Potresti allegare il log di TDSS Killer?
OTE=tecnico24;3109933]Potresti allegare il log di TDSS Killer?[/QUOTE]
Ciao Tecnico, bentrovato.
Allora, ti aggiorno un pò sulla situazione.
Intanto, ti comunico che sono riuscito a riconnettermi MA...leggerai in fondo il motivo di questo dubbio.
Ieri sera, ho provato a lanciare per ben tre volte di fila Combofix: inutile dire che, tutte e tre le volte, ha rilevato la presenza del Rootkit.
Questo che ti riporto, è l'ultimo log:
""""
ComboFix 13-04-28.01 - TheSpirit 30/04/2013 23.32.01.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3326.2808 [GMT 2:00]
Eseguito da: c:\documents and settings\TheSpirit\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {0013F2B4-5AF1-7C92-0300-000000000000}
AV: Bitdefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((( Files Creati Da 2013-03-28 al 2013-04-30 )))))))))))))))))))))))))))))))))))
.
.
2013-04-29 17:43 . 2013-04-29 17:43 -------- d-----w- c:\programmi\Trend Micro
2013-04-28 21:39 . 2004-08-09 04:03 221184 ----a-w- c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
2013-04-28 21:39 . 2004-08-09 04:03 385024 ----a-w- c:\programmi\File comuni\InstallShield\UpdateService\_ispmres.dll
2013-04-28 21:38 . 2004-10-22 00:18 749568 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-04-28 21:38 . 2004-10-22 00:17 69715 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-04-28 21:38 . 2004-10-22 00:17 274432 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-04-28 21:38 . 2004-10-22 00:16 180224 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-04-28 21:38 . 2004-10-22 00:16 5632 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-04-28 21:38 . 2013-04-28 21:38 323716 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-04-28 21:38 . 2013-04-28 21:38 192644 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-04-28 19:19 . 2013-04-28 19:19 135464 ----a-w- c:\windows\system32\LnkProtect.dll
2013-04-28 19:18 . 2013-04-28 19:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HitmanPro
2013-04-28 12:17 . 2013-04-28 12:17 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2013-04-28 12:17 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-27 20:15 . 2013-04-27 20:15 -------- d-----w- c:\windows\system32\wbem\Repository
2013-04-27 20:14 . 2013-04-27 20:14 -------- d--h--w- c:\windows\ie8
2013-04-27 20:03 . 2013-04-27 20:03 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2013-04-27 19:52 . 2013-04-27 19:52 -------- d-----w- c:\documents and settings\TheSpirit\PrivacIE
2013-04-27 19:48 . 2013-04-27 19:48 -------- d-----w- c:\documents and settings\TheSpirit\IETldCache
2013-04-27 19:45 . 2013-04-27 19:45 -------- d-----w- c:\windows\system32\config\systemprofile\IETldCache
2013-04-27 19:41 . 2004-08-19 13:35 46154 ----a-w- c:\windows\system32\SET59.tmp
2013-04-27 19:41 . 2008-04-13 17:13 851968 ----a-w- c:\programmi\File comuni\Microsoft Shared\VGX\SET41.tmp
2013-04-27 16:02 . 2013-04-27 16:02 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2013-04-27 15:58 . 2013-04-27 15:58 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\PCHealth
2013-04-27 15:56 . 2008-04-13 17:13 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-04-27 15:56 . 2001-08-31 12:00 68608 ------w- c:\windows\system32\plugin.ocx
2013-04-27 10:17 . 2013-04-27 10:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FarmFrenzy3
2013-04-27 10:04 . 2013-04-27 10:04 -------- d-----w- c:\documents and settings\TheSpirit\Impostazioni locali\Dati applicazioni\AlawarWrapper
2013-04-27 10:04 . 2013-04-27 10:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AlawarWrapper
2013-04-27 10:03 . 2013-04-28 10:22 -------- d-----w- c:\programmi\Alawar
2013-04-27 10:00 . 2013-04-27 10:00 -------- d-----w- c:\documents and settings\TheSpirit\Dati applicazioni\freshgames
2013-04-26 18:07 . 2013-04-26 18:07 -------- d-----w- c:\documents and settings\TheSpirit\Dati applicazioni\NevoSoft Games
2013-04-26 17:44 . 2006-12-28 10:12 1933312 ----a-w- c:\windows\system32\Tropix.scr
2013-04-26 16:21 . 2013-04-26 16:21 -------- d-----w- c:\documents and settings\TheSpirit\Dati applicazioni\Jane s Hotel Family Hero
2013-04-06 19:34 . 2013-04-06 19:37 -------- d-----w- c:\windows\system32\tmp0000165e
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-28 12:53 . 2002-08-29 00:01 138112 ----a-w- c:\windows\system32\drivers\afd.sys
