VSP1284D
avupdsvc
pmj151la
susbser
epgspooler
zebrceb
licensemanagersocket
AffinegyService
uagp35
mwsejcap
SiS7018
CTMMOUNT
cvspydr2
sysenforce
s217mdfl
pmem
ccevtmgr
ar5211
mcpromgr
mgisvr
ntgrip
smcservice
vxd
rksample
Packet
USBVCD
ha20x2k
PSDNServ
dlaboiom
avcgbfl
IntelC52
prodrv06
L6POD
dcpflics
atmeltpm
aic116x
OEM02Afx
ms_mpu401
TMKEmu
WinDriver6
clnt_clientman
npkcsvc
hsfhwbs2
moufiltr
netwg311
rampartsvc
EagleNT
PAR1284
mwssched
ibmasrex
AR5416
MA8032C
PCASp50
TcUsb
lxda_device
cypresslink
rchost
ddxgb
uscbs108
ssm_mdm
SaiNtHid
sdbus
pfmodnt
iaimtv2
bltrust
s117unic
Via4in1
lwwlicenseservice
Evian
Spsmqvsm
se59nd5
jconfigd
iaantmon
naiavfilter1
NMSCFG
symantecantibotdriver
SIODRV
niorbk
ownershipprotocol
tosrfcom
SerTVOutCtlr
USIUDF
PSDFilter
alcxsens
com0com
tbiosdrv
DC21x4
s716mdfl
spsslm
xfactorae1
iteatapi
s125mgmt
enethusb
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
olapserver
AKSIFDH
NWUSBModem
wg6n
rootmodem
BrUsbSer
sfman
acedrv07
hpqddsvc
bmuservice
Rawwan
aavmker4
a8djusb
DynDNS_Updater_Service
prosync1
pdlnacom
vmware
atierecord
USB_RNDIS
backupexecalertserver
mksupdateint
WmUsbHid
GV600_4
hpwirelessmgr
pdlnemsg
cics.region2
asmagent
speakerphone
fcprintservice
actser
qbcfmonitorservice
Hotkey
unlockerdriver5
wanatw
SE27obex
qbposdbextservices
hap17v2k
AmeLanPc
dcsloader
rrspy
hotspotshieldservice
cqcpu
pnmsrv
SISNICXP
QPSched
RESMGR
kpf4
rca
mdmxsdk
emu10k
AGV
MA8032U
Ndisipo
n3900
WINUSB
s116mdfl
mssqlserverolapservice
BASFND
ps2
advantage
GBDevice
WLAN_USB
vsdatant
datasvr
CXAVXBAR
tfsnboio
genmcmn
trioservice
EU3_USB
k750obex
liveupdate
autocomplete
NWDNS
CTERFXFX.DLL
vc8secs
MRESP50
mpservice
tavsvc
RadProbe
PCTINDIS5
slave
dvd-ram_service
acmservice
racsvc
Cam5603D
sscdbhk5
penclass
LMIRfsClientNP
spmd
cdvp
starwindservice
incdrm
R300
procexp111
zpcollector
rdnaoflsvc
cis1284
regdefend
lxcd_device
curtainssyssvc
JRAID
lvcomser
USBDongle
areschatserver
appnnode
prevxagent
NetTcpActivator
cmigameport
netdevio
pdfcreatormessages
cdralw2k
avp
s7oppitx
Epiusb
eelogsvc
wltwo51b
kpfwsvc
btwusb
lxdj_device
enxpsvc
xusb21
HpqKbFiltr
cwafnotesservice
neokdss
aclient
iAimFP6
toshidpt
se58mdm
bt
umxfwhlp
bufserv
MSFWHLPR
btfirst
s217obex
acsvc
usbsermpt
DumaNT
imonitor
StickyMesger
CTMFLT
SiSRaid
addfiltr
WINIO
iPassPeriodicUpdateService
lusbaudio
VHidMinidrv
dsNcAdpt
avfilter
oracleorahomepagingserver
nimdbgk
srvdpi
quickhealfirewall
XDva004
MS1000
mssql$microsoftsmlbiz
nhcDriverDevice
CA561
ctxcpusched
sfusvc
pinnaclemarvinusb
NeroMediaHomeService.4
incdpass
DM9102
s716mgmt
spcflt
msdv
PcdrNt
dcstor32
VAIOMediaPlatform-MusicServer-UPnP
XTrapD12
hpconfig
passthru
zfdwm
cwafadmincontroller
NTSIM
vmnetdhcp
mrpostman
ATWPKT2
psimsvc
mcvsrte
ZuneWlanCfgSvc
L8042Kbd
ehsched
LHidKe
SE2Emgmt
NMSAccessU
service1
EUSBMSD
TVALG
w810bus
ifxspmgtsrv
mwstick
s217unic
usbaudio
ATIVTUTW
naveng
lxrsge10s
ifxtcs
wlancfg
w550bus
sprtsvc_dellsupportcenter
Si3132r5
Ktp
tpkmpsvc
evteng
opcenum
sfdrv01
osaio
mfcom
elotouchscreen
bridge
cdr4_xp
NETw3x32
ZSMC211
MTDVC2
steamdvr
lvhidsvc
avg7rsxp
ELmou
netmnt
atirage3
psdistributionagent
amdk77
ntpr_nic_service2
EMSCR
ZuneBusEnum
winachcf
TIEHDUSB
retinaengine
sonypvs1
hcwPVRP2
tsscoreservice
wintabservice
WUSB54GCSVC
pacsptisvr
beatjammusicstreamingserver
purgeieservice
harmony
EQDRV5
qmofiltr
yukonwlh
nsvcip
SE2Cmgmt
alcaudsl
DritekPortIO
vmm
mgabgexe
LVVI500A
iap
w300mdfl
s716bus
pepifilter
ldlcserv
msi_wlan_service
lgsnd_filter
vcommmgr
dlacdbhm
w810mdm
gameenum
qfcoresvc
cpqnicmgmt
amon
klblmain
RMSvc
sentinelprotectionserver
lxcgcustomerconnect
ultra66
hpzius12
ATMsg
dlcq_device
se44unic
Cardex
ftpds
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2275731263-3062746696-666692273-1003Core.job
- c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-04-06 14:17]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2275731263-3062746696-666692273-1003UA.job
- c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-04-06 14:17]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:56061
IE: Free YouTube to MP3 Converter - c:\documents and settings\utente\Dati applicazioni\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\documents and settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\qwu3pvc7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-07 01:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(1200)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\PC Tools Firewall Plus\FWService.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2012-04-07 01:30:50 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-04-06 23:30
ComboFix2.txt 2012-04-06 21:47
.
Pre-Run: 52.808.888.320 byte disponibili
Post-Run: 52.787.900.416 byte disponibili
.
- - End Of File - - 0E41EF5F21635BA973281F96CF5729BF

firefox e explorer sono ancora lenti, ed ora ho iniziato ad usare chrome, che mi sembra nettamente più veloce.
solo che non riesco ad impostare per non salvare mai la cronologia, sennò devo ogni volta ricordarmi di cancellare... come si fà?

[COCCOBELLO]

ok

ora
Scarica Kaspersky TDSSKiller e salvalo sul desktop.
http://support.kaspersky.com/downloads/ ... killer.exe
fai doppio clik su TDSSKiller.exe
fare click su change parameters

sulla voce Additional option
mettere la spunta su verify driver digital singatures
Detect TDLFS file system
Cliccare su Ok
fare clic su Start Scan
e attendi la scansione

Se trova il file infetto viene rilevato, l'azione predefinita sarà Cure, fare clic su Continua.

Se un file sospetto è rilevato, l'azione predefinita sarà Skip , fare clic su Continua.

Se chiede di riavviare il pc (Reboot) acconsenti. (per eliminare l'infezione è necessario riavviare il pc)
Se non chiede di riavviare il pc clicca su report e salvalo sul desktop
Postalo qui.
Il report lo trovi in Disco locale C
TDSSKiller.[Version]_[Date]_[Time]_log.txt

poi
scarica e installa questo Fix
http://go.microsoft.com/?linkid=9668866
Clicca sul link ed esegui il Fix automatico seguendo la procedura

poi
scarica
Glary Utilities:
http://www.glarysoft.com/products/utili ... /download/
salvalo sul desktop

Installa Glary Utilities
aprilo
sulla voce Menu clicca su – Settings
imposta la lingua Italiana e clicca su OK
vai sulla voce
voce Manutenzione 1-Click
nella sezione Eliminazione tracce clicca su Opzioni -poi su Seleziona tracce da eliminare
Seleziona tutte le voci che vedi e clicca su OK

metti la spunta su tutte le voci,come vedi nell’immagine sotto
e clicca su Ricerca Errori


a fine scansione
clicca su Ripara Errori
e attendi la fine dell’operazione

poi
Scarica XP TCP Repair e installalo
http://www.xp-smoker.com/downloads/xptcprep.exe
Avvia XP TCP Repair e clicca
Reset TCP/IP
Repair Winsock
Chiudi il programma e RIAVVIA IL PC

fai sapere se è tutto ok

[hans22]

