Condividi:        

Ancora UKASH!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Ancora UKASH!

Postdi Taffazzi » 26/07/12 00:21

Ciao,
apro un nuovo topic anche se l'argomento è vecchio, penso che preferiate così...
Ho ripreso (per la terza volta!!!) :( il virus Ukash!
Non so come, neanche girassi siti strani! Comunque Avira non lo blocca, ormai è assodato.
Ho fatto girare Combofix, ma la schermata di richiesta soldi ricompare.
Allego il report di Combofix (sperando che non siate tutti in vacanza...)
Grazie mille in anticipo

ComboFix 12-07-26.04 - Chicco 26/07/2012 0.48.12.6.4 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3061.2788 [GMT 2:00]
Eseguito da: c:\documents and settings\Chicco\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {0013F2B4-5C49-7C92-0300-000000000000}
AV: AntiVir Desktop *Disabled/Outdated* {7698207D-3DB8-003E-AC1D-9876381E9876}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5C49-7C92-0300-000000000000}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Chicco\Menu Avvio\Programmi\Esecuzione automatica\ctfmon.lnk
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-25 al 2012-07-25 )))))))))))))))))))))))))))))))))))
.
.
2012-07-19 09:39 . 2012-07-19 09:39 -------- d-----w- c:\programmi\File comuni\Steam
2012-07-17 14:06 . 2012-07-17 14:06 -------- d-----w- c:\documents and settings\Chicco\Dati applicazioni\U3
2012-07-15 18:19 . 2012-07-15 18:19 -------- d--h--w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 23:59 . 2012-04-08 19:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-15 23:59 . 2011-12-20 20:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:55 . 2006-03-02 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2011-04-20 19:41 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2011-04-20 15:04 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-04-20 15:04 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2011-04-20 15:04 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2011-04-20 15:04 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2011-04-20 15:04 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 17:23 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2011-04-20 15:04 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-08-06 17:23 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-08-06 17:23 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 17:23 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2011-04-20 15:04 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:21 . 2006-03-02 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:06 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:40 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2006-03-02 12:00 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2004-08-19 15:34 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2011-04-20 15:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-27 18:04 . 2012-04-27 18:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-27 18:04 . 2012-04-27 18:04 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-27 18:04 . 2011-12-09 17:23 472864 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-26 11:05 . 2011-12-01 20:43 121816 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-05-20 36864]
"IAStorIcon"="c:\programmi\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-14 614400]
"4623 Scan2PC"="c:\windows\Twain_32\Samsung\SCX4623\Scan2pc.exe" [2009-09-10 1968640]
"nwiz"="c:\programmi\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-01-18 254696]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-07 19573352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 08:27 153136 ----a-w- c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\SCX4623\\Scan2Pc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\SCX4623\\Sscan2io.exe"=
"c:\\Programmi\\ASUS\\AI Suite II\\AI Suite II.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\UltraVNC\\vncviewer.exe"=
"c:\\Programmi\\FIFA 12\\Game\\fifa.exe"=
.
R0 ndasfs;ndasfs;c:\windows\system32\drivers\ndasfs.sys [13/01/2010 10.12.36 562152]
R1 ndasfat;NDAS FAT File System Service;c:\windows\system32\drivers\ndasfat.sys [13/01/2010 10.12.36 461288]
R1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\drivers\ndasrofs.sys [13/01/2010 10.12.28 791528]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [20/04/2011 22.55.10 95720]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [20/04/2011 22.55.11 292840]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/12/2011 14.41.34 691696]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [06/05/2011 18.49.52 11832]
S2 asComSvc;ASUS Com Service;c:\programmi\ASUS\AXSP\1.00.13\atkexComSvc.exe [06/05/2011 18.47.15 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\programmi\ASUS\AAHM\1.00.13\aaHMSvc.exe [06/05/2011 18.47.18 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\programmi\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [06/05/2011 18.49.30 586880]
S2 gupdate;Servizio Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [23/12/2011 16.17.09 136176]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\programmi\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [20/04/2011 22.48.07 13336]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [11/05/2011 19.16.07 162304]
S2 SSPORT;SSPORT; [x]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [08/04/2012 21.22.59 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26/01/2012 0.29.55 1691480]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [23/12/2011 16.17.09 136176]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 SliceDisk5;SliceDisk5;c:\programmi\A-FF Find and Mount\slicedisk.sys [08/04/2012 21.27.57 26192]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 23:59]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-12-23 14:17]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-12-23 14:17]
.
2012-07-25 c:\windows\Tasks\SpeedUpMyPC.job
- c:\programmi\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-05-17 12:27]
.
.
------- Scansione supplementare -------
.
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{843BFDA4-C344-4C55-B685-A37DC954B3B4}: NameServer = 88.149.128.12,88.149.128.22
FF - ProfilePath - c:\documents and settings\Chicco\Dati applicazioni\Mozilla\Firefox\Profiles\5j5g6jes.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Explorer_Run-39691 - c:\docume~1\ALLUSE~1\LOCALS~1\Temp\mssoucweh.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-26 00:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2012-07-26 00:55:13
ComboFix-quarantined-files.txt 2012-07-25 22:55
.
Pre-Run: 231.942.807.552 byte disponibili
Post-Run: 232.123.211.776 byte disponibili
.
- - End Of File - - E286920AA68E046739CCA8E840C49D4E
Taffazzi
Utente Junior
 
Post: 11
Iscritto il: 01/05/12 14:16

Sponsor
 

Re: Ancora UKASH!

Postdi Taffazzi » 26/07/12 08:36

PS ovviamente, quando ricompare la schermata del ministero con richiesta di soldi tramite Ukash, il pc è completamente bloccato.
Ma funziona in modalità provvisoria...
Taffazzi
Utente Junior
 
Post: 11
Iscritto il: 01/05/12 14:16

Re: Ancora UKASH!

Postdi FrancescoFDAC » 26/07/12 09:52

Scarica OTL By OldTimer: http://oldtimer.geekstogo.com/OTL.exe
● posiziona il tool scaricato sul Desktop
● doppio click sull'icona del programma per avviarlo
● metti il segno di spunta a Scan All Users
● clicca sul bottone Quick Scan
● attendi pazientemente la fine della scansione
● alla fine della scansione, verranno generati 2 logs: allegali
OTListIt.txt (aperto)
Extra.txt (minimizzato)
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Ancora UKASH!

Postdi Taffazzi » 26/07/12 15:14

Fatto. Li allego.
Uno non ha esattamente il nome che hai scritto tu, ma penso sia lui (ha generato solo questi).
Grazie mille

OTL logfile created on: 26/07/2012 16.02.29 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Documents and Settings\Chicco\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,99 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 91,18% Memory free
8,83 Gb Paging File | 8,76 Gb Available in Paging File | 99,23% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 465,75 Gb Total Space | 217,05 Gb Free Space | 46,60% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 310,36 Gb Free Space | 66,64% Space Free | Partition Type: NTFS
Drive E: | 1397,26 Gb Total Space | 74,98 Gb Free Space | 5,37% Space Free | Partition Type: NTFS
Drive K: | 7,84 Gb Total Space | 7,78 Gb Free Space | 99,25% Space Free | Partition Type: FAT32