2013-03-17 13:07 . 2013-03-17 13:07 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2013-03-13 17:04 . 2012-05-09 16:51 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 17:04 . 2012-01-24 16:28 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-18 22:49 . 2013-02-18 22:49 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-02-18 22:49 . 2013-02-18 22:49 625128 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-02-18 22:48 . 2013-02-18 22:48 482928 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-04-13 18:47 . 2013-04-13 18:47 263064 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\svchost.exe"="c:\windows\system32\svchost.exe" [2008-04-13 14336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\programmi\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"Bip Imola ModemListener"="c:\programmi\HSPA USB Modem\BackgroundService\ModemListener.exe" [2012-06-27 126056]
"Bdagent"="c:\programmi\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-03-25 1614856]
"PPMemCheck"="c:\programmi\PestPatrol\PPMemCheck.exe" [2003-04-19 148480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
APC UPS Status.lnk - c:\programmi\APC\APC PowerChute Personal Edition\Display.exe [2012-4-29 221247]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido HP Photosmart Premier.lnk]
backup=c:\windows\pss\Avvio rapido HP Photosmart Premier.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Acrobat.lnk]
backup=c:\windows\pss\Avvio veloce di Adobe Acrobat.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Server4PC.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^VIA RAID TOOL.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Hardware\VIA\RAID\VIA RAID TOOL.lnk
backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^TheSpirit^Menu Avvio^Programmi^Esecuzione automatica^AP Launch.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^TheSpirit^Menu Avvio^Programmi^Esecuzione automatica^PowerReg Scheduler V3.exe]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-08-09 04:03 221184 ----a-w- c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
2009-08-17 14:05 916304 -c--a-w- c:\programmi\RegistryFirstAid\rfagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher]
2009-03-13 11:13 911192 ----a-w- c:\programmi\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MagicTuneEngine"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"wuauserv"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"avast! Firewall"=2 (0x2)
"NMIndexingService"=3 (0x3)
"SharedAccess"=2 (0x2)
"Schedule"=2 (0x2)
"MAGIX StartUp Analyze Service"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"Bip Imola Modem Device Helper"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 DiskSec;Magix Volume Filter Driver;c:\windows\system32\drivers\disksec.sys [14/09/2011 19.15.33 14208]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [18/10/2012 20.05.34 161312]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [21/06/2007 19.58.28 77312]
R2 TabletServicePen;TabletServicePen;c:\programmi\Tablet\Pen\Pen_Tablet.exe [19/01/2011 13.42.24 6076272]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\programmi\Tablet\Pen\Pen_TouchService.exe [19/01/2011 13.43.30 616816]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\programmi\Bitdefender\Bitdefender 2013\updatesrv.exe [18/10/2012 20.07.28 55544]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [20/07/2008 23.46.06 1310720]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [22/01/2011 18.07.13 11520]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;i:\programmi installati\Bamboo\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [09/10/2009 5.45.56 169312]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [19/02/2013 0.49.54 66392]
S3 bsusbser;PHD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\bsusbser.sys [06/09/2008 19.04.10 94848]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17/03/2013 15.07.33 23456]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [02/03/2013 10.15.38 106112]
S3 RSUSBCCID;Realtek Smartcard Reader Driver;c:\windows\system32\drivers\RtsUCcid.sys [27/12/2012 1.50.47 44032]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [27/12/2012 1.50.47 173056]
S3 RtsUIr;Realtek IR Driver;c:\windows\system32\drivers\RtsUIr.sys [27/12/2012 1.50.47 17536]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [14/03/2006 3.22.40 349184]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [19/01/2011 13.42.31 16240]
S4 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [29/08/2011 1.03.34 101976]
S4 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [02/10/2011 21.34.33 12112]
S4 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [29/08/2011 1.02.48 192728]
S4 avast! Firewall;avast! Firewall; [x]
S4 Bip Imola Modem Device Helper;Bip Imola Modem Device Helper;c:\programmi\HSPA USB Modem\BackgroundService\ServiceManager.exe -start --> c:\programmi\HSPA USB Modem\BackgroundService\ServiceManager.exe -start [?]