tutto fatto, ti posto i log di tdskiller e di xp reset

18:09:56.0812 1564 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
18:09:57.0546 1564 ============================================================
18:09:57.0546 1564 Current date / time: 2012/04/07 18:09:57.0546
18:09:57.0546 1564 SystemInfo:
18:09:57.0546 1564
18:09:57.0546 1564 OS Version: 5.1.2600 ServicePack: 3.0
18:09:57.0546 1564 Product type: Workstation
18:09:57.0546 1564 ComputerName: UTENTE-5720618B
18:09:57.0546 1564 UserName: utente
18:09:57.0546 1564 Windows directory: C:\WINDOWS
18:09:57.0546 1564 System windows directory: C:\WINDOWS
18:09:57.0546 1564 Processor architecture: Intel x86
18:09:57.0546 1564 Number of processors: 2
18:09:57.0546 1564 Page size: 0x1000
18:09:57.0546 1564 Boot type: Normal boot
18:09:57.0546 1564 ============================================================
18:09:58.0671 1564 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:09:58.0703 1564 \Device\Harddisk0\DR0:
18:09:58.0703 1564 MBR used
18:09:58.0703 1564 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
18:09:58.0765 1564 Initialize success
18:09:58.0765 1564 ============================================================
18:10:39.0359 3500 ============================================================
18:10:39.0359 3500 Scan started
18:10:39.0359 3500 Mode: Manual; SigCheck; TDLFS;
18:10:39.0359 3500 ============================================================
18:10:39.0593 3500 2ax6m.sys - ok
18:10:39.0656 3500 61883 - ok
18:10:39.0734 3500 a8djusb - ok
18:10:39.0796 3500 aavmker4 - ok
18:10:39.0906 3500 Abiosdsk - ok
18:10:40.0000 3500 abp480n5 - ok
18:10:40.0062 3500 acedrv07 - ok
18:10:40.0140 3500 aclient - ok
18:10:40.0203 3500 acmservice - ok
18:10:40.0343 3500 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:10:40.0640 3500 ACPI - ok
18:10:40.0812 3500 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:10:41.0000 3500 ACPIEC - ok
18:10:41.0062 3500 acprfmgrsvc - ok
18:10:41.0140 3500 acsvc - ok
18:10:41.0203 3500 actser - ok
18:10:41.0281 3500 addfiltr - ok
18:10:41.0437 3500 adpu160m - ok
18:10:41.0500 3500 advantage - ok
18:10:41.0625 3500 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:10:42.0046 3500 aec - ok
18:10:42.0171 3500 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:10:42.0250 3500 AFD - ok
18:10:42.0328 3500 AffinegyService - ok
18:10:42.0406 3500 agnwifi - ok
18:10:42.0484 3500 AGV - ok
18:10:42.0578 3500 Aha154x - ok
18:10:42.0640 3500 aic116x - ok
18:10:42.0796 3500 aic78u2 - ok
18:10:42.0906 3500 aic78xx - ok
18:10:42.0953 3500 AKSIFDH - ok
18:10:43.0031 3500 alcaudsl - ok
18:10:43.0109 3500 alcxsens - ok
18:10:43.0218 3500 Alerter (14a077ad0cf6116d1102631d8e1edee8) C:\WINDOWS\system32\alrsvc.dll
18:10:43.0390 3500 Alerter - ok
18:10:43.0484 3500 ALG (79fe2e0d7859738225816658f0bb2a0d) C:\WINDOWS\System32\alg.exe
18:10:43.0625 3500 ALG - ok
18:10:43.0718 3500 AliIde - ok
18:10:43.0781 3500 amdk77 - ok
18:10:43.0843 3500 AmeLanPc - ok
18:10:43.0921 3500 amfilter - ok
18:10:44.0015 3500 amsint - ok
18:10:44.0156 3500 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Programmi\Avira\AntiVir Desktop\sched.exe
18:10:44.0171 3500 AntiVirSchedulerService - ok
18:10:44.0328 3500 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Programmi\Avira\AntiVir Desktop\avguard.exe
18:10:44.0343 3500 AntiVirService - ok
18:10:44.0437 3500 AppMgmt (9062ed05b7519324fd7f0d6afb9d1147) C:\WINDOWS\System32\appmgmts.dll
18:10:44.0593 3500 AppMgmt - ok
18:10:44.0671 3500 Appn - ok
18:10:44.0750 3500 appnnode - ok
18:10:44.0812 3500 ar5211 - ok
18:10:44.0890 3500 AR5416 - ok
18:10:44.0968 3500 areschatserver - ok
18:10:45.0062 3500 asc - ok
18:10:45.0156 3500 asc3350p - ok
18:10:45.0234 3500 asc3550 - ok
18:10:45.0296 3500 asmagent - ok
18:10:45.0437 3500 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:10:45.0453 3500 aspnet_state - ok
18:10:45.0515 3500 aswupdsv - ok
18:10:45.0640 3500 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:10:45.0796 3500 AsyncMac - ok
18:10:45.0921 3500 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:10:46.0078 3500 atapi - ok
18:10:46.0187 3500 AtcL002 (906441b1c7a9c67fd6fff2dd6d8d7ce7) C:\WINDOWS\system32\DRIVERS\atl02_xp.sys
18:10:46.0234 3500 AtcL002 - ok
18:10:46.0328 3500 Atdisk - ok
18:10:46.0406 3500 atierecord - ok
18:10:46.0500 3500 atirage3 - ok
18:10:46.0578 3500 ATIVTUTW - ok
18:10:46.0687 3500 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:10:46.0875 3500 Atmarpc - ok
18:10:46.0953 3500 atmeltpm - ok
18:10:47.0031 3500 ATMsg - ok
18:10:47.0093 3500 ATWPKT2 - ok
18:10:47.0218 3500 AudioSrv (1b58d118049304e88464be614c6d0014) C:\WINDOWS\System32\audiosrv.dll
18:10:47.0375 3500 AudioSrv - ok
18:10:47.0500 3500 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:10:47.0640 3500 audstub - ok
18:10:47.0718 3500 autocomplete - ok
18:10:47.0796 3500 automate6 - ok
18:10:47.0859 3500 avcgbfl - ok
18:10:47.0937 3500 AVerBDA - ok
18:10:48.0000 3500 avfilter - ok
18:10:48.0078 3500 avg7rsxp - ok
18:10:48.0156 3500 avgfwsrv - ok
18:10:48.0281 3500 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:10:48.0343 3500 avgntflt - ok
18:10:48.0421 3500 avidsdmservice - ok
18:10:48.0562 3500 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:10:48.0578 3500 avipbb - ok
18:10:48.0703 3500 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
18:10:48.0718 3500 avkmgr - ok
18:10:48.0796 3500 avp - ok
18:10:48.0859 3500 avupdsvc - ok
18:10:48.0937 3500 backupexecalertserver - ok
18:10:49.0000 3500 BASFND - ok
18:10:49.0078 3500 bdfdll - ok
18:10:49.0156 3500 beatjammusicstreamingserver - ok
18:10:49.0281 3500 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:10:49.0421 3500 Beep - ok
18:10:49.0484 3500 belmonitorservice - ok
18:10:49.0562 3500 bglivesvc - ok
18:10:49.0687 3500 BITS (48c4763a9c8990fb48b73445beb15d6a) C:\WINDOWS\system32\qmgr.dll
18:10:49.0906 3500 BITS - ok
18:10:49.0984 3500 bltrust - ok
18:10:50.0062 3500 bmuservice - ok
18:10:50.0125 3500 bridge - ok
18:10:50.0265 3500 Browser (4314623fd836e96a51343ce5c74b48a8) C:\WINDOWS\System32\browser.dll
18:10:50.0406 3500 Browser - ok
18:10:50.0515 3500 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
18:10:50.0531 3500 BrPar ( UnsignedFile.Multi.Generic ) - warning
18:10:50.0531 3500 BrPar - detected UnsignedFile.Multi.Generic (1)
18:10:50.0609 3500 BrScnUsb - ok
18:10:50.0687 3500 BrUsbSer - ok
18:10:50.0750 3500 bt - ok
18:10:50.0828 3500 btfirst - ok
18:10:50.0906 3500 bthidmgr - ok
18:10:50.0984 3500 btwusb - ok
18:10:51.0062 3500 bufserv - ok
18:10:51.0125 3500 CA561 - ok
18:10:51.0203 3500 Cam5603D - ok
18:10:51.0281 3500 camdrl - ok
18:10:51.0359 3500 Cardex - ok
18:10:51.0375 3500 catchme - ok
18:10:51.0484 3500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:10:51.0656 3500 cbidf2k - ok
18:10:52.0078 3500 CBTNDIS5 - ok
18:10:52.0171 3500 ccevtmgr - ok
18:10:52.0281 3500 cd20xrnt - ok
18:10:52.0406 3500 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:10:52.0546 3500 Cdaudio - ok
18:10:52.0671 3500 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:10:52.0828 3500 Cdfs - ok
18:10:52.0890 3500 cdr4_xp - ok
18:10:52.0968 3500 cdralw2k - ok
18:10:53.0109 3500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:10:53.0250 3500 Cdrom - ok
18:10:53.0328 3500 cdvp - ok
18:10:53.0484 3500 Changer - ok
18:10:53.0546 3500 cics.region2 - ok
18:10:53.0625 3500 cis1284 - ok
18:10:53.0750 3500 CiSvc (d04f2beb5ea63d0766e12e44aef7c38d) C:\WINDOWS\system32\cisvc.exe
18:10:53.0921 3500 CiSvc - ok
18:10:54.0046 3500 ClipSrv (48cb1defa1a6506c3cf09e4950f82ef6) C:\WINDOWS\system32\clipsrv.exe
18:10:54.0187 3500 ClipSrv - ok
18:10:54.0265 3500 clnt_clientman - ok
18:10:54.0406 3500 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:10:54.0421 3500 clr_optimization_v2.0.50727_32 - ok
18:10:54.0515 3500 CmdIde - ok
18:10:54.0593 3500 cmigameport - ok
18:10:54.0734 3500 CnxEtP (388b150cc51351eb73acd1424770ea58) C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
18:10:54.0734 3500 CnxEtP ( UnsignedFile.Multi.Generic ) - warning
18:10:54.0734 3500 CnxEtP - detected UnsignedFile.Multi.Generic (1)
18:10:54.0890 3500 CnxEtU (0c4b00a2285609b8cd05bd8bd35bf51a) C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
18:10:54.0968 3500 CnxEtU ( UnsignedFile.Multi.Generic ) - warning
18:10:54.0968 3500 CnxEtU - detected UnsignedFile.Multi.Generic (1)
18:10:55.0109 3500 CnxTgN (47e08b4113b0da06787870228637366a) C:\WINDOWS\system32\DRIVERS\CnxTgN.sys
