CPU al 100% per colpa di virus?

[Vongian]

Ho aperto questa stessa discussione nella sezione sbagliata, per questo motivo la riapro qui, quindi, vi prego, non me ne vogliate!!!

Salve, sono nuovo nel forum e spero mi possiate aiutare (perché in altri forum non mi hanno neanche risposto).
Dunque, premetto che ho trovato un post simile a quello che sto aprendo qui, ma ho letto tutto e ho visto che a ogni nuovo intervento, si invitava l'utente ad aprire un nuovo topic, ecco perché apro uno nuovo di zecca.

Dunque, il mio problema è il seguente: avvio il PC e non ci sono problemi per qualche tempo, circa 20/30 minuti, dopodiché la CPU va al 100%, non importa cosa stia facendo (Internet, word, giochi, e chi più ne ha più ne metta). Non riesco manco a guardarmi un video su youtube perché chiaramente il PC va a scatti e l'audio anche quello si sente a scatti. (Per non parlare di quando sto giocando...) Ora, un paio di settimane fa ho avviato una scansione con Microsoft Security Essentials e mi ha trovato ben 3 file infetti da un tale obfuscator.xd (se non ricordo male) ma li ha eliminati e ad un'ulteriore scansione non li ha più trovati...

Ho un PC fisso (non di marca) con SO WinXP Service Pack 3. Non so che altre informazioni sarebbero utili, quindi, se c'è bisogno di altro, vi prego, ditemi.

Potete aiutarmi in qualche modo? Onestamente non so usare (o leggere) Hijiack this, quindi, vi prego, ditemi cosa devo fare al fine di risolvere questo noiosissimo problema...
Vi ringrazio!

[Vongian]

Magari, se può essere di aiuto, metto il log di HijackThis... spero davvero mi possiate aiutare
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11.19.27, on 27/12/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\Programmi\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Core Temp\Core Temp.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Giancarlo\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Giancarlo\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Giancarlo\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Giancarlo\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Documents and Settings\Giancarlo\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Giancarlo\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Giancarlo\Documenti\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MSC] "C:\Programmi\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Programmi\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Core Temp] "C:\Programmi\Core Temp\Core Temp.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Giancarlo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_2BB3AFA32B8D002B966E47028FA85756] "C:\Documents and Settings\Giancarlo\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-1757981266-484763869-725345543-1012\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Giancarlo\Dati applicazioni\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DCFFB5C-EB80-4B79-9385-46EA9C8D7ADA}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Programmi\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Programmi\File comuni\Steam\SteamService.exe

--
End of file - 8866 bytes

[Luke57]

Ciao, facciamo un controllo:
-Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/fr/dow ... adwcleaner
Avvialo e clicca sul pulsante "Delete"
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Allega il log.

-Scarica TDSS killer e salvalo sul desktop.
http://support.kaspersky.com/downloads/ ... killer.exe
Doppio click su TDSSKILLER.exe per avviare l'applicazione.In change parameters metti la spunta su "detect tdlfs file system"
Clicca su start scan.

Se un file infetto viene trovato,l'azione di default sarà cure,clicca su continua.
Se un file sospetto viene trovato,l'azione di default sarà skip,clicca su continua.
Se ti viene chiesto di riavviare il pc completa il processo.Clicca su riavvia ora.
Se nessun riavvio è richiesto clicca su report e salva il contenuto in un file di testo.
Allega il report che si trova in C in questa forma "TDSSKiller.[Date]_[Time]_log.txt"

[Vongian]

Ciao Luke, grazie mille della risposta.
Allora dato che non riesco a trovare il pulsante per allegare un file, copio/incollo qui i due log.
Grazie ancora!!!

1 - LOG ADWCLEANER
# AdwCleaner v2.103 - Logfile creato il 28/12/2012 alle 17:06:45
# Aggiornamento 25/12/2012 by Xplode
# Sistema Operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Utente : Giancarlo - GIAN
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Documents and Settings\Giancarlo\Desktop\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****


***** [Registro] *****

Chiave Eliminata : HKCU\Software\APN PIP
Chiave Eliminata : HKCU\Software\Iminent
Chiave Eliminata : HKCU\Software\PIP
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKLM\Software\Iminent
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chiave Eliminata : HKLM\Software\PIP

***** [Browser Internet] *****

-\\ Internet Explorer v6.0.2900.5512

[OK] Registro Pulito.

*************************

AdwCleaner[S1].txt - [1024 octets] - [28/12/2012 17:06:45]

########## EOF - C:\AdwCleaner[S1].txt - [1084 octets] ##########

2. LOG TDSS KILLER
# AdwCleaner v2.103 - Logfile creato il 28/12/2012 alle 17:06:45
# Aggiornamento 25/12/2012 by Xplode
# Sistema Operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Utente : Giancarlo - GIAN
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Documents and Settings\Giancarlo\Desktop\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****


***** [Registro] *****

Chiave Eliminata : HKCU\Software\APN PIP
Chiave Eliminata : HKCU\Software\Iminent
Chiave Eliminata : HKCU\Software\PIP
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKLM\Software\Iminent
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chiave Eliminata : HKLM\Software\PIP

***** [Browser Internet] *****

-\\ Internet Explorer v6.0.2900.5512

[OK] Registro Pulito.

*************************

AdwCleaner[S1].txt - [1024 octets] - [28/12/2012 17:06:45]

########## EOF - C:\AdwCleaner[S1].txt - [1084 octets] ##########

[Vongian]

