UFFICIALE Rimozione Rootkit zero access - postate qui se siete infetti

[tecnico24]

Sarebbe gradita una schermata dell'errore di windows defender.
Nessun componente funziona?antivirus , antispyware e firewall?

 

[turbo5]

Sì, scusa ancora.
Allora, il firewall è perfettamente operativo, mentre windows defender no: se lo vado ad attivare dal centro operativo mi rimanda inspiegabilmente alla cartella system32

mentre se vado a cliccare sulla sua icona dal pannello di controllo, mi dà questo errore

Premetto che avevo prima l'ESET NOD32 v6, disinstallato tramite il tool "ESETUninstaller", scaricato direttamente dal sito ESET, quindi credo di aver eliminato qualsiasi traccia di quell'antivirus

 

[tecnico24]

Prova ad effettuare una pulizia Completa con Ccleaner:
CCleaner - Download
Deframmenta il registro con Wise Registry Cleaner:
Wise Registry Cleaner - Best Free Registry Cleaner - speedup slow PC in one minute
Da msconfig , in servizi , metti la spunta su Nascondi servizi microsoft , disabilita tutto , applica - OK.
Riavvia il pc e riprova.

 

[turbo5]

Prova ad effettuare una pulizia Completa con Ccleaner:
CCleaner - Download
Deframmenta il registro con Wise Registry Cleaner:
Wise Registry Cleaner - Best Free Registry Cleaner - speedup slow PC in one minute
Da msconfig , in servizi , metti la spunta su Nascondi servizi microsoft , disabilita tutto , applica - OK.
Riavvia il pc e riprova.

Purtroppo ancora niente, la situazione non è minimamente cambiata. Ho notato una cosa però, anche prima di fare tutto questo c'era e c'è tuttora questo

 

[tecnico24]

Il mio consiglio è di lasciar perdere windows defender.
Questo antivirus è installato nativamente al sistema operativo , quindi poco si può fare.
La rieiniziazione del S.O era l'unica possibilità di riparare il sistema operativo senza perdere i dati , se non va a buon fine qualche chiave di registro importante di sistema è stata danneggiata.

 

[turbo5]

Il mio consiglio è di lasciar perdere windows defender.
Questo antivirus è installato nativamente al sistema operativo , quindi poco si può fare.
La rieiniziazione del S.O era l'unica possibilità di riparare il sistema operativo senza perdere i dati , se non va a buon fine qualche chiave di registro importante di sistema è stata danneggiata.

Hmm, ok. Nel frattempo ho reinstallato NOD32, e sembra non dare alcun problema, nè lui, nè il centro operativo. Ti ringrazio davvero di tutto per quello che hai fatto, mi hai aiutato davvero molto. Grazie ancora!

 

[TheS]

Buongiorno a tutte/i ed intanto GRAZIE per tutte le informazioni utili che siete soliti condividere nelle diversesezioni di questo Forum.Avrei bisogno del vostro aiuto.
Qualche giorno fa, se non erro il 27 aprile 2013, cercando un “crack” per un giochino Zylom (FarmFrenzy3:AncientRome) mi sono purtroppo imbattuto in un file exe (ritenuto innocuo da tutte le protezioni presenti sul PC) che si è rivelato contenere il virus chiamato “Rootkit Zero Access”.
Dapprima inconsapevole di cosa fosse, ne ho scoperto l’esistenza cercando di risolvere le problematiche sorte : connessione internet regolare ma nessuna pagina web raggiungibile (anche se Jdownloader funzionava regolarmente), Windows Firewall inattivabile, un NON richiesto upgrade di IE6 ad Internet Explorer 8 che – in inglese – si era autoinstallato sul PC nonché una navigazione continua in sottofondo – con rumore di HDD in funzionee linea ADSL in pieno download – anche con tutte le applicazioni chiuse.
Il tutto, adoperando un secondo HDD con Windows 7 installato sullo stesso PC.
Seguendo le procedure indicate in questo forum, ed in special modo quelle di “Tecnico24” in questo thread ( i diversi software menzionati sono riuscito a (spero defintivamente) debellare il suddetto virus, confermato da Kaspersky TDSS Removing Tool (unitamente ad altri malware), disinstallare IE8, a riattivare il firewall di Windows e “Ripristino configurazione di sistema” ma….non riesco più a connettermi ad internet.
Preciso che ho Windows XP SP 3, con Bit Defender Internet Security 2013 originale installato, ed una chiavetta USB MOMO della Tre per navigare. Ho disinstallato e reinstallato il software della stessa, ma non cambia nulla: in pratica, i driver vengono riconosciuti, la periferica idem, ma quando mi connetto (con indicazione della potenza del segnale valida), si disconnette all’istante.
Ho anche provato a disabilitare il Windows Firewall, a settarne le regole per consentire l'accesso al web al software della chiavetta, a seguire quest'altra procedura
( Start > esegui > digita:
cmd
e dai invio.
Nella finestra digita:
netsh winsock reset catalog
dai invio
Poi digita:
NETSH FIREWALL RESET
Dai invio.
Riavvia e prova.)
Ma non cambia nulla: sulla schermata del software, appare scritto “Connessione in corso” che istantaneamente si trasforma in “Disconnessione in corso”!
Avendo conservato alcuni report dei vari software adoperati (ADWcleaner prima e dopo pulizia – ROGUE Killer prima, dopo e quarantine report – MalwareBytes LOG – purtroppo non ho quelli di ComboFix in quanto sono stati cancellati dall’ultimo software che avevo adoperato ovvero OTL Old Timer), sapreste indicarmi se è stato cancellato qualche driver necessario per le connessioni di rete, o una libreria, o qualche riga dal registro di sistema che provoca questo malfunzionamento?
Posso provare ad adoperare “Twaking.com Windows Repair” per recuperare eventuali richiami a servizi importanti di Windows cancellati o impartendo qualche specifica linea di comando riavviando il PC in modalità provvisoria in ambiente DOS (anche da Boot CD di Windows)?Inoltre, mi è rimasta una cartella (in un’altrapartizione del secondo HDD collegato al PC) che non riesco a cancellare in alcun modo, e che conteneva alcuni file di setup rivelatisi di IE8 (penso possa essere stata creata dal Rootkit di cui sopra): come la elimino?
Alle brutte, se reinstallo la “XP SP3 Upgrade” di cui ho il CD, cosa vado a perdere?
Grazie ancora e buona giornata

TheS

 

[tecnico24]

Ciao TheS , benvenuto.
scarica FSS
http://www.bleepingc...ervice-scanner/
Metti la spunta a tutte le opzioni
clicca su SCAN
posta il log che ti appare nella tua prossima risposta.

Attenzione:le operazioni eseguile con la chiavetta inserita.

 

[TheS]

Ciao a te.
Se non ho capito male, inserisco quindi la chiavetta TRE, lancio il software di connessione e provo a connettermi, ed appena mi disconnette estraggo il LOG del software che mi hai indicato.
Stasera, al rientro da lavoro, procedo a rilevare il tutto dal PC in esame (ed inviartelo, ovviamente, facendo il riavvio dal secondo HDD con partizione attiva).
Grazie ancora e buon pomeriggio.

TheS

 

[tecnico24]

Non hai capito bene , riprovo:
con chiavetta inserita esegui il software indicato sopra come spiegato e postare il log : tutto qui.

 

[TheS]

Ok, a stasera allora.
Grazie ancora.

TheS

- - - Updated - - -

Non hai capito bene , riprovo:
con chiavetta inserita esegui il software indicato sopra come spiegato e postare il log : tutto qui.

Ciao tecnico24.
Ti riporto due file txt (uno relativo al programma che mi hai consigliato, e l'altro creato da HiJack this), unitamente ad una immagine della cartella che mi sono ritrovato in un'altra partizione dell'HDD e che conteneva tutti i file relativi al setup di installazione di IE8 in inglese (update che io non avevo mai richiesto). Quelli evidenziati NON riesco a cancellarli, nè adoperando "unlocker" (se gli dico di "eliminarli riavviando il PC", il computer NON riparte con XP ma si riavvia più volte fino a chiedere "l'ultima configurazione funzionante" ed allora riparte, ovviamente NON eliminando tali file), nè il "distruttore di file" di BitDefender.
Analizzali con calma (vale anche per chi si vuole cimentare a dare qualche dritta in merito).
Buona serata e buona cena dal "netbook salvagente".

FSS


Farbar Service Scanner Version: 14-04-2013
Ran by TheSpirit (administrator) on 29-04-2013 at 19:40:33
Running from "C:\Documents and Settings\TheSpirit\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2002-09-09 13:50] - [2008-04-13 19:13] - 0126976 ____A (Microsoft Corporation) 699EE7F752A25180AEB92C3A0EAEE440

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2001-08-31 14:00] - [2008-04-13 19:13] - 0045568 ____A (Microsoft Corporation) 5A4DAC2ED68EDF6FDD78529D78CB994E

C:\WINDOWS\system32\ipnathlp.dll
[2002-09-09 13:50] - [2008-04-13 19:13] - 0332288 ____A (Microsoft Corporation) 152C0555925DFE028E3148FD215146BB

C:\WINDOWS\system32\netman.dll
[2002-09-09 13:51] - [2008-04-13 19:13] - 0198144 ____A (Microsoft Corporation) 02815B70FC4CA8611A926176F1C39FC2

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-07-20 19:35] - [2008-04-13 19:13] - 0145408 ____N (Microsoft Corporation) 40911E98D0F1CBB1015F2101982F1DDF

C:\WINDOWS\system32\srsvc.dll
[2008-07-20 19:37] - [2008-04-13 19:13] - 0171520 ____A (Microsoft Corporation) B3E3DA70A7A76E69B872DE3D06D32C19

C:\WINDOWS\system32\Drivers\sr.sys
[2008-07-20 19:37] - [2008-04-13 18:56] - 0073472 ____A (Microsoft Corporation) 618718CAE288BF7CBD8FCBAB2577D932

C:\WINDOWS\system32\wscsvc.dll
[2007-06-13 20:01] - [2008-04-13 19:13] - 0080896 ____A (Microsoft Corporation) 926D921C93CFF1E19EF4DE3E4C8368CA

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-07-20 19:35] - [2008-04-13 19:13] - 0145408 ____N (Microsoft Corporation) 40911E98D0F1CBB1015F2101982F1DDF

C:\WINDOWS\system32\wuauserv.dll
[2008-07-20 19:35] - [2008-04-13 19:13] - 0006656 ____A (Microsoft Corporation) CC48415E6C7CBAA441A3D6A6DCCBCFA6

C:\WINDOWS\system32\qmgr.dll
[2008-07-20 19:37] - [2008-04-13 19:13] - 0409088 ____A (Microsoft Corporation) 48C4763A9C8990FB48B73445BEB15D6A

C:\WINDOWS\system32\es.dll
[2002-09-09 13:50] - [2008-04-13 19:13] - 0246272 ____A (Microsoft Corporation) FF8566499E5A781DA69342D3D76FF246

C:\WINDOWS\system32\cryptsvc.dll
[2002-09-09 13:50] - [2008-04-13 19:13] - 0062464 ____A (Microsoft Corporation) B6FCBB157E9C8ABDCA4134C535535A8B

C:\WINDOWS\system32\svchost.exe
[2001-08-31 14:00] - [2008-04-13 19:14] - 0014336 ____N (Microsoft Corporation) BB8363ABEC09AA2F9B363484E282117C

C:\WINDOWS\system32\rpcss.dll
[2002-09-09 13:51] - [2008-04-13 19:13] - 0399360 ____A (Microsoft Corporation) DB0C9517C2374D86A18DBFA12B35B129

C:\WINDOWS\system32\services.exe
[2001-08-31 14:00] - [2008-04-13 19:14] - 0109056 ____A (Microsoft Corporation) DAC0440C89B1EA4E35684896D5BF856E


Extra List:
=======
aswFW(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x070000000500000003000000040000000B0000000A0000000700000006000000
IpSec Tag value is correct.