18:10:55.0125 3500 CnxTgN ( UnsignedFile.Multi.Generic ) - warning
18:10:55.0125 3500 CnxTgN - detected UnsignedFile.Multi.Generic (1)
18:10:55.0187 3500 com0com - ok
18:10:55.0265 3500 COMSysApp - ok
18:10:55.0359 3500 Cpqarray - ok
18:10:55.0421 3500 cqcpu - ok
18:10:55.0500 3500 CryptSvc (b6fcbb157e9c8abdca4134c535535a8b) C:\WINDOWS\System32\cryptsvc.dll
18:10:55.0656 3500 CryptSvc - ok
18:10:55.0718 3500 ctdvda2k - ok
18:10:55.0796 3500 CTEAPSFX.DLL - ok
18:10:55.0859 3500 CTERFXFX.DLL - ok
18:10:55.0937 3500 CTMFLT - ok
18:10:56.0015 3500 CTMMOUNT - ok
18:10:56.0093 3500 ctusfsyn - ok
18:10:56.0156 3500 ctxcpubal - ok
18:10:56.0234 3500 ctxcpusched - ok
18:10:56.0312 3500 curtainssyssvc - ok
18:10:56.0390 3500 cvspydr2 - ok
18:10:56.0468 3500 cwafadmincontroller - ok
18:10:56.0531 3500 cwafnotesservice - ok
18:10:56.0609 3500 cwcspud - ok
18:10:56.0687 3500 CXAVXBAR - ok
18:10:56.0765 3500 CXTUNE - ok
18:10:56.0859 3500 cypresslink - ok
18:10:57.0000 3500 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
18:10:57.0015 3500 d347bus ( UnsignedFile.Multi.Generic ) - warning
18:10:57.0015 3500 d347bus - detected UnsignedFile.Multi.Generic (1)
18:10:57.0140 3500 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys
18:10:57.0156 3500 d347prt ( UnsignedFile.Multi.Generic ) - warning
18:10:57.0156 3500 d347prt - detected UnsignedFile.Multi.Generic (1)
18:10:57.0250 3500 dac2w2k - ok
18:10:57.0343 3500 dac960nt - ok
18:10:57.0390 3500 datasvr - ok
18:10:57.0453 3500 DC21x4 - ok
18:10:57.0593 3500 DcomLaunch (bc4e0226341aaec1222336b3aed86bab) C:\WINDOWS\system32\rpcss.dll
18:10:57.0625 3500 DcomLaunch - ok
18:10:57.0687 3500 dcpflics - ok
18:10:57.0781 3500 dcsloader - ok
18:10:57.0875 3500 dcstor32 - ok
18:10:57.0937 3500 ddxgb - ok
18:10:58.0062 3500 Dhcp (699ee7f752a25180aeb92c3a0eaee440) C:\WINDOWS\System32\dhcpcsvc.dll
18:10:58.0218 3500 Dhcp - ok
18:10:58.0281 3500 dirms_defragmentation - ok
18:10:58.0421 3500 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:10:58.0562 3500 Disk - ok
18:10:58.0640 3500 dlaboiom - ok
18:10:58.0718 3500 dlacdbhm - ok
18:10:58.0796 3500 dlaifs_m - ok
18:10:58.0890 3500 dlapoolm - ok
18:10:58.0953 3500 DM9102 - ok
18:10:59.0031 3500 dmadmin - ok
18:10:59.0203 3500 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
18:10:59.0359 3500 dmboot - ok
18:10:59.0515 3500 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
18:10:59.0656 3500 dmio - ok
18:10:59.0781 3500 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:10:59.0921 3500 dmload - ok
18:11:00.0046 3500 dmserver (a01858c50704b2d2edeebbf6bbbced2a) C:\WINDOWS\System32\dmserver.dll
18:11:00.0187 3500 dmserver - ok
18:11:00.0328 3500 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:11:00.0468 3500 DMusic - ok
18:11:00.0578 3500 Dnscache (b7a1162b1a26df7b60d5d9500006096c) C:\WINDOWS\System32\dnsrslvr.dll
18:11:00.0593 3500 Dnscache - ok
18:11:00.0718 3500 Dot3svc (d580d77dff316bd8c9d73b38695de8dc) C:\WINDOWS\System32\dot3svc.dll
18:11:00.0890 3500 Dot3svc - ok
18:11:01.0000 3500 dpti2o - ok
18:11:01.0062 3500 DritekPortIO - ok
18:11:01.0187 3500 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:11:01.0343 3500 drmkaud - ok
18:11:01.0390 3500 drvnddm - ok
18:11:01.0468 3500 DSDrv4 - ok
18:11:01.0546 3500 dsNcAdpt - ok
18:11:01.0609 3500 DumaNT - ok
18:11:01.0687 3500 dvd-ram_service - ok
18:11:01.0781 3500 DynDNS_Updater_Service - ok
18:11:01.0875 3500 EagleNT - ok
18:11:02.0000 3500 EapHost (86b1f123bacd444e81960b339bae3ff2) C:\WINDOWS\System32\eapsvc.dll
18:11:02.0140 3500 EapHost - ok
18:11:02.0203 3500 eectrl - ok
18:11:02.0281 3500 eelogsvc - ok
18:11:02.0359 3500 ehsched - ok
18:11:02.0406 3500 el90xbc - ok
18:11:02.0437 3500 ELmou - ok
18:11:02.0515 3500 elotouchscreen - ok
18:11:02.0593 3500 EMSCR - ok
18:11:02.0671 3500 emu10k - ok
18:11:02.0796 3500 emupia - ok
18:11:02.0859 3500 enethusb - ok
18:11:02.0921 3500 enum1394 - ok
18:11:03.0000 3500 enxpsvc - ok
18:11:03.0078 3500 epgspooler - ok
18:11:03.0156 3500 Epiusb - ok
18:11:03.0218 3500 Eplpdx02 - ok
18:11:03.0296 3500 EpmShd - ok
18:11:03.0375 3500 EPOWER - ok
18:11:03.0453 3500 EQDRV5 - ok
18:11:03.0578 3500 ERSvc (b6599eda9f3ebef064504ee35bbeca1c) C:\WINDOWS\System32\ersvc.dll
18:11:03.0718 3500 ERSvc - ok
18:11:03.0796 3500 etoksrv - ok
18:11:03.0875 3500 EU3_USB - ok
18:11:03.0953 3500 EUSBMSD - ok
18:11:04.0078 3500 Eventlog (26845f272435302e0f3322e660a24f7d) C:\WINDOWS\system32\services.exe
18:11:04.0109 3500 Eventlog - ok
18:11:04.0218 3500 EventSystem (8360cb9756e598a5c6214eacfb3677c3) C:\WINDOWS\system32\es.dll
18:11:04.0250 3500 EventSystem - ok
18:11:04.0328 3500 Evian - ok
18:11:04.0406 3500 evteng - ok
18:11:04.0593 3500 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:11:04.0734 3500 Fastfat - ok
18:11:04.0859 3500 FastUserSwitchingCompatibility (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
18:11:04.0875 3500 FastUserSwitchingCompatibility - ok
18:11:04.0953 3500 fcprintservice - ok
18:11:05.0078 3500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:11:05.0234 3500 Fdc - ok
18:11:05.0296 3500 FET5X86V - ok
18:11:05.0375 3500 filemon701 - ok
18:11:05.0562 3500 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
18:11:05.0718 3500 Fips - ok
18:11:05.0796 3500 flashpnt - ok
18:11:05.0937 3500 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:11:06.0078 3500 Flpydisk - ok
18:11:06.0203 3500 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:11:06.0359 3500 FltMgr - ok
18:11:06.0515 3500 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:11:06.0531 3500 FontCache3.0.0.0 - ok
18:11:06.0593 3500 fsssvc - ok
18:11:06.0734 3500 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:11:06.0875 3500 Fs_Rec - ok
18:11:07.0000 3500 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:11:07.0156 3500 Ftdisk - ok
18:11:07.0218 3500 ftpds - ok
18:11:07.0296 3500 gameenum - ok
18:11:07.0375 3500 GBDevice - ok
18:11:07.0453 3500 genmcmn - ok
18:11:07.0562 3500 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
18:11:07.0593 3500 giveio ( UnsignedFile.Multi.Generic ) - warning
18:11:07.0593 3500 giveio - detected UnsignedFile.Multi.Generic (1)
18:11:07.0734 3500 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:11:07.0875 3500 Gpc - ok
18:11:07.0937 3500 gs30s - ok
18:11:08.0046 3500 GT680x (7b90be6811334caa9243b89f3d3fee1a) C:\WINDOWS\system32\Drivers\gt680x.sys
18:11:08.0093 3500 GT680x - ok
18:11:08.0171 3500 GT890x - ok
18:11:08.0234 3500 GTF32BUS - ok
18:11:08.0312 3500 GV600_4 - ok
18:11:08.0390 3500 ha10kx2k - ok
18:11:08.0468 3500 ha20x2k - ok
18:11:08.0531 3500 hap17v2k - ok
18:11:08.0609 3500 harmony - ok
18:11:08.0687 3500 hcwPVRP2 - ok
18:11:08.0890 3500 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:11:09.0062 3500 HDAudBus - ok
18:11:09.0218 3500 helpsvc (6ce66b51b4eb23d9d073f92698c55c8d) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:11:09.0359 3500 helpsvc - ok
18:11:09.0484 3500 HidServ (43d985a9a51e0295091b6ebe84c96b78) C:\WINDOWS\System32\hidserv.dll
18:11:09.0609 3500 HidServ - ok
18:11:09.0750 3500 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:11:09.0906 3500 HidUsb - ok
18:11:10.0015 3500 hkmsvc (00cad842f48947887a972828aca665f7) C:\WINDOWS\System32\kmsvc.dll
18:11:10.0156 3500 hkmsvc - ok
18:11:10.0234 3500 Hotkey - ok
18:11:10.0296 3500 hotspotshieldservice - ok
18:11:10.0375 3500 hpconfig - ok
18:11:10.0531 3500 hpn - ok
18:11:10.0609 3500 hpqddsvc - ok
18:11:10.0687 3500 HpqKbFiltr - ok
18:11:10.0765 3500 hpwirelessmgr - ok
18:11:10.0875 3500 hsfhwbs2 - ok
18:11:11.0046 3500 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:11:11.0078 3500 HTTP - ok
18:11:11.0187 3500 HTTPFilter (450091aebfcd08e5858533eab5b9a436) C:\WINDOWS\System32\w3ssl.dll
18:11:11.0343 3500 HTTPFilter - ok
18:11:11.0421 3500 i2omgmt - ok
18:11:11.0515 3500 i2omp - ok
18:11:11.0640 3500 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:11:11.0781 3500 i8042prt - ok
18:11:11.0843 3500 iaantmon - ok
18:11:11.0921 3500 iaimfp2 - ok
18:11:11.0984 3500 iAimFP6 - ok
18:11:12.0062 3500 iAimFP7 - ok
18:11:12.0140 3500 iaimtv2 - ok
18:11:12.0312 3500 ialm (6fcb904910da07c9dc2593d66438fa29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:11:12.0406 3500 ialm - ok
18:11:12.0484 3500 iap - ok
18:11:12.0562 3500 ibmasrex - ok
18:11:12.0781 3500 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:11:12.0890 3500 idsvc - ok
18:11:12.0968 3500 ifp800 - ok
18:11:13.0031 3500 ifxspmgtsrv - ok