Ops, ho copiato due volte lo stesso log di ADWCLEANER...
chiedo scusa. Ecco il log di TDSS KILLER
17:11:01.0109 1096 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:11:01.0625 1096 ============================================================
17:11:01.0625 1096 Current date / time: 2012/12/28 17:11:01.0625
17:11:01.0625 1096 SystemInfo:
17:11:01.0625 1096
17:11:01.0625 1096 OS Version: 5.1.2600 ServicePack: 3.0
17:11:01.0625 1096 Product type: Workstation
17:11:01.0625 1096 ComputerName: GIAN
17:11:01.0625 1096 UserName: Giancarlo
17:11:01.0625 1096 Windows directory: C:\WINDOWS
17:11:01.0625 1096 System windows directory: C:\WINDOWS
17:11:01.0625 1096 Processor architecture: Intel x86
17:11:01.0625 1096 Number of processors: 2
17:11:01.0625 1096 Page size: 0x1000
17:11:01.0625 1096 Boot type: Normal boot
17:11:01.0625 1096 ============================================================
17:11:02.0921 1096 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:11:02.0921 1096 Drive \Device\Harddisk1\DR3 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:11:02.0921 1096 ============================================================
17:11:02.0921 1096 \Device\Harddisk0\DR0:
17:11:02.0921 1096 MBR partitions:
17:11:02.0921 1096 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEA60903
17:11:02.0937 1096 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEA60981, BlocksNum 0x169C8E7F
17:11:02.0937 1096 \Device\Harddisk1\DR3:
17:11:02.0937 1096 MBR partitions:
17:11:02.0937 1096 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
17:11:02.0937 1096 ============================================================
17:11:02.0968 1096 C: <-> \Device\Harddisk0\DR0\Partition1
17:11:03.0015 1096 D: <-> \Device\Harddisk0\DR0\Partition2
17:11:03.0343 1096 I: <-> \Device\Harddisk1\DR3\Partition1
17:11:03.0359 1096 ============================================================
17:11:03.0359 1096 Initialize success
17:11:03.0359 1096 ============================================================
17:11:26.0718 3736 ============================================================
17:11:26.0718 3736 Scan started
17:11:26.0718 3736 Mode: Manual; TDLFS;
17:11:26.0718 3736 ============================================================
17:11:27.0000 3736 ================ Scan system memory ========================
17:11:27.0000 3736 System memory - ok
17:11:27.0000 3736 ================ Scan services =============================
17:11:27.0046 3736 Abiosdsk - ok
17:11:27.0062 3736 abp480n5 - ok
17:11:27.0093 3736 [ D766E636187B8F240BBFBABCD51EB2C6 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:11:27.0093 3736 ACPI - ok
17:11:27.0125 3736 [ 49AC5CD87FBDDA62F3E25190019E7627 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:11:27.0125 3736 ACPIEC - ok
17:11:27.0187 3736 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:11:27.0187 3736 AdobeFlashPlayerUpdateSvc - ok
17:11:27.0203 3736 adpu160m - ok
17:11:27.0250 3736 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:11:27.0250 3736 aec - ok
17:11:27.0328 3736 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:11:27.0343 3736 AFD - ok
17:11:27.0343 3736 Aha154x - ok
17:11:27.0343 3736 aic78u2 - ok
17:11:27.0359 3736 aic78xx - ok
17:11:27.0390 3736 [ 14A077AD0CF6116D1102631D8E1EDEE8 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:11:27.0390 3736 Alerter - ok
17:11:27.0406 3736 [ 79FE2E0D7859738225816658F0BB2A0D ] ALG C:\WINDOWS\System32\alg.exe
17:11:27.0406 3736 ALG - ok
17:11:27.0406 3736 AliIde - ok
17:11:27.0750 3736 ALSysIO - ok
17:11:27.0828 3736 [ 1928A2A6D7ADC3623A43C21DAC259F24 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:11:27.0828 3736 AmdK8 - ok
17:11:27.0890 3736 [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
17:11:27.0906 3736 AmdLLD - ok
17:11:27.0921 3736 amsint - ok
17:11:27.0984 3736 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:11:27.0984 3736 Apple Mobile Device - ok
17:11:27.0984 3736 AppMgmt - ok
17:11:28.0046 3736 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:11:28.0062 3736 Arp1394 - ok
17:11:28.0062 3736 asc - ok
17:11:28.0078 3736 asc3350p - ok
17:11:28.0078 3736 asc3550 - ok
17:11:28.0109 3736 [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys
17:11:28.0109 3736 AsIO - ok
17:11:28.0234 3736 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:11:28.0312 3736 aspnet_state - ok
17:11:28.0343 3736 [ 2A7037F93AE6AB1305606DEE23C70F8C ] astcc C:\WINDOWS\system32\ASTSRV.EXE
17:11:28.0343 3736 astcc - ok
17:11:28.0343 3736 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:11:28.0343 3736 AsyncMac - ok
17:11:28.0375 3736 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:11:28.0375 3736 atapi - ok
17:11:28.0390 3736 Atdisk - ok
17:11:28.0406 3736 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:11:28.0421 3736 Atmarpc - ok
17:11:28.0453 3736 [ 1B58D118049304E88464BE614C6D0014 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:11:28.0453 3736 AudioSrv - ok
17:11:28.0484 3736 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:11:28.0484 3736 audstub - ok
17:11:28.0500 3736 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:11:28.0500 3736 Beep - ok
17:11:28.0593 3736 [ 48C4763A9C8990FB48B73445BEB15D6A ] BITS C:\WINDOWS\System32\qmgr.dll
17:11:29.0187 3736 BITS - ok
17:11:29.0390 3736 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programmi\Bonjour\mDNSResponder.exe
17:11:29.0562 3736 Bonjour Service - ok
17:11:29.0625 3736 [ 076D11B52F066ED33E3A80F8070A3E2E ] Browser C:\WINDOWS\System32\browser.dll
17:11:29.0625 3736 Browser - ok
17:11:29.0671 3736 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:11:29.0671 3736 cbidf2k - ok
17:11:29.0687 3736 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:11:29.0687 3736 CCDECODE - ok
17:11:29.0687 3736 cd20xrnt - ok
17:11:29.0718 3736 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:11:29.0734 3736 Cdaudio - ok