**** End of log ****




HiJack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.44.56, on 29/04/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\Bitdefender\Bitdefender 2013\vsserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Tablet\Pen\Pen_TouchService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmi\Tablet\Pen\Pen_Tablet.exe
C:\Programmi\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Programmi\Tablet\Pen\Pen_TouchUser.exe
C:\Programmi\Tablet\Pen\Pen_TabletUser.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Tablet\Pen\Pen_Tablet.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\Programmi\HSPA USB Modem\BackgroundService\ModemListener.exe
C:\Programmi\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Programmi\PestPatrol\PPMemCheck.exe
C:\Programmi\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Bitdefender\Bitdefender 2013\seccenter.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - I:\Programmi Installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Bip Imola ModemListener] C:\Programmi\HSPA USB Modem\BackgroundService\ModemListener.exe start
O4 - HKLM\..\Run: [Bdagent] C:\Programmi\Bitdefender\Bitdefender 2013\bdagent.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\Programmi\PestPatrol\PPMemCheck.exe
O4 - HKCU\..\Run: [C:\WINDOWS\system32\svchost.exe] C:\WINDOWS\system32\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Aggiungi a PDF esistente - res://I:\Programmi Installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://I:\Programmi Installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://I:\Programmi Installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://I:\Programmi Installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://I:\Programmi Installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://I:\Programmi Installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://I:\Programmi Installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://I:\Programmi Installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Mipony - file://C:\Programmi\MiPony\Browser\IEContext.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - I:\Programmi Installati\Bamboo\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Programmi\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Programmi\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Programmi\Tablet\Pen\Pen_TouchService.exe
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Programmi\Bitdefender\Bitdefender 2013\updatesrv.exe
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Programmi\Bitdefender\Bitdefender 2013\vsserv.exe

--
End of file - 7783 bytes



TheS

 

[tecnico24]

Ciao TheS.
Scarica sul desktop repair.zip e scompattalo
con i privilegi amminsitrativi doppio click su repair.bat
rifai uno scan con FSS e posta il log.
Posta anche il report di Combofix , se non lo trovi , rieseguilo come descritto nella guida ufficiale e postalo.

 

[TheS]

Ciao TheS.
Scarica sul desktop repair.zip e scompattalo
con i privilegi amminsitrativi doppio click su repair.bat
rifai uno scan con FSS e posta il log.
Posta anche il report di Combofix , se non lo trovi , rieseguilo come descritto nella guida ufficiale e postalo.

Ciao tecnico24.
Mi ero illuso :-)
TDSS non rilevava più nulla, ma in realtà, appena ho rilanciato Combofix, mi ha trovato nuovamente il rootkit....
Ti posto il log, e mi chiedo: ma qual'è lo scopo di far entrare un virus in un PC che non può più connettersi ad internet? Si trasmette anche con i file spostati tramite USB-Key?
Ecco il tutto.
Secondo LOG di FSS:

"""

Farbar Service Scanner Version: 14-04-2013
Ran by TheSpirit (administrator) on 29-04-2013 at 23:09:06
Running from "C:\Documents and Settings\TheSpirit\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2002-09-09 13:50] - [2008-04-13 19:13] - 0126976 ____A (Microsoft Corporation) 699EE7F752A25180AEB92C3A0EAEE440
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2001-08-31 14:00] - [2008-04-13 19:13] - 0045568 ____A (Microsoft Corporation) 5A4DAC2ED68EDF6FDD78529D78CB994E
C:\WINDOWS\system32\ipnathlp.dll
[2002-09-09 13:50] - [2008-04-13 19:13] - 0332288 ____A (Microsoft Corporation) 152C0555925DFE028E3148FD215146BB
C:\WINDOWS\system32\netman.dll
[2002-09-09 13:51] - [2008-04-13 19:13] - 0198144 ____A (Microsoft Corporation) 02815B70FC4CA8611A926176F1C39FC2
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-07-20 19:35] - [2008-04-13 19:13] - 0145408 ____N (Microsoft Corporation) 40911E98D0F1CBB1015F2101982F1DDF
C:\WINDOWS\system32\srsvc.dll
[2008-07-20 19:37] - [2008-04-13 19:13] - 0171520 ____A (Microsoft Corporation) B3E3DA70A7A76E69B872DE3D06D32C19
C:\WINDOWS\system32\Drivers\sr.sys
[2008-07-20 19:37] - [2008-04-13 18:56] - 0073472 ____A (Microsoft Corporation) 618718CAE288BF7CBD8FCBAB2577D932
C:\WINDOWS\system32\wscsvc.dll
[2007-06-13 20:01] - [2008-04-13 19:13] - 0080896 ____A (Microsoft Corporation) 926D921C93CFF1E19EF4DE3E4C8368CA
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-07-20 19:35] - [2008-04-13 19:13] - 0145408 ____N (Microsoft Corporation) 40911E98D0F1CBB1015F2101982F1DDF
C:\WINDOWS\system32\wuauserv.dll
[2008-07-20 19:35] - [2008-04-13 19:13] - 0006656 ____A (Microsoft Corporation) CC48415E6C7CBAA441A3D6A6DCCBCFA6
C:\WINDOWS\system32\qmgr.dll
[2008-07-20 19:37] - [2008-04-13 19:13] - 0409088 ____A (Microsoft Corporation) 48C4763A9C8990FB48B73445BEB15D6A
C:\WINDOWS\system32\es.dll
[2002-09-09 13:50] - [2008-04-13 19:13] - 0246272 ____A (Microsoft Corporation) FF8566499E5A781DA69342D3D76FF246
C:\WINDOWS\system32\cryptsvc.dll
[2002-09-09 13:50] - [2008-04-13 19:13] - 0062464 ____A (Microsoft Corporation) B6FCBB157E9C8ABDCA4134C535535A8B
C:\WINDOWS\system32\svchost.exe
[2001-08-31 14:00] - [2008-04-13 19:14] - 0014336 ____N (Microsoft Corporation) BB8363ABEC09AA2F9B363484E282117C
C:\WINDOWS\system32\rpcss.dll
[2002-09-09 13:51] - [2008-04-13 19:13] - 0399360 ____A (Microsoft Corporation) DB0C9517C2374D86A18DBFA12B35B129
C:\WINDOWS\system32\services.exe
[2001-08-31 14:00] - [2008-04-13 19:14] - 0109056 ____A (Microsoft Corporation) DAC0440C89B1EA4E35684896D5BF856E

Extra List:
=======
aswFW(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x070000000500000003000000040000000B0000000A0000000700000006000000
IpSec Tag value is correct.
**** End of log ****

""""

e questo è quello di Combofix:

""""

ComboFix 13-04-28.01 - TheSpirit 29/04/2013 23.44.01.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3326.2819 [GMT 2:00]
Eseguito da: c:\documents and settings\TheSpirit\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {0013F2B4-5AF1-7C92-0300-000000000000}
AV: Bitdefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
i:\temp\setCD.tmp
.
.
((((((((((((((((((((((((( Files Creati Da 2013-03-28 al 2013-04-29 )))))))))))))))))))))))))))))))))))
.
.
2013-04-29 17:43 . 2013-04-29 17:43 -------- d-----w- c:\programmi\Trend Micro
2013-04-28 21:39 . 2004-08-09 04:03 221184 ----a-w- c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
2013-04-28 21:39 . 2004-08-09 04:03 385024 ----a-w- c:\programmi\File comuni\InstallShield\UpdateService\_ispmres.dll
2013-04-28 21:38 . 2004-10-22 00:18 749568 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-04-28 21:38 . 2004-10-22 00:17 69715 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-04-28 21:38 . 2004-10-22 00:17 274432 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-04-28 21:38 . 2004-10-22 00:16 180224 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-04-28 21:38 . 2004-10-22 00:16 5632 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-04-28 21:38 . 2013-04-28 21:38 323716 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-04-28 21:38 . 2013-04-28 21:38 192644 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-04-28 19:19 . 2013-04-28 19:19 135464 ----a-w- c:\windows\system32\LnkProtect.dll
2013-04-28 19:18 . 2013-04-28 19:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HitmanPro
2013-04-28 12:17 . 2013-04-28 12:17 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2013-04-28 12:17 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-27 20:15 . 2013-04-27 20:15 -------- d-----w- c:\windows\system32\wbem\Repository
2013-04-27 20:14 . 2013-04-27 20:14 -------- d--h--w- c:\windows\ie8
2013-04-27 20:03 . 2013-04-27 20:03 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2013-04-27 19:52 . 2013-04-27 19:52 -------- d-----w- c:\documents and settings\TheSpirit\PrivacIE
2013-04-27 19:48 . 2013-04-27 19:48 -------- d-----w- c:\documents and settings\TheSpirit\IETldCache
2013-04-27 19:45 . 2013-04-27 19:45 -------- d-----w- c:\windows\system32\config\systemprofile\IETldCache
2013-04-27 19:41 . 2004-08-19 13:35 46154 ----a-w- c:\windows\system32\SET59.tmp
2013-04-27 19:41 . 2008-04-13 17:13 851968 ----a-w- c:\programmi\File comuni\Microsoft Shared\VGX\SET41.tmp
2013-04-27 16:02 . 2013-04-27 16:02 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2013-04-27 15:58 . 2013-04-27 15:58 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\PCHealth
2013-04-27 15:56 . 2008-04-13 17:13 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-04-27 15:56 . 2001-08-31 12:00 68608 ------w- c:\windows\system32\plugin.ocx
2013-04-27 10:17 . 2013-04-27 10:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FarmFrenzy3
2013-04-27 10:04 . 2013-04-27 10:04 -------- d-----w- c:\documents and settings\TheSpirit\Impostazioni locali\Dati applicazioni\AlawarWrapper
2013-04-27 10:04 . 2013-04-27 10:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AlawarWrapper
2013-04-27 10:03 . 2013-04-28 10:22 -------- d-----w- c:\programmi\Alawar
2013-04-27 10:00 . 2013-04-27 10:00 -------- d-----w- c:\documents and settings\TheSpirit\Dati applicazioni\freshgames
2013-04-26 18:07 . 2013-04-26 18:07 -------- d-----w- c:\documents and settings\TheSpirit\Dati applicazioni\NevoSoft Games
2013-04-26 17:44 . 2006-12-28 10:12 1933312 ----a-w- c:\windows\system32\Tropix.scr
2013-04-26 16:21 . 2013-04-26 16:21 -------- d-----w- c:\documents and settings\TheSpirit\Dati applicazioni\Jane s Hotel Family Hero
2013-04-06 19:34 . 2013-04-06 19:37 -------- d-----w- c:\windows\system32\tmp0000165e
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-28 12:53 . 2002-08-29 00:01 138112 ----a-w- c:\windows\system32\drivers\afd.sys
2013-03-17 13:07 . 2013-03-17 13:07 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2013-03-13 17:04 . 2012-05-09 16:51 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 17:04 . 2012-01-24 16:28 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-18 22:49 . 2013-02-18 22:49 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-02-18 22:49 . 2013-02-18 22:49 625128 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-02-18 22:48 . 2013-02-18 22:48 482928 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-04-13 18:47 . 2013-04-13 18:47 263064 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\svchost.exe"="c:\windows\system32\svchost.exe" [2008-04-13 14336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\programmi\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"Bip Imola ModemListener"="c:\programmi\HSPA USB Modem\BackgroundService\ModemListener.exe" [2012-06-27 126056]
"Bdagent"="c:\programmi\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-03-25 1614856]
"PPMemCheck"="c:\programmi\PestPatrol\PPMemCheck.exe" [2003-04-19 148480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
APC UPS Status.lnk - c:\programmi\APC\APC PowerChute Personal Edition\Display.exe [2012-4-29 221247]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido HP Photosmart Premier.lnk]
backup=c:\windows\pss\Avvio rapido HP Photosmart Premier.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Acrobat.lnk]
backup=c:\windows\pss\Avvio veloce di Adobe Acrobat.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Server4PC.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^VIA RAID TOOL.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Hardware\VIA\RAID\VIA RAID TOOL.lnk
backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^TheSpirit^Menu Avvio^Programmi^Esecuzione automatica^AP Launch.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^TheSpirit^Menu Avvio^Programmi^Esecuzione automatica^PowerReg Scheduler V3.exe]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-08-09 04:03 221184 ----a-w- c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
2009-08-17 14:05 916304 -c--a-w- c:\programmi\RegistryFirstAid\rfagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher]
2009-03-13 11:13 911192 ----a-w- c:\programmi\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MagicTuneEngine"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"wuauserv"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"avast! Firewall"=2 (0x2)
"NMIndexingService"=3 (0x3)
"SharedAccess"=2 (0x2)
"Schedule"=2 (0x2)
"MAGIX StartUp Analyze Service"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"Bip Imola Modem Device Helper"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 DiskSec;Magix Volume Filter Driver;c:\windows\system32\drivers\disksec.sys [14/09/2011 19.15.33 14208]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [18/10/2012 20.05.34 161312]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [21/06/2007 19.58.28 77312]
R2 TabletServicePen;TabletServicePen;c:\programmi\Tablet\Pen\Pen_Tablet.exe [19/01/2011 13.42.24 6076272]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\programmi\Tablet\Pen\Pen_TouchService.exe [19/01/2011 13.43.30 616816]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\programmi\Bitdefender\Bitdefender 2013\updatesrv.exe [18/10/2012 20.07.28 55544]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [20/07/2008 23.46.06 1310720]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [22/01/2011 18.07.13 11520]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;i:\programmi installati\Bamboo\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [09/10/2009 5.45.56 169312]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [19/02/2013 0.49.54 66392]
S3 bsusbser;PHD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\bsusbser.sys [06/09/2008 19.04.10 94848]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17/03/2013 15.07.33 23456]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [02/03/2013 10.15.38 106112]
S3 RSUSBCCID;Realtek Smartcard Reader Driver;c:\windows\system32\drivers\RtsUCcid.sys [27/12/2012 1.50.47 44032]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [27/12/2012 1.50.47 173056]
S3 RtsUIr;Realtek IR Driver;c:\windows\system32\drivers\RtsUIr.sys [27/12/2012 1.50.47 17536]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [14/03/2006 3.22.40 349184]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [19/01/2011 13.42.31 16240]
S4 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [29/08/2011 1.03.34 101976]
S4 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [02/10/2011 21.34.33 12112]
S4 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [29/08/2011 1.02.48 192728]
S4 avast! Firewall;avast! Firewall; [x]
S4 Bip Imola Modem Device Helper;Bip Imola Modem Device Helper;c:\programmi\HSPA USB Modem\BackgroundService\ServiceManager.exe -start --> c:\programmi\HSPA USB Modem\BackgroundService\ServiceManager.exe -start [?]
S4 MAGIX StartUp Analyze Service;MAGIX StartUp Analyze Service;i:\programmi installati\PC_Check_Tuning_2011\MXSAS.exe [01/06/2012 19.00.47 186368]
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 17:04]
.
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm
mStart Page = about:blank
IE: Aggiungi a PDF esistente - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti destinazione link in Adobe PDF - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in Adobe PDF - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Scarica con Mipony - file://c:\programmi\MiPony\Browser\IEContext.htm
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\TheSpirit\Dati applicazioni\Mozilla\Firefox\Profiles\9r76t12s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59111
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-25 21:18; client@anonymox.net; c:\documents and settings\TheSpirit\Dati applicazioni\Mozilla\Firefox\Profiles\9r76t12s.default\extensions\client@anonymox.net.xpi
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
SafeBoot-96354726.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-04-29 23:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2013-04-29 23:58:46
ComboFix-quarantined-files.txt 2013-04-29 21:58
.
Pre-Run: 8.683.798.528 byte disponibili
Post-Run: 8.677.003.264 byte disponibili
.
- - End Of File - - EA49136D708F7D6DC9099791AAC723E3