Computer Name: CHICCO | User Name: Chicco | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/26 15.59.10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chicco\Desktop\OTL.exe
PRC - [2008/04/13 19.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/15 13.38.45 | 000,178,176 | ---- | M] () -- C:\Programmi\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/16 01.59.51 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/12/06 00.19.04 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 16.17.44 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programmi\Avira\AntiVir Desktop\sched.exe -- (AntiVirScheduler)
SRV - [2010/12/02 04.15.14 | 000,915,584 | R--- | M] () [Auto | Stopped] -- C:\Programmi\ASUS\AAHM\1.00.13\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010/11/05 23.54.22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programmi\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/11/03 11.30.14 | 000,918,144 | R--- | M] () [Auto | Stopped] -- C:\Programmi\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc)
SRV - [2010/10/21 11.52.26 | 000,586,880 | R--- | M] () [Auto | Stopped] -- C:\Programmi\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/01/13 10.12.22 | 000,247,784 | ---- | M] (XIMETA, Inc.) [Auto | Stopped] -- C:\Programmi\NDAS\System\ndassvc.exe -- (ndassvc)
SRV - [2009/09/11 15.02.26 | 000,162,304 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server)
SRV - [2007/05/16 10.27.28 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2003/07/28 20.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Auto | Stopped] -- -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\PROCEXP151.SYS -- (PROCEXP151)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Chicco\IMPOST~1\Temp\catchme.sys -- (catchme)
DRV - [2011/12/28 14.41.34 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/12/06 00.19.04 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/12/06 00.19.04 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/05/06 19.29.10 | 000,169,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2011/02/25 22.16.50 | 000,026,192 | ---- | M] (Atola) [Kernel | On_Demand | Stopped] -- C:\Programmi\A-FF Find and Mount\slicedisk.sys -- (SliceDisk5)
DRV - [2011/01/14 09.06.40 | 000,277,352 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/12/08 18.17.40 | 000,292,840 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asmtxhci.sys -- (asmtxhci)
DRV - [2010/12/08 18.17.40 | 000,095,720 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asmthub3.sys -- (asmthub3)
DRV - [2010/09/07 20.20.56 | 006,141,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/08/24 09.31.08 | 000,011,456 | R--- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2010/08/03 07.20.56 | 000,011,832 | R--- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2010/06/17 15.28.21 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15.28.11 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programmi\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/20 07.03.35 | 000,084,320 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2010/01/13 10.12.46 | 000,556,008 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\lfsfilt.sys -- (lfsfilt)
DRV - [2010/01/13 10.12.44 | 000,119,784 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\lpx.sys -- (lpx)
DRV - [2010/01/13 10.12.40 | 000,385,512 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndasbus.sys -- (ndasbus)
DRV - [2010/01/13 10.12.36 | 000,562,152 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\ndasfs.sys -- (ndasfs)
DRV - [2010/01/13 10.12.36 | 000,461,288 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ndasfat.sys -- (ndasfat)
DRV - [2010/01/13 10.12.28 | 000,791,528 | ---- | M] (XIMETA, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ndasrofs.sys -- (ndasrofs)
DRV - [2010/01/13 10.12.24 | 000,377,320 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndasscsi.sys -- (ndasscsi)
DRV - [2009/11/18 08.17.00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 08.16.00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/02/11 03.48.20 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1275210071-1677128483-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1275210071-1677128483-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1275210071-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.it/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmi\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programmi\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programmi\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2011/12/26 13.05.18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins

[2011/05/11 19.30.40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chicco\Dati applicazioni\Mozilla\Extensions
[2012/05/11 15.29.09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chicco\Dati applicazioni\Mozilla\Firefox\Profiles\5j5g6jes.default\extensions
[2011/05/12 23.46.26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chicco\Dati applicazioni\Mozilla\Firefox\Profiles\5j5g6jes.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/27 20.04.12 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2012/04/27 20.04.12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2011/12/26 13.05.18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
[2011/12/26 13.05.17 | 000,001,393 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\amazon-it.xml
[2011/12/26 13.05.17 | 000,002,252 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml
[2011/12/26 13.05.17 | 000,000,744 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2011/12/26 13.05.17 | 000,000,825 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\hoepli.xml
[2011/12/26 13.05.17 | 000,001,182 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2011/12/26 13.05.17 | 000,000,953 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programmi\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programmi\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programmi\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programmi\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programmi\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Programmi\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programmi\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Programmi\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Chicco\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Ricerca Google = C:\Documents and Settings\Chicco\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Documents and Settings\Chicco\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2012/07/26 00.54.13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Supporto di collegamento per Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [4623 Scan2PC] C:\WINDOWS\Twain_32\Samsung\SCX4623\Scan2pc.exe ()
O4 - HKLM..\Run: [avgnt] C:\Programmi\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Programmi\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1275210071-1677128483-839522115-1003..\Run: [DAEMON Tools Lite] C:\Programmi\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 39691 = C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\mssoucweh.exe
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-1677128483-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-1677128483-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1275210071-1677128483-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1275210071-1677128483-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{843BFDA4-C344-4C55-B685-A37DC954B3B4}: NameServer = 88.149.128.12,88.149.128.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98CB4F4A-AD52-49CD-9CF7-181E128E6634}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Chicco\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chicco\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/20 17.07.11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/26 16.01.48 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chicco\Desktop\OTL.exe
[2012/07/26 02.12.12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/26 00.55.14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/07/26 00.46.39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/26 00.46.39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/26 00.46.39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/26 00.46.39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/26 00.45.57 | 004,719,627 | R--- | C] (Swearware) -- C:\Documents and Settings\Chicco\Desktop\ComboFix.exe
[2012/07/19 11.39.12 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Steam
[2012/07/17 16.06.55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chicco\Dati applicazioni\U3
[2012/07/15 20.19.29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF

========== Files - Modified Within 30 Days ==========

[2012/07/26 16.01.31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/26 16.01.17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/26 15.59.10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chicco\Desktop\OTL.exe
[2012/07/26 02.11.52 | 000,002,531 | ---- | M] () -- C:\Documents and Settings\Chicco\Desktop\Microsoft Office Word 2003.lnk
[2012/07/26 01.24.30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/26 01.06.46 | 000,482,092 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2012/07/26 01.06.46 | 000,435,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/26 01.06.46 | 000,080,696 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2012/07/26 01.06.46 | 000,068,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/26 01.01.09 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\SpeedUpMyPC.job
[2012/07/26 01.00.58 | 004,503,728 | ---- | M] () -- C:\Documents and Settings\All Users\Dati applicazioni\z7_0ytr.pad
[2012/07/26 00.59.59 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\Chicco\Menu Avvio\Programmi\Esecuzione automatica\ctfmon.lnk
[2012/07/26 00.58.25 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/07/26 00.58.24 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/26 00.54.13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/26 00.41.30 | 004,719,627 | R--- | M] (Swearware) -- C:\Documents and Settings\Chicco\Desktop\ComboFix.exe
[2012/07/25 23.40.00 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/25 23.30.00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/25 12.14.25 | 000,016,127 | ---- | M] () -- C:\Documents and Settings\Chicco\intlname.ols
[2012/07/22 12.10.37 | 000,002,503 | ---- | M] () -- C:\Documents and Settings\Chicco\Desktop\Microsoft Office Excel 2003.lnk
[2012/07/15 15.40.30 | 000,000,521 | ---- | M] () -- C:\Documents and Settings\Chicco\Desktop\Collegamento a londra 2012.lnk
[2012/07/12 23.33.03 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/07/12 19.03.10 | 000,244,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/12 18.20.33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/29 00.01.36 | 000,036,811 | ---- | M] () -- C:\Documents and Settings\Chicco\Desktop\mile e andre seppia smangiato.jpg

========== Files Created - No Company Name ==========

[2012/07/26 00.59.59 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\Chicco\Menu Avvio\Programmi\Esecuzione automatica\ctfmon.lnk
[2012/07/26 00.46.39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/26 00.46.39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/26 00.46.39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/26 00.46.39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/26 00.46.39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/26 00.26.04 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\z7_0ytr.pad
[2012/07/20 04.49.44 | 000,150,168 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
[2012/07/16 01.59.51 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/15 15.40.30 | 000,000,521 | ---- | C] () -- C:\Documents and Settings\Chicco\Desktop\Collegamento a londra 2012.lnk
[2012/06/29 00.01.36 | 000,036,811 | ---- | C] () -- C:\Documents and Settings\Chicco\Desktop\mile e andre seppia smangiato.jpg
[2012/03/23 00.54.37 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/23 00.31.09 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/03/23 00.31.08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2012/03/23 00.31.07 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/03/23 00.31.07 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/03/23 00.31.07 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/02/15 13.43.43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/22 03.04.36 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/01/22 03.04.35 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/01/22 03.04.35 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/24 15.20.01 | 001,124,592 | ---- | C] () -- C:\WINDOWS\PE_Rom.dll
[2011/05/16 11.59.48 | 000,016,127 | ---- | C] () -- C:\Documents and Settings\Chicco\intlname.ols
[2011/05/12 23.57.28 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Chicco\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/11 19.30.28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/11 19.16.11 | 000,171,520 | R--- | C] () -- C:\WINDOWS\System32\NetFaxPort.dll
[2011/05/11 19.16.02 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2011/05/11 19.15.48 | 000,011,378 | ---- | C] () -- C:\Documents and Settings\Chicco\Dati applicazioni\SmarThruOptions.xml
[2011/05/11 19.15.25 | 000,000,116 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2011/05/11 19.15.21 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2011/05/11 19.14.17 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2011/05/11 19.14.16 | 000,113,768 | ---- | C] () -- C:\WINDOWS\Wiainst.exe
[2011/05/11 19.13.49 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\sso2ml3.dll
[2011/05/11 19.12.56 | 000,191,488 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2011/05/11 19.12.56 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll
[2011/05/11 19.12.56 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2011/05/11 19.12.56 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll
[2011/05/11 19.12.56 | 000,088,064 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll
[2011/05/11 18.26.19 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/05/06 18.49.52 | 000,011,832 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2011/05/06 18.47.14 | 000,011,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2011/05/06 18.47.13 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2011/05/06 18.47.13 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2011/04/20 22.49.53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/20 22.11.58 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/04/20 21.14.20 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011/04/20 21.14.18 | 000,026,092 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/04/20 21.14.17 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011/04/20 18.54.02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/20 18.52.15 | 000,244,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/20 17.11.24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/04/20 17.02.51 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== LOP Check ==========