17:11:29.0750 3736 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:11:29.0765 3736 Cdfs - ok
17:11:29.0796 3736 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:11:29.0828 3736 Cdrom - ok
17:11:29.0828 3736 Changer - ok
17:11:29.0859 3736 [ D04F2BEB5EA63D0766E12E44AEF7C38D ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:11:29.0859 3736 CiSvc - ok
17:11:29.0875 3736 [ 48CB1DEFA1A6506C3CF09E4950F82EF6 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:11:29.0875 3736 ClipSrv - ok
17:11:29.0906 3736 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:11:29.0937 3736 clr_optimization_v2.0.50727_32 - ok
17:11:29.0984 3736 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:11:29.0984 3736 clr_optimization_v4.0.30319_32 - ok
17:11:30.0000 3736 CmdIde - ok
17:11:30.0000 3736 COMSysApp - ok
17:11:30.0015 3736 Cpqarray - ok
17:11:30.0046 3736 [ B6FCBB157E9C8ABDCA4134C535535A8B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:11:30.0046 3736 CryptSvc - ok
17:11:30.0046 3736 dac2w2k - ok
17:11:30.0046 3736 dac960nt - ok
17:11:30.0109 3736 [ BC4E0226341AAEC1222336B3AED86BAB ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:11:30.0109 3736 DcomLaunch - ok
17:11:30.0140 3736 [ 699EE7F752A25180AEB92C3A0EAEE440 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:11:30.0156 3736 Dhcp - ok
17:11:30.0171 3736 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:11:30.0171 3736 Disk - ok
17:11:30.0171 3736 dmadmin - ok
17:11:30.0359 3736 [ 82BC125A8ED33F5F0E75F2AAC1065323 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:11:30.0750 3736 dmboot - ok
17:11:30.0796 3736 [ E959DDC0EA7AC11EE5E5602E2A364310 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:11:30.0812 3736 dmio - ok
17:11:30.0828 3736 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:11:30.0828 3736 dmload - ok
17:11:30.0859 3736 [ A01858C50704B2D2EDEEBBF6BBBCED2A ] dmserver C:\WINDOWS\System32\dmserver.dll
17:11:30.0859 3736 dmserver - ok
17:11:30.0890 3736 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:11:30.0906 3736 DMusic - ok
17:11:30.0937 3736 [ B7A1162B1A26DF7B60D5D9500006096C ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:11:30.0937 3736 Dnscache - ok
17:11:30.0968 3736 [ D580D77DFF316BD8C9D73B38695DE8DC ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:11:30.0968 3736 Dot3svc - ok
17:11:30.0984 3736 dpti2o - ok
17:11:31.0000 3736 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:11:31.0015 3736 drmkaud - ok
17:11:31.0046 3736 [ 86B1F123BACD444E81960B339BAE3FF2 ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:11:31.0046 3736 EapHost - ok
17:11:31.0078 3736 [ B6599EDA9F3EBEF064504EE35BBECA1C ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:11:31.0078 3736 ERSvc - ok
17:11:31.0125 3736 [ 26845F272435302E0F3322E660A24F7D ] Eventlog C:\WINDOWS\system32\services.exe
17:11:31.0140 3736 Eventlog - ok
17:11:31.0187 3736 [ 8360CB9756E598A5C6214EACFB3677C3 ] EventSystem C:\WINDOWS\System32\es.dll
17:11:31.0203 3736 EventSystem - ok
17:11:31.0250 3736 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:11:31.0265 3736 Fastfat - ok
17:11:31.0281 3736 [ DCCC606FC144F6E44E497F9A906F1C30 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:11:31.0296 3736 FastUserSwitchingCompatibility - ok
17:11:31.0312 3736 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:11:31.0312 3736 Fdc - ok
17:11:31.0343 3736 [ 2CFEA3326981A18C6BAF2BD9BE76225B ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:11:31.0343 3736 Fips - ok
17:11:31.0468 3736 [ 3D9B36631032FDE0FFEA0DC0260E4E35 ] FLEXnet Licensing Service C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:11:31.0671 3736 FLEXnet Licensing Service - ok
17:11:31.0671 3736 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:11:31.0671 3736 Flpydisk - ok
17:11:31.0703 3736 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:11:31.0703 3736 FltMgr - ok
17:11:31.0765 3736 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:11:31.0765 3736 FontCache3.0.0.0 - ok
17:11:31.0765 3736 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:11:31.0781 3736 Fs_Rec - ok
17:11:31.0812 3736 [ F3269A6EE547EA87B949A1CEA4816B38 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:11:31.0812 3736 Ftdisk - ok
17:11:31.0828 3736 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:11:31.0828 3736 GEARAspiWDM - ok
17:11:31.0859 3736 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:11:31.0859 3736 Gpc - ok
17:11:31.0890 3736 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programmi\Google\Update\GoogleUpdate.exe
17:11:31.0890 3736 gupdate - ok
17:11:31.0921 3736 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programmi\Google\Update\GoogleUpdate.exe
17:11:31.0921 3736 gupdatem - ok
17:11:31.0953 3736 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:11:31.0953 3736 HDAudBus - ok
17:11:32.0000 3736 [ 6CE66B51B4EB23D9D073F92698C55C8D ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:11:32.0000 3736 helpsvc - ok
17:11:32.0031 3736 [ 43D985A9A51E0295091B6EBE84C96B78 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:11:32.0031 3736 HidServ - ok
17:11:32.0046 3736 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:11:32.0046 3736 hidusb - ok
17:11:32.0109 3736 [ 00CAD842F48947887A972828ACA665F7 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:11:32.0125 3736 hkmsvc - ok
17:11:32.0140 3736 hpn - ok
17:11:32.0171 3736 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:11:32.0171 3736 HTTP - ok
17:11:32.0203 3736 [ 450091AEBFCD08E5858533EAB5B9A436 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:11:32.0203 3736 HTTPFilter - ok
17:11:32.0203 3736 hwdatacard - ok
17:11:32.0218 3736 hwusbdev - ok
17:11:32.0218 3736 i2omgmt - ok
17:11:32.0218 3736 i2omp - ok
17:11:32.0234 3736 [ 610726E28AF55B95043C5C35A727E320 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:11:32.0234 3736 i8042prt - ok
17:11:32.0296 3736 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:11:32.0312 3736 IDriverT - ok