S4 MAGIX StartUp Analyze Service;MAGIX StartUp Analyze Service;i:\programmi installati\PC_Check_Tuning_2011\MXSAS.exe [01/06/2012 19.00.47 186368]
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 17:04]
.
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm
mStart Page = about:blank
IE: Aggiungi a PDF esistente - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti destinazione link in Adobe PDF - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in Adobe PDF - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Scarica con Mipony - file://c:\programmi\MiPony\Browser\IEContext.htm
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\TheSpirit\Dati applicazioni\Mozilla\Firefox\Profiles\9r76t12s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59111
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-25 21:18;
client@anonymox.net; c:\documents and settings\TheSpirit\Dati applicazioni\Mozilla\Firefox\Profiles\9r76t12s.default\extensions\client@anonymox.net.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2013-04-30 23:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2013-04-30 23:42:01
ComboFix-quarantined-files.txt 2013-04-30 21:41
ComboFix2.txt 2013-04-30 20:35
ComboFix3.txt 2013-04-30 19:53
ComboFix4.txt 2013-04-29 21:58
.
Pre-Run: 8.903.032.832 byte disponibili
Post-Run: 8.896.544.768 byte disponibili
.
- - End Of File - - 1ED99317670C3E8396EAC50E6B21AE95
"""
Oggi, ad un certo punto, ho installato Ashampoo Anti-Malwere 1.21 (visto che tutti gli altri software non rilevavano nulla).
Nemmeno lui ha rilevato alcun Rootkit, però (stranamente) mi ha detto che in
Combofix.exe/pevb.3xe
era presente questo:
trojan-ransom.win32.pinkblocker!IK
Non sò se è stato un falso positivo, ma intanto gli ho detto di cancellarlo.
Poi ha trovato anche in:
C:\windows\nircmd.exe
questo:
heuristic.dialer.RAS!A2
Idem come sopra, cancellato.
Ho anche rimesso un file chiamato:
sptd.sys
in
c:\windows\system32\drivers
che avevo cancellato qualche giorno fà, su segnalazione di Malwarebytes.
A quel punto ho pensato: e se fosse un problema di registro?
HO quindi lanciato un programma che avevo sempre scaricato l'altro giorno per rimediare ai danni dei Rootkit, ovvero
tweaking.com-windows repair
Ho fatto caricare in una cache (come da lui richiesto) i file di sistema originali dal CD di Windows XP Professional e l'ho fatto lavorare per circa un'oretta. Ad un certo punto, mi ha chiesto in più momenti di dare abilitazione al file
NETSH.EXE
e, contestualmente, ho spuntato l'opzione per togliere i "diritti di amministratore" su quella cartella bloccata nell'altro HDD.
Ho detto di si, ha terminato, ho riavviato, ha eseguito dei controlli di coerenza su C e su G (altra partizione), ho constatato che Bitdefender fosse nuovamente attivo e, sorpresa, intanto sono riuscito a cancellare definitivamente quei "residui" di cartelle di installazione NON richiesta di IE8.
Poi, ho messo la chiavetta per la connessione e..finalmente mi ha fatto connettere!
Non contento, però, mi sono chiesto: e se ci fosse ancora Zero Access presente in root?
Allora ho rilanciato Combofix (che nel frattempo ho riscaricato dalla pennetta USB) e, come volevasi dimostrare, ha rilevato ANCORA la presenza del caro virus. Questo è il LOG:
"""
ComboFix 13-04-28.01 - TheSpirit 01/05/2013 20.46.26.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3326.2815 [GMT 2:00]
Eseguito da: c:\documents and settings\TheSpirit\Desktop\ComboFix.exe
AV: Ashampoo Anti-MalWare *Disabled/Outdated* {91BDFB4E-BA7E-4ABC-9472-A79BA394CA4B}
AV: Bitdefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((( Files Creati Da 2013-04-01 al 2013-05-01 )))))))))))))))))))))))))))))))))))
.
.