[2011/05/06 18.47.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\ASUS
[2011/05/06 18.54.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\ASUS OC Profiles
[2011/12/28 14.36.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\DAEMON Tools Lite
[2012/04/26 11.37.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Samsung
[2012/01/03 16.39.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SecTaskMan
[2012/06/11 12.38.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chicco\Dati applicazioni\avidemux
[2011/12/28 15.33.55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chicco\Dati applicazioni\DAEMON Tools Lite
[2011/12/08 17.23.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chicco\Dati applicazioni\qs
[2011/12/28 16.33.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chicco\Dati applicazioni\SPORE
[2012/05/17 17.56.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chicco\Dati applicazioni\Uniblue
[2012/07/20 04.49.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chicco\Dati applicazioni\uTorrent
[2012/03/23 00.32.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chicco\Dati applicazioni\Video DVD Maker FREE
[2012/07/26 01.01.09 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedUpMyPC.job

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 26/07/2012 16.02.29 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Documents and Settings\Chicco\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,99 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 91,18% Memory free
8,83 Gb Paging File | 8,76 Gb Available in Paging File | 99,23% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 465,75 Gb Total Space | 217,05 Gb Free Space | 46,60% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 310,36 Gb Free Space | 66,64% Space Free | Partition Type: NTFS
Drive E: | 1397,26 Gb Total Space | 74,98 Gb Free Space | 5,37% Space Free | Partition Type: NTFS
Drive K: | 7,84 Gb Total Space | 7,78 Gb Free Space | 99,25% Space Free | Partition Type: FAT32

Computer Name: CHICCO | User Name: Chicco | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programmi\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1275210071-1677128483-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Programmi\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics)
"C:\WINDOWS\twain_32\Samsung\SCX4623\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\SCX4623\Scan2Pc.exe:*:Enabled:ScanToPC -- ()
"C:\WINDOWS\twain_32\Samsung\SCX4623\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\SCX4623\Sscan2io.exe:*:Enabled:SScanToIO -- ()
"C:\Programmi\ASUS\AI Suite II\AI Suite II.exe" = C:\Programmi\ASUS\AI Suite II\AI Suite II.exe:*:Enabled:AI Suite II -- (ASUSTeK Computer Inc.)
"C:\Programmi\eMule\emule.exe" = C:\Programmi\eMule\emule.exe:*:Enabled:eMule MorphXT -- (http://emulemorph.sourceforge.net)
"C:\Programmi\uTorrent\uTorrent.exe" = C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programmi\UltraVNC\vncviewer.exe" = C:\Programmi\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Programmi\FIFA 12\Game\fifa.exe" = C:\Programmi\FIFA 12\Game\fifa.exe:*:Disabled:FIFA 12 -- (Electronic Arts)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.32.0.80
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{293C9DF5-7669-4826-BBB2-E1F182D71040}" = Nero 7 Ultra Edition
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Avventure galattiche
"{64630268-1833-4461-9EC3-857EEB8A0540}" = DiskExplorer for NTFS
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{80078570-6C67-486C-8CF0-B0D778FC69B5}" = Samsung Network PC Fax
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}" = Iomega Product Registration
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.30" = MioMore Desktop 7.30
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1040-7B44-A81200000003}" = Adobe Reader 8.1.2 - Italiano
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creature buffe e mostruose - Parts Pack
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E239F8B2-AE00-467D-9F05-47C8E1FAAFA7}" = WD Align - Powered by Acronis
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{EBA04232-8CDA-4900-A36E-9E5CC4AF3254}" = NDAS Software 3.72.2080
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Compare Dir_is1" = Compare Dir 1.0
"Cpukiller3_is1" = Cpukiller3 v1.0.5
"eMule MorphXT_is1" = eMule MorphXT 12.6
"FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1
"Find and Mount_is1" = Find and Mount 2.32
"FormatFactory" = FormatFactory 2.90
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"MediaInfo" = MediaInfo 0.7.54
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 it)" = Mozilla Firefox 9.0.1 (x86 it)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"R-Studio 3.0NSIS" = R-Studio 3.0
"Samsung SCX-4623 Series" = Manutenzione Samsung SCX-4623 Series
"Security Task Manager" = Security Task Manager 1.8d
"Ultravnc2_is1" = UltraVNC 1.0.6.5
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.10 beta 5 (32-bit)
"WinZip" = WinZip

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1275210071-1677128483-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"sc12-CH_RTSI" = Ski Challenge 12 (RSI)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 07/05/2012 23.35.47 | Computer Name = CHICCO | Source = Windows Product Activation | ID = 1002
Description = Il prodotto non è stato attivato o l'attuale licenza è incompatibile
con il sistema operativo esistente.

Error - 07/05/2012 23.38.19 | Computer Name = CHICCO | Source = Windows Product Activation | ID = 1000
Description = Si è verificato un errore durante la verifica dell'attuale licenza
Windows. Codice di errore: 8: 0x80070002

Error - 07/05/2012 23.39.39 | Computer Name = CHICCO | Source = Windows Product Activation | ID = 1002
Description = Il prodotto non è stato attivato o l'attuale licenza è incompatibile
con il sistema operativo esistente.

Error - 07/05/2012 23.39.50 | Computer Name = CHICCO | Source = Windows Product Activation | ID = 1000
Description = Si è verificato un errore durante la verifica dell'attuale licenza
Windows. Codice di errore: 8: 0x80070002

Error - 07/05/2012 23.40.44 | Computer Name = CHICCO | Source = Windows Product Activation | ID = 1002
Description = Il prodotto non è stato attivato o l'attuale licenza è incompatibile
con il sistema operativo esistente.

Error - 07/05/2012 23.40.50 | Computer Name = CHICCO | Source = Windows Product Activation | ID = 1000
Description = Si è verificato un errore durante la verifica dell'attuale licenza
Windows. Codice di errore: 8: 0x80070002

Error - 07/05/2012 23.42.04 | Computer Name = CHICCO | Source = Windows Product Activation | ID = 1002
Description = Il prodotto non è stato attivato o l'attuale licenza è incompatibile
con il sistema operativo esistente.

Error - 07/05/2012 23.44.23 | Computer Name = CHICCO | Source = Windows Product Activation | ID = 1000
Description = Si è verificato un errore durante la verifica dell'attuale licenza
Windows. Codice di errore: 8: 0x80070002

Error - 07/05/2012 23.45.01 | Computer Name = CHICCO | Source = Windows Product Activation | ID = 1002
Description = Il prodotto non è stato attivato o l'attuale licenza è incompatibile
con il sistema operativo esistente.

Error - 07/05/2012 23.50.43 | Computer Name = CHICCO | Source = Windows Product Activation | ID = 1000
Description = Si è verificato un errore durante la verifica dell'attuale licenza
Windows. Codice di errore: 8: 0x80070002

[ System Events ]
Error - 25/07/2012 20.12.43 | Computer Name = CHICCO | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio StiSvc con gli argomenti "" per eseguire il server {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 25/07/2012 21.35.38 | Computer Name = CHICCO | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 26/07/2012 10.01.30 | Computer Name = CHICCO | Source = sptd | ID = 262148
Description = Il driver ha rilevato un errore interno nelle strutture dati per .

Error - 26/07/2012 10.01.41 | Computer Name = CHICCO | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio StiSvc con gli argomenti "" per eseguire il server {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 26/07/2012 10.01.50 | Computer Name = CHICCO | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 26/07/2012 10.02.57 | Computer Name = CHICCO | Source = Service Control Manager | ID = 7001
Description = Il servizio Client DHCP dipende dal servizio NetBios su Tcpip che
non è stato avviato per il seguente errore: %%31

Error - 26/07/2012 10.02.57 | Computer Name = CHICCO | Source = Service Control Manager | ID = 7001
Description = Il servizio Client DNS dipende dal servizio Driver protocollo TCP/IP
che non è stato avviato per il seguente errore: %%31

Error - 26/07/2012 10.02.57 | Computer Name = CHICCO | Source = Service Control Manager | ID = 7001
Description = Il servizio Helper NetBIOS di TCP/IP dipende dal servizio AFD che
non è stato avviato per il seguente errore: %%31

Error - 26/07/2012 10.02.57 | Computer Name = CHICCO | Source = Service Control Manager | ID = 7001
Description = Il servizio Servizi IPSEC dipende dal servizio Driver IPSEC che non
è stato avviato per il seguente errore: %%31

Error - 26/07/2012 10.02.57 | Computer Name = CHICCO | Source = Service Control Manager | ID = 7026
Description = All'avvio non è stato possibile caricare i seguenti driver: AFD AsIO
AsUpIO
avgio
avipbb
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
sptd
ssmdrv
Tcpip
WS2IFSL


< End of report >
Taffazzi
Utente Junior
 
Post: 11
Iscritto il: 01/05/12 14:16

Re: Ancora UKASH!