""""

Infine, ti riporto ciò che era incluso nel log di "Combofix quarantined files":


""""

2013-04-29 21:57:44 . 2013-04-29 21:57:44 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-96354726.sys.reg.dat
2013-04-29 21:53:57 . 2013-04-29 21:53:57 59,999 ----a-w- C:\Qoobox\Quarantine\I\av1.zip
2013-04-29 21:53:55 . 2010-03-03 23:15:32 118,736 ----a-w- C:\Qoobox\Quarantine\I\TEMP\setCD.tmp.vir
2013-04-29 21:50:26 . 2013-04-29 21:50:26 13,195 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-04-29 21:12:41 . 2013-04-29 21:42:35 153 ----a-w- C:\Qoobox\Quarantine\catchme.log

""""

Attendo direttive.
Buon pomeriggio.

TheS

 

[tecnico24]

Potresti allegare il log di TDSS Killer?

 

[TheS]

Potresti allegare il log di TDSS Killer?

OTE=tecnico24;3109933]Potresti allegare il log di TDSS Killer?[/QUOTE]

Ciao Tecnico, bentrovato.
Allora, ti aggiorno un pò sulla situazione.
Intanto, ti comunico che sono riuscito a riconnettermi MA...leggerai in fondo il motivo di questo dubbio.
Ieri sera, ho provato a lanciare per ben tre volte di fila Combofix: inutile dire che, tutte e tre le volte, ha rilevato la presenza del Rootkit.
Questo che ti riporto, è l'ultimo log:

""""

ComboFix 13-04-28.01 - TheSpirit 30/04/2013 23.32.01.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3326.2808 [GMT 2:00]
Eseguito da: c:\documents and settings\TheSpirit\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {0013F2B4-5AF1-7C92-0300-000000000000}
AV: Bitdefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((( Files Creati Da 2013-03-28 al 2013-04-30 )))))))))))))))))))))))))))))))))))
.
.
2013-04-29 17:43 . 2013-04-29 17:43 -------- d-----w- c:\programmi\Trend Micro
2013-04-28 21:39 . 2004-08-09 04:03 221184 ----a-w- c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
2013-04-28 21:39 . 2004-08-09 04:03 385024 ----a-w- c:\programmi\File comuni\InstallShield\UpdateService\_ispmres.dll
2013-04-28 21:38 . 2004-10-22 00:18 749568 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-04-28 21:38 . 2004-10-22 00:17 69715 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-04-28 21:38 . 2004-10-22 00:17 274432 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-04-28 21:38 . 2004-10-22 00:16 180224 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-04-28 21:38 . 2004-10-22 00:16 5632 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-04-28 21:38 . 2013-04-28 21:38 323716 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-04-28 21:38 . 2013-04-28 21:38 192644 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-04-28 19:19 . 2013-04-28 19:19 135464 ----a-w- c:\windows\system32\LnkProtect.dll
2013-04-28 19:18 . 2013-04-28 19:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HitmanPro
2013-04-28 12:17 . 2013-04-28 12:17 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2013-04-28 12:17 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-27 20:15 . 2013-04-27 20:15 -------- d-----w- c:\windows\system32\wbem\Repository
2013-04-27 20:14 . 2013-04-27 20:14 -------- d--h--w- c:\windows\ie8
2013-04-27 20:03 . 2013-04-27 20:03 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2013-04-27 19:52 . 2013-04-27 19:52 -------- d-----w- c:\documents and settings\TheSpirit\PrivacIE
2013-04-27 19:48 . 2013-04-27 19:48 -------- d-----w- c:\documents and settings\TheSpirit\IETldCache
2013-04-27 19:45 . 2013-04-27 19:45 -------- d-----w- c:\windows\system32\config\systemprofile\IETldCache
2013-04-27 19:41 . 2004-08-19 13:35 46154 ----a-w- c:\windows\system32\SET59.tmp
2013-04-27 19:41 . 2008-04-13 17:13 851968 ----a-w- c:\programmi\File comuni\Microsoft Shared\VGX\SET41.tmp
2013-04-27 16:02 . 2013-04-27 16:02 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2013-04-27 15:58 . 2013-04-27 15:58 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\PCHealth
2013-04-27 15:56 . 2008-04-13 17:13 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-04-27 15:56 . 2001-08-31 12:00 68608 ------w- c:\windows\system32\plugin.ocx
2013-04-27 10:17 . 2013-04-27 10:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FarmFrenzy3
2013-04-27 10:04 . 2013-04-27 10:04 -------- d-----w- c:\documents and settings\TheSpirit\Impostazioni locali\Dati applicazioni\AlawarWrapper
2013-04-27 10:04 . 2013-04-27 10:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AlawarWrapper
2013-04-27 10:03 . 2013-04-28 10:22 -------- d-----w- c:\programmi\Alawar
2013-04-27 10:00 . 2013-04-27 10:00 -------- d-----w- c:\documents and settings\TheSpirit\Dati applicazioni\freshgames
2013-04-26 18:07 . 2013-04-26 18:07 -------- d-----w- c:\documents and settings\TheSpirit\Dati applicazioni\NevoSoft Games
2013-04-26 17:44 . 2006-12-28 10:12 1933312 ----a-w- c:\windows\system32\Tropix.scr
2013-04-26 16:21 . 2013-04-26 16:21 -------- d-----w- c:\documents and settings\TheSpirit\Dati applicazioni\Jane s Hotel Family Hero
2013-04-06 19:34 . 2013-04-06 19:37 -------- d-----w- c:\windows\system32\tmp0000165e
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-28 12:53 . 2002-08-29 00:01 138112 ----a-w- c:\windows\system32\drivers\afd.sys
2013-03-17 13:07 . 2013-03-17 13:07 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2013-03-13 17:04 . 2012-05-09 16:51 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 17:04 . 2012-01-24 16:28 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-18 22:49 . 2013-02-18 22:49 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-02-18 22:49 . 2013-02-18 22:49 625128 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-02-18 22:48 . 2013-02-18 22:48 482928 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-04-13 18:47 . 2013-04-13 18:47 263064 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\svchost.exe"="c:\windows\system32\svchost.exe" [2008-04-13 14336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\programmi\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"Bip Imola ModemListener"="c:\programmi\HSPA USB Modem\BackgroundService\ModemListener.exe" [2012-06-27 126056]
"Bdagent"="c:\programmi\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-03-25 1614856]
"PPMemCheck"="c:\programmi\PestPatrol\PPMemCheck.exe" [2003-04-19 148480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
APC UPS Status.lnk - c:\programmi\APC\APC PowerChute Personal Edition\Display.exe [2012-4-29 221247]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido HP Photosmart Premier.lnk]
backup=c:\windows\pss\Avvio rapido HP Photosmart Premier.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Acrobat.lnk]
backup=c:\windows\pss\Avvio veloce di Adobe Acrobat.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Server4PC.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^VIA RAID TOOL.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Hardware\VIA\RAID\VIA RAID TOOL.lnk
backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^TheSpirit^Menu Avvio^Programmi^Esecuzione automatica^AP Launch.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^TheSpirit^Menu Avvio^Programmi^Esecuzione automatica^PowerReg Scheduler V3.exe]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-08-09 04:03 221184 ----a-w- c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
2009-08-17 14:05 916304 -c--a-w- c:\programmi\RegistryFirstAid\rfagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher]
2009-03-13 11:13 911192 ----a-w- c:\programmi\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MagicTuneEngine"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"wuauserv"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"avast! Firewall"=2 (0x2)
"NMIndexingService"=3 (0x3)
"SharedAccess"=2 (0x2)
"Schedule"=2 (0x2)
"MAGIX StartUp Analyze Service"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"Bip Imola Modem Device Helper"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 DiskSec;Magix Volume Filter Driver;c:\windows\system32\drivers\disksec.sys [14/09/2011 19.15.33 14208]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [18/10/2012 20.05.34 161312]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [21/06/2007 19.58.28 77312]
R2 TabletServicePen;TabletServicePen;c:\programmi\Tablet\Pen\Pen_Tablet.exe [19/01/2011 13.42.24 6076272]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\programmi\Tablet\Pen\Pen_TouchService.exe [19/01/2011 13.43.30 616816]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\programmi\Bitdefender\Bitdefender 2013\updatesrv.exe [18/10/2012 20.07.28 55544]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [20/07/2008 23.46.06 1310720]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [22/01/2011 18.07.13 11520]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;i:\programmi installati\Bamboo\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [09/10/2009 5.45.56 169312]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [19/02/2013 0.49.54 66392]
S3 bsusbser;PHD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\bsusbser.sys [06/09/2008 19.04.10 94848]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17/03/2013 15.07.33 23456]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [02/03/2013 10.15.38 106112]
S3 RSUSBCCID;Realtek Smartcard Reader Driver;c:\windows\system32\drivers\RtsUCcid.sys [27/12/2012 1.50.47 44032]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [27/12/2012 1.50.47 173056]
S3 RtsUIr;Realtek IR Driver;c:\windows\system32\drivers\RtsUIr.sys [27/12/2012 1.50.47 17536]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [14/03/2006 3.22.40 349184]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [19/01/2011 13.42.31 16240]
S4 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [29/08/2011 1.03.34 101976]
S4 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [02/10/2011 21.34.33 12112]
S4 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [29/08/2011 1.02.48 192728]
S4 avast! Firewall;avast! Firewall; [x]
S4 Bip Imola Modem Device Helper;Bip Imola Modem Device Helper;c:\programmi\HSPA USB Modem\BackgroundService\ServiceManager.exe -start --> c:\programmi\HSPA USB Modem\BackgroundService\ServiceManager.exe -start [?]
S4 MAGIX StartUp Analyze Service;MAGIX StartUp Analyze Service;i:\programmi installati\PC_Check_Tuning_2011\MXSAS.exe [01/06/2012 19.00.47 186368]
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 17:04]
.
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm
mStart Page = about:blank
IE: Aggiungi a PDF esistente - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti destinazione link in Adobe PDF - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in Adobe PDF - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Scarica con Mipony - file://c:\programmi\MiPony\Browser\IEContext.htm
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\TheSpirit\Dati applicazioni\Mozilla\Firefox\Profiles\9r76t12s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59111
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-25 21:18; client@anonymox.net; c:\documents and settings\TheSpirit\Dati applicazioni\Mozilla\Firefox\Profiles\9r76t12s.default\extensions\client@anonymox.net.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-04-30 23:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2013-04-30 23:42:01
ComboFix-quarantined-files.txt 2013-04-30 21:41
ComboFix2.txt 2013-04-30 20:35
ComboFix3.txt 2013-04-30 19:53
ComboFix4.txt 2013-04-29 21:58
.
Pre-Run: 8.903.032.832 byte disponibili
Post-Run: 8.896.544.768 byte disponibili
.
- - End Of File - - 1ED99317670C3E8396EAC50E6B21AE95

"""

Oggi, ad un certo punto, ho installato Ashampoo Anti-Malwere 1.21 (visto che tutti gli altri software non rilevavano nulla).
Nemmeno lui ha rilevato alcun Rootkit, però (stranamente) mi ha detto che in

Combofix.exe/pevb.3xe

era presente questo:

trojan-ransom.win32.pinkblocker!IK

Non sò se è stato un falso positivo, ma intanto gli ho detto di cancellarlo.
Poi ha trovato anche in:

C:\windows\nircmd.exe

questo:

heuristic.dialer.RAS!A2

Idem come sopra, cancellato.
Ho anche rimesso un file chiamato:

sptd.sys

in

c:\windows\system32\drivers

che avevo cancellato qualche giorno fà, su segnalazione di Malwarebytes.