18:11:13.0109 3500 ifxtcs - ok
18:11:13.0187 3500 iisadmin - ok
18:11:13.0312 3500 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:11:13.0468 3500 Imapi - ok
18:11:13.0593 3500 ImapiService (db491237445f172fdddf00541de1a51d) C:\WINDOWS\system32\imapi.exe
18:11:13.0750 3500 ImapiService - ok
18:11:13.0812 3500 imonitor - ok
18:11:13.0906 3500 ini910u - ok
18:11:14.0187 3500 IntcAzAudAddService (41ef008d7b089ce6f5f2e4a61d5638e6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:11:14.0468 3500 IntcAzAudAddService - ok
18:11:14.0531 3500 IntelC52 - ok
18:11:14.0640 3500 IntelIde - ok
18:11:14.0765 3500 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:11:14.0906 3500 intelppm - ok
18:11:14.0984 3500 iolo_srv - ok
18:11:15.0109 3500 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:11:15.0250 3500 Ip6Fw - ok
18:11:15.0312 3500 iPassPeriodicUpdateService - ok
18:11:15.0453 3500 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:11:15.0593 3500 IpFilterDriver - ok
18:11:15.0703 3500 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:11:15.0859 3500 IpInIp - ok
18:11:16.0000 3500 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:11:16.0140 3500 IpNat - ok
18:11:16.0312 3500 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:11:16.0468 3500 IPSec - ok
18:11:16.0531 3500 ipssvc - ok
18:11:16.0656 3500 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:11:16.0796 3500 IRENUM - ok
18:11:16.0921 3500 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:11:17.0062 3500 isapnp - ok
18:11:17.0140 3500 isdrv120 - ok
18:11:17.0203 3500 iteatapi - ok
18:11:17.0281 3500 jconfigd - ok
18:11:17.0359 3500 JRAID - ok
18:11:17.0437 3500 k750obex - ok
18:11:17.0578 3500 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:11:17.0718 3500 Kbdclass - ok
18:11:17.0875 3500 kbdhid (4c61c226bdda2ef1672b2c5f4e56625e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:11:18.0015 3500 kbdhid - ok
18:11:18.0093 3500 kbstuff - ok
18:11:18.0234 3500 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:11:18.0375 3500 kmixer - ok
18:11:18.0437 3500 kpf4 - ok
18:11:18.0515 3500 kpfwsvc - ok
18:11:18.0718 3500 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:11:18.0734 3500 KSecDD - ok
18:11:18.0828 3500 Ktp - ok
18:11:18.0906 3500 L6POD - ok
18:11:18.0968 3500 L8042Kbd - ok
18:11:19.0093 3500 lanmanserver (0f726d49c0b19e5a506a1cdfce0ee42f) C:\WINDOWS\System32\srvsvc.dll
18:11:19.0125 3500 lanmanserver - ok
18:11:19.0234 3500 lanmanworkstation (e13b0181dda60b93e3253eff52a79cbe) C:\WINDOWS\System32\wkssvc.dll
18:11:19.0265 3500 lanmanworkstation - ok
18:11:19.0359 3500 lbrtfdc - ok
18:11:19.0453 3500 ldlcserv - ok
18:11:19.0531 3500 lgsnd_filter - ok
18:11:19.0578 3500 LHidKe - ok
18:11:19.0687 3500 licensemanagersocket - ok
18:11:19.0781 3500 lirsgt - ok
18:11:19.0859 3500 liveupdate - ok
18:11:19.0984 3500 LmHosts (e01255727d0b158538d7c2b469b533a8) C:\WINDOWS\System32\lmhsvc.dll
18:11:20.0109 3500 LmHosts - ok
18:11:20.0187 3500 LMIRfsClientNP - ok
18:11:20.0265 3500 lmouflt2 - ok
18:11:20.0328 3500 ltck000c - ok
18:11:20.0421 3500 lusbaudio - ok
18:11:20.0515 3500 lvcomser - ok
18:11:20.0578 3500 lvhidsvc - ok
18:11:20.0656 3500 LVVI500A - ok
18:11:20.0734 3500 lwwlicenseservice - ok
18:11:20.0812 3500 lxcd_device - ok
18:11:20.0890 3500 lxda_device - ok
18:11:20.0953 3500 lxdj_device - ok
18:11:21.0031 3500 lxrsge10s - ok
18:11:21.0109 3500 MA8032C - ok
18:11:21.0187 3500 MA8032U - ok
18:11:21.0265 3500 maxbackserviceint - ok
18:11:21.0375 3500 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
18:11:21.0390 3500 MBAMProtector - ok
18:11:21.0531 3500 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
18:11:21.0562 3500 MBAMService - ok
18:11:21.0625 3500 mcpromgr - ok
18:11:21.0703 3500 mcvsrte - ok
18:11:21.0781 3500 mdmxsdk - ok
18:11:21.0906 3500 Messenger (3b32f662c8607e891f325e41f7ee225c) C:\WINDOWS\System32\msgsvc.dll
18:11:22.0078 3500 Messenger - ok
18:11:22.0140 3500 mfcom - ok
18:11:22.0218 3500 mgabgexe - ok
18:11:22.0296 3500 mgisvr - ok
18:11:22.0359 3500 mksupdateint - ok
18:11:22.0468 3500 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:11:22.0593 3500 mnmdd - ok
18:11:22.0718 3500 mnmsrvc (514a299ec926baada3c718b171476aa4) C:\WINDOWS\system32\mnmsrvc.exe
18:11:22.0859 3500 mnmsrvc - ok
18:11:22.0984 3500 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
18:11:23.0125 3500 Modem - ok
18:11:23.0265 3500 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:11:23.0406 3500 Mouclass - ok
18:11:23.0453 3500 moufiltr - ok
18:11:23.0593 3500 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:11:23.0734 3500 mouhid - ok
18:11:23.0875 3500 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:11:24.0015 3500 MountMgr - ok
18:11:24.0078 3500 mpfservice - ok
18:11:24.0156 3500 mpservice - ok
18:11:24.0265 3500 mraid35x - ok
18:11:24.0312 3500 MRESP50 - ok
18:11:24.0390 3500 mrpostman - ok
18:11:24.0578 3500 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:11:24.0750 3500 MRxDAV - ok
18:11:24.0890 3500 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:11:24.0984 3500 MRxSmb - ok
18:11:25.0062 3500 MS1000 - ok
18:11:25.0187 3500 MSDTC (01f77e9e473235c31796ade46107b0ad) C:\WINDOWS\system32\msdtc.exe
18:11:25.0312 3500 MSDTC - ok
18:11:25.0390 3500 msdv - ok
18:11:25.0500 3500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:11:25.0640 3500 Msfs - ok
18:11:25.0718 3500 MSFWHLPR - ok
18:11:25.0796 3500 MSIServer - ok
18:11:25.0859 3500 msi_wlan_service - ok
18:11:25.0984 3500 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:11:26.0140 3500 MSKSSRV - ok
18:11:26.0250 3500 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:11:26.0421 3500 MSPCLOCK - ok
18:11:26.0531 3500 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:11:26.0687 3500 MSPQM - ok
18:11:26.0875 3500 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:11:27.0015 3500 mssmbios - ok
18:11:27.0078 3500 mssql$microsoftsmlbiz - ok
18:11:27.0156 3500 MSSQL$MSSMLBIZ - ok
18:11:27.0281 3500 mssqlserverolapservice (580620154cb876f6a685c26b2f070364) C:\WINDOWS\system32\BrSerIf.dll
18:11:27.0421 3500 mssqlserverolapservice - ok
18:11:27.0500 3500 ms_mpu401 - ok
18:11:27.0578 3500 MTDVC2 - ok
18:11:27.0640 3500 Mtlstrm - ok
18:11:27.0796 3500 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
18:11:27.0812 3500 MTsensor - ok
18:11:27.0968 3500 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:11:28.0062 3500 Mup - ok
18:11:28.0140 3500 mwsejcap - ok
18:11:28.0218 3500 mwssched - ok
18:11:28.0281 3500 mwstick - ok
18:11:28.0390 3500 n3900 - ok
18:11:28.0468 3500 naiavfilter1 - ok
18:11:28.0578 3500 napagent (911587fd303c9690a428bb4b04732b61) C:\WINDOWS\System32\qagentrt.dll
18:11:28.0734 3500 napagent - ok
18:11:28.0812 3500 naveng - ok
18:11:28.0953 3500 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:11:29.0093 3500 NDIS - ok
18:11:29.0156 3500 Ndisipo - ok
18:11:29.0296 3500 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:11:29.0328 3500 NdisTapi - ok
18:11:29.0453 3500 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:11:29.0593 3500 Ndisuio - ok
18:11:29.0718 3500 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:11:30.0031 3500 NdisWan - ok
18:11:30.0171 3500 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:11:30.0234 3500 NDProxy - ok
18:11:30.0296 3500 neokdss - ok
18:11:30.0375 3500 NeroMediaHomeService.4 - ok
18:11:30.0515 3500 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:11:30.0656 3500 NetBIOS - ok
18:11:30.0812 3500 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:11:30.0968 3500 NetBT - ok
18:11:31.0078 3500 NetDDE (1b09227e41f414a93dbc0baf80c4d527) C:\WINDOWS\system32\netdde.exe
18:11:31.0234 3500 NetDDE - ok
18:11:31.0281 3500 NetDDEdsdm (1b09227e41f414a93dbc0baf80c4d527) C:\WINDOWS\system32\netdde.exe
18:11:31.0406 3500 NetDDEdsdm - ok
18:11:31.0468 3500 netdevio - ok
18:11:31.0578 3500 Netlogon (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
18:11:31.0718 3500 Netlogon - ok
18:11:31.0859 3500 Netman (02815b70fc4ca8611a926176f1c39fc2) C:\WINDOWS\System32\netman.dll
18:11:32.0015 3500 Netman - ok
18:11:32.0078 3500 netmdsb - ok
18:11:32.0156 3500 netmnt - ok
18:11:32.0234 3500 NetTcpActivator - ok
18:11:32.0421 3500 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:11:32.0437 3500 NetTcpPortSharing - ok
18:11:32.0500 3500 NETw3x32 - ok
18:11:32.0578 3500 NetwareWorkstation - ok
18:11:32.0687 3500 netwg311 - ok
18:11:32.0765 3500 ngserver - ok