Postdi FrancescoFDAC » 27/07/12 08:33

Metti OTL.exe sul desktop. Avvialo e copia/incolla il codice sottostante nel Custom Scans/Fixes.

Codice: Seleziona tutto
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Auto | Stopped] -- -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\PROCEXP151.SYS -- (PROCEXP151)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Chicco\IMPOST~1\Temp\catchme.sys -- (catchme)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 39691 = C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\mssoucweh.exe


Clicca su Run Fix e dai Ok. Potrebbe essere richiesto un riavvio, accetta.
Si aprirà un report salvalo ed allegalo.

Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● clicca due volte sul file TDSSKiller.exe per avviare l'applicazione
● successivamente premi il pulsante Start scan

Nota - riguardo al programma:
● non cliccare sul pulsante Stop scan per nessun motivo, la scansione si interromperebbe

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure: clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip: clicca quindi su Continua
● se non viene rilevato nulla, chiudi semplicemente il programma al termine della scansione

Una volta terminata la scansione, si presenterà una di queste due opzioni:
non è necessario il riavvio del sistema: allega il Report situato nel Disco Locale C:\, di nome TDSSKiller.[Version]_[Date]_[Time]_log.txt
● è necessario riavviare il sistema: clicca su Riavvia ora, infine allega il risultato della scansione (si trova nello stesso percorso menzionato poco fa')
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Ancora UKASH!

Postdi Taffazzi » 27/07/12 09:02

Questo è il report di OTL

========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service SSPORT stopped successfully!
Service SSPORT deleted successfully!
Service PROCEXP151 stopped successfully!
Service PROCEXP151 deleted successfully!
File C:\WINDOWS\system32\Drivers\PROCEXP151.SYS not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Chicco\IMPOST~1\Temp\catchme.sys not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\39691 deleted successfully.

OTL by OldTimer - Version 3.2.54.1 log created on 07272012_095437


Questo è quello di TDSSKiller (non ha rilevato file infetti o sospetti)