17:11:32.0437 3736 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:11:32.0484 3736 idsvc - ok
17:11:32.0515 3736 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:11:32.0531 3736 Imapi - ok
17:11:32.0562 3736 [ DB491237445F172FDDDF00541DE1A51D ] ImapiService C:\WINDOWS\System32\imapi.exe
17:11:32.0562 3736 ImapiService - ok
17:11:32.0578 3736 ini910u - ok
17:11:33.0718 3736 [ 0BE7F157D695E1D10EE102C96DE4AC18 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:11:33.0750 3736 IntcAzAudAddService - ok
17:11:33.0750 3736 IntelIde - ok
17:11:33.0781 3736 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:11:33.0796 3736 ip6fw - ok
17:11:33.0812 3736 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:11:33.0828 3736 IpFilterDriver - ok
17:11:33.0828 3736 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:11:33.0828 3736 IpInIp - ok
17:11:33.0859 3736 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:11:33.0859 3736 IpNat - ok
17:11:33.0921 3736 [ EF1C51222117B37AFBFF8F4642EA8C62 ] iPod Service C:\Programmi\iPod\bin\iPodService.exe
17:11:33.0953 3736 iPod Service - ok
17:11:33.0968 3736 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:11:33.0984 3736 IPSec - ok
17:11:34.0000 3736 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:11:34.0000 3736 IRENUM - ok
17:11:34.0015 3736 [ 0953594BEB81CC72FCC62D37921B25A6 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:11:34.0015 3736 isapnp - ok
17:11:34.0187 3736 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programmi\Java\jre7\bin\jqs.exe
17:11:34.0203 3736 JavaQuickStarterService - ok
17:11:34.0218 3736 [ 28B6EACE513CA7EABA3B809AD4BC274D ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:11:34.0218 3736 Kbdclass - ok
17:11:34.0234 3736 [ 4C61C226BDDA2EF1672B2C5F4E56625E ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:11:34.0234 3736 kbdhid - ok
17:11:34.0250 3736 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:11:34.0250 3736 kmixer - ok
17:11:34.0296 3736 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:11:34.0312 3736 KSecDD - ok
17:11:34.0343 3736 [ 0F726D49C0B19E5A506A1CDFCE0EE42F ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:11:34.0343 3736 lanmanserver - ok
17:11:34.0390 3736 [ E13B0181DDA60B93E3253EFF52A79CBE ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:11:34.0406 3736 lanmanworkstation - ok
17:11:34.0406 3736 lbrtfdc - ok
17:11:34.0484 3736 [ E01255727D0B158538D7C2B469B533A8 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:11:34.0484 3736 LmHosts - ok
17:11:34.0515 3736 [ 3B32F662C8607E891F325E41F7EE225C ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:11:34.0515 3736 Messenger - ok
17:11:34.0546 3736 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:11:34.0546 3736 mnmdd - ok
17:11:34.0562 3736 [ 514A299EC926BAADA3C718B171476AA4 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
17:11:34.0562 3736 mnmsrvc - ok
17:11:34.0593 3736 [ 8CB6636806D76B85FAFAEE94D75F5129 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:11:34.0593 3736 Modem - ok
17:11:34.0625 3736 [ E904EBED608055A2BFB824C07F59766C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:11:34.0625 3736 Mouclass - ok
17:11:34.0640 3736 [ D7662F0CF5B77BBBE3202716F5BD5318 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:11:34.0640 3736 mouhid - ok
17:11:34.0656 3736 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:11:34.0656 3736 MountMgr - ok
17:11:34.0687 3736 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:11:34.0703 3736 MpFilter - ok
17:11:34.0812 3736 [ A69630D039C38018689190234F866D77 ] MpKsl5e5675a4 C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{8CCF0CC3-1950-41DB-BFBF-448A8686F97B}\MpKsl5e5675a4.sys
17:11:34.0812 3736 MpKsl5e5675a4 - ok
17:11:34.0812 3736 mraid35x - ok
17:11:34.0828 3736 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:11:34.0828 3736 MRxDAV - ok
17:11:34.0968 3736 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:11:35.0156 3736 MRxSmb - ok
17:11:35.0296 3736 [ 01F77E9E473235C31796ADE46107B0AD ] MSDTC C:\WINDOWS\System32\msdtc.exe
17:11:35.0296 3736 MSDTC - ok
17:11:35.0328 3736 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:11:35.0328 3736 Msfs - ok
17:11:35.0328 3736 MSIServer - ok
17:11:35.0359 3736 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:11:35.0359 3736 MSKSSRV - ok
17:11:35.0406 3736 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Programmi\Microsoft Security Client\MsMpEng.exe
17:11:35.0406 3736 MsMpSvc - ok
17:11:35.0437 3736 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:11:35.0437 3736 MSPCLOCK - ok
17:11:35.0453 3736 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:11:35.0453 3736 MSPQM - ok
17:11:35.0468 3736 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:11:35.0468 3736 mssmbios - ok
17:11:35.0468 3736 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:11:35.0468 3736 MSTEE - ok
17:11:35.0500 3736 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:11:35.0500 3736 MTsensor - ok
17:11:35.0531 3736 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:11:35.0531 3736 Mup - ok
17:11:35.0562 3736 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:11:35.0562 3736 NABTSFEC - ok
17:11:35.0656 3736 [ 911587FD303C9690A428BB4B04732B61 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:11:35.0656 3736 napagent - ok
17:11:35.0718 3736 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:11:35.0796 3736 NDIS - ok
17:11:35.0812 3736 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:11:35.0812 3736 NdisIP - ok
17:11:35.0843 3736 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:11:35.0843 3736 NdisTapi - ok
17:11:35.0875 3736 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:11:35.0875 3736 Ndisuio - ok
17:11:35.0890 3736 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:11:35.0890 3736 NdisWan - ok