18:11:32.0859 3500 nhcDriverDevice - ok
18:11:32.0937 3500 nimdbgk - ok
18:11:33.0015 3500 niorbk - ok
18:11:33.0140 3500 Nla (2c67745b5df03cb227679b2db895af1d) C:\WINDOWS\System32\mswsock.dll
18:11:33.0203 3500 Nla - ok
18:11:33.0281 3500 nmsaccess - ok
18:11:33.0390 3500 NMSAccessU - ok
18:11:33.0453 3500 NMSCFG - ok
18:11:33.0656 3500 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\WINDOWS\system32\drivers\ccdcmb.sys
18:11:33.0750 3500 nmwcd - ok
18:11:33.0875 3500 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
18:11:33.0953 3500 nmwcdc - ok
18:11:34.0109 3500 nmwcdnsu (99b224f8026cb534724aa3c408561e45) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
18:11:34.0234 3500 nmwcdnsu - ok
18:11:34.0328 3500 nmwcdnsuc (d23257682d349a5e2e4507ed33decc16) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
18:11:34.0421 3500 nmwcdnsuc - ok
18:11:34.0562 3500 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:11:34.0703 3500 Npfs - ok
18:11:34.0781 3500 npkcsvc - ok
18:11:34.0875 3500 nsausvc - ok
18:11:35.0000 3500 nsvcip - ok
18:11:35.0156 3500 Nsynas32 - ok
18:11:35.0500 3500 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:11:35.0734 3500 Ntfs - ok
18:11:35.0812 3500 ntgrip - ok
18:11:35.0921 3500 NtLmSsp (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
18:11:36.0062 3500 NtLmSsp - ok
18:11:36.0203 3500 NtmsSvc (89db90b5f35d2795d9fc56d933cc72b8) C:\WINDOWS\system32\ntmssvc.dll
18:11:36.0343 3500 NtmsSvc - ok
18:11:36.0406 3500 ntpr_nic_service2 - ok
18:11:36.0484 3500 NTSIM - ok
18:11:36.0562 3500 ntuneservice - ok
18:11:36.0687 3500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:11:36.0828 3500 Null - ok
18:11:36.0890 3500 nvatabus - ok
18:11:36.0968 3500 nvcap - ok
18:11:37.0046 3500 NWDNS - ok
18:11:37.0171 3500 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:11:37.0328 3500 NwlnkFlt - ok
18:11:37.0468 3500 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:11:37.0593 3500 NwlnkFwd - ok
18:11:37.0656 3500 NWUSBModem - ok
18:11:37.0734 3500 NWUSBPort - ok
18:11:37.0812 3500 O2SCBUS - ok
18:11:37.0890 3500 OEM02Afx - ok
18:11:37.0953 3500 olapserver - ok
18:11:38.0031 3500 opcenum - ok
18:11:38.0109 3500 oracleorahomepagingserver - ok
18:11:38.0187 3500 oracle_load_balancer_60_client-forms6ip9 - ok
18:11:38.0265 3500 osaio - ok
18:11:38.0328 3500 ovmsmaccessmanager - ok
18:11:38.0406 3500 ownershipprotocol - ok
18:11:38.0484 3500 paamsrv - ok
18:11:38.0562 3500 Packet - ok
18:11:38.0640 3500 pacsptisvr - ok
18:11:38.0703 3500 palmusbd - ok
18:11:38.0781 3500 PAR1284 - ok
18:11:38.0921 3500 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\DRIVERS\parport.sys
18:11:39.0062 3500 Parport - ok
18:11:39.0203 3500 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:11:39.0328 3500 PartMgr - ok
18:11:39.0437 3500 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
18:11:39.0578 3500 ParVdm - ok
18:11:39.0625 3500 passthru - ok
18:11:39.0703 3500 pav_security - ok
18:11:39.0781 3500 PCASp50 - ok
18:11:39.0906 3500 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
18:11:39.0937 3500 pccsmcfd - ok
18:11:40.0000 3500 PcdrNt - ok
18:11:40.0171 3500 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
18:11:40.0343 3500 PCI - ok
18:11:40.0437 3500 PCIDump - ok
18:11:40.0546 3500 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:11:40.0687 3500 PCIIde - ok
18:11:40.0812 3500 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:11:40.0984 3500 Pcmcia - ok
18:11:41.0109 3500 PCTAppEvent (7ea0ebd6e5aa687e116eb185a7cfb667) C:\WINDOWS\system32\drivers\PCTAppEvent.sys
18:11:41.0125 3500 PCTAppEvent - ok
18:11:41.0234 3500 PCTFW-PacketFilter (60af5fa418efe284fb81dbbf5a0391fb) C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys
18:11:41.0250 3500 PCTFW-PacketFilter - ok
18:11:41.0359 3500 pctgntdi (5be722c8c9bba995693c8cd524d83b27) C:\WINDOWS\system32\drivers\pctgntdi.sys
18:11:41.0375 3500 pctgntdi - ok
18:11:41.0437 3500 PCTINDIS5 - ok
18:11:41.0515 3500 pctNdis (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
18:11:41.0531 3500 pctNdis - ok
18:11:41.0546 3500 pctNdisMP (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
18:11:41.0562 3500 pctNdisMP - ok
18:11:41.0687 3500 PCToolsFirewallPlus (86d511370a217b554916e3a45d091042) C:\Programmi\PC Tools Firewall Plus\FWService.exe
18:11:41.0703 3500 PCToolsFirewallPlus - ok
18:11:41.0812 3500 pctplfw (fe6803af91ddb32ff8edf5d6c0d370af) C:\WINDOWS\system32\drivers\pctplfw.sys
18:11:41.0828 3500 pctplfw - ok
18:11:41.0875 3500 pcx1nd5 - ok
18:11:41.0984 3500 PDCOMP - ok
18:11:42.0046 3500 pdfcreatormessages - ok
18:11:42.0140 3500 PDFRAME - ok
18:11:42.0203 3500 pdlnacom - ok
18:11:42.0265 3500 pdlnemsg - ok
18:11:42.0375 3500 PDRELI - ok
18:11:42.0453 3500 PDRFRAME - ok
18:11:42.0515 3500 penclass - ok
18:11:42.0593 3500 pepifilter - ok
18:11:42.0687 3500 perc2 - ok
18:11:42.0781 3500 perc2hib - ok
18:11:42.0843 3500 pfmodnt - ok
18:11:42.0921 3500 PGPwded - ok
18:11:42.0984 3500 pinnaclemarvinusb - ok
18:11:43.0109 3500 PlugPlay (26845f272435302e0f3322e660a24f7d) C:\WINDOWS\system32\services.exe
18:11:43.0140 3500 PlugPlay - ok
18:11:43.0203 3500 pmem - ok
18:11:43.0296 3500 pmj151la - ok
18:11:43.0359 3500 pnarp - ok
18:11:43.0390 3500 pnmsrv - ok
18:11:43.0515 3500 PolicyAgent (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
18:11:43.0640 3500 PolicyAgent - ok
18:11:43.0718 3500 ppped - ok
18:11:43.0921 3500 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:11:44.0078 3500 PptpMiniport - ok
18:11:44.0140 3500 prevxagent - ok
18:11:44.0218 3500 procexp111 - ok
18:11:44.0296 3500 prodrv06 - ok
18:11:44.0375 3500 prosync1 - ok
18:11:44.0484 3500 ProtectedStorage (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
18:11:44.0625 3500 ProtectedStorage - ok
18:11:44.0687 3500 protectionservice - ok
18:11:44.0765 3500 ps2 - ok
18:11:44.0906 3500 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:11:45.0046 3500 PSched - ok
18:11:45.0109 3500 PSDFilter - ok
18:11:45.0187 3500 psdistributionagent - ok
18:11:45.0250 3500 PSDNServ - ok
18:11:45.0328 3500 pshost - ok
18:11:45.0406 3500 psimsvc - ok
18:11:45.0531 3500 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:11:45.0656 3500 Ptilink - ok
18:11:45.0734 3500 purgeieservice - ok
18:11:45.0875 3500 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:11:45.0890 3500 PxHelp20 - ok
18:11:45.0968 3500 qbcfmonitorservice - ok
18:11:46.0031 3500 qbposdbextservices - ok
18:11:46.0109 3500 qconsvc - ok
18:11:46.0265 3500 ql1080 - ok
18:11:46.0343 3500 Ql10wnt - ok
18:11:46.0437 3500 ql12160 - ok
18:11:46.0484 3500 ql1240 - ok
18:11:46.0593 3500 ql1280 - ok
18:11:46.0640 3500 qmofiltr - ok
18:11:46.0718 3500 QPSched - ok
18:11:46.0781 3500 quickhealfirewall - ok
18:11:46.0843 3500 QWAVEDRV - ok
18:11:46.0906 3500 R300 - ok
18:11:46.0984 3500 racsvc - ok
18:11:47.0046 3500 RadProbe - ok
18:11:47.0109 3500 rampartsvc - ok
18:11:47.0234 3500 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:11:47.0375 3500 RasAcd - ok
18:11:47.0468 3500 RasAuto (9839b418343d6e6e52659bdf3ff1fe67) C:\WINDOWS\System32\rasauto.dll
18:11:47.0625 3500 RasAuto - ok
18:11:47.0859 3500 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:11:48.0000 3500 Rasl2tp - ok
18:11:48.0234 3500 RasMan (62ad41548e720db4763b86f95e44f3fa) C:\WINDOWS\System32\rasmans.dll
18:11:48.0375 3500 RasMan - ok
18:11:48.0500 3500 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:11:48.0640 3500 RasPppoe - ok
18:11:48.0781 3500 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:11:48.0906 3500 Raspti - ok
18:11:48.0984 3500 Rawwan - ok
18:11:49.0046 3500 rca - ok
18:11:49.0125 3500 rchost - ok
18:11:49.0265 3500 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:11:49.0390 3500 Rdbss - ok
18:11:49.0468 3500 rdnaoflsvc - ok
18:11:49.0593 3500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:11:49.0718 3500 RDPCDD - ok
18:11:49.0890 3500 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:11:50.0062 3500 rdpdr - ok
18:11:50.0250 3500 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:11:50.0312 3500 RDPWD - ok
18:11:50.0421 3500 RDSessMgr (cc72e6ae90245f0ae48bf1236a7e1f9c) C:\WINDOWS\system32\sessmgr.exe
18:11:50.0562 3500 RDSessMgr - ok
18:11:50.0703 3500 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:11:50.0828 3500 redbook - ok
18:11:50.0906 3500 regdefend - ok
18:11:51.0031 3500 RemoteAccess (7ebbf16fbd3e0e34f084fa635c1844e3) C:\WINDOWS\System32\mprdim.dll
18:11:51.0156 3500 RemoteAccess - ok