09:59:07.0640 1564 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
09:59:07.0671 1564 ============================================================
09:59:07.0671 1564 Current date / time: 2012/07/27 09:59:07.0671
09:59:07.0671 1564 SystemInfo:
09:59:07.0671 1564
09:59:07.0671 1564 OS Version: 5.1.2600 ServicePack: 3.0
09:59:07.0671 1564 Product type: Workstation
09:59:07.0671 1564 ComputerName: CHICCO
09:59:07.0671 1564 UserName: Chicco
09:59:07.0671 1564 Windows directory: C:\WINDOWS
09:59:07.0671 1564 System windows directory: C:\WINDOWS
09:59:07.0671 1564 Processor architecture: Intel x86
09:59:07.0671 1564 Number of processors: 4
09:59:07.0671 1564 Page size: 0x1000
09:59:07.0671 1564 Boot type: Safe boot
09:59:07.0671 1564 ============================================================
09:59:07.0921 1564 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:59:07.0937 1564 Drive \Device\Harddisk1\DR1 - Size: 0x15D50E00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:59:07.0953 1564 Drive \Device\Harddisk2\DR7 - Size: 0x1F6D80000 (7.86 Gb), SectorSize: 0x200, Cylinders: 0x401, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:59:07.0953 1564 ============================================================
09:59:07.0953 1564 \Device\Harddisk0\DR0:
09:59:07.0953 1564 MBR partitions:
09:59:07.0953 1564 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A380000
09:59:07.0953 1564 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A380800, BlocksNum 0x3A385000
09:59:07.0953 1564 \Device\Harddisk1\DR1:
09:59:07.0953 1564 MBR partitions:
09:59:07.0953 1564 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
09:59:07.0953 1564 \Device\Harddisk2\DR7:
09:59:07.0953 1564 MBR partitions:
09:59:07.0953 1564 ============================================================
09:59:07.0984 1564 C: <-> \Device\Harddisk0\DR0\Partition0
09:59:08.0015 1564 D: <-> \Device\Harddisk0\DR0\Partition1
09:59:08.0218 1564 E: <-> \Device\Harddisk1\DR1\Partition0
09:59:08.0218 1564 ============================================================
09:59:08.0218 1564 Initialize success
09:59:08.0218 1564 ============================================================
09:59:15.0328 1584 ============================================================
09:59:15.0328 1584 Scan started
09:59:15.0328 1584 Mode: Manual;
09:59:15.0328 1584 ============================================================
09:59:15.0468 1584 Abiosdsk - ok
09:59:15.0484 1584 abp480n5 - ok
09:59:15.0531 1584 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:59:15.0531 1584 ACPI - ok
09:59:15.0546 1584 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:59:15.0562 1584 ACPIEC - ok
09:59:15.0625 1584 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:59:15.0640 1584 AdobeFlashPlayerUpdateSvc - ok
09:59:15.0656 1584 adpu160m - ok
09:59:15.0703 1584 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:59:15.0765 1584 aec - ok
09:59:15.0781 1584 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:59:15.0796 1584 AFD - ok
09:59:15.0796 1584 Aha154x - ok
09:59:15.0812 1584 aic78u2 - ok
09:59:15.0843 1584 aic78xx - ok
09:59:15.0875 1584 Alerter (14a077ad0cf6116d1102631d8e1edee8) C:\WINDOWS\system32\alrsvc.dll
09:59:15.0875 1584 Alerter - ok
09:59:15.0890 1584 ALG (79fe2e0d7859738225816658f0bb2a0d) C:\WINDOWS\System32\alg.exe
09:59:15.0890 1584 ALG - ok
09:59:15.0906 1584 AliIde - ok
09:59:16.0000 1584 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
09:59:16.0031 1584 Ambfilt - ok
09:59:16.0062 1584 amsint - ok
09:59:16.0140 1584 AntiVirScheduler (349a0e0039141c9b32e1f6bea860560f) C:\Programmi\Avira\AntiVir Desktop\sched.exe
09:59:16.0140 1584 AntiVirScheduler - ok
09:59:16.0171 1584 AntiVirService (445c1a3f7a5a8d0454c8944115e69f18) C:\Programmi\Avira\AntiVir Desktop\avguard.exe
09:59:16.0171 1584 AntiVirService - ok
09:59:16.0218 1584 AppMgmt (9062ed05b7519324fd7f0d6afb9d1147) C:\WINDOWS\System32\appmgmts.dll
09:59:16.0218 1584 AppMgmt - ok
09:59:16.0218 1584 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:59:16.0218 1584 Arp1394 - ok
09:59:16.0250 1584 asc - ok
09:59:16.0265 1584 asc3350p - ok
09:59:16.0281 1584 asc3550 - ok
09:59:16.0359 1584 asComSvc (fb03a917c1294d3e6d671f24722e1ba3) C:\Programmi\ASUS\AXSP\1.00.13\atkexComSvc.exe
09:59:16.0375 1584 asComSvc - ok
09:59:16.0406 1584 asHmComSvc (a63173897ea1a73a75d0e65036de5b15) C:\Programmi\ASUS\AAHM\1.00.13\aaHMSvc.exe
09:59:16.0421 1584 asHmComSvc - ok
09:59:16.0453 1584 AsIO (419f3128e01b5ac038efd500314f62b8) C:\WINDOWS\system32\drivers\AsIO.sys
09:59:16.0453 1584 AsIO - ok
09:59:16.0500 1584 asmthub3 (3413610c3956765dbb2ef656019929fb) C:\WINDOWS\system32\DRIVERS\asmthub3.sys
09:59:16.0500 1584 asmthub3 - ok
09:59:16.0531 1584 asmtxhci (f8074a66210abbb28f855269b3c14cb2) C:\WINDOWS\system32\DRIVERS\asmtxhci.sys
09:59:16.0531 1584 asmtxhci - ok
09:59:16.0578 1584 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:59:16.0578 1584 aspnet_state - ok
09:59:16.0609 1584 AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Programmi\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
09:59:16.0625 1584 AsSysCtrlService - ok
09:59:16.0625 1584 AsUpIO (a9a565c669786c402752f609afdd0dd5) C:\WINDOWS\system32\drivers\AsUpIO.sys
09:59:16.0625 1584 AsUpIO - ok
09:59:16.0656 1584 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:59:16.0656 1584 AsyncMac - ok
09:59:16.0671 1584 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:59:16.0671 1584 atapi - ok
09:59:16.0687 1584 Atdisk - ok
09:59:16.0718 1584 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:59:16.0718 1584 Atmarpc - ok
09:59:16.0750 1584 AudioSrv (1b58d118049304e88464be614c6d0014) C:\WINDOWS\System32\audiosrv.dll
09:59:16.0750 1584 AudioSrv - ok
09:59:16.0765 1584 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:59:16.0765 1584 audstub - ok
09:59:16.0781 1584 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programmi\Avira\AntiVir Desktop\avgio.sys
09:59:16.0781 1584 avgio - ok
09:59:16.0796 1584 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
09:59:16.0796 1584 avgntflt - ok
09:59:16.0812 1584 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
09:59:16.0828 1584 avipbb - ok
09:59:16.0859 1584 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:59:16.0859 1584 Beep - ok
09:59:16.0890 1584 BITS (48c4763a9c8990fb48b73445beb15d6a) C:\WINDOWS\system32\qmgr.dll
09:59:16.0937 1584 BITS - ok
09:59:16.0984 1584 Browser (4314623fd836e96a51343ce5c74b48a8) C:\WINDOWS\System32\browser.dll
09:59:16.0984 1584 Browser - ok
09:59:17.0000 1584 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:59:17.0000 1584 cbidf2k - ok
09:59:17.0015 1584 cd20xrnt - ok
09:59:17.0046 1584 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:59:17.0046 1584 Cdaudio - ok
09:59:17.0093 1584 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:59:17.0093 1584 Cdfs - ok
09:59:17.0109 1584 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:59:17.0109 1584 Cdrom - ok
09:59:17.0125 1584 CiSvc (d04f2beb5ea63d0766e12e44aef7c38d) C:\WINDOWS\system32\cisvc.exe
09:59:17.0125 1584 CiSvc - ok
09:59:17.0156 1584 ClipSrv (48cb1defa1a6506c3cf09e4950f82ef6) C:\WINDOWS\system32\clipsrv.exe
09:59:17.0156 1584 ClipSrv - ok
09:59:17.0187 1584 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:59:17.0187 1584 clr_optimization_v2.0.50727_32 - ok
09:59:17.0203 1584 CmdIde - ok
09:59:17.0218 1584 COMSysApp - ok
09:59:17.0250 1584 Cpqarray - ok
09:59:17.0296 1584 CryptSvc (b6fcbb157e9c8abdca4134c535535a8b) C:\WINDOWS\System32\cryptsvc.dll
09:59:17.0296 1584 CryptSvc - ok
09:59:17.0296 1584 dac2w2k - ok
09:59:17.0328 1584 dac960nt - ok
09:59:17.0375 1584 DcomLaunch (bc4e0226341aaec1222336b3aed86bab) C:\WINDOWS\system32\rpcss.dll
09:59:17.0375 1584 DcomLaunch - ok
09:59:17.0390 1584 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\WINDOWS\system32\Drivers\DgiVecp.sys
09:59:17.0390 1584 DgiVecp - ok
09:59:17.0421 1584 Dhcp (699ee7f752a25180aeb92c3a0eaee440) C:\WINDOWS\System32\dhcpcsvc.dll
09:59:17.0421 1584 Dhcp - ok
09:59:17.0437 1584 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:59:17.0437 1584 Disk - ok
09:59:17.0453 1584 dmadmin - ok
09:59:17.0546 1584 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
09:59:17.0562 1584 dmboot - ok
09:59:17.0578 1584 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
09:59:17.0578 1584 dmio - ok
09:59:17.0593 1584 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:59:17.0593 1584 dmload - ok
09:59:17.0625 1584 dmserver (a01858c50704b2d2edeebbf6bbbced2a) C:\WINDOWS\System32\dmserver.dll
09:59:17.0625 1584 dmserver - ok
09:59:17.0656 1584 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:59:17.0656 1584 DMusic - ok
09:59:17.0671 1584 Dnscache (b7a1162b1a26df7b60d5d9500006096c) C:\WINDOWS\System32\dnsrslvr.dll
09:59:17.0671 1584 Dnscache - ok
09:59:17.0718 1584 Dot3svc (d580d77dff316bd8c9d73b38695de8dc) C:\WINDOWS\System32\dot3svc.dll
09:59:17.0718 1584 Dot3svc - ok
09:59:17.0734 1584 dpti2o - ok
09:59:17.0750 1584 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:59:17.0750 1584 drmkaud - ok
09:59:17.0781 1584 EapHost (86b1f123bacd444e81960b339bae3ff2) C:\WINDOWS\System32\eapsvc.dll
09:59:17.0781 1584 EapHost - ok
09:59:17.0796 1584 ERSvc (b6599eda9f3ebef064504ee35bbeca1c) C:\WINDOWS\System32\ersvc.dll
09:59:17.0796 1584 ERSvc - ok
09:59:17.0859 1584 Eventlog (26845f272435302e0f3322e660a24f7d) C:\WINDOWS\system32\services.exe
09:59:17.0859 1584 Eventlog - ok
09:59:17.0890 1584 EventSystem (8360cb9756e598a5c6214eacfb3677c3) C:\WINDOWS\system32\es.dll
09:59:17.0890 1584 EventSystem - ok
09:59:17.0906 1584 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:59:17.0906 1584 Fastfat - ok
09:59:17.0937 1584 FastUserSwitchingCompatibility (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
09:59:17.0937 1584 FastUserSwitchingCompatibility - ok
09:59:17.0953 1584 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:59:17.0953 1584 Fdc - ok
09:59:17.0968 1584 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
09:59:17.0968 1584 Fips - ok
09:59:17.0984 1584 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:59:17.0984 1584 Flpydisk - ok
09:59:18.0015 1584 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:59:18.0015 1584 FltMgr - ok
09:59:18.0062 1584 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:59:18.0062 1584 FontCache3.0.0.0 - ok
09:59:18.0078 1584 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:59:18.0078 1584 Fs_Rec - ok
09:59:18.0093 1584 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:59:18.0093 1584 Ftdisk - ok
09:59:18.0125 1584 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:59:18.0125 1584 Gpc - ok
09:59:18.0187 1584 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programmi\Google\Update\GoogleUpdate.exe
09:59:18.0187 1584 gupdate - ok
09:59:18.0203 1584 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programmi\Google\Update\GoogleUpdate.exe
09:59:18.0203 1584 gupdatem - ok
09:59:18.0234 1584 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:59:18.0234 1584 HDAudBus - ok
09:59:18.0265 1584 helpsvc (6ce66b51b4eb23d9d073f92698c55c8d) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:59:18.0265 1584 helpsvc - ok