17:11:35.0937 3736 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:11:35.0937 3736 NDProxy - ok
17:11:35.0968 3736 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:11:35.0968 3736 NetBIOS - ok
17:11:36.0000 3736 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:11:36.0015 3736 NetBT - ok
17:11:36.0046 3736 [ 1B09227E41F414A93DBC0BAF80C4D527 ] NetDDE C:\WINDOWS\system32\netdde.exe
17:11:36.0046 3736 NetDDE - ok
17:11:36.0046 3736 [ 1B09227E41F414A93DBC0BAF80C4D527 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:11:36.0062 3736 NetDDEdsdm - ok
17:11:36.0125 3736 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] Netlogon C:\WINDOWS\System32\lsass.exe
17:11:36.0140 3736 Netlogon - ok
17:11:36.0171 3736 [ 02815B70FC4CA8611A926176F1C39FC2 ] Netman C:\WINDOWS\System32\netman.dll
17:11:36.0171 3736 Netman - ok
17:11:36.0234 3736 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:11:36.0234 3736 NetTcpPortSharing - ok
17:11:36.0265 3736 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:11:36.0265 3736 NIC1394 - ok
17:11:36.0312 3736 [ 9C14E80FF4CCDFF8129DC716C112C517 ] NitroDriverReadSpool C:\Programmi\Nitro PDF\Professional\NitroPDFDriverService.exe
17:11:36.0312 3736 NitroDriverReadSpool - ok
17:11:36.0343 3736 [ C6B69A18D39744725FB73AC85E46032B ] Nla C:\WINDOWS\System32\mswsock.dll
17:11:36.0343 3736 Nla - ok
17:11:36.0375 3736 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:11:36.0375 3736 Npfs - ok
17:11:36.0406 3736 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:11:36.0421 3736 Ntfs - ok
17:11:36.0437 3736 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
17:11:36.0437 3736 NtLmSsp - ok
17:11:36.0484 3736 [ 89DB90B5F35D2795D9FC56D933CC72B8 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:11:36.0500 3736 NtmsSvc - ok
17:11:36.0515 3736 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:11:36.0515 3736 Null - ok
17:11:36.0812 3736 [ 7B5A17BD54BB9142843DBE99A1CAAED8 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:11:38.0406 3736 nv - ok
17:11:38.0437 3736 [ 5150B108EA88831E1C599603D8B89621 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
17:11:38.0437 3736 NVSvc - ok
17:11:38.0500 3736 [ 83E8AB7BB3C8956C53FEC071C94F0BBB ] nvUpdatusService C:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:11:38.0531 3736 nvUpdatusService - ok
17:11:38.0546 3736 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:11:38.0546 3736 NwlnkFlt - ok
17:11:38.0546 3736 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:11:38.0546 3736 NwlnkFwd - ok
17:11:38.0562 3736 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:11:38.0562 3736 ohci1394 - ok
17:11:38.0609 3736 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
17:11:38.0609 3736 ose - ok
17:11:38.0640 3736 [ 4E9408A178B2D955871C2CDD278DE3C3 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:11:38.0640 3736 Parport - ok
17:11:38.0640 3736 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:11:38.0640 3736 PartMgr - ok
17:11:38.0656 3736 [ 0DABEF655A444CB1E193626FB1D24B9F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:11:38.0671 3736 ParVdm - ok
17:11:38.0671 3736 [ F40A46892AFEBB0314536B849D57C11E ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:11:38.0671 3736 PCI - ok
17:11:38.0671 3736 PCIDump - ok
17:11:38.0687 3736 [ B2DF00D650FD6C4EE781740ED3C8E67F ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:11:38.0687 3736 PCIIde - ok
17:11:38.0703 3736 [ 815C50F2B1D1562800BDCE8BE895000E ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:11:38.0703 3736 Pcmcia - ok
17:11:38.0718 3736 PDCOMP - ok
17:11:38.0718 3736 PDFRAME - ok
17:11:38.0718 3736 PDRELI - ok
17:11:38.0718 3736 PDRFRAME - ok
17:11:38.0718 3736 perc2 - ok
17:11:38.0734 3736 perc2hib - ok
17:11:38.0765 3736 [ 947AB5940EB948D5BA8766BAB2681756 ] PhilCam8116 C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
17:11:38.0765 3736 PhilCam8116 - ok
17:11:38.0812 3736 [ 26845F272435302E0F3322E660A24F7D ] PlugPlay C:\WINDOWS\system32\services.exe
17:11:38.0812 3736 PlugPlay - ok
17:11:38.0812 3736 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
17:11:38.0812 3736 PolicyAgent - ok
17:11:38.0828 3736 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:11:38.0828 3736 PptpMiniport - ok
17:11:38.0828 3736 [ B479F50E883B2297A5F7F212AAEE6F6C ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
17:11:38.0828 3736 Processor - ok
17:11:38.0843 3736 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:11:38.0843 3736 ProtectedStorage - ok
17:11:38.0843 3736 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:11:38.0843 3736 PSched - ok
17:11:38.0875 3736 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:11:38.0875 3736 Ptilink - ok
17:11:38.0875 3736 ql1080 - ok
17:11:38.0875 3736 Ql10wnt - ok
17:11:38.0875 3736 ql12160 - ok
17:11:38.0890 3736 ql1240 - ok
17:11:38.0890 3736 ql1280 - ok
17:11:38.0890 3736 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:11:38.0890 3736 RasAcd - ok
17:11:38.0921 3736 [ 9839B418343D6E6E52659BDF3FF1FE67 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:11:38.0937 3736 RasAuto - ok
17:11:38.0937 3736 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:11:38.0937 3736 Rasl2tp - ok
17:11:38.0968 3736 [ 62AD41548E720DB4763B86F95E44F3FA ] RasMan C:\WINDOWS\System32\rasmans.dll
17:11:38.0968 3736 RasMan - ok
17:11:38.0968 3736 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:11:38.0968 3736 RasPppoe - ok
17:11:38.0984 3736 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:11:38.0984 3736 Raspti - ok
17:11:39.0000 3736 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:11:39.0000 3736 Rdbss - ok
17:11:39.0015 3736 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:11:39.0015 3736 RDPCDD - ok
17:11:39.0046 3736 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:11:39.0046 3736 RDPWD - ok
17:11:39.0078 3736 [ CC72E6AE90245F0AE48BF1236A7E1F9C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:11:39.0078 3736 RDSessMgr - ok