18:11:51.0265 3500 RemoteRegistry (f667a41bced959988e53feecc8bf5da0) C:\WINDOWS\system32\regsvc.dll
18:11:51.0437 3500 RemoteRegistry - ok
18:11:51.0500 3500 RESMGR - ok
18:11:51.0562 3500 retinaengine - ok
18:11:51.0640 3500 rksample - ok
18:11:51.0718 3500 RMCAST - ok
18:11:51.0796 3500 rootmodem - ok
18:11:51.0875 3500 rp32service - ok
18:11:51.0937 3500 rpaservice - ok
18:11:52.0046 3500 RpcLocator (dc97f6c8a94691834439872b9e8ff2b3) C:\WINDOWS\system32\locator.exe
18:11:52.0203 3500 RpcLocator - ok
18:11:52.0343 3500 RpcSs (bc4e0226341aaec1222336b3aed86bab) C:\WINDOWS\System32\rpcss.dll
18:11:52.0359 3500 RpcSs - ok
18:11:52.0437 3500 rrspy - ok
18:11:52.0546 3500 RSVP (dce0d20f8fb66df41d53734bff9d66f0) C:\WINDOWS\system32\rsvp.exe
18:11:52.0687 3500 RSVP - ok
18:11:52.0765 3500 s116mdfl - ok
18:11:52.0828 3500 s117unic - ok
18:11:52.0906 3500 s125mgmt - ok
18:11:52.0984 3500 s217mdfl - ok
18:11:53.0062 3500 s217mgmt - ok
18:11:53.0140 3500 s217obex - ok
18:11:53.0203 3500 s217unic - ok
18:11:53.0281 3500 s616mgmt - ok
18:11:53.0359 3500 s716bus - ok
18:11:53.0421 3500 s716mdfl - ok
18:11:53.0484 3500 s716mgmt - ok
18:11:53.0546 3500 s7oppitx - ok
18:11:53.0703 3500 SaiClass - ok
18:11:53.0750 3500 SaiNtHid - ok
18:11:53.0843 3500 SamSs (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
18:11:53.0984 3500 SamSs - ok
18:11:54.0093 3500 SCardSvr (1d456f1cd76a80793c07ba52cf3a7455) C:\WINDOWS\System32\SCardSvr.exe
18:11:54.0234 3500 SCardSvr - ok
18:11:54.0375 3500 Schedule (511886e5bd060046cce8373e92e62edf) C:\WINDOWS\system32\schedsvc.dll
18:11:54.0515 3500 Schedule - ok
18:11:54.0578 3500 scramby - ok
18:11:54.0656 3500 sdbus - ok
18:11:54.0734 3500 SE27obex - ok
18:11:54.0812 3500 SE2Cmgmt - ok
18:11:54.0890 3500 SE2Emgmt - ok
18:11:54.0953 3500 se44mdfl - ok
18:11:55.0031 3500 se44unic - ok
18:11:55.0109 3500 se58mdm - ok
18:11:55.0187 3500 se59nd5 - ok
18:11:55.0296 3500 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:11:55.0453 3500 Secdrv - ok
18:11:55.0562 3500 seclogon (17c6354ca08e7c7972e12c67478ae134) C:\WINDOWS\System32\seclogon.dll
18:11:55.0703 3500 seclogon - ok
18:11:55.0828 3500 SENS (a0eca1ce0fccb29c5e4e1f416e95e73e) C:\WINDOWS\system32\sens.dll
18:11:55.0968 3500 SENS - ok
18:11:56.0046 3500 sentinel - ok
18:11:56.0171 3500 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:11:56.0312 3500 serenum - ok
18:11:56.0453 3500 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\DRIVERS\serial.sys
18:11:56.0578 3500 Serial - ok
18:11:56.0656 3500 SerTVOutCtlr - ok
18:11:56.0718 3500 service1 - ok
18:11:56.0906 3500 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
18:11:56.0937 3500 ServiceLayer - ok
18:11:57.0031 3500 sfdrv01 - ok
18:11:57.0093 3500 sffp_sd - ok
18:11:57.0218 3500 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:11:57.0359 3500 Sfloppy - ok
18:11:57.0421 3500 sfman - ok
18:11:57.0531 3500 sfusvc - ok
18:11:57.0656 3500 SharedAccess (152c0555925dfe028e3148fd215146bb) C:\WINDOWS\System32\ipnathlp.dll
18:11:57.0843 3500 SharedAccess - ok
18:11:57.0968 3500 ShellHWDetection (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
18:11:57.0984 3500 ShellHWDetection - ok
18:11:58.0109 3500 Si3132 - ok
18:11:58.0187 3500 Si3132r5 - ok
18:11:58.0296 3500 Simbad - ok
18:11:58.0359 3500 SIODRV - ok
18:11:58.0437 3500 SiS300i - ok
18:11:58.0546 3500 SiS7018 - ok
18:11:58.0609 3500 SISNICXP - ok
18:11:58.0687 3500 SiSRaid - ok
18:11:58.0765 3500 slave - ok
18:11:58.0843 3500 slee_503_service - ok
18:11:58.0921 3500 slpmonx - ok
18:11:58.0984 3500 smartscaps - ok
18:11:59.0062 3500 smcservice - ok
18:11:59.0140 3500 SMNDIS5 - ok
18:11:59.0218 3500 sonypvs1 - ok
18:11:59.0312 3500 Sparrow - ok
18:11:59.0359 3500 spcflt - ok
18:11:59.0437 3500 speakerphone - ok
18:11:59.0625 3500 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:11:59.0765 3500 splitter - ok
18:11:59.0843 3500 spmd - ok
18:11:59.0968 3500 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:11:59.0984 3500 Spooler - ok
18:12:00.0062 3500 sprtsvc_dellsupportcenter - ok
18:12:00.0125 3500 Spsmqvsm - ok
18:12:00.0203 3500 spsslm - ok
18:12:00.0343 3500 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
18:12:00.0468 3500 sr - ok
18:12:00.0593 3500 srservice (b3e3da70a7a76e69b872de3d06d32c19) C:\WINDOWS\system32\srsvc.dll
18:12:00.0734 3500 srservice - ok
18:12:00.0796 3500 SRTSP - ok
18:12:00.0937 3500 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:12:00.0984 3500 Srv - ok
18:12:01.0062 3500 SrvcSSIOMngr - ok
18:12:01.0125 3500 srvdpi - ok
18:12:01.0203 3500 sscdbhk5 - ok
18:12:01.0312 3500 SSDPSRV (5215569dd3a8fbc65a85e85f3c12258b) C:\WINDOWS\System32\ssdpsrv.dll
18:12:01.0437 3500 SSDPSRV - ok
18:12:01.0546 3500 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:12:01.0562 3500 ssmdrv - ok
18:12:01.0640 3500 ssm_mdm - ok
18:12:01.0781 3500 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
18:12:01.0796 3500 StarOpen ( UnsignedFile.Multi.Generic ) - warning
18:12:01.0796 3500 StarOpen - detected UnsignedFile.Multi.Generic (1)
18:12:01.0859 3500 starwindservice - ok
18:12:01.0937 3500 steamdvr - ok
18:12:02.0015 3500 StickyMesger - ok
18:12:02.0093 3500 stirusb - ok
18:12:02.0218 3500 stisvc (3b9263e137896e4d303494f116e00608) C:\WINDOWS\system32\wiaservc.dll
18:12:02.0406 3500 stisvc - ok
18:12:02.0484 3500 susbser - ok
18:12:02.0562 3500 svcwmu - ok
18:12:02.0687 3500 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:12:02.0828 3500 swenum - ok
18:12:02.0953 3500 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:12:03.0093 3500 swmidi - ok
18:12:03.0171 3500 SwPrv - ok
18:12:03.0250 3500 symantecantibotdriver - ok
18:12:03.0359 3500 symc810 - ok
18:12:03.0437 3500 symc8xx - ok
18:12:03.0515 3500 SymIM - ok
18:12:03.0609 3500 SymIMMP - ok
18:12:03.0671 3500 symwsc - ok
18:12:03.0718 3500 sym_hi - ok
18:12:03.0812 3500 sym_u3 - ok
18:12:03.0921 3500 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:12:04.0093 3500 sysaudio - ok
18:12:04.0156 3500 sysenforce - ok
18:12:04.0281 3500 SysmonLog (a34a9a872eec4c026fd542ac7156fe0b) C:\WINDOWS\system32\smlogsvc.exe
18:12:04.0406 3500 SysmonLog - ok
18:12:04.0546 3500 TapiSrv (6b85f1a9dce45d45bffad3222c21f297) C:\WINDOWS\System32\tapisrv.dll
18:12:04.0687 3500 TapiSrv - ok
18:12:04.0765 3500 tavsvc - ok
18:12:04.0843 3500 tbiosdrv - ok
18:12:04.0984 3500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:12:05.0015 3500 Tcpip - ok
18:12:05.0093 3500 TCtrlIO - ok
18:12:05.0156 3500 TcUsb - ok
18:12:05.0281 3500 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:12:05.0437 3500 TDPIPE - ok
18:12:05.0562 3500 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:12:05.0687 3500 TDTCP - ok
18:12:05.0812 3500 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:12:05.0953 3500 TermDD - ok
18:12:06.0093 3500 TermService (fe5a5329ccfc33d645c33077ff04f052) C:\WINDOWS\System32\termsrv.dll
18:12:06.0250 3500 TermService - ok
18:12:06.0328 3500 tfsnboio - ok
18:12:06.0406 3500 tfsncofs - ok
18:12:06.0531 3500 Themes (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
18:12:06.0546 3500 Themes - ok
18:12:06.0609 3500 TICalc - ok
18:12:06.0703 3500 TIEHDUSB - ok
18:12:06.0812 3500 TlntSvr (2fff150ea4396956f10b66211687f335) C:\WINDOWS\system32\tlntsvr.exe
18:12:07.0000 3500 TlntSvr - ok
18:12:07.0078 3500 tmcomm - ok
18:12:07.0156 3500 TMKEmu - ok
18:12:07.0234 3500 tng-doba - ok
18:12:07.0359 3500 toshidpt - ok
18:12:07.0484 3500 TosIde - ok
18:12:07.0531 3500 tosrfcom - ok
18:12:07.0609 3500 tpkmpsvc - ok
18:12:07.0671 3500 trioservice - ok
18:12:07.0843 3500 TrkWks (690294999df1248faf85d95b31955d0c) C:\WINDOWS\system32\trkwks.dll
18:12:08.0000 3500 TrkWks - ok
18:12:08.0062 3500 tsscoreservice - ok
18:12:08.0140 3500 TVALG - ok
18:12:08.0265 3500 U3sHlpDr (f32ca4e68a075476f661dd85234cbdb5) C:\WINDOWS\System32\Drivers\U3sHlpDr.sys
18:12:08.0281 3500 U3sHlpDr ( UnsignedFile.Multi.Generic ) - warning
18:12:08.0281 3500 U3sHlpDr - detected UnsignedFile.Multi.Generic (1)
18:12:08.0359 3500 uagp35 - ok
18:12:08.0421 3500 UBHelper - ok
18:12:08.0500 3500 UCTblHid - ok
18:12:08.0625 3500 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:12:08.0781 3500 Udfs - ok
18:12:08.0859 3500 UimBus - ok
18:12:08.0937 3500 UlSata - ok
18:12:09.0031 3500 ultra - ok
18:12:09.0093 3500 umxfwhlp - ok
18:12:09.0171 3500 UPATC - ok
18:12:09.0312 3500 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:12:09.0468 3500 Update - ok
18:12:09.0531 3500 upnp - ok