09:59:18.0281 1584 HidServ (43d985a9a51e0295091b6ebe84c96b78) C:\WINDOWS\System32\hidserv.dll
09:59:18.0281 1584 HidServ - ok
09:59:18.0312 1584 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:59:18.0312 1584 HidUsb - ok
09:59:18.0328 1584 hkmsvc (00cad842f48947887a972828aca665f7) C:\WINDOWS\System32\kmsvc.dll
09:59:18.0328 1584 hkmsvc - ok
09:59:18.0343 1584 hpn - ok
09:59:18.0390 1584 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:59:18.0390 1584 HTTP - ok
09:59:18.0421 1584 HTTPFilter (450091aebfcd08e5858533eab5b9a436) C:\WINDOWS\System32\w3ssl.dll
09:59:18.0437 1584 HTTPFilter - ok
09:59:18.0437 1584 i2omp - ok
09:59:18.0468 1584 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:59:18.0468 1584 i8042prt - ok
09:59:18.0515 1584 iaStor (f4037a3fedb92dd97c95f320766ea5c9) C:\WINDOWS\system32\drivers\iaStor.sys
09:59:18.0515 1584 iaStor - ok
09:59:18.0562 1584 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Programmi\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
09:59:18.0562 1584 IAStorDataMgrSvc - ok
09:59:18.0640 1584 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:59:18.0656 1584 idsvc - ok
09:59:18.0671 1584 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:59:18.0671 1584 Imapi - ok
09:59:18.0703 1584 ImapiService (db491237445f172fdddf00541de1a51d) C:\WINDOWS\system32\imapi.exe
09:59:18.0703 1584 ImapiService - ok
09:59:18.0734 1584 ini910u - ok
09:59:18.0968 1584 IntcAzAudAddService (f6f61cf1e7e72806ce9200a33d81e150) C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:59:19.0046 1584 IntcAzAudAddService - ok
09:59:19.0109 1584 IntelIde - ok
09:59:19.0125 1584 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:59:19.0125 1584 intelppm - ok
09:59:19.0156 1584 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:59:19.0156 1584 Ip6Fw - ok
09:59:19.0171 1584 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:59:19.0171 1584 IpFilterDriver - ok
09:59:19.0187 1584 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:59:19.0187 1584 IpInIp - ok
09:59:19.0218 1584 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:59:19.0218 1584 IpNat - ok
09:59:19.0234 1584 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:59:19.0234 1584 IPSec - ok
09:59:19.0265 1584 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:59:19.0265 1584 IRENUM - ok
09:59:19.0281 1584 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:59:19.0281 1584 isapnp - ok
09:59:19.0328 1584 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Programmi\Java\jre6\bin\jqs.exe
09:59:19.0328 1584 JavaQuickStarterService - ok
09:59:19.0343 1584 JRAID (44b2aa8d7c28608e29eae6ddc64da7cd) C:\WINDOWS\system32\DRIVERS\jraid.sys
09:59:19.0343 1584 JRAID - ok
09:59:19.0359 1584 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:59:19.0359 1584 Kbdclass - ok
09:59:19.0375 1584 kbdhid (4c61c226bdda2ef1672b2c5f4e56625e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:59:19.0375 1584 kbdhid - ok
09:59:19.0406 1584 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:59:19.0421 1584 kmixer - ok
09:59:19.0437 1584 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:59:19.0437 1584 KSecDD - ok
09:59:19.0468 1584 lanmanserver (0f726d49c0b19e5a506a1cdfce0ee42f) C:\WINDOWS\System32\srvsvc.dll
09:59:19.0468 1584 lanmanserver - ok
09:59:19.0500 1584 lanmanworkstation (e13b0181dda60b93e3253eff52a79cbe) C:\WINDOWS\System32\wkssvc.dll
09:59:19.0515 1584 lanmanworkstation - ok
09:59:19.0562 1584 lfsfilt (762ba43f094a026b70c2eb06e3599d4f) C:\WINDOWS\system32\DRIVERS\lfsfilt.sys
09:59:19.0578 1584 lfsfilt - ok
09:59:19.0593 1584 LmHosts (e01255727d0b158538d7c2b469b533a8) C:\WINDOWS\System32\lmhsvc.dll
09:59:19.0593 1584 LmHosts - ok
09:59:19.0609 1584 lpx (47aa61488ce23c1fad35b43bc676aa1f) C:\WINDOWS\system32\DRIVERS\lpx.sys
09:59:19.0625 1584 lpx - ok
09:59:19.0640 1584 Messenger (3b32f662c8607e891f325e41f7ee225c) C:\WINDOWS\System32\msgsvc.dll
09:59:19.0640 1584 Messenger - ok
09:59:19.0656 1584 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:59:19.0656 1584 mnmdd - ok
09:59:19.0671 1584 mnmsrvc (514a299ec926baada3c718b171476aa4) C:\WINDOWS\system32\mnmsrvc.exe
09:59:19.0671 1584 mnmsrvc - ok
09:59:19.0703 1584 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
09:59:19.0703 1584 Modem - ok
09:59:19.0765 1584 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
09:59:19.0796 1584 Monfilt - ok
09:59:19.0812 1584 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:59:19.0812 1584 Mouclass - ok
09:59:19.0843 1584 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:59:19.0843 1584 mouhid - ok
09:59:19.0859 1584 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:59:19.0859 1584 MountMgr - ok
09:59:19.0875 1584 mraid35x - ok
09:59:19.0921 1584 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:59:19.0921 1584 MRxDAV - ok
09:59:19.0953 1584 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:59:19.0953 1584 MRxSmb - ok
09:59:19.0968 1584 MSDTC (01f77e9e473235c31796ade46107b0ad) C:\WINDOWS\system32\msdtc.exe
09:59:19.0968 1584 MSDTC - ok
09:59:20.0000 1584 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:59:20.0000 1584 Msfs - ok
09:59:20.0015 1584 MSIServer - ok
09:59:20.0046 1584 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:59:20.0046 1584 MSKSSRV - ok
09:59:20.0062 1584 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:59:20.0062 1584 MSPCLOCK - ok
09:59:20.0078 1584 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:59:20.0078 1584 MSPQM - ok
09:59:20.0093 1584 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:59:20.0093 1584 mssmbios - ok
09:59:20.0125 1584 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:59:20.0125 1584 Mup - ok
09:59:20.0156 1584 napagent (911587fd303c9690a428bb4b04732b61) C:\WINDOWS\System32\qagentrt.dll
09:59:20.0156 1584 napagent - ok
09:59:20.0281 1584 NBService (6d8fcdd5bb3b676ef58fa234073492c6) C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
09:59:20.0281 1584 NBService - ok
09:59:20.0312 1584 ndasbus (c5cfa28cdb752d71a3f1940458886ed4) C:\WINDOWS\system32\DRIVERS\ndasbus.sys
09:59:20.0312 1584 ndasbus - ok
09:59:20.0359 1584 ndasfat (1f5872cd8eea9f3906c4b01c70a11dc4) C:\WINDOWS\system32\DRIVERS\ndasfat.sys
09:59:20.0359 1584 ndasfat - ok
09:59:20.0390 1584 ndasfs (343756f332eb1159c60b175bf49a0858) C:\WINDOWS\system32\DRIVERS\ndasfs.sys
09:59:20.0390 1584 ndasfs - ok
09:59:20.0437 1584 ndasrofs (2ee444370ef4a542282aa96789ea50e6) C:\WINDOWS\system32\DRIVERS\ndasrofs.sys
09:59:20.0437 1584 ndasrofs - ok
09:59:20.0484 1584 ndasscsi (6f4ec815a7fa64c2f4531042c6d3d54d) C:\WINDOWS\system32\DRIVERS\ndasscsi.sys
09:59:20.0500 1584 ndasscsi - ok
09:59:20.0515 1584 ndassvc (3268ac4da9391ab06ff421ac0f0f6f8a) C:\Programmi\NDAS\System\ndassvc.exe
09:59:20.0515 1584 ndassvc - ok
09:59:20.0546 1584 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:59:20.0546 1584 NDIS - ok
09:59:20.0562 1584 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:59:20.0562 1584 NdisTapi - ok
09:59:20.0578 1584 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:59:20.0578 1584 Ndisuio - ok
09:59:20.0593 1584 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:59:20.0593 1584 NdisWan - ok
09:59:20.0625 1584 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:59:20.0625 1584 NDProxy - ok
09:59:20.0640 1584 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:59:20.0640 1584 NetBIOS - ok
09:59:20.0671 1584 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:59:20.0687 1584 NetBT - ok
09:59:20.0718 1584 NetDDE (1b09227e41f414a93dbc0baf80c4d527) C:\WINDOWS\system32\netdde.exe
09:59:20.0718 1584 NetDDE - ok
09:59:20.0718 1584 NetDDEdsdm (1b09227e41f414a93dbc0baf80c4d527) C:\WINDOWS\system32\netdde.exe
09:59:20.0718 1584 NetDDEdsdm - ok
09:59:20.0765 1584 Netlogon (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
09:59:20.0765 1584 Netlogon - ok
09:59:20.0781 1584 Netman (02815b70fc4ca8611a926176f1c39fc2) C:\WINDOWS\System32\netman.dll
09:59:20.0843 1584 Netman - ok
09:59:20.0921 1584 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:59:20.0921 1584 NetTcpPortSharing - ok
09:59:20.0937 1584 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:59:20.0937 1584 NIC1394 - ok
09:59:20.0968 1584 Nla (c6b69a18d39744725fb73ac85e46032b) C:\WINDOWS\System32\mswsock.dll
09:59:20.0968 1584 Nla - ok
09:59:21.0031 1584 NMIndexingService (e32686b4e27d11f83e3f2844e104c66c) C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
09:59:21.0046 1584 NMIndexingService - ok
09:59:21.0046 1584 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:59:21.0046 1584 Npfs - ok
09:59:21.0093 1584 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:59:21.0093 1584 Ntfs - ok
09:59:21.0109 1584 NtLmSsp (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
09:59:21.0109 1584 NtLmSsp - ok
09:59:21.0171 1584 NtmsSvc (89db90b5f35d2795d9fc56d933cc72b8) C:\WINDOWS\system32\ntmssvc.dll
09:59:21.0187 1584 NtmsSvc - ok
09:59:21.0203 1584 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:59:21.0203 1584 Null - ok
09:59:21.0515 1584 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:59:21.0656 1584 nv - ok
09:59:21.0734 1584 nvsvc (a2322c6207ebb0761a6c8cc9003ebacf) C:\WINDOWS\system32\nvsvc32.exe
09:59:21.0734 1584 nvsvc - ok
09:59:21.0750 1584 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:59:21.0750 1584 NwlnkFlt - ok
09:59:21.0765 1584 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:59:21.0765 1584 NwlnkFwd - ok
09:59:21.0781 1584 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:59:21.0796 1584 ohci1394 - ok
09:59:21.0828 1584 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
09:59:21.0828 1584 ose - ok
09:59:21.0843 1584 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\DRIVERS\parport.sys
09:59:21.0843 1584 Parport - ok
09:59:21.0859 1584 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:59:21.0859 1584 PartMgr - ok
09:59:21.0890 1584 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
09:59:21.0890 1584 ParVdm - ok
09:59:21.0921 1584 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
09:59:21.0921 1584 PCI - ok
09:59:21.0937 1584 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:59:21.0937 1584 PCIIde - ok
09:59:21.0968 1584 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:59:21.0968 1584 Pcmcia - ok
09:59:21.0968 1584 perc2 - ok
09:59:22.0000 1584 perc2hib - ok
09:59:22.0078 1584 PlugPlay (26845f272435302e0f3322e660a24f7d) C:\WINDOWS\system32\services.exe
09:59:22.0078 1584 PlugPlay - ok
09:59:22.0093 1584 PolicyAgent (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
09:59:22.0093 1584 PolicyAgent - ok
09:59:22.0125 1584 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:59:22.0125 1584 PptpMiniport - ok
09:59:22.0125 1584 ProtectedStorage (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
09:59:22.0125 1584 ProtectedStorage - ok
09:59:22.0156 1584 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:59:22.0156 1584 PSched - ok
09:59:22.0171 1584 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:59:22.0171 1584 Ptilink - ok
09:59:22.0187 1584 ql1080 - ok