17:11:39.0078 3736 [ 393FC252593323B624B230ECA6B85E63 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:11:39.0093 3736 redbook - ok
17:11:39.0125 3736 [ 7EBBF16FBD3E0E34F084FA635C1844E3 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:11:39.0125 3736 RemoteAccess - ok
17:11:39.0125 3736 [ DC97F6C8A94691834439872B9E8FF2B3 ] RpcLocator C:\WINDOWS\System32\locator.exe
17:11:39.0140 3736 RpcLocator - ok
17:11:39.0156 3736 [ BC4E0226341AAEC1222336B3AED86BAB ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:11:39.0171 3736 RpcSs - ok
17:11:39.0187 3736 [ DCE0D20F8FB66DF41D53734BFF9D66F0 ] RSVP C:\WINDOWS\System32\rsvp.exe
17:11:39.0187 3736 RSVP - ok
17:11:39.0234 3736 [ 96D2743297929D7AC095172EE54CE7E7 ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
17:11:39.0234 3736 rt2870 - ok
17:11:39.0265 3736 [ B52B25F41BF3511071A0E7D10D659C56 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:11:39.0265 3736 RTLE8023xp - ok
17:11:39.0265 3736 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] SamSs C:\WINDOWS\system32\lsass.exe
17:11:39.0265 3736 SamSs - ok
17:11:39.0281 3736 [ 1D456F1CD76A80793C07BA52CF3A7455 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:11:39.0296 3736 SCardSvr - ok
17:11:39.0312 3736 [ 511886E5BD060046CCE8373E92E62EDF ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:11:39.0328 3736 Schedule - ok
17:11:39.0343 3736 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:11:39.0343 3736 Secdrv - ok
17:11:39.0343 3736 [ 17C6354CA08E7C7972E12C67478AE134 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:11:39.0359 3736 seclogon - ok
17:11:39.0359 3736 [ A0ECA1CE0FCCB29C5E4E1F416E95E73E ] SENS C:\WINDOWS\system32\sens.dll
17:11:39.0375 3736 SENS - ok
17:11:39.0375 3736 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:11:39.0375 3736 serenum - ok
17:11:39.0390 3736 [ FDBD9D64E2E03270021D424F0DCCF79D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:11:39.0390 3736 Serial - ok
17:11:39.0406 3736 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:11:39.0406 3736 Sfloppy - ok
17:11:39.0453 3736 [ 152C0555925DFE028E3148FD215146BB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:11:39.0453 3736 SharedAccess - ok
17:11:39.0468 3736 [ DCCC606FC144F6E44E497F9A906F1C30 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:11:39.0468 3736 ShellHWDetection - ok
17:11:39.0468 3736 Simbad - ok
17:11:39.0593 3736 [ 183F04C6742902F33039913A96F5B574 ] Skype C2C Service C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:11:39.0640 3736 Skype C2C Service - ok
17:11:39.0687 3736 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Programmi\Skype\Updater\Updater.exe
17:11:39.0687 3736 SkypeUpdate - ok
17:11:39.0703 3736 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:11:39.0703 3736 SLIP - ok
17:11:39.0734 3736 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
17:11:39.0734 3736 SONYPVU1 - ok
17:11:39.0734 3736 Sparrow - ok
17:11:39.0781 3736 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:11:39.0796 3736 splitter - ok
17:11:39.0812 3736 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:11:39.0812 3736 Spooler - ok
17:11:39.0859 3736 [ D390675B8CE45E5FB359338E5E649329 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
17:11:39.0859 3736 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: D390675B8CE45E5FB359338E5E649329
17:11:39.0859 3736 sptd ( LockedFile.Multi.Generic ) - warning
17:11:39.0859 3736 sptd - detected LockedFile.Multi.Generic (1)
17:11:39.0859 3736 [ 618718CAE288BF7CBD8FCBAB2577D932 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:11:39.0859 3736 sr - ok
17:11:39.0890 3736 [ B3E3DA70A7A76E69B872DE3D06D32C19 ] srservice C:\WINDOWS\System32\srsvc.dll
17:11:39.0890 3736 srservice - ok
17:11:39.0921 3736 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:11:39.0937 3736 Srv - ok
17:11:39.0953 3736 [ 5215569DD3A8FBC65A85E85F3C12258B ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:11:39.0953 3736 SSDPSRV - ok
17:11:39.0968 3736 Steam Client Service - ok
17:11:39.0984 3736 [ 3B9263E137896E4D303494F116E00608 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:11:40.0000 3736 stisvc - ok
17:11:40.0015 3736 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:11:40.0015 3736 streamip - ok
17:11:40.0031 3736 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:11:40.0031 3736 swenum - ok
17:11:40.0046 3736 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:11:40.0046 3736 swmidi - ok
17:11:40.0046 3736 SwPrv - ok
17:11:40.0046 3736 symc810 - ok
17:11:40.0062 3736 symc8xx - ok
17:11:40.0062 3736 sym_hi - ok
17:11:40.0062 3736 sym_u3 - ok
17:11:40.0078 3736 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:11:40.0078 3736 sysaudio - ok
17:11:40.0093 3736 [ A34A9A872EEC4C026FD542AC7156FE0B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:11:40.0109 3736 SysmonLog - ok
17:11:40.0140 3736 [ 6B85F1A9DCE45D45BFFAD3222C21F297 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:11:40.0140 3736 TapiSrv - ok
17:11:40.0171 3736 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:11:40.0187 3736 Tcpip - ok
17:11:40.0203 3736 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:11:40.0203 3736 TDPIPE - ok
17:11:40.0218 3736 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:11:40.0218 3736 TDTCP - ok
17:11:40.0234 3736 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:11:40.0234 3736 TermDD - ok
17:11:40.0234 3736 [ FE5A5329CCFC33D645C33077FF04F052 ] TermService C:\WINDOWS\System32\termsrv.dll
17:11:40.0250 3736 TermService - ok
17:11:40.0265 3736 [ DCCC606FC144F6E44E497F9A906F1C30 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:11:40.0265 3736 Themes - ok
17:11:40.0265 3736 TosIde - ok
17:11:40.0281 3736 [ 690294999DF1248FAF85D95B31955D0C ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:11:40.0281 3736 TrkWks - ok
17:11:40.0296 3736 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:11:40.0296 3736 Udfs - ok