18:12:09.0656 3500 upnphost (8057b0744d9842a090e51d2845861d5f) C:\WINDOWS\System32\upnphost.dll
18:12:09.0796 3500 upnphost - ok
18:12:09.0937 3500 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
18:12:10.0031 3500 upperdev - ok
18:12:10.0140 3500 UPS (f5e8b846ec10e1df8dca64119e2eb709) C:\WINDOWS\System32\ups.exe
18:12:10.0296 3500 UPS - ok
18:12:10.0375 3500 usbaudio - ok
18:12:10.0500 3500 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:12:10.0640 3500 usbccgp - ok
18:12:10.0703 3500 UsbDiag - ok
18:12:10.0781 3500 USBDongle - ok
18:12:10.0921 3500 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:12:11.0062 3500 usbehci - ok
18:12:11.0187 3500 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:12:11.0375 3500 usbhub - ok
18:12:11.0500 3500 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:12:11.0656 3500 usbprint - ok
18:12:11.0812 3500 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:12:12.0031 3500 usbscan - ok
18:12:12.0171 3500 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
18:12:12.0296 3500 usbser - ok
18:12:12.0437 3500 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
18:12:12.0515 3500 UsbserFilt - ok
18:12:12.0921 3500 usbsermpt - ok
18:12:13.0046 3500 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:12:13.0171 3500 USBSTOR - ok
18:12:13.0343 3500 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:12:13.0515 3500 usbuhci - ok
18:12:13.0593 3500 USBVCD - ok
18:12:13.0671 3500 USB_NDIS_51 - ok
18:12:13.0812 3500 USB_RNDIS - ok
18:12:13.0890 3500 uscbs108 - ok
18:12:13.0953 3500 USIUDF - ok
18:12:14.0031 3500 VAIOMediaPlatform-MusicServer-UPnP - ok
18:12:14.0109 3500 vc8secs - ok
18:12:14.0187 3500 vcommmgr - ok
18:12:14.0312 3500 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:12:14.0437 3500 VgaSave - ok
18:12:14.0515 3500 vhidmini - ok
18:12:14.0593 3500 VHidMinidrv - ok
18:12:14.0671 3500 Via4in1 - ok
18:12:14.0765 3500 ViaIde - ok
18:12:14.0828 3500 VMAUDIO - ok
18:12:14.0906 3500 vmm - ok
18:12:14.0984 3500 vmnetdhcp - ok
18:12:15.0062 3500 vmware - ok
18:12:15.0140 3500 vncdrv - ok
18:12:15.0265 3500 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
18:12:15.0390 3500 VolSnap - ok
18:12:15.0468 3500 VrAcFil - ok
18:12:15.0546 3500 vrmonsvc - ok
18:12:15.0609 3500 vsdatant - ok
18:12:15.0687 3500 VSP1284D - ok
18:12:15.0859 3500 VSS (c2fe17125256102f5b44194d5db0a799) C:\WINDOWS\System32\vssvc.exe
18:12:16.0093 3500 VSS - ok
18:12:16.0156 3500 vulfnths - ok
18:12:16.0218 3500 vxd - ok
18:12:16.0312 3500 vxsvc - ok
18:12:16.0390 3500 w300mdfl - ok
18:12:16.0531 3500 W32Time (2969dd84b584a6bb541a5273103957a3) C:\WINDOWS\system32\w32time.dll
18:12:16.0718 3500 W32Time - ok
18:12:16.0796 3500 w550bus - ok
18:12:16.0875 3500 w810bus - ok
18:12:16.0953 3500 w810mdm - ok
18:12:17.0125 3500 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:12:17.0265 3500 Wanarp - ok
18:12:17.0328 3500 wanatw - ok
18:12:17.0406 3500 wcontrol - ok
18:12:17.0531 3500 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:12:17.0562 3500 Wdf01000 - ok
18:12:17.0656 3500 WDICA - ok
18:12:17.0765 3500 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:12:17.0906 3500 wdmaud - ok
18:12:18.0031 3500 WebClient (2ec50ee79b65f60c8e8b4a03bbb3a42f) C:\WINDOWS\System32\webclnt.dll
18:12:18.0203 3500 WebClient - ok
18:12:18.0281 3500 wg6n - ok
18:12:18.0359 3500 winachcf - ok
18:12:18.0437 3500 WinDriver6 - ok
18:12:18.0546 3500 WINIO - ok
18:12:18.0625 3500 winmgmt (40911e98d0f1cbb1015f2101982f1ddf) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:12:18.0765 3500 winmgmt - ok
18:12:18.0843 3500 wintabservice - ok
18:12:18.0921 3500 WINUSB - ok
18:12:18.0984 3500 WISTechVIDCAP - ok
18:12:19.0062 3500 wlancfg - ok
18:12:19.0125 3500 WLAN_USB - ok
18:12:19.0203 3500 wltwo51b - ok
18:12:19.0312 3500 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:12:19.0343 3500 WmdmPmSN - ok
18:12:19.0421 3500 WmHidLo - ok
18:12:19.0562 3500 Wmi (f63cb6dbe268ea0620c67a90cf43885e) C:\WINDOWS\System32\advapi32.dll
18:12:19.0656 3500 Wmi - ok
18:12:19.0828 3500 WmiApSrv (81fd02839fdb10acf0ec40b809b9f8cc) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:12:19.0968 3500 WmiApSrv - ok
18:12:20.0125 3500 WMPNetworkSvc (f30dc8f80cf65a323e8b6a2db81561e3) C:\Programmi\Windows Media Player\WMPNetwk.exe
18:12:20.0203 3500 WMPNetworkSvc - ok
18:12:20.0281 3500 WmUsbHid - ok
18:12:20.0406 3500 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:12:20.0453 3500 WpdUsb - ok
18:12:20.0515 3500 wpsdrvnt - ok
18:12:20.0687 3500 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:12:20.0812 3500 WS2IFSL - ok
18:12:20.0937 3500 wscsvc (926d921c93cff1e19ef4de3e4c8368ca) C:\WINDOWS\system32\wscsvc.dll
18:12:21.0078 3500 wscsvc - ok
18:12:21.0187 3500 wuauserv (cc48415e6c7cbaa441a3d6a6dccbcfa6) C:\WINDOWS\system32\wuauserv.dll
18:12:21.0328 3500 wuauserv - ok
18:12:21.0468 3500 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:12:21.0515 3500 WudfPf - ok
18:12:21.0640 3500 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:12:21.0703 3500 WudfRd - ok
18:12:21.0828 3500 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
18:12:21.0859 3500 WudfSvc - ok
18:12:21.0937 3500 WUSB54GCSVC - ok
18:12:21.0984 3500 wwnetdde - ok
18:12:22.0125 3500 WZCSVC (053e0307a08cac60793e27e921b46b3e) C:\WINDOWS\System32\wzcsvc.dll
18:12:22.0296 3500 WZCSVC - ok
18:12:22.0390 3500 xcpip - ok
18:12:22.0453 3500 XDva004 - ok
18:12:22.0531 3500 xfactorae1 - ok
18:12:22.0640 3500 xmlprov (5526482dcba6047641b13bf9c75a74e0) C:\WINDOWS\System32\xmlprov.dll
18:12:22.0796 3500 xmlprov - ok
18:12:22.0890 3500 xpsec - ok
18:12:22.0953 3500 XTrapD12 - ok
18:12:23.0031 3500 xusb21 - ok
18:12:23.0093 3500 yukonwlh - ok
18:12:23.0156 3500 z800obex - ok
18:12:23.0234 3500 zebrceb - ok
18:12:23.0296 3500 zfdwm - ok
18:12:23.0359 3500 zpcollector - ok
18:12:23.0421 3500 ZSMC211 - ok
18:12:23.0500 3500 ZuneBusEnum - ok
18:12:23.0578 3500 ZuneWlanCfgSvc - ok
18:12:23.0656 3500 {a7447300-8075-4b0d-83f1-3d75c8ebc623} - ok
18:12:23.0734 3500 {d31a0762-0ceb-444e-acff-b049a1f6fe91} - ok
18:12:23.0765 3500 MBR (0x1B8) (05db01ba6567b64d20d0d42c1f755887) \Device\Harddisk0\DR0
18:12:23.0765 3500 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
18:12:23.0765 3500 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
18:12:23.0859 3500 Boot (0x1200) (e6a523f0e8f93e735e1caf79ee2ca994) \Device\Harddisk0\DR0\Partition0
18:12:23.0859 3500 \Device\Harddisk0\DR0\Partition0 - ok
18:12:23.0859 3500 ============================================================
18:12:23.0859 3500 Scan finished
18:12:23.0859 3500 ============================================================
18:12:23.0968 4248 Detected object count: 10
18:12:23.0968 4248 Actual detected object count: 10
18:12:41.0937 4248 BrPar ( UnsignedFile.Multi.Generic ) - skipped by user
18:12:41.0937 4248 BrPar ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:12:41.0937 4248 CnxEtP ( UnsignedFile.Multi.Generic ) - skipped by user
18:12:41.0937 4248 CnxEtP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:12:41.0937 4248 CnxEtU ( UnsignedFile.Multi.Generic ) - skipped by user
18:12:41.0937 4248 CnxEtU ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:12:41.0937 4248 CnxTgN ( UnsignedFile.Multi.Generic ) - skipped by user
18:12:41.0937 4248 CnxTgN ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:12:41.0937 4248 d347bus ( UnsignedFile.Multi.Generic ) - skipped by user
18:12:41.0937 4248 d347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:12:41.0953 4248 d347prt ( UnsignedFile.Multi.Generic ) - skipped by user
18:12:41.0953 4248 d347prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:12:41.0953 4248 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
18:12:41.0953 4248 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:12:41.0953 4248 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
18:12:41.0953 4248 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:12:41.0953 4248 U3sHlpDr ( UnsignedFile.Multi.Generic ) - skipped by user
18:12:41.0953 4248 U3sHlpDr ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:12:42.0375 4248 \Device\Harddisk0\DR0\# - copied to quarantine
18:12:42.0375 4248 \Device\Harddisk0\DR0 - copied to quarantine
18:12:42.0406 4248 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
18:12:42.0453 4248 \Device\Harddisk0\DR0 - ok
18:12:42.0453 4248 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
18:12:50.0812 0732 Deinitialize success