09:59:22.0203 1584 Ql10wnt - ok
09:59:22.0218 1584 ql12160 - ok
09:59:22.0250 1584 ql1240 - ok
09:59:22.0265 1584 ql1280 - ok
09:59:22.0281 1584 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:59:22.0281 1584 RasAcd - ok
09:59:22.0328 1584 RasAuto (9839b418343d6e6e52659bdf3ff1fe67) C:\WINDOWS\System32\rasauto.dll
09:59:22.0328 1584 RasAuto - ok
09:59:22.0343 1584 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:59:22.0343 1584 Rasl2tp - ok
09:59:22.0375 1584 RasMan (62ad41548e720db4763b86f95e44f3fa) C:\WINDOWS\System32\rasmans.dll
09:59:22.0375 1584 RasMan - ok
09:59:22.0375 1584 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:59:22.0375 1584 RasPppoe - ok
09:59:22.0406 1584 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:59:22.0406 1584 Raspti - ok
09:59:22.0437 1584 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:59:22.0437 1584 Rdbss - ok
09:59:22.0453 1584 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:59:22.0453 1584 RDPCDD - ok
09:59:22.0484 1584 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:59:22.0484 1584 rdpdr - ok
09:59:22.0531 1584 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
09:59:22.0531 1584 RDPWD - ok
09:59:22.0562 1584 RDSessMgr (cc72e6ae90245f0ae48bf1236a7e1f9c) C:\WINDOWS\system32\sessmgr.exe
09:59:22.0562 1584 RDSessMgr - ok
09:59:22.0593 1584 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:59:22.0593 1584 redbook - ok
09:59:22.0609 1584 RemoteAccess (7ebbf16fbd3e0e34f084fa635c1844e3) C:\WINDOWS\System32\mprdim.dll
09:59:22.0625 1584 RemoteAccess - ok
09:59:22.0640 1584 RemoteRegistry (f667a41bced959988e53feecc8bf5da0) C:\WINDOWS\system32\regsvc.dll
09:59:22.0640 1584 RemoteRegistry - ok
09:59:22.0671 1584 RpcLocator (dc97f6c8a94691834439872b9e8ff2b3) C:\WINDOWS\system32\locator.exe
09:59:22.0671 1584 RpcLocator - ok
09:59:22.0703 1584 RpcSs (bc4e0226341aaec1222336b3aed86bab) C:\WINDOWS\System32\rpcss.dll
09:59:22.0703 1584 RpcSs - ok
09:59:22.0750 1584 RSVP (dce0d20f8fb66df41d53734bff9d66f0) C:\WINDOWS\system32\rsvp.exe
09:59:22.0750 1584 RSVP - ok
09:59:22.0765 1584 RTLE8023xp (1323ba3ca4e8d863eb00cd81c0aaf356) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
09:59:22.0765 1584 RTLE8023xp - ok
09:59:22.0781 1584 SamSs (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
09:59:22.0781 1584 SamSs - ok
09:59:22.0812 1584 Samsung Network Fax Server (1f6e96df66f941e9380822dbdd90fa73) C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe
09:59:22.0828 1584 Samsung Network Fax Server - ok
09:59:22.0859 1584 SCardSvr (1d456f1cd76a80793c07ba52cf3a7455) C:\WINDOWS\System32\SCardSvr.exe
09:59:22.0859 1584 SCardSvr - ok
09:59:22.0890 1584 Schedule (511886e5bd060046cce8373e92e62edf) C:\WINDOWS\system32\schedsvc.dll
09:59:22.0890 1584 Schedule - ok
09:59:22.0921 1584 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:59:22.0921 1584 Secdrv - ok
09:59:22.0937 1584 seclogon (17c6354ca08e7c7972e12c67478ae134) C:\WINDOWS\System32\seclogon.dll
09:59:22.0937 1584 seclogon - ok
09:59:22.0953 1584 SENS (a0eca1ce0fccb29c5e4e1f416e95e73e) C:\WINDOWS\system32\sens.dll
09:59:22.0953 1584 SENS - ok
09:59:22.0984 1584 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:59:22.0984 1584 serenum - ok
09:59:23.0000 1584 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\DRIVERS\serial.sys
09:59:23.0000 1584 Serial - ok
09:59:23.0046 1584 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
09:59:23.0046 1584 Sfloppy - ok
09:59:23.0093 1584 SharedAccess (152c0555925dfe028e3148fd215146bb) C:\WINDOWS\System32\ipnathlp.dll
09:59:23.0093 1584 SharedAccess - ok
09:59:23.0125 1584 ShellHWDetection (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
09:59:23.0125 1584 ShellHWDetection - ok
09:59:23.0125 1584 Simbad - ok
09:59:23.0218 1584 SliceDisk5 (bc688096a4d7bdad69da119c52568de8) C:\Programmi\A-FF Find and Mount\slicedisk.sys
09:59:23.0218 1584 SliceDisk5 - ok
09:59:23.0250 1584 snapman (e92be8a451c56b5506f0f3eba2a3628e) C:\WINDOWS\system32\DRIVERS\snapman.sys
09:59:23.0250 1584 snapman - ok
09:59:23.0265 1584 Sparrow - ok
09:59:23.0296 1584 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:59:23.0296 1584 splitter - ok
09:59:23.0312 1584 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:59:23.0312 1584 Spooler - ok
09:59:23.0359 1584 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
09:59:23.0359 1584 sptd - ok
09:59:23.0375 1584 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
09:59:23.0375 1584 sr - ok
09:59:23.0406 1584 srservice (b3e3da70a7a76e69b872de3d06d32c19) C:\WINDOWS\system32\srsvc.dll
09:59:23.0406 1584 srservice - ok
09:59:23.0421 1584 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:59:23.0437 1584 Srv - ok
09:59:23.0453 1584 SSDPSRV (5215569dd3a8fbc65a85e85f3c12258b) C:\WINDOWS\System32\ssdpsrv.dll
09:59:23.0468 1584 SSDPSRV - ok
09:59:23.0484 1584 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
09:59:23.0484 1584 ssmdrv - ok
09:59:23.0500 1584 stisvc (3b9263e137896e4d303494f116e00608) C:\WINDOWS\system32\wiaservc.dll
09:59:23.0515 1584 stisvc - ok
09:59:23.0515 1584 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:59:23.0515 1584 swenum - ok
09:59:23.0531 1584 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:59:23.0546 1584 swmidi - ok
09:59:23.0562 1584 SwPrv - ok
09:59:23.0578 1584 symc810 - ok
09:59:23.0609 1584 symc8xx - ok
09:59:23.0625 1584 sym_hi - ok
09:59:23.0640 1584 sym_u3 - ok
09:59:23.0671 1584 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:59:23.0687 1584 sysaudio - ok
09:59:23.0703 1584 SysmonLog (a34a9a872eec4c026fd542ac7156fe0b) C:\WINDOWS\system32\smlogsvc.exe
09:59:23.0703 1584 SysmonLog - ok
09:59:23.0734 1584 TapiSrv (6b85f1a9dce45d45bffad3222c21f297) C:\WINDOWS\System32\tapisrv.dll
09:59:23.0734 1584 TapiSrv - ok
09:59:23.0765 1584 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:59:23.0781 1584 Tcpip - ok
09:59:23.0796 1584 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:59:23.0796 1584 TDPIPE - ok
09:59:23.0812 1584 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:59:23.0812 1584 TDTCP - ok
09:59:23.0828 1584 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:59:23.0828 1584 TermDD - ok
09:59:23.0875 1584 TermService (fe5a5329ccfc33d645c33077ff04f052) C:\WINDOWS\System32\termsrv.dll
09:59:23.0875 1584 TermService - ok
09:59:23.0890 1584 Themes (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
09:59:23.0890 1584 Themes - ok
09:59:23.0921 1584 TlntSvr (2fff150ea4396956f10b66211687f335) C:\WINDOWS\system32\tlntsvr.exe
09:59:23.0921 1584 TlntSvr - ok
09:59:23.0937 1584 TosIde - ok
09:59:23.0953 1584 TrkWks (690294999df1248faf85d95b31955d0c) C:\WINDOWS\system32\trkwks.dll
09:59:23.0953 1584 TrkWks - ok
09:59:23.0984 1584 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:59:23.0984 1584 Udfs - ok
09:59:24.0000 1584 ultra - ok
09:59:24.0031 1584 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
09:59:24.0031 1584 UMWdf - ok
09:59:24.0062 1584 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:59:24.0062 1584 Update - ok
09:59:24.0109 1584 upnphost (8057b0744d9842a090e51d2845861d5f) C:\WINDOWS\System32\upnphost.dll
09:59:24.0109 1584 upnphost - ok
09:59:24.0125 1584 UPS (f5e8b846ec10e1df8dca64119e2eb709) C:\WINDOWS\System32\ups.exe
09:59:24.0125 1584 UPS - ok
09:59:24.0156 1584 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:59:24.0156 1584 usbccgp - ok
09:59:24.0171 1584 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:59:24.0171 1584 usbehci - ok
09:59:24.0187 1584 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:59:24.0187 1584 usbhub - ok
09:59:24.0218 1584 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:59:24.0218 1584 usbprint - ok
09:59:24.0250 1584 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:59:24.0250 1584 usbscan - ok
09:59:24.0265 1584 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:59:24.0265 1584 usbstor - ok
09:59:24.0281 1584 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:59:24.0281 1584 VgaSave - ok
09:59:24.0296 1584 ViaIde - ok
09:59:24.0312 1584 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
09:59:24.0312 1584 VolSnap - ok
09:59:24.0359 1584 VSS (c2fe17125256102f5b44194d5db0a799) C:\WINDOWS\System32\vssvc.exe
09:59:24.0359 1584 VSS - ok
09:59:24.0390 1584 W32Time (2969dd84b584a6bb541a5273103957a3) C:\WINDOWS\system32\w32time.dll
09:59:24.0390 1584 W32Time - ok
09:59:24.0406 1584 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:59:24.0406 1584 Wanarp - ok
09:59:24.0437 1584 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:59:24.0437 1584 wdmaud - ok
09:59:24.0468 1584 WebClient (2ec50ee79b65f60c8e8b4a03bbb3a42f) C:\WINDOWS\System32\webclnt.dll
09:59:24.0468 1584 WebClient - ok
09:59:24.0515 1584 winmgmt (40911e98d0f1cbb1015f2101982f1ddf) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:59:24.0515 1584 winmgmt - ok
09:59:24.0578 1584 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
09:59:24.0578 1584 WmdmPmSN - ok
09:59:24.0625 1584 Wmi (f63cb6dbe268ea0620c67a90cf43885e) C:\WINDOWS\System32\advapi32.dll
09:59:24.0640 1584 Wmi - ok
09:59:24.0656 1584 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:59:24.0656 1584 WmiAcpi - ok
09:59:24.0671 1584 WmiApSrv (81fd02839fdb10acf0ec40b809b9f8cc) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:59:24.0687 1584 WmiApSrv - ok
09:59:24.0687 1584 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:59:24.0687 1584 WS2IFSL - ok
09:59:24.0718 1584 wscsvc (926d921c93cff1e19ef4de3e4c8368ca) C:\WINDOWS\system32\wscsvc.dll
09:59:24.0734 1584 wscsvc - ok
09:59:24.0750 1584 wuauserv (cc48415e6c7cbaa441a3d6a6dccbcfa6) C:\WINDOWS\system32\wuauserv.dll
09:59:24.0781 1584 wuauserv - ok
09:59:24.0843 1584 WZCSVC (053e0307a08cac60793e27e921b46b3e) C:\WINDOWS\System32\wzcsvc.dll
09:59:24.0843 1584 WZCSVC - ok
09:59:24.0875 1584 xmlprov (5526482dcba6047641b13bf9c75a74e0) C:\WINDOWS\System32\xmlprov.dll
09:59:24.0875 1584 xmlprov - ok
09:59:24.0937 1584 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
09:59:25.0171 1584 \Device\Harddisk0\DR0 - ok
09:59:25.0203 1584 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
09:59:25.0296 1584 \Device\Harddisk1\DR1 - ok
09:59:25.0312 1584 MBR (0x1B8) (dc482dec776c12f1b2b7ec94277f5e39) \Device\Harddisk2\DR7
09:59:27.0046 1584 \Device\Harddisk2\DR7 - ok
09:59:27.0062 1584 Boot (0x1200) (f1234bfe8429dc939e0bafcdd8a5f46d) \Device\Harddisk0\DR0\Partition0
09:59:27.0062 1584 \Device\Harddisk0\DR0\Partition0 - ok
09:59:27.0093 1584 Boot (0x1200) (96f0222a524c1d501558aa2e76a92f62) \Device\Harddisk0\DR0\Partition1
09:59:27.0093 1584 \Device\Harddisk0\DR0\Partition1 - ok
09:59:27.0109 1584 Boot (0x1200) (07e3721373ae4fe083df9008266a7d22) \Device\Harddisk1\DR1\Partition0
09:59:27.0109 1584 \Device\Harddisk1\DR1\Partition0 - ok
09:59:27.0109 1584 ============================================================
09:59:27.0109 1584 Scan finished
09:59:27.0109 1584 ============================================================
09:59:27.0140 1576 Detected object count: 0
09:59:27.0140 1576 Actual detected object count: 0
09:59:49.0984 1560 Deinitialize success
Taffazzi
Utente Junior
 