17:11:40.0296 3736 ultra - ok
17:11:40.0312 3736 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:11:40.0328 3736 Update - ok
17:11:40.0343 3736 [ 8057B0744D9842A090E51D2845861D5F ] upnphost C:\WINDOWS\System32\upnphost.dll
17:11:40.0343 3736 upnphost - ok
17:11:40.0359 3736 [ F5E8B846EC10E1DF8DCA64119E2EB709 ] UPS C:\WINDOWS\System32\ups.exe
17:11:40.0359 3736 UPS - ok
17:11:40.0390 3736 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
17:11:40.0421 3736 USBAAPL - ok
17:11:40.0453 3736 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
17:11:40.0453 3736 usbaudio - ok
17:11:40.0484 3736 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:11:40.0484 3736 usbccgp - ok
17:11:40.0500 3736 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:11:40.0500 3736 usbehci - ok
17:11:40.0515 3736 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:11:40.0515 3736 usbhub - ok
17:11:40.0515 3736 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:11:40.0515 3736 usbohci - ok
17:11:40.0546 3736 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:11:40.0546 3736 usbprint - ok
17:11:40.0578 3736 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:11:40.0578 3736 usbscan - ok
17:11:40.0593 3736 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:11:40.0593 3736 USBSTOR - ok
17:11:40.0640 3736 [ 3D4B1F1F81EF8813348C01081F8B2A17 ] VBoxNetAdp C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
17:11:40.0640 3736 VBoxNetAdp - ok
17:11:40.0640 3736 VBoxNetFlt - ok
17:11:40.0656 3736 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:11:40.0656 3736 VgaSave - ok
17:11:40.0656 3736 ViaIde - ok
17:11:40.0671 3736 VMnetAdapter - ok
17:11:40.0687 3736 [ E46C1B5A56DA7DA603D09DFCC79EC59E ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:11:40.0687 3736 VolSnap - ok
17:11:40.0718 3736 [ C2FE17125256102F5B44194D5DB0A799 ] VSS C:\WINDOWS\System32\vssvc.exe
17:11:40.0718 3736 VSS - ok
17:11:40.0750 3736 [ 2969DD84B584A6BB541A5273103957A3 ] W32Time C:\WINDOWS\System32\w32time.dll
17:11:40.0750 3736 W32Time - ok
17:11:40.0796 3736 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:11:40.0796 3736 Wanarp - ok
17:11:40.0796 3736 WDICA - ok
17:11:40.0828 3736 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:11:40.0828 3736 wdmaud - ok
17:11:40.0828 3736 [ 2EC50EE79B65F60C8E8B4A03BBB3A42F ] WebClient C:\WINDOWS\System32\webclnt.dll
17:11:40.0843 3736 WebClient - ok
17:11:40.0875 3736 [ 40911E98D0F1CBB1015F2101982F1DDF ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:11:40.0875 3736 winmgmt - ok
17:11:40.0984 3736 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:11:41.0015 3736 wlidsvc - ok
17:11:41.0046 3736 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:11:41.0046 3736 WmdmPmSN - ok
17:11:41.0078 3736 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:11:41.0078 3736 WmiAcpi - ok
17:11:41.0093 3736 [ 81FD02839FDB10ACF0EC40B809B9F8CC ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:11:41.0093 3736 WmiApSrv - ok
17:11:41.0203 3736 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:11:41.0218 3736 WPFFontCache_v0400 - ok
17:11:41.0250 3736 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:11:41.0250 3736 WS2IFSL - ok
17:11:41.0265 3736 [ 926D921C93CFF1E19EF4DE3E4C8368CA ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:11:41.0281 3736 wscsvc - ok
17:11:41.0296 3736 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:11:41.0296 3736 WSTCODEC - ok
17:11:41.0312 3736 [ CC48415E6C7CBAA441A3D6A6DCCBCFA6 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:11:41.0328 3736 wuauserv - ok
17:11:41.0359 3736 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:11:41.0359 3736 WudfPf - ok
17:11:41.0375 3736 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:11:41.0375 3736 WudfRd - ok
17:11:41.0390 3736 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:11:41.0390 3736 WudfSvc - ok
17:11:41.0421 3736 [ 053E0307A08CAC60793E27E921B46B3E ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:11:41.0437 3736 WZCSVC - ok
17:11:41.0468 3736 [ 5526482DCBA6047641B13BF9C75A74E0 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:11:41.0500 3736 xmlprov - ok
17:11:41.0515 3736 ================ Scan global ===============================
17:11:41.0531 3736 [ 17DDFE6A0B5404C5EF4C03AD996D0562 ] C:\WINDOWS\system32\basesrv.dll
17:11:41.0562 3736 [ 7B39F8912DF2C266411F7248EC250AE6 ] C:\WINDOWS\system32\winsrv.dll
17:11:41.0578 3736 [ 7B39F8912DF2C266411F7248EC250AE6 ] C:\WINDOWS\system32\winsrv.dll
17:11:41.0578 3736 [ 26845F272435302E0F3322E660A24F7D ] C:\WINDOWS\system32\services.exe
17:11:41.0593 3736 [Global] - ok
17:11:41.0593 3736 ================ Scan MBR ==================================
17:11:41.0593 3736 [ 828E02D5C4A4FBE53441EE9DBEE51F43 ] \Device\Harddisk0\DR0
17:11:41.0859 3736 \Device\Harddisk0\DR0 - ok
17:11:41.0859 3736 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR3
17:11:42.0250 3736 \Device\Harddisk1\DR3 - ok
17:11:42.0250 3736 ================ Scan VBR ==================================
17:11:42.0265 3736 [ 810D9E5F65E2A39C8F4EF36EED71A95D ] \Device\Harddisk0\DR0\Partition1
17:11:42.0265 3736 \Device\Harddisk0\DR0\Partition1 - ok
17:11:42.0265 3736 [ 85AFB37AB088555EA789A29C5A713FBD ] \Device\Harddisk0\DR0\Partition2
17:11:42.0265 3736 \Device\Harddisk0\DR0\Partition2 - ok
17:11:42.0265 3736 [ 2DAEC8E65FA8A024810108F795C0C08F ] \Device\Harddisk1\DR3\Partition1
17:11:42.0265 3736 \Device\Harddisk1\DR3\Partition1 - ok
17:11:42.0265 3736 ============================================================
17:11:42.0265 3736 Scan finished
17:11:42.0265 3736 ============================================================
17:11:42.0281 3716 Detected object count: 1
17:11:42.0281 3716 Actual detected object count: 1
17:12:07.0828 3716 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:12:07.0828 3716 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