A quel punto ho pensato: e se fosse un problema di registro?
HO quindi lanciato un programma che avevo sempre scaricato l'altro giorno per rimediare ai danni dei Rootkit, ovvero

tweaking.com-windows repair

Ho fatto caricare in una cache (come da lui richiesto) i file di sistema originali dal CD di Windows XP Professional e l'ho fatto lavorare per circa un'oretta. Ad un certo punto, mi ha chiesto in più momenti di dare abilitazione al file

NETSH.EXE

e, contestualmente, ho spuntato l'opzione per togliere i "diritti di amministratore" su quella cartella bloccata nell'altro HDD.
Ho detto di si, ha terminato, ho riavviato, ha eseguito dei controlli di coerenza su C e su G (altra partizione), ho constatato che Bitdefender fosse nuovamente attivo e, sorpresa, intanto sono riuscito a cancellare definitivamente quei "residui" di cartelle di installazione NON richiesta di IE8.
Poi, ho messo la chiavetta per la connessione e..finalmente mi ha fatto connettere!
Non contento, però, mi sono chiesto: e se ci fosse ancora Zero Access presente in root?
Allora ho rilanciato Combofix (che nel frattempo ho riscaricato dalla pennetta USB) e, come volevasi dimostrare, ha rilevato ANCORA la presenza del caro virus. Questo è il LOG:

"""

ComboFix 13-04-28.01 - TheSpirit 01/05/2013 20.46.26.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3326.2815 [GMT 2:00]
Eseguito da: c:\documents and settings\TheSpirit\Desktop\ComboFix.exe
AV: Ashampoo Anti-MalWare *Disabled/Outdated* {91BDFB4E-BA7E-4ABC-9472-A79BA394CA4B}
AV: Bitdefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((( Files Creati Da 2013-04-01 al 2013-05-01 )))))))))))))))))))))))))))))))))))
.
.
2013-05-01 16:33 . 2013-05-01 18:45 -------- d-----w- c:\windows\system32\CatRoot2
2013-05-01 15:34 . 2013-05-01 16:37 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-05-01 15:29 . 2013-05-01 15:29 -------- d-----w- C:\RegBackup
2013-05-01 15:25 . 2001-08-17 18:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2013-05-01 15:24 . 2001-08-30 21:08 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2013-05-01 15:23 . 2001-08-30 20:25 17536 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2013-05-01 15:22 . 2001-08-31 11:00 16896 -c--a-w- c:\windows\system32\dllcache\quser.exe
2013-05-01 15:21 . 2001-08-30 19:30 9472 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2013-05-01 15:20 . 2001-08-17 20:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2013-05-01 15:19 . 2001-08-31 11:00 5632 -c--a-w- c:\windows\system32\dllcache\kbdurdu.dll
2013-05-01 15:18 . 2001-08-17 19:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2013-05-01 15:17 . 2001-08-17 18:12 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2013-05-01 15:16 . 2001-08-17 18:11 29696 -c--a-w- c:\windows\system32\dllcache\dm9pci5.sys
2013-05-01 15:15 . 2002-12-31 12:00 6656 -c--a-w- c:\windows\system32\dllcache\c_is2022.dll
2013-05-01 15:13 . 2001-08-30 21:07 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll
2013-05-01 14:46 . 2001-08-31 19:00 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
2013-05-01 14:45 . 2008-04-13 16:55 2192768 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2013-05-01 14:45 . 2001-08-31 19:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2013-05-01 14:45 . 2001-08-31 19:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2013-05-01 14:45 . 2001-08-31 19:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2013-05-01 14:45 . 2001-08-31 19:00 171520 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2013-05-01 14:45 . 2001-08-31 19:00 15360 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2013-05-01 14:45 . 2001-08-31 19:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2013-05-01 12:02 . 2012-01-16 13:26 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-05-01 10:49 . 2013-05-01 10:49 -------- d-----w- c:\documents and settings\TheSpirit\Impostazioni locali\Dati applicazioni\Ashampoo
2013-05-01 09:21 . 2007-01-04 09:02 663552 ----a-w- c:\windows\system32\mgxoschk.dll
2013-04-29 17:43 . 2013-04-29 17:43 -------- d-----w- c:\programmi\Trend Micro
2013-04-28 21:39 . 2004-08-09 04:03 221184 ----a-w- c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
2013-04-28 21:39 . 2004-08-09 04:03 385024 ----a-w- c:\programmi\File comuni\InstallShield\UpdateService\_ispmres.dll
2013-04-28 21:38 . 2004-10-22 00:18 749568 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-04-28 21:38 . 2004-10-22 00:17 69715 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-04-28 21:38 . 2004-10-22 00:17 274432 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-04-28 21:38 . 2004-10-22 00:16 180224 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-04-28 21:38 . 2004-10-22 00:16 5632 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-04-28 21:38 . 2013-04-28 21:38 323716 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-04-28 21:38 . 2013-04-28 21:38 192644 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-04-28 19:19 . 2013-04-28 19:19 135464 ----a-w- c:\windows\system32\LnkProtect.dll
2013-04-28 19:18 . 2013-04-28 19:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HitmanPro
2013-04-28 12:17 . 2013-04-28 12:17 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2013-04-28 12:17 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-27 20:15 . 2013-05-01 15:49 -------- d-----w- c:\windows\system32\wbem\Repository
2013-04-27 20:14 . 2013-04-27 20:14 -------- d-----w- c:\windows\ie8
2013-04-27 20:03 . 2013-04-27 20:03 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2013-04-27 19:52 . 2013-04-27 19:52 -------- d-----w- c:\documents and settings\TheSpirit\PrivacIE
2013-04-27 19:48 . 2013-04-27 19:48 -------- d-----w- c:\documents and settings\TheSpirit\IETldCache
2013-04-27 19:45 . 2013-04-27 19:45 -------- d-----w- c:\windows\system32\config\systemprofile\IETldCache
2013-04-27 19:41 . 2004-08-19 13:35 46154 ----a-w- c:\windows\system32\SET59.tmp
2013-04-27 19:41 . 2008-04-13 17:13 851968 ----a-w- c:\programmi\File comuni\Microsoft Shared\VGX\SET41.tmp
2013-04-27 16:02 . 2013-04-27 16:02 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2013-04-27 15:58 . 2013-04-27 15:58 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\PCHealth
2013-04-27 15:56 . 2008-04-13 17:13 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2013-04-27 15:56 . 2008-04-13 17:13 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-04-27 15:56 . 2001-08-31 12:00 68608 ----a-w- c:\windows\system32\plugin.ocx
2013-04-27 10:17 . 2013-04-27 10:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FarmFrenzy3
2013-04-27 10:04 . 2013-04-27 10:04 -------- d-----w- c:\documents and settings\TheSpirit\Impostazioni locali\Dati applicazioni\AlawarWrapper
2013-04-27 10:04 . 2013-04-27 10:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AlawarWrapper
2013-04-27 10:03 . 2013-04-28 10:22 -------- d-----w- c:\programmi\Alawar
2013-04-27 10:00 . 2013-04-27 10:00 -------- d-----w- c:\documents and settings\TheSpirit\Dati applicazioni\freshgames
2013-04-26 18:07 . 2013-04-26 18:07 -------- d-----w- c:\documents and settings\TheSpirit\Dati applicazioni\NevoSoft Games
2013-04-26 17:44 . 2006-12-28 10:12 1933312 ----a-w- c:\windows\system32\Tropix.scr
2013-04-26 16:21 . 2013-04-26 16:21 -------- d-----w- c:\documents and settings\TheSpirit\Dati applicazioni\Jane s Hotel Family Hero
2013-04-06 19:34 . 2013-04-06 19:37 -------- d-----w- c:\windows\system32\tmp0000165e
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-28 12:53 . 2002-08-29 00:01 138112 ----a-w- c:\windows\system32\drivers\afd.sys
2013-03-17 13:07 . 2013-03-17 13:07 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2013-03-13 17:04 . 2012-05-09 16:51 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 17:04 . 2012-01-24 16:28 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-18 22:49 . 2013-02-18 22:49 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-02-18 22:49 . 2013-02-18 22:49 625128 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-02-18 22:48 . 2013-02-18 22:48 482928 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-04-13 18:47 . 2013-04-13 18:47 263064 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\svchost.exe"="c:\windows\system32\svchost.exe" [2008-04-13 14336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\programmi\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"Bip Imola ModemListener"="c:\programmi\HSPA USB Modem\BackgroundService\ModemListener.exe" [2012-06-27 126056]
"Bdagent"="c:\programmi\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-03-25 1614856]
"PPMemCheck"="c:\programmi\PestPatrol\PPMemCheck.exe" [2003-04-19 148480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
APC UPS Status.lnk - c:\programmi\APC\APC PowerChute Personal Edition\Display.exe [2012-4-29 221247]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido HP Photosmart Premier.lnk]
backup=c:\windows\pss\Avvio rapido HP Photosmart Premier.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Acrobat.lnk]
backup=c:\windows\pss\Avvio veloce di Adobe Acrobat.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Server4PC.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^VIA RAID TOOL.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Hardware\VIA\RAID\VIA RAID TOOL.lnk
backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^TheSpirit^Menu Avvio^Programmi^Esecuzione automatica^AP Launch.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^TheSpirit^Menu Avvio^Programmi^Esecuzione automatica^PowerReg Scheduler V3.exe]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-08-09 04:03 221184 ----a-w- c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
2009-08-17 14:05 916304 -c--a-w- c:\programmi\RegistryFirstAid\rfagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher]
2009-03-13 11:13 911192 ----a-w- c:\programmi\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MagicTuneEngine"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"wuauserv"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"avast! Firewall"=2 (0x2)
"NMIndexingService"=3 (0x3)
"SharedAccess"=2 (0x2)
"Schedule"=2 (0x2)
"MAGIX StartUp Analyze Service"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"Bip Imola Modem Device Helper"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 DiskSec;Magix Volume Filter Driver;c:\windows\system32\drivers\disksec.sys [14/09/2011 19.15.33 14208]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [18/10/2012 20.05.34 161312]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [21/06/2007 19.58.28 77312]
R2 AAMWService;Ashampoo Anti-Malware Service;c:\programmi\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe [01/05/2013 12.48.31 1309528]
R2 TabletServicePen;TabletServicePen;c:\programmi\Tablet\Pen\Pen_Tablet.exe [19/01/2011 13.42.24 6076272]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\programmi\Tablet\Pen\Pen_TouchService.exe [19/01/2011 13.43.30 616816]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\programmi\Bitdefender\Bitdefender 2013\updatesrv.exe [18/10/2012 20.07.28 55544]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [20/07/2008 23.46.06 1310720]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [22/01/2011 18.07.13 11520]
S2 AAMW_WSC_Service_XP;Ashampoo Anti-Malware WSC Service;c:\programmi\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe [01/05/2013 12.48.00 53248]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;i:\programmi installati\Bamboo\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [09/10/2009 5.45.56 169312]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [19/02/2013 0.49.54 66392]
S3 bsusbser;PHD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\bsusbser.sys [06/09/2008 19.04.10 94848]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17/03/2013 15.07.33 23456]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [02/03/2013 10.15.38 106112]
S3 RSUSBCCID;Realtek Smartcard Reader Driver;c:\windows\system32\drivers\RtsUCcid.sys [27/12/2012 1.50.47 44032]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [27/12/2012 1.50.47 173056]
S3 RtsUIr;Realtek IR Driver;c:\windows\system32\drivers\RtsUIr.sys [27/12/2012 1.50.47 17536]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [14/03/2006 3.22.40 349184]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [19/01/2011 13.42.31 16240]
S4 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [29/08/2011 1.03.34 101976]
S4 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [02/10/2011 21.34.33 12112]
S4 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [29/08/2011 1.02.48 192728]
S4 avast! Firewall;avast! Firewall; [x]
S4 Bip Imola Modem Device Helper;Bip Imola Modem Device Helper;c:\programmi\HSPA USB Modem\BackgroundService\ServiceManager.exe -start --> c:\programmi\HSPA USB Modem\BackgroundService\ServiceManager.exe -start [?]
S4 MAGIX StartUp Analyze Service;MAGIX StartUp Analyze Service;i:\programmi installati\PC_Check_Tuning_2011\MXSAS.exe [01/06/2012 19.00.47 186368]
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 17:04]
.
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm
IE: Aggiungi a PDF esistente - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti destinazione link in Adobe PDF - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in Adobe PDF - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Scarica con Mipony - file://c:\programmi\MiPony\Browser\IEContext.htm
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\TheSpirit\Dati applicazioni\Mozilla\Firefox\Profiles\9r76t12s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59111
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-25 21:18; client@anonymox.net; c:\documents and settings\TheSpirit\Dati applicazioni\Mozilla\Firefox\Profiles\9r76t12s.default\extensions\client@anonymox.net.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-01 20:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2013-05-01 20:56:47
ComboFix-quarantined-files.txt 2013-05-01 18:56
ComboFix2.txt 2013-04-30 21:42
ComboFix3.txt 2013-04-30 20:35
ComboFix4.txt 2013-04-30 19:53
ComboFix5.txt 2013-05-01 18:36
.
Pre-Run: 8.218.480.640 byte disponibili
Post-Run: 8.213.921.792 byte disponibili
.
- - End Of File - - 824F602BC675FE25DEEC8D9CC6D2597E