Post: 11
Iscritto il: 01/05/12 14:16

Re: Ancora UKASH!

Postdi FrancescoFDAC » 27/07/12 12:03

Dai log postati non risultano infezioni attive.

Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe
● posiziona il tool sul Desktop
termina tutti i programmi attivi, comprese le pagine Internet
● avvia il tool con un doppio click
● clicca, in basso a sinistra, sul pulsante Start
scomparirà, per qualche istante, il Desktop: nulla di cui preoccuparsi
● attendi pazientemente il termine delle operazioni
● clicca, in basso a destra, sul pulsante Exit
● una volta terminate le operazioni, chiudi il programma

Nota - riguardo al programma:
TFC by OldTimer serve ad eliminare i file temporeanei di tutti gli utenti, con facilità e velocemente

Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
● posiziona il tool sul Desktop
● chiudi tutti i programmi attivi
● avvia il tool con un doppio click
● clicca sul pulsante CleanUp!
● il programma chiede di riavviare il sistema: consenti, cliccando su Yes per due volte

Nota - riguardo al programma:
OTC by OldTimer serve ad eliminare i programmi che abbiamo utilizzato per la pulizia (ComboFix in particolare) in modo automatico e preciso: al riavvio non noterai più l'icona di ComboFix, è del tutto normale
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Ancora UKASH!

Postdi Luke57 » 27/07/12 12:10

Ciao Tafazzi, questo è un falso, C:\Documents and Settings\Chicco\Menu Avvio\Programmi\Esecuzione automatica\ctfmon.lnk, Elimina ctfmon.lnk e riavvia

poi esegui questo script con Otl.exe

:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 39691 = C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\mssoucweh.exe

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: Ancora UKASH!

Postdi Taffazzi » 27/07/12 13:24

Grazie mille!
Adesso sembra funzionare. In effetti, prima dell'ultimo suggerimento di Luke il problema persisteva, adesso sembra essere risolto.
Spero di aver fatto bene: Con OTL ho incollato lo script in "Custom scans/files" e poi ho scelto "Run fix". Giusto?
Per tranquillità , allego il log di OTL qua sotto.

Devo fare altri controlli? O solo la pulizia descritta da Francesco?
Ancora grazie a tutti e due, siete fantastici, davvero...


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\39691 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chicco
->Temp folder emptied: 1192859 bytes
->Temporary Internet Files folder emptied: 4451705 bytes
->Java cache emptied: 8032317 bytes
->FireFox cache emptied: 65321537 bytes
->Google Chrome cache emptied: 8566525 bytes
->Flash cache emptied: 23295 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 42570 bytes

Total Files Cleaned = 84,00 mb


[EMPTYFLASH]

User: All Users

User: Chicco
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.54.1 log created on 07272012_141335

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Taffazzi
Utente Junior
 
Post: 11
Iscritto il: 01/05/12 14:16

Re: Ancora UKASH!

Postdi FrancescoFDAC » 27/07/12 18:24

Luke, sei di gran lunga il migliore ;)

Posso chiederti in privato, quando ho bisogno che tu intervenga?

Grazie,
Francesco.
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53


Torna a Sicurezza e Privacy


Topic correlati a "Ancora UKASH!":


Chi c’è in linea

Visitano il forum: Nessuno e 25 ospiti

cron