[Luke57]

Ciao, proviamo combofix

Scarica ComboFix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un doppio click
● una volta avviato clicca il pulsante Accetto: conferma cliccando Ok due volte
● segui le istruzioni che verranno rilasciate per eseguire la scansione:
"Tipicamente non impiega più di 10 minuti
Su pc molto infetti il tempo di scansione può raddoppiare facilmente"
● nel caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare (clicca il pulsante No)
● senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

[Vongian]

Ciao Luke,
ecco il log di ComboFix:

ComboFix 13-01-04.01 - Giancarlo 04/01/2013 8.23.26.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2047.1409 [GMT -5:00]
Eseguito da: c:\documents and settings\Giancarlo\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\Giancarlo\g2mdlhlpx.exe
c:\documents and settings\Giancarlo\WINDOWS
C:\Documents
C:\prefs.js
c:\windows\system32\dllcache\wmpvis.dll
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MpKsl8a6646c5
-------\Legacy_Skype_C2C_Service
-------\Service_MpKsl8a6646c5
-------\Service_Skype C2C Service
.
.
((((((((((((((((((((((((( Files Creati Da 2012-12-04 al 2013-01-04 )))))))))))))))))))))))))))))))))))
.
.
2013-01-04 13:20 . 2013-01-04 13:20 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\PCHealth
2013-01-04 12:53 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{1FAF5295-B876-48D4-98FE-4BA74C811522}\mpengine.dll
2013-01-03 02:22 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-31 13:16 . 2012-12-31 13:16 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\SecuROM
2012-12-31 04:50 . 2012-12-31 04:50 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-12-31 04:50 . 2012-12-31 04:50 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-12-31 04:50 . 2012-12-31 04:21 3123272 ----a-w- c:\windows\system32\pbsvc.exe
2012-12-26 17:58 . 2012-12-26 17:58 -------- d-----w- c:\documents and settings\Giancarlo\Dati applicazioni\Malwarebytes
2012-12-26 17:57 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-26 17:57 . 2012-12-26 17:58 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2012-12-13 18:54 . 2012-12-13 18:54 15728568 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-12-13 01:32 . 2012-12-13 01:32 -------- d-----w- c:\programmi\iPod
2012-12-13 01:31 . 2012-12-13 01:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-12 13:20 . 2012-12-12 13:20 -------- d-----w- c:\programmi\File comuni\Steam
2012-12-12 13:20 . 2013-01-03 16:48 -------- d-----w- c:\programmi\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2003-04-08 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 18:54 . 2012-04-14 19:10 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-13 18:54 . 2011-06-12 18:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-19 14:24 . 2012-11-19 14:24 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-11-13 11:55 . 2003-04-08 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02 . 2011-06-12 13:18 375296 ----a-w- c:\windows\system32\dpnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Giancarlo\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Giancarlo\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Giancarlo\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Giancarlo\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Core Temp"="c:\programmi\Core Temp\Core Temp.exe" [2011-08-01 715216]
"GoogleChromeAutoLaunch_2BB3AFA32B8D002B966E47028FA85756"="c:\documents and settings\Giancarlo\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe" [2012-12-05 1242728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"MSC"="c:\programmi\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\programmi\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-07-03 252848]
"amd_dc_opt"="c:\programmi\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2012-11-29 151952]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Giancarlo^Menu Avvio^Programmi^Esecuzione automatica^Dropbox.lnk]
path=c:\documents and settings\Giancarlo\Menu Avvio\Programmi\Esecuzione automatica\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:14 1695232 ------w- c:\programmi\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\DUE-3.0\\java\\bin\\javaw.exe"=
"c:\\Programmi\\DUE-3.0\\java\\bin\\java.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Programmi\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Programmi\\Ubisoft\\Assassin's Creed Revelations\\ACRSP.exe"=
"d:\\Programmi\\Ubisoft\\Assassin's Creed Revelations\\ACRMP.exe"=
"d:\\Programmi\\Ubisoft\\Assassin's Creed Revelations\\AssassinsCreedRevelations.exe"=
"d:\\Programmi\\Ubisoft\\Assassin's Creed Revelations\\ACRPR.exe"=
"c:\\Documents and Settings\\Giancarlo\\Dati applicazioni\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Giancarlo\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"d:\\Programmi\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"d:\\Programmi\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"d:\\Programmi\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"d:\\Programmi\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Steam\\Steam.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Steam\\SteamApps\\common\\borderlands\\Binaries\\Borderlands.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/06/2011 11.43.31 685816]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\programmi\Nitro PDF\Professional\NitroPDFDriverService.exe [15/09/2009 4.20.30 188736]
R3 ALSysIO;ALSysIO;\??\c:\docume~1\GIANCA~1\IMPOST~1\Temp\ALSysIO.sys --> c:\docume~1\GIANCA~1\IMPOST~1\Temp\ALSysIO.sys [?]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [09/11/2012 11.21.24 160944]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [19/07/2011 6.18.42 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - ALSYSIO
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 18:54]
.
2012-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-06-12 16:35]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-06-12 16:35]
.
2013-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-484763869-725345543-1004Core.job
- c:\documents and settings\Giancarlo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-05-20 19:13]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-484763869-725345543-1004UA.job
- c:\documents and settings\Giancarlo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-05-20 19:13]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Giancarlo\Dati applicazioni\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: Interfaces\{5DCFFB5C-EB80-4B79-9385-46EA9C8D7ADA}: NameServer = 212.216.112.112,212.216.172.62
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
MSConfigStartUp-DUE 3 - c:\programmi\DUE-3.0\java\bin\javaw -jar c:\programmi\DUE-3.0\due_tray.jar
AddRemove-Batman Arkham Asylum GOTY Repack - d:\programmi\VictorVal\Batman Arkham Asylum GOTY Repack\Desinstalar.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-04 08:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-484763869-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:e9,ff,da,cb,f6,d5,68,a3,d4,f6,c8,c6,ec,fd,27,f2,05,50,ce,f5,23,
0d,5c,f1,88,c4,a0,5c,61,38,58,af,0d,00,4c,c6,6d,8f,31,c4,53,bc,ff,68,18,f2,\
"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:ôwjY
*]
"DisplayName"="??\08\17?\11\09"
"DeviceDesc"="??\08\17?\11\09"
"ProviderName"="?A?\11?\16?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"e:\\drivers\\chipset\\xp\\smbus\\smbusati.inf\00"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(3392)
c:\documents and settings\Giancarlo\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
c:\programmi\Microsoft Office\OFFICE11\msohev.dll
c:\programmi\File comuni\Microsoft Shared\OFFICE11\MSOXEV.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Microsoft Security Client\MsMpEng.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\ASTSRV.EXE
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\PnkBstrA.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2013-01-04 08:33:22 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2013-01-04 13:33
.
Pre-Run: 23.884.644.352 byte disponibili
Post-Run: 25.758.670.848 byte disponibili
.
- - End Of File - - C6E15322CA134CD8F0999F1B4169D33D

[Luke57]

Ciao, non mi pare ch ci siano infezioni nel report, comunque scarica otl.exe sul desktop

http://oldtimer.geekstogo.com/OTL.exe

Esegui il file OTL.exe
(Dopo aver eseguito OTL, sui sistemi Windows 7 e Windows Vista si dovrà rispondere in modo affermativo alla comparsa del messaggio di avviso di UAC.)

Metti la spunta nelle caselle:
"Scan all users"
Processes ---->Use safe list
Services ----> Use safe list
Standard Registry ----> All
Modules ----> All
Drivers ----> All
Sotto output spunta minimal output
Clicca sulla freccettina di File Age e seleziona 60 Days
Seleziona All alle voci "Files created within" e "File modified within"

Clicca su Run scan
Finita la scansione che potrebbe impiegare diverso tempo, OTL produrrà due file di log (OTL.txt ed Extras.txt), memorizzati nella medesima cartella del programma.

Inserisci i file qui:
http://wikisend.com/
fornendo il link per poterli vedere

[Vongian]

Ciao Luke,
ecco i link dei file otl e extras.
Secondo te, se non è problema di un'infezione, a cosa si può collegare la lentezza del pc? Può essere "l'anzianità" dell'hardware e di windows xp?
Ancora grazie del tuo aiuto!

http://wikisend.com/download/107996/OTL.Txt
OTL.Txt

http://wikisend.com/download/497192/Extras.Txt
Extras.Txt

[Luke57]

Ciao, nei report non ho trovato infezioni per cui posta il tuo problema in altra sezione del forum più pertinente.

[Vongian]

Ok! Grazie mille dell'aiuto, Luke. Sei stato gentilissimo!