"""

Ha lavorato, riavviato, fatto i suoi 50 e passa stage, e a quel punto mi è venuto il timore che mi avesse nuovamente modificato qualche parametro per le connessioni. Ed invece no: adesso sono riconnesso, ma il virus c'è ancora, anche se TDSS non trova più nulla.
Ecco il LOG che mi ha richiesto:

"""


21:25:00.0640 2808 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:25:00.0640 2808 ============================================================
21:25:00.0640 2808 Current date / time: 2013/05/01 21:25:00.0640
21:25:00.0640 2808 SystemInfo:
21:25:00.0640 2808
21:25:00.0640 2808 OS Version: 5.1.2600 ServicePack: 3.0
21:25:00.0640 2808 Product type: Workstation
21:25:00.0640 2808 ComputerName: ROSANERO
21:25:00.0640 2808 UserName: TheSpirit
21:25:00.0640 2808 Windows directory: C:\WINDOWS
21:25:00.0640 2808 System windows directory: C:\WINDOWS
21:25:00.0640 2808 Processor architecture: Intel x86
21:25:00.0640 2808 Number of processors: 2
21:25:00.0640 2808 Page size: 0x1000
21:25:00.0640 2808 Boot type: Normal boot
21:25:00.0640 2808 ============================================================
21:25:02.0062 2808 Drive \Device\Harddisk0\DR0 - Size: 0x4C8BF2E00 (19.14 Gb), SectorSize: 0x200, Cylinders: 0x9C2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:25:02.0078 2808 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:25:02.0093 2808 Drive \Device\Harddisk3\DR7 - Size: 0x7446E00000 (465.11 Gb), SectorSize: 0x200, Cylinders: 0xED2B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:25:02.0093 2808 ============================================================
21:25:02.0093 2808 \Device\Harddisk0\DR0:
21:25:02.0093 2808 MBR partitions:
21:25:02.0093 2808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2645703
21:25:02.0093 2808 \Device\Harddisk1\DR1:
21:25:02.0093 2808 MBR partitions:
21:25:02.0093 2808 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1869E559
21:25:02.0093 2808 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x1869E598, BlocksNum 0x109A1B3A
21:25:02.0093 2808 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x290400D2, BlocksNum 0x11344B6F
21:25:02.0093 2808 \Device\Harddisk3\DR7:
21:25:02.0109 2808 MBR partitions:
21:25:02.0109 2808 \Device\Harddisk3\DR7\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C13870A
21:25:02.0109 2808 \Device\Harddisk3\DR7\Partition2: MBR, Type 0x7, StartLBA 0x1C138749, BlocksNum 0x1E0FB022
21:25:02.0109 2808 ============================================================
21:25:02.0125 2808 C: <-> \Device\Harddisk0\DR0\Partition1
21:25:02.0140 2808 G: <-> \Device\Harddisk1\DR1\Partition1
21:25:02.0171 2808 H: <-> \Device\Harddisk1\DR1\Partition2
21:25:02.0203 2808 I: <-> \Device\Harddisk1\DR1\Partition3
21:25:02.0234 2808 L: <-> \Device\Harddisk3\DR7\Partition1
21:25:02.0281 2808 M: <-> \Device\Harddisk3\DR7\Partition2
21:25:02.0281 2808 ============================================================
21:25:02.0281 2808 Initialize success
21:25:02.0281 2808 ============================================================
21:25:16.0062 3712 ============================================================
21:25:16.0062 3712 Scan started
21:25:16.0062 3712 Mode: Manual; TDLFS;
21:25:16.0062 3712 ============================================================
21:25:16.0234 3712 ================ Scan system memory ========================
21:25:16.0234 3712 System memory - ok
21:25:16.0234 3712 ================ Scan services =============================
21:25:16.0500 3712 [ 84EC82BFD573738C7417C9EA6DA478FA ] AAMWService C:\Programmi\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe
21:25:16.0531 3712 AAMWService - ok
21:25:16.0562 3712 [ 120689BEAED899EE5ED1A7B629F85C8B ] AAMW_WSC_Service_XP C:\Programmi\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe
21:25:16.0562 3712 AAMW_WSC_Service_XP - ok
21:25:16.0687 3712 Abiosdsk - ok
21:25:16.0687 3712 abp480n5 - ok
21:25:16.0734 3712 [ D766E636187B8F240BBFBABCD51EB2C6 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:25:16.0734 3712 ACPI - ok
21:25:16.0781 3712 [ 49AC5CD87FBDDA62F3E25190019E7627 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:25:16.0781 3712 ACPIEC - ok
21:25:16.0859 3712 [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 I:\Programmi Installati\Bamboo\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
21:25:16.0859 3712 AdobeActiveFileMonitor8.0 - ok
21:25:16.0953 3712 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:25:16.0953 3712 AdobeFlashPlayerUpdateSvc - ok
21:25:16.0953 3712 adpu160m - ok
21:25:17.0000 3712 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:25:17.0015 3712 aec - ok
21:25:17.0031 3712 [ 322D0E36693D6E24A2398BEE62A268CD ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:25:17.0046 3712 AFD - ok
21:25:17.0062 3712 Aha154x - ok
21:25:17.0062 3712 aic78u2 - ok
21:25:17.0109 3712 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:25:17.0109 3712 aic78xx - ok
21:25:17.0171 3712 [ BA88534A3CEB6161E7432438B9EA4F54 ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS
21:25:17.0203 3712 ALCXSENS - ok
21:25:17.0265 3712 [ 9A6A99F0D75B457E3A2267776EBE9F47 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:25:17.0312 3712 ALCXWDM - ok
21:25:17.0343 3712 [ 14A077AD0CF6116D1102631D8E1EDEE8 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:25:17.0343 3712 Alerter - ok
21:25:17.0375 3712 [ 79FE2E0D7859738225816658F0BB2A0D ] ALG C:\WINDOWS\System32\alg.exe
21:25:17.0375 3712 ALG - ok
21:25:17.0390 3712 AliIde - ok
21:25:17.0390 3712 amsint - ok
21:25:17.0484 3712 [ DC45AB27932447B598848B10650313C5 ] APC UPS Service C:\Programmi\APC\APC PowerChute Personal Edition\mainserv.exe
21:25:17.0484 3712 APC UPS Service - ok
21:25:17.0531 3712 [ 9062ED05B7519324FD7F0D6AFB9D1147 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:25:17.0562 3712 AppMgmt - ok
21:25:17.0593 3712 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:25:17.0609 3712 Arp1394 - ok
21:25:17.0609 3712 asc - ok
21:25:17.0609 3712 asc3350p - ok
21:25:17.0625 3712 asc3550 - ok
21:25:17.0656 3712 [ 71356A1370739E25375A1D17B6AE318F ] aslm75 C:\WINDOWS\system32\drivers\aslm75.sys
21:25:17.0656 3712 aslm75 - ok
21:25:17.0703 3712 [ 5B01AF89D16D562825C4DB4530F20CBB ] Aspi32 C:\WINDOWS\system32\drivers\aspi32.sys
21:25:17.0703 3712 Aspi32 - ok
21:25:17.0781 3712 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:25:17.0796 3712 aspnet_state - ok
21:25:17.0843 3712 [ 1AD83BFEC454D43992A5B4333ABC8769 ] aswFW C:\WINDOWS\system32\drivers\aswFW.sys
21:25:17.0843 3712 aswFW - ok
21:25:17.0875 3712 [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis C:\WINDOWS\system32\DRIVERS\aswNdis.sys
21:25:17.0875 3712 aswNdis - ok
21:25:17.0937 3712 [ 892E24024F23B9FDEFFEDDDDFFBAF1EA ] aswNdis2 C:\WINDOWS\system32\drivers\aswNdis2.sys
21:25:17.0968 3712 aswNdis2 - ok
21:25:17.0984 3712 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:25:18.0000 3712 AsyncMac - ok
21:25:18.0046 3712 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:25:18.0046 3712 atapi - ok
21:25:18.0046 3712 Atdisk - ok
21:25:18.0140 3712 [ 9902DFEB0943B70B7358C7B598DE377D ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
21:25:18.0156 3712 Ati HotKey Poller - ok
21:25:18.0593 3712 [ 554E45746A2FF688AF87282C4D742255 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:25:18.0609 3712 ati2mtag - ok
21:25:18.0656 3712 [ 590724416C5A6AA6FBC1F8EE75131AFC ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
21:25:18.0671 3712 AtiHdmiService - ok
21:25:18.0687 3712 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:25:18.0703 3712 Atmarpc - ok
21:25:18.0734 3712 [ 1B58D118049304E88464BE614C6D0014 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:25:18.0734 3712 AudioSrv - ok
21:25:18.0765 3712 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:25:18.0781 3712 audstub - ok
21:25:18.0890 3712 [ F7D825F7E47D8A7865F5D2156B1B7A24 ] bdftdif C:\Programmi\File comuni\Bitdefender\Bitdefender Firewall\bdftdif.sys
21:25:18.0890 3712 bdftdif - ok
21:25:18.0921 3712 [ B6CBFC9D825BB2D955620CD4D8EF07F9 ] BDSandBox C:\WINDOWS\system32\drivers\bdsandbox.sys
21:25:18.0937 3712 BDSandBox - ok
21:25:19.0015 3712 [ A7478F77584F8DB6AD74B2BBE1144886 ] bdselfpr C:\Programmi\Bitdefender\Bitdefender 2013\bdselfpr.sys
21:25:19.0031 3712 bdselfpr - ok
21:25:19.0078 3712 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:25:19.0078 3712 Beep - ok
21:25:19.0125 3712 Bip Imola Modem Device Helper - ok
21:25:19.0203 3712 [ 48C4763A9C8990FB48B73445BEB15D6A ] BITS C:\WINDOWS\system32\qmgr.dll
21:25:19.0359 3712 BITS - ok
21:25:19.0406 3712 [ 534B95FBD867D0512DCB43E6CC1AA91E ] BlueletAudio C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
21:25:19.0406 3712 BlueletAudio - ok
21:25:19.0453 3712 [ 01D1832F2B13DFAF7384884F7C3E0124 ] BlueletSCOAudio C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
21:25:19.0453 3712 BlueletSCOAudio - ok
21:25:19.0515 3712 [ 55F24E6EC983FCC7510293B05A27CEEC ] BlueSoleil Hid Service C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
21:25:19.0515 3712 BlueSoleil Hid Service - ok
21:25:19.0562 3712 [ 4314623FD836E96A51343CE5C74B48A8 ] Browser C:\WINDOWS\System32\browser.dll
21:25:19.0562 3712 Browser - ok
21:25:19.0609 3712 [ 3ED6EAD26CA9FDA0AEACA8F6E822B634 ] bsusbser C:\WINDOWS\system32\DRIVERS\bsusbser.sys
21:25:19.0609 3712 bsusbser - ok
21:25:19.0640 3712 [ 98C84356B961D3C1C9AEC87E3A244338 ] BT C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
21:25:19.0656 3712 BT - ok
21:25:19.0671 3712 [ 8132B98EABA4A7CA474C53DDD6428091 ] Btcsrusb C:\WINDOWS\system32\Drivers\btcusb.sys
21:25:19.0687 3712 Btcsrusb - ok
21:25:19.0718 3712 [ E69D9E7854095A9C81ACEE40D766FE2D ] BTHidEnum C:\WINDOWS\system32\DRIVERS\vbtenum.sys
21:25:19.0718 3712 BTHidEnum - ok
21:25:19.0734 3712 [ A9164C2A39BD917B9F42AE087560AC3D ] BTHidMgr C:\WINDOWS\system32\Drivers\BTHidMgr.sys
21:25:19.0750 3712 BTHidMgr - ok
21:25:19.0781 3712 [ 6B05FDC0CFC3753B520D2D4176CC32D0 ] BTNetFilter C:\WINDOWS\system32\drivers\BTNetFilter.sys
21:25:19.0781 3712 BTNetFilter - ok
21:25:20.0031 3712 [ A4087DA0990727DCA1FF4EDE4940D382 ] c65013264 C:\WINDOWS\system32\drivers\c6501.sys
21:25:20.0031 3712 c65013264 - ok
21:25:20.0062 3712 catchme - ok
21:25:20.0093 3712 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:25:20.0093 3712 cbidf2k - ok
21:25:20.0125 3712 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:25:20.0140 3712 CCDECODE - ok
21:25:20.0140 3712 cd20xrnt - ok
21:25:20.0171 3712 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:25:20.0171 3712 Cdaudio - ok
21:25:20.0203 3712 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:25:20.0203 3712 Cdfs - ok
21:25:20.0234 3712 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:25:20.0250 3712 Cdrom - ok
21:25:20.0281 3712 [ D04F2BEB5EA63D0766E12E44AEF7C38D ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:25:20.0281 3712 CiSvc - ok
21:25:20.0296 3712 [ 48CB1DEFA1A6506C3CF09E4950F82EF6 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:25:20.0296 3712 ClipSrv - ok
21:25:20.0328 3712 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:25:20.0421 3712 clr_optimization_v2.0.50727_32 - ok