[hans22]

e questo è di xp reset, non entrava tutto in uno...


reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation
old REG_MULTI_SZ =
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain
SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain

reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{32F0736B-E23C-4262-9E50-20780BC5209D}\NameServerList
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{32F0736B-E23C-4262-9E50-20780BC5209D}\NetbiosOptions
reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{43FE3A88-76EF-462C-B980-3601A9EEEA5A}\NameServerList
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{43FE3A88-76EF-462C-B980-3601A9EEEA5A}\NetbiosOptions
reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{E048DA38-8027-48CD-8167-FF66B7C7AECE}\NameServerList
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{E048DA38-8027-48CD-8167-FF66B7C7AECE}\NetbiosOptions
added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{E91C38DC-CB5D-4B8D-A8AE-CCD146C21DEF}\NetbiosOptions
deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32F0736B-E23C-4262-9E50-20780BC5209D}\NameServer
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{43FE3A88-76EF-462C-B980-3601A9EEEA5A}\NameServer
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7681DAA3-3F6F-491B-A3BD-B608207521EB}\DefaultGateway
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7681DAA3-3F6F-491B-A3BD-B608207521EB}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7681DAA3-3F6F-491B-A3BD-B608207521EB}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7681DAA3-3F6F-491B-A3BD-B608207521EB}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7681DAA3-3F6F-491B-A3BD-B608207521EB}\IpAutoconfigurationSeed
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7681DAA3-3F6F-491B-A3BD-B608207521EB}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7681DAA3-3F6F-491B-A3BD-B608207521EB}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7681DAA3-3F6F-491B-A3BD-B608207521EB}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E048DA38-8027-48CD-8167-FF66B7C7AECE}\NameServer
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution
reset Linkage\UpperBind for PCI\VEN_1969&DEV_2048&SUBSYS_82331043&REV_A0\4&38D2602C&0&00E1. bad value was:
REG_MULTI_SZ =
pctNDIS
XCPIP
XCPIP
XCPIP
XCPIP
XCPIP
XCPIP
XCPIP
XCPIP
XCPIP
XCPIP
XCPIP
XCPIP
XCPIP

reset Linkage\UpperBind for ROOT\MS_NDISWANIP\0000. bad value was:
REG_MULTI_SZ =
pctNDIS

<completed>

[COCCOBELLO]

ok tdsskiller ha rimosso un rootkit

in XP TCP Repair
non c'era bisogno di postare il report
dovevi solo riparare il TCP/IP
e il Winsock

come và il pc?
hai ancora problemi?

[Luke57]

Ciao, aggiorna malwarebytes e fai una scansione completa del pc.

[hans22]

ok tdsskiller ha rimosso un rootkit

in XP TCP Repair
non c'era bisogno di postare il report
dovevi solo riparare il TCP/IP
e il Winsock

come và il pc?
hai ancora problemi?

ora va una spada!!! bello veloce e senza intoppi, anche firefox. cmq sto continuando ad usare crhome, che mi sembra migliore.
per quanto riguarda crhome, come si fà ad impostare per non salvare la cronologia mai?

cmq grazie mille per tutti i consigli!!! davvero mitico, mi hai seguito passo passo...onestamente non avrei sperato tanto!!!

mi consigli di fare altro o va bene così? come protezione ora ho avira e il firewall, basta così?

grazie ancora e auguri di buona pasqua!!!

[COCCOBELLO]

ciao si è tutto ok,non c'è bisogno di fare altro
ok mi fa piacere,che si è risolto tutto
fortunatamente hai preso una variante del zero.access buona
si chrome e veloce
per non salvare la cronologia
puoi usare sia la Navigazione Anonima modalità in incognito
fai così
vai in
C:\ Users\ tuo nome utente \AppData\ Local\ Google\ Chrome\ User Data\ Default
fai click destro sul file History scegli Propietà

Nella finestra che si apre, metti la spunta sulla voce Sola lettura (in basso a sinistra) e clicca sul pulsante OK.
in questo modo non salverai mai la cronologia

per il resto lasciati solo Avira e il Firewall
e malwarebytes in caso di virus fai la scansione
non installarti altro
1 perchè sono tra i software migliori in circolazione
2 rischi di appesantire il pc con troppi programmi per la sicurezza
3 riduci solo la protezione del tuo pc,con troppi programmi di sicurezza installati,generando conflitti e falsi positivi

ultima cosa disinstalla ComboFix,dopo l'uso il tool va rimosso
in questo modo
Scarica OTC by OldTimer:
http://oldtimer.geekstogo.com/OTC.exe
posizionalo sul Desktop
chiudi tutti i programmi aperti
nella finestra che Compare, clicca su CleanUp!
Viene richiesta conferma per l'operazione, clicca Yes
Al termine delle operazioni di pulizia, viene chiesto il riavvio del pc, clicca Yes

ciao BUONA PASQUA

[hans22]

non riesco a trovare l'indirizzo per modificare chrome...
ho inserito l'indirizzo ma non mi dà nulla.... users non c'è nella pagina

[COCCOBELLO]

già tu hai xp
il percorso è
c:\documents and settings\

[hans22]

sono arrivato qui, ma non c'è chrome
C:\Documents and Settings\utente\Dati applicazioni

[COCCOBELLO]

allora prova in questp percorso
C:\Documents and Settings\tuo nome utente\Local Settings\Application Data\Google\Chrome\User Data\Default

perchè io ho w7 il percorso me lo da qui
C:\ Users\ tuo nome utente \AppData\ Local\ Google\ Chrome\ User Data\ Default

[hans22]

allora prova in questp percorso
C:\Documents and Settings\tuo nome utente\Local Settings\Application Data\Google\Chrome\User Data\Default

perchè io ho w7 il percorso me lo da qui
C:\ Users\ tuo nome utente \AppData\ Local\ Google\ Chrome\ User Data\ Default

niente non c'è proprio la voce chrome...

[COCCOBELLO]

Ma per caso hai chrome portable?
perchè i percorsi sono questi

puoi fare anche così
ogni volta che fai partire google chrome attivi la modalità in incognito premendo ctrl+maiusc+n
in questo modo non salverai mai la cronologia

oppure puoi passare ad Opera
http://www.opera.com/download/

che è altrettanto veloce ,forse anche più di crhome io li uso entrambi e trovo più veloce opera
in opera oltre ad impostare cancella la cronologia all'uscita di opera
puoi lanciare anche la navigazione Anonima lanciando una Nuova scheda riservata
in questo modo non salverai mai la cronologia

[hans22]

Ma per caso hai chrome portable?
perchè i percorsi sono questi

puoi fare anche così
ogni volta che fai partire google chrome attivi la modalità in incognito premendo ctrl+maiusc+n
in questo modo non salverai mai la cronologia

oppure puoi passare ad Opera
http://www.opera.com/download/

che è altrettanto veloce ,forse anche più di crhome io li uso entrambi e trovo più veloce opera
in opera oltre ad impostare cancella la cronologia all'uscita di opera
puoi lanciare anche la navigazione Anonima lanciando una Nuova scheda riservata
in questo modo non salverai mai la cronologia

no è quello normale di chrome, forse sul mio pc c'è un percorso diverso, mha...
ho scaricato anche opera, ma mi piace di più chrome.
vorrà dire che mi dovrò ricordare di cancellare sempre la crono, fà nulla...
cmq grazie ancora per tutto!!!! miticissimo!!!