21:25:20.0421 3712 CmdIde - ok
21:25:20.0453 3712 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:25:20.0453 3712 Compbatt - ok
21:25:20.0453 3712 COMSysApp - ok
21:25:20.0468 3712 Cpqarray - ok
21:25:20.0468 3712 Crypkey License - ok
21:25:20.0500 3712 [ B6FCBB157E9C8ABDCA4134C535535A8B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:25:20.0515 3712 CryptSvc - ok
21:25:20.0515 3712 dac2w2k - ok
21:25:20.0515 3712 dac960nt - ok
21:25:20.0593 3712 [ DB0C9517C2374D86A18DBFA12B35B129 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:25:20.0640 3712 DcomLaunch - ok
21:25:20.0687 3712 [ 699EE7F752A25180AEB92C3A0EAEE440 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:25:20.0687 3712 Dhcp - ok
21:25:20.0703 3712 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:25:20.0718 3712 Disk - ok
21:25:20.0750 3712 [ F6010162368D9BEF934F1647F2430446 ] DiskSec C:\WINDOWS\system32\drivers\DiskSec.sys
21:25:20.0750 3712 DiskSec - ok
21:25:20.0750 3712 dmadmin - ok
21:25:20.0937 3712 [ 82BC125A8ED33F5F0E75F2AAC1065323 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:25:21.0031 3712 dmboot - ok
21:25:21.0062 3712 [ E959DDC0EA7AC11EE5E5602E2A364310 ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
21:25:21.0078 3712 dmio - ok
21:25:21.0093 3712 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:25:21.0093 3712 dmload - ok
21:25:21.0125 3712 [ A01858C50704B2D2EDEEBBF6BBBCED2A ] dmserver C:\WINDOWS\System32\dmserver.dll
21:25:21.0140 3712 dmserver - ok
21:25:21.0171 3712 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:25:21.0171 3712 DMusic - ok
21:25:21.0187 3712 [ 5A4DAC2ED68EDF6FDD78529D78CB994E ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:25:21.0187 3712 Dnscache - ok
21:25:21.0234 3712 [ D580D77DFF316BD8C9D73B38695DE8DC ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:25:21.0250 3712 Dot3svc - ok
21:25:21.0250 3712 dpti2o - ok
21:25:21.0281 3712 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:25:21.0281 3712 drmkaud - ok
21:25:21.0312 3712 [ 651554E483712B708EDE864D0CA1AA73 ] DrvAgent32 C:\WINDOWS\system32\Drivers\DrvAgent32.sys
21:25:21.0312 3712 DrvAgent32 - ok
21:25:21.0328 3712 [ 86B1F123BACD444E81960B339BAE3FF2 ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:25:21.0359 3712 EapHost - ok
21:25:21.0390 3712 [ 0DAF3544804650526751C478AECCCE63 ] EIO_XP C:\WINDOWS\system32\drivers\EIO_XP.sys
21:25:21.0390 3712 EIO_XP - ok
21:25:21.0406 3712 [ B6599EDA9F3EBEF064504EE35BBECA1C ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:25:21.0406 3712 ERSvc - ok
21:25:21.0453 3712 [ DAC0440C89B1EA4E35684896D5BF856E ] Eventlog C:\WINDOWS\system32\services.exe
21:25:21.0453 3712 Eventlog - ok
21:25:21.0484 3712 [ FF8566499E5A781DA69342D3D76FF246 ] EventSystem C:\WINDOWS\system32\es.dll
21:25:21.0484 3712 EventSystem - ok
21:25:21.0531 3712 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:25:21.0546 3712 Fastfat - ok
21:25:21.0578 3712 [ A982208204830A213D7963BF2A215E56 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:25:21.0578 3712 FastUserSwitchingCompatibility - ok
21:25:21.0593 3712 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:25:21.0609 3712 Fdc - ok
21:25:21.0640 3712 [ B73EC688C29F81F9DA0FCF63682B3ECB ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
21:25:21.0640 3712 FilterService - ok
21:25:21.0671 3712 [ 2CFEA3326981A18C6BAF2BD9BE76225B ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:25:21.0671 3712 Fips - ok
21:25:21.0796 3712 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:25:21.0937 3712 FLEXnet Licensing Service - ok
21:25:21.0968 3712 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:25:21.0968 3712 Flpydisk - ok
21:25:22.0015 3712 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:25:22.0031 3712 FltMgr - ok
21:25:22.0046 3712 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:25:22.0046 3712 Fs_Rec - ok
21:25:22.0078 3712 [ F3269A6EE547EA87B949A1CEA4816B38 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:25:22.0093 3712 Ftdisk - ok
21:25:22.0109 3712 [ 3A74C423CF6BCCA6982715878F450A3B ] gagp30kx C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
21:25:22.0109 3712 gagp30kx - ok
21:25:22.0140 3712 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:25:22.0140 3712 Gpc - ok
21:25:22.0203 3712 [ 479664FA3E1BD3E0B828971A0D500D4E ] gzflt C:\WINDOWS\system32\DRIVERS\gzflt.sys
21:25:22.0218 3712 gzflt - ok
21:25:22.0250 3712 [ 56BF27D7A539F9E6BBC1DE201ABA0EDF ] HdAudAddService C:\WINDOWS\system32\drivers\AtiHdAud.sys
21:25:22.0265 3712 HdAudAddService - ok
21:25:22.0296 3712 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:25:22.0296 3712 HDAudBus - ok
21:25:22.0359 3712 [ 6CE66B51B4EB23D9D073F92698C55C8D ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:25:22.0359 3712 helpsvc - ok
21:25:22.0390 3712 [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
21:25:22.0390 3712 HidBatt - ok
21:25:22.0437 3712 [ 43D985A9A51E0295091B6EBE84C96B78 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:25:22.0437 3712 HidServ - ok
21:25:22.0453 3712 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:25:22.0453 3712 HidUsb - ok
21:25:22.0500 3712 [ 00CAD842F48947887A972828ACA665F7 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:25:22.0500 3712 hkmsvc - ok
21:25:22.0515 3712 hpn - ok
21:25:22.0531 3712 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:25:22.0546 3712 HPZid412 - ok
21:25:22.0546 3712 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:25:22.0546 3712 HPZipr12 - ok
21:25:22.0593 3712 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:25:22.0593 3712 HPZius12 - ok
21:25:22.0625 3712 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:25:22.0640 3712 HTTP - ok
21:25:22.0671 3712 [ 450091AEBFCD08E5858533EAB5B9A436 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:25:22.0671 3712 HTTPFilter - ok
21:25:22.0687 3712 i2omp - ok
21:25:22.0703 3712 [ 610726E28AF55B95043C5C35A727E320 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:25:22.0718 3712 i8042prt - ok
21:25:22.0781 3712 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:25:22.0796 3712 IDriverT - ok
21:25:22.0828 3712 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:25:22.0828 3712 Imapi - ok
21:25:22.0906 3712 [ DB491237445F172FDDDF00541DE1A51D ] ImapiService C:\WINDOWS\system32\imapi.exe
21:25:22.0906 3712 ImapiService - ok
21:25:22.0906 3712 ini910u - ok
21:25:22.0921 3712 IntelIde - ok
21:25:22.0968 3712 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:25:22.0984 3712 ip6fw - ok
21:25:23.0031 3712 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:25:23.0031 3712 IpFilterDriver - ok
21:25:23.0046 3712 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:25:23.0046 3712 IpInIp - ok
21:25:23.0093 3712 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:25:23.0093 3712 IpNat - ok
21:25:23.0125 3712 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:25:23.0125 3712 IPSec - ok
21:25:23.0140 3712 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:25:23.0140 3712 IRENUM - ok
21:25:23.0187 3712 [ 0953594BEB81CC72FCC62D37921B25A6 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:25:23.0187 3712 isapnp - ok
21:25:23.0312 3712 [ 890369AED0DDE1A98F09F7DC239CA2BD ] JavaQuickStarterService C:\Programmi\Java\jre6\bin\jqs.exe
21:25:23.0328 3712 JavaQuickStarterService - ok
21:25:23.0359 3712 [ AE2200BA12EB181FD512B38B19953F4F ] jrdusbser C:\WINDOWS\system32\DRIVERS\jrdusbser.sys
21:25:23.0375 3712 jrdusbser - ok
21:25:23.0390 3712 [ 28B6EACE513CA7EABA3B809AD4BC274D ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:25:23.0390 3712 Kbdclass - ok
21:25:23.0421 3712 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:25:23.0453 3712 kmixer - ok
21:25:23.0468 3712 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:25:23.0484 3712 KSecDD - ok
21:25:23.0531 3712 [ CFCF4AEE4F81C6185EE663097F7189D3 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:25:23.0531 3712 lanmanserver - ok
21:25:23.0546 3712 [ 9071A3BEDCD40CCB221B98F230FDDE9A ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:25:23.0562 3712 lanmanworkstation - ok
21:25:23.0593 3712 [ E01255727D0B158538D7C2B469B533A8 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:25:23.0593 3712 LmHosts - ok
21:25:23.0640 3712 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
21:25:23.0640 3712 LVPr2Mon - ok
21:25:23.0703 3712 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
21:25:23.0718 3712 LVPrcSrv - ok
21:25:23.0765 3712 [ 37072EC9299E825F4335CC554B6FAC6A ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
21:25:23.0781 3712 LVRS - ok
21:25:23.0812 3712 [ 5F987FC1AAD215EC2C60CF07719B1CCE ] LVUSBSta C:\WINDOWS\system32\drivers\LVUSBSta.sys
21:25:23.0812 3712 LVUSBSta - ok
21:25:24.0359 3712 [ A240E42A7402E927A71B6E8AA4629B13 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
21:25:24.0890 3712 LVUVC - ok
21:25:24.0937 3712 [ 18DBB919072F813ADC0490D2B5D711EE ] MAGIX StartUp Analyze Service I:\Programmi Installati\PC_Check_Tuning_2011\MXSAS.exe
21:25:24.0937 3712 MAGIX StartUp Analyze Service - ok
21:25:24.0968 3712 [ 3B32F662C8607E891F325E41F7EE225C ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:25:24.0968 3712 Messenger - ok
21:25:25.0000 3712 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:25:25.0015 3712 mnmdd - ok
21:25:25.0046 3712 [ 514A299EC926BAADA3C718B171476AA4 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
21:25:25.0046 3712 mnmsrvc - ok
21:25:25.0093 3712 [ 8CB6636806D76B85FAFAEE94D75F5129 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:25:25.0093 3712 Modem - ok
21:25:25.0140 3712 [ E904EBED608055A2BFB824C07F59766C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:25:25.0140 3712 Mouclass - ok
21:25:25.0187 3712 [ D7662F0CF5B77BBBE3202716F5BD5318 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:25:25.0203 3712 mouhid - ok
21:25:25.0218 3712 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:25:25.0218 3712 MountMgr - ok
21:25:25.0281 3712 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
21:25:25.0281 3712 MozillaMaintenance - ok
21:25:25.0296 3712 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
21:25:25.0296 3712 MPE - ok
21:25:25.0296 3712 mraid35x - ok
21:25:25.0343 3712 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:25:25.0359 3712 MRxDAV - ok
21:25:25.0421 3712 [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:25:25.0468 3712 MRxSmb - ok
21:25:25.0500 3712 [ 01F77E9E473235C31796ADE46107B0AD ] MSDTC C:\WINDOWS\System32\msdtc.exe
21:25:25.0500 3712 MSDTC - ok
21:25:25.0515 3712 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:25:25.0515 3712 Msfs - ok
21:25:25.0531 3712 MSIServer - ok
21:25:25.0546 3712 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:25:25.0546 3712 MSKSSRV - ok
21:25:25.0625 3712 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:25:25.0671 3712 MSPCLOCK - ok
21:25:25.0703 3712 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:25:25.0703 3712 MSPQM - ok
21:25:25.0734 3712 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:25:25.0734 3712 mssmbios - ok
21:25:25.0750 3712 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:25:25.0750 3712 MSTEE - ok
21:25:25.0796 3712 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
21:25:25.0796 3712 MTsensor - ok
21:25:25.0859 3712 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:25:25.0875 3712 Mup - ok
21:25:25.0890 3712 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:25:25.0921 3712 NABTSFEC - ok
21:25:25.0984 3712 [ 911587FD303C9690A428BB4B04732B61 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:25:26.0015 3712 napagent - ok
21:25:26.0062 3712 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:25:26.0078 3712 NDIS - ok
21:25:26.0093 3712 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:25:26.0109 3712 NdisIP - ok
21:25:26.0125 3712 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:25:26.0125 3712 NdisTapi - ok
21:25:26.0156 3712 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:25:26.0171 3712 Ndisuio - ok
21:25:26.0187 3712 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:25:26.0203 3712 NdisWan - ok
21:25:26.0234 3712 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:25:26.0250 3712 NDProxy - ok
21:25:26.0250 3712 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:25:26.0250 3712 NetBIOS - ok
21:25:26.0296 3712 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:25:26.0312 3712 NetBT - ok
21:25:26.0343 3712 [ 1B09227E41F414A93DBC0BAF80C4D527 ] NetDDE C:\WINDOWS\system32\netdde.exe
21:25:26.0359 3712 NetDDE - ok
21:25:26.0375 3712 [ 1B09227E41F414A93DBC0BAF80C4D527 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:25:26.0375 3712 NetDDEdsdm - ok
21:25:26.0406 3712 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:25:26.0406 3712 Netlogon - ok
21:25:26.0453 3712 [ 02815B70FC4CA8611A926176F1C39FC2 ] Netman C:\WINDOWS\System32\netman.dll
21:25:26.0453 3712 Netman - ok
21:25:26.0500 3712 [ 800ABCBB9800CC35FF9F6787C8B197F8 ] NetworkX C:\WINDOWS\system32\ckldrv.sys
21:25:26.0500 3712 NetworkX - ok
21:25:26.0515 3712 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:25:26.0531 3712 NIC1394 - ok
21:25:26.0578 3712 [ 7E1CEE90214FA6DEF0E601CD7A9FC950 ] Nla C:\WINDOWS\System32\mswsock.dll
21:25:26.0593 3712 Nla - ok
21:25:26.0625 3712 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:25:26.0640 3712 Npfs - ok
21:25:26.0703 3712 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:25:26.0703 3712 Ntfs - ok
21:25:26.0718 3712 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
21:25:26.0718 3712 NtLmSsp - ok
21:25:26.0796 3712 [ 89DB90B5F35D2795D9FC56D933CC72B8 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:25:26.0859 3712 NtmsSvc - ok
21:25:26.0875 3712 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:25:26.0875 3712 Null - ok
21:25:26.0906 3712 [ C03E15101F6D9E82CD9B0E7D715F5DE3 ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
21:25:26.0906 3712 nvata - ok
21:25:26.0937 3712 [ 97724AFFDD7A5A47C3BC07CCD1B88745 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:25:26.0937 3712 NVENETFD - ok
21:25:26.0953 3712 [ 82C2B3A89B9EDFA6287C5ABA1A4E6A99 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:25:26.0953 3712 nvnetbus - ok
21:25:26.0984 3712 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:25:26.0984 3712 NwlnkFlt - ok
21:25:27.0000 3712 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:25:27.0015 3712 NwlnkFwd - ok
21:25:27.0046 3712 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:25:27.0062 3712 ohci1394 - ok
21:25:27.0109 3712 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
21:25:27.0109 3712 ose - ok
21:25:27.0156 3712 [ 4E9408A178B2D955871C2CDD278DE3C3 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:25:27.0171 3712 Parport - ok
21:25:27.0187 3712 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:25:27.0187 3712 PartMgr - ok
21:25:27.0218 3712 [ 0DABEF655A444CB1E193626FB1D24B9F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:25:27.0234 3712 ParVdm - ok
21:25:27.0265 3712 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:25:27.0265 3712 pccsmcfd - ok
21:25:27.0296 3712 [ F40A46892AFEBB0314536B849D57C11E ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:25:27.0312 3712 PCI - ok
21:25:27.0312 3712 PCIDump - ok
21:25:27.0328 3712 [ B2DF00D650FD6C4EE781740ED3C8E67F ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:25:27.0328 3712 PCIIde - ok
21:25:27.0359 3712 [ 815C50F2B1D1562800BDCE8BE895000E ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:25:27.0375 3712 Pcmcia - ok
21:25:27.0375 3712 perc2 - ok
21:25:27.0390 3712 perc2hib - ok
21:25:27.0437 3712 [ DAC0440C89B1EA4E35684896D5BF856E ] PlugPlay C:\WINDOWS\system32\services.exe
21:25:27.0437 3712 PlugPlay - ok
21:25:27.0484 3712 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
21:25:27.0484 3712 Pml Driver HPZ12 - ok
21:25:27.0515 3712 [ 60A044879C4FA76314494F5FDDC43B93 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
21:25:27.0515 3712 Point32 - ok
21:25:27.0531 3712 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:25:27.0531 3712 PolicyAgent - ok
21:25:27.0578 3712 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:25:27.0578 3712 PptpMiniport - ok
21:25:27.0609 3712 [ B479F50E883B2297A5F7F212AAEE6F6C ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
21:25:27.0609 3712 Processor - ok
21:25:27.0625 3712 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:25:27.0625 3712 ProtectedStorage - ok
21:25:27.0671 3712 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe
21:25:27.0671 3712 ProtexisLicensing - ok
21:25:27.0718 3712 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:25:27.0718 3712 PSched - ok
21:25:27.0750 3712 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:25:27.0750 3712 Ptilink - ok
21:25:27.0781 3712 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:25:27.0781 3712 PxHelp20 - ok
21:25:27.0796 3712 ql1080 - ok
21:25:27.0796 3712 Ql10wnt - ok
21:25:27.0796 3712 ql12160 - ok
21:25:27.0812 3712 ql1240 - ok
21:25:27.0812 3712 ql1280 - ok
21:25:27.0828 3712 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:25:27.0828 3712 RasAcd - ok
21:25:27.0890 3712 [ 9839B418343D6E6E52659BDF3FF1FE67 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:25:27.0906 3712 RasAuto - ok
21:25:27.0937 3712 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:25:27.0937 3712 Rasl2tp - ok
21:25:27.0984 3712 [ 62AD41548E720DB4763B86F95E44F3FA ] RasMan C:\WINDOWS\System32\rasmans.dll
21:25:27.0984 3712 RasMan - ok
21:25:28.0015 3712 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:25:28.0015 3712 RasPppoe - ok
21:25:28.0062 3712 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:25:28.0062 3712 Raspti - ok
21:25:28.0109 3712 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:25:28.0125 3712 Rdbss - ok
21:25:28.0140 3712 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:25:28.0140 3712 RDPCDD - ok
21:25:28.0171 3712 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:25:28.0203 3712 rdpdr - ok
21:25:28.0250 3712 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:25:28.0265 3712 RDPWD - ok
21:25:28.0312 3712 [ CC72E6AE90245F0AE48BF1236A7E1F9C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:25:28.0312 3712 RDSessMgr - ok
21:25:28.0343 3712 [ 393FC252593323B624B230ECA6B85E63 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:25:28.0359 3712 redbook - ok
21:25:28.0390 3712 [ 7EBBF16FBD3E0E34F084FA635C1844E3 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:25:28.0406 3712 RemoteAccess - ok
21:25:28.0437 3712 [ F667A41BCED959988E53FEECC8BF5DA0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:25:28.0453 3712 RemoteRegistry - ok
21:25:28.0468 3712 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
21:25:28.0468 3712 ROOTMODEM - ok
21:25:28.0515 3712 [ DC97F6C8A94691834439872B9E8FF2B3 ] RpcLocator C:\WINDOWS\System32\locator.exe
21:25:28.0515 3712 RpcLocator - ok
21:25:28.0578 3712 [ DB0C9517C2374D86A18DBFA12B35B129 ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:25:28.0578 3712 RpcSs - ok
21:25:28.0609 3712 [ AEA02865B8FECD6FCAB10910A950D39A ] RSUSBCCID C:\WINDOWS\system32\DRIVERS\RtsUCcid.sys
21:25:28.0625 3712 RSUSBCCID - ok
21:25:28.0671 3712 [ 46B21ABEBABA664B363F368DB48D6FB8 ] RSUSBSTOR C:\WINDOWS\system32\Drivers\RtsUStor.sys
21:25:28.0703 3712 RSUSBSTOR - ok
21:25:28.0734 3712 [ DCE0D20F8FB66DF41D53734BFF9D66F0 ] RSVP C:\WINDOWS\System32\rsvp.exe
21:25:28.0734 3712 RSVP - ok
21:25:28.0765 3712 [ BD396A6C54EF003C5DF52812BA61BA1B ] RtsUIr C:\WINDOWS\system32\DRIVERS\RtsUIr.sys
21:25:28.0765 3712 RtsUIr - ok
21:25:28.0781 3712 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] SamSs C:\WINDOWS\system32\lsass.exe
21:25:28.0781 3712 SamSs - ok
21:25:28.0828 3712 [ 1D456F1CD76A80793C07BA52CF3A7455 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:25:28.0828 3712 SCardSvr - ok
21:25:28.0890 3712 [ 46B50C07ABFDA51D9B22212EAEB82D2B ] SCDEmu C:\WINDOWS\system32\drivers\SCDEmu.sys
21:25:28.0890 3712 SCDEmu - ok
21:25:28.0968 3712 [ 511886E5BD060046CCE8373E92E62EDF ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:25:28.0984 3712 Schedule - ok
21:25:29.0031 3712 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:25:29.0031 3712 Secdrv - ok
21:25:29.0046 3712 [ 17C6354CA08E7C7972E12C67478AE134 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:25:29.0046 3712 seclogon - ok
21:25:29.0078 3712 [ A0ECA1CE0FCCB29C5E4E1F416E95E73E ] SENS C:\WINDOWS\system32\sens.dll
21:25:29.0078 3712 SENS - ok
21:25:29.0109 3712 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:25:29.0109 3712 serenum - ok
21:25:29.0140 3712 [ FDBD9D64E2E03270021D424F0DCCF79D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:25:29.0140 3712 Serial - ok
21:25:29.0281 3712 [ 9BDE8F1F5D060E912FCF9FB58B71CBC1 ] ServiceLayer C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
21:25:29.0375 3712 ServiceLayer - ok
21:25:29.0390 3712 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:25:29.0390 3712 Sfloppy - ok
21:25:29.0453 3712 [ 152C0555925DFE028E3148FD215146BB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:25:29.0468 3712 SharedAccess - ok
21:25:29.0500 3712 [ A982208204830A213D7963BF2A215E56 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:25:29.0500 3712 ShellHWDetection - ok
21:25:29.0500 3712 Simbad - ok
21:25:29.0562 3712 [ 476BEFAE8C7C1BB9648954060B1EEC1F ] SKYNET C:\WINDOWS\system32\DRIVERS\SkyNET.SYS
21:25:29.0593 3712 SKYNET - ok
21:25:29.0625 3712 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:25:29.0625 3712 SLIP - ok
21:25:29.0625 3712 Sparrow - ok
21:25:29.0656 3712 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:25:29.0656 3712 splitter - ok
21:25:29.0703 3712 [ 60977C9BAE8F86F9075829325303D0C9 ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:25:29.0703 3712 Spooler - ok
21:25:29.0718 3712 [ 618718CAE288BF7CBD8FCBAB2577D932 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:25:29.0734 3712 sr - ok
21:25:29.0765 3712 [ B3E3DA70A7A76E69B872DE3D06D32C19 ] srservice C:\WINDOWS\system32\srsvc.dll
21:25:29.0765 3712 srservice - ok
21:25:29.0812 3712 [ 5252605079810904E31C332E241CD59B ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:25:29.0859 3712 Srv - ok
21:25:29.0875 3712 [ 5215569DD3A8FBC65A85E85F3C12258B ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:25:29.0890 3712 SSDPSRV - ok
21:25:29.0953 3712 [ 3B9263E137896E4D303494F116E00608 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:25:29.0953 3712 stisvc - ok
21:25:29.0984 3712 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:25:30.0000 3712 streamip - ok
21:25:30.0015 3712 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:25:30.0015 3712 swenum - ok
21:25:30.0031 3712 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:25:30.0046 3712 swmidi - ok
21:25:30.0046 3712 SwPrv - ok
21:25:30.0062 3712 symc810 - ok
21:25:30.0062 3712 symc8xx - ok
21:25:30.0062 3712 sym_hi - ok
21:25:30.0078 3712 sym_u3 - ok
21:25:30.0078 3712 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:25:30.0093 3712 sysaudio - ok
21:25:30.0125 3712 [ A34A9A872EEC4C026FD542AC7156FE0B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:25:30.0125 3712 SysmonLog - ok
21:25:31.0140 3712 [ 9F363B982C04392F248F4A5F4A154F06 ] TabletServicePen C:\Programmi\Tablet\Pen\Pen_Tablet.exe
21:25:31.0671 3712 TabletServicePen - ok
21:25:31.0734 3712 [ 6B85F1A9DCE45D45BFFAD3222C21F297 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:25:31.0750 3712 TapiSrv - ok
21:25:31.0828 3712 [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:25:31.0875 3712 Tcpip - ok
21:25:31.0890 3712 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:25:31.0890 3712 TDPIPE - ok
21:25:31.0921 3712 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:25:31.0937 3712 TDTCP - ok
21:25:31.0968 3712 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:25:31.0968 3712 TermDD - ok
21:25:32.0031 3712 [ FE5A5329CCFC33D645C33077FF04F052 ] TermService C:\WINDOWS\System32\termsrv.dll
21:25:32.0031 3712 TermService - ok
21:25:32.0062 3712 [ A982208204830A213D7963BF2A215E56 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:25:32.0062 3712 Themes - ok
21:25:32.0093 3712 [ 2FFF150EA4396956F10B66211687F335 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
21:25:32.0093 3712 TlntSvr - ok
21:25:32.0093 3712 TosIde - ok
21:25:32.0203 3712 [ CFCDF560EB5A804CD3493B4E03A928BA ] TouchServicePen C:\Programmi\Tablet\Pen\Pen_TouchService.exe
21:25:32.0203 3712 TouchServicePen - ok
21:25:32.0250 3712 [ 690294999DF1248FAF85D95B31955D0C ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:25:32.0250 3712 TrkWks - ok
21:25:32.0296 3712 [ F2AEE22231046CAD8D2F94D2C0F9BEFB ] trufos C:\WINDOWS\system32\DRIVERS\trufos.sys
21:25:32.0312 3712 trufos - ok
21:25:32.0343 3712 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:25:32.0359 3712 Udfs - ok
21:25:32.0359 3712 ultra - ok
21:25:32.0421 3712 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:25:32.0468 3712 Update - ok
21:25:32.0500 3712 [ 32BE9DFF9A8DFE2EACA30E0A63C523AE ] UPDATESRV C:\Programmi\Bitdefender\Bitdefender 2013\updatesrv.exe
21:25:32.0515 3712 UPDATESRV - ok
21:25:32.0562 3712 [ 8057B0744D9842A090E51D2845861D5F ] upnphost C:\WINDOWS\System32\upnphost.dll
21:25:32.0593 3712 upnphost - ok
21:25:32.0609 3712 [ F5E8B846EC10E1DF8DCA64119E2EB709 ] UPS C:\WINDOWS\System32\ups.exe
21:25:32.0609 3712 UPS - ok
21:25:32.0656 3712 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
21:25:32.0656 3712 usbaudio - ok
21:25:32.0687 3712 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:25:32.0703 3712 usbccgp - ok
21:25:32.0718 3712 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:25:32.0718 3712 usbehci - ok
21:25:32.0781 3712 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:25:32.0781 3712 usbhub - ok
21:25:32.0828 3712 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:25:32.0828 3712 usbohci - ok
21:25:32.0859 3712 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:25:32.0859 3712 usbprint - ok
21:25:32.0890 3712 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:25:32.0890 3712 usbscan - ok
21:25:32.0921 3712 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:25:32.0937 3712 USBSTOR - ok
21:25:32.0953 3712 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:25:32.0953 3712 usbuhci - ok
21:25:33.0000 3712 [ 9EBEE4A060C5364A31AEAA04EAC2AF1E ] VComm C:\WINDOWS\system32\DRIVERS\VComm.sys
21:25:33.0000 3712 VComm - ok
21:25:33.0031 3712 [ 630BBDBF5490F8F57ABE650DA63661A0 ] VcommMgr C:\WINDOWS\system32\Drivers\VcommMgr.sys
21:25:33.0046 3712 VcommMgr - ok
21:25:33.0062 3712 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:25:33.0062 3712 VgaSave - ok
21:25:33.0109 3712 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
21:25:33.0109 3712 ViaIde - ok
21:25:33.0125 3712 [ EBE101C01D80A42868F57B327BE1B564 ] viasraid C:\WINDOWS\system32\DRIVERS\viasraid.sys
21:25:33.0156 3712 viasraid - ok
21:25:33.0203 3712 [ E46C1B5A56DA7DA603D09DFCC79EC59E ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:25:33.0218 3712 VolSnap - ok
21:25:33.0281 3712 [ C2FE17125256102F5B44194D5DB0A799 ] VSS C:\WINDOWS\System32\vssvc.exe
21:25:33.0281 3712 VSS - ok
21:25:33.0453 3712 [ 3951CAE99EDAF72193EA0F4C8A857BB0 ] VSSERV C:\Programmi\Bitdefender\Bitdefender 2013\vsserv.exe
21:25:33.0562 3712 VSSERV - ok
21:25:33.0609 3712 [ 2969DD84B584A6BB541A5273103957A3 ] W32Time C:\WINDOWS\system32\w32time.dll
21:25:33.0640 3712 W32Time - ok
21:25:33.0671 3712 [ 026D58E9D7701F6B26B0B499F1705334 ] wacmoumonitor C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
21:25:33.0671 3712 wacmoumonitor - ok
21:25:33.0703 3712 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
21:25:33.0703 3712 wacommousefilter - ok
21:25:33.0718 3712 [ 846B58EA44BF8C92E4B59F4E2252C4C0 ] wacomvhid C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
21:25:33.0718 3712 wacomvhid - ok
21:25:33.0765 3712 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:25:33.0765 3712 Wanarp - ok
21:25:33.0812 3712 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
21:25:33.0812 3712 WDC_SAM - ok
21:25:33.0906 3712 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
21:25:33.0906 3712 Wdf01000 - ok
21:25:33.0953 3712 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:25:33.0953 3712 wdmaud - ok
21:25:34.0000 3712 [ 2EC50EE79B65F60C8E8B4A03BBB3A42F ] WebClient C:\WINDOWS\System32\webclnt.dll
21:25:34.0015 3712 WebClient - ok
21:25:34.0093 3712 [ 40911E98D0F1CBB1015F2101982F1DDF ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:25:34.0109 3712 winmgmt - ok
21:25:34.0203 3712 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Programmi\Windows Live\installer\WLSetupSvc.exe
21:25:34.0218 3712 WLSetupSvc - ok
21:25:34.0250 3712 [ 482069CDA24AA0E94B1351E30EB3D01F ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:25:34.0250 3712 WmdmPmSN - ok
21:25:34.0359 3712 [ 069D6BDF23EE96FCDE2ADF9FAB27AE0D ] Wmi C:\WINDOWS\System32\advapi32.dll
21:25:34.0406 3712 Wmi - ok
21:25:34.0453 3712 [ 81FD02839FDB10ACF0EC40B809B9F8CC ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
21:25:34.0453 3712 WmiApSrv - ok
21:25:34.0500 3712 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:25:34.0500 3712 WS2IFSL - ok
21:25:34.0531 3712 [ 926D921C93CFF1E19EF4DE3E4C8368CA ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:25:34.0546 3712 wscsvc - ok
21:25:34.0562 3712 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:25:34.0578 3712 WSTCODEC - ok
21:25:34.0593 3712 [ CC48415E6C7CBAA441A3D6A6DCCBCFA6 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:25:34.0609 3712 wuauserv - ok
21:25:34.0640 3712 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:25:34.0640 3712 WudfPf - ok
21:25:34.0671 3712 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:25:34.0687 3712 WudfRd - ok
21:25:34.0718 3712 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:25:34.0718 3712 WudfSvc - ok
21:25:34.0812 3712 [ 053E0307A08CAC60793E27E921B46B3E ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:25:34.0828 3712 WZCSVC - ok
21:25:34.0875 3712 [ 5526482DCBA6047641B13BF9C75A74E0 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:25:34.0921 3712 xmlprov - ok
21:25:34.0968 3712 [ DEE4899B4AC10A673B2DF0CDD135167E ] yukonwxp C:\WINDOWS\system32\DRIVERS\yukonwxp.sys
21:25:34.0984 3712 yukonwxp - ok
21:25:35.0000 3712 ================ Scan global ===============================
21:25:35.0031 3712 [ 17DDFE6A0B5404C5EF4C03AD996D0562 ] C:\WINDOWS\system32\basesrv.dll
21:25:35.0140 3712 [ 5764B5D964E0CF313DACBB69C8AA1B2B ] C:\WINDOWS\system32\winsrv.dll
21:25:35.0218 3712 [ 5764B5D964E0CF313DACBB69C8AA1B2B ] C:\WINDOWS\system32\winsrv.dll
21:25:35.0234 3712 [ DAC0440C89B1EA4E35684896D5BF856E ] C:\WINDOWS\system32\services.exe
21:25:35.0234 3712 [Global] - ok
21:25:35.0234 3712 ================ Scan MBR ==================================
21:25:35.0265 3712 [ 828E02D5C4A4FBE53441EE9DBEE51F43 ] \Device\Harddisk0\DR0
21:25:35.0484 3712 \Device\Harddisk0\DR0 - ok
21:25:35.0500 3712 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:25:35.0640 3712 \Device\Harddisk1\DR1 - ok
21:25:35.0640 3712 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR7
21:25:35.0765 3712 \Device\Harddisk3\DR7 - ok
21:25:35.0765 3712 ================ Scan VBR ==================================
21:25:35.0781 3712 [ 9B8C51C57A499E5122E6B865869B467A ] \Device\Harddisk0\DR0\Partition1
21:25:35.0781 3712 \Device\Harddisk0\DR0\Partition1 - ok
21:25:35.0781 3712 [ 383CF60AD9EB6B49C780C8768FAF5F86 ] \Device\Harddisk1\DR1\Partition1
21:25:35.0781 3712 \Device\Harddisk1\DR1\Partition1 - ok
21:25:35.0796 3712 [ 8C0F2EB766143912ED30E67245435B70 ] \Device\Harddisk1\DR1\Partition2
21:25:35.0796 3712 \Device\Harddisk1\DR1\Partition2 - ok
21:25:35.0812 3712 [ 7B0E4213C9D4280D192B53C0BB3709C8 ] \Device\Harddisk1\DR1\Partition3
21:25:35.0812 3712 \Device\Harddisk1\DR1\Partition3 - ok
21:25:35.0828 3712 [ 3A44D43B20C7F6D1894BC0F840ADAE90 ] \Device\Harddisk3\DR7\Partition1
21:25:35.0828 3712 \Device\Harddisk3\DR7\Partition1 - ok
21:25:35.0828 3712 [ DE691141766834E5C6502D9A66C48919 ] \Device\Harddisk3\DR7\Partition2
21:25:35.0828 3712 \Device\Harddisk3\DR7\Partition2 - ok
21:25:35.0828 3712 ============================================================
21:25:35.0828 3712 Scan finished
21:25:35.0828 3712 ============================================================
21:25:35.0843 3508 Detected object count: 0
21:25:35.0843 3508 Actual detected object count: 0

""""

A questo punto mi chiedo: che faccio? Devo imparare a convivere con Zero Access (che però mi consente l'accesso ad internet) o è Combofix che (unico fra tutti gli altri software) mi continua a comunicare la presenza del Rootkit?
E se davvero ci fosse ancora, quali sono i rischi che si corrono con questo "codice" malevolo presente in root?
Perchè fino ad oggi, oltre al fatto di non permettermi più di connettermi, NON faceva altro (o perlomeno, NON ho riscontrato nessun'altra problematica negativa sul computer).
Sinceramente, non sò cosa pensare: lascio a te le conclusioni ed eventuali consigli su come comportarmi.
Intanto, adesso, tengo BitDefender sempre aggiornato, Ashampoo Antimalwere con l'agent attivo al riavvio (ora lo avevo staccato per eseguire le prove con Combofix) e PestPatrol (che sinceramente non sò più che utilità possa avere).
Spero di essere stato esaustivo: perdona la prolissità, ma volevo darti un quadro abbastanza esauriente.
Buona serata e grazie per il tempo che mi stai dedicando.

TheS