2013-05-01 16:33 . 2013-05-01 18:45 -------- d-----w- c:\windows\system32\CatRoot2
2013-05-01 15:34 . 2013-05-01 16:37 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-05-01 15:29 . 2013-05-01 15:29 -------- d-----w- C:\RegBackup
2013-05-01 15:25 . 2001-08-17 18:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2013-05-01 15:24 . 2001-08-30 21:08 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2013-05-01 15:23 . 2001-08-30 20:25 17536 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2013-05-01 15:22 . 2001-08-31 11:00 16896 -c--a-w- c:\windows\system32\dllcache\quser.exe
2013-05-01 15:21 . 2001-08-30 19:30 9472 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2013-05-01 15:20 . 2001-08-17 20:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2013-05-01 15:19 . 2001-08-31 11:00 5632 -c--a-w- c:\windows\system32\dllcache\kbdurdu.dll
2013-05-01 15:18 . 2001-08-17 19:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2013-05-01 15:17 . 2001-08-17 18:12 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2013-05-01 15:16 . 2001-08-17 18:11 29696 -c--a-w- c:\windows\system32\dllcache\dm9pci5.sys
2013-05-01 15:15 . 2002-12-31 12:00 6656 -c--a-w- c:\windows\system32\dllcache\c_is2022.dll
2013-05-01 15:13 . 2001-08-30 21:07 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll
2013-05-01 14:46 . 2001-08-31 19:00 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
2013-05-01 14:45 . 2008-04-13 16:55 2192768 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2013-05-01 14:45 . 2001-08-31 19:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2013-05-01 14:45 . 2001-08-31 19:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2013-05-01 14:45 . 2001-08-31 19:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2013-05-01 14:45 . 2001-08-31 19:00 171520 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2013-05-01 14:45 . 2001-08-31 19:00 15360 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2013-05-01 14:45 . 2001-08-31 19:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2013-05-01 12:02 . 2012-01-16 13:26 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-05-01 10:49 . 2013-05-01 10:49 -------- d-----w- c:\documents and settings\TheSpirit\Impostazioni locali\Dati applicazioni\Ashampoo
2013-05-01 09:21 . 2007-01-04 09:02 663552 ----a-w- c:\windows\system32\mgxoschk.dll
2013-04-29 17:43 . 2013-04-29 17:43 -------- d-----w- c:\programmi\Trend Micro
2013-04-28 21:39 . 2004-08-09 04:03 221184 ----a-w- c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
2013-04-28 21:39 . 2004-08-09 04:03 385024 ----a-w- c:\programmi\File comuni\InstallShield\UpdateService\_ispmres.dll
2013-04-28 21:38 . 2004-10-22 00:18 749568 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-04-28 21:38 . 2004-10-22 00:17 69715 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-04-28 21:38 . 2004-10-22 00:17 274432 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-04-28 21:38 . 2004-10-22 00:16 180224 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-04-28 21:38 . 2004-10-22 00:16 5632 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-04-28 21:38 . 2013-04-28 21:38 323716 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-04-28 21:38 . 2013-04-28 21:38 192644 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-04-28 19:19 . 2013-04-28 19:19 135464 ----a-w- c:\windows\system32\LnkProtect.dll
2013-04-28 19:18 . 2013-04-28 19:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HitmanPro
2013-04-28 12:17 . 2013-04-28 12:17 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2013-04-28 12:17 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-27 20:15 . 2013-05-01 15:49 -------- d-----w- c:\windows\system32\wbem\Repository
2013-04-27 20:14 . 2013-04-27 20:14 -------- d-----w- c:\windows\ie8
2013-04-27 20:03 . 2013-04-27 20:03 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2013-04-27 19:52 . 2013-04-27 19:52 -------- d-----w- c:\documents and settings\TheSpirit\PrivacIE
2013-04-27 19:48 . 2013-04-27 19:48 -------- d-----w- c:\documents and settings\TheSpirit\IETldCache
2013-04-27 19:45 . 2013-04-27 19:45 -------- d-----w- c:\windows\system32\config\systemprofile\IETldCache
2013-04-27 19:41 . 2004-08-19 13:35 46154 ----a-w- c:\windows\system32\SET59.tmp
2013-04-27 19:41 . 2008-04-13 17:13 851968 ----a-w- c:\programmi\File comuni\Microsoft Shared\VGX\SET41.tmp
2013-04-27 16:02 . 2013-04-27 16:02 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2013-04-27 15:58 . 2013-04-27 15:58 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\PCHealth
2013-04-27 15:56 . 2008-04-13 17:13 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2013-04-27 15:56 . 2008-04-13 17:13 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-04-27 15:56 . 2001-08-31 12:00 68608 ----a-w- c:\windows\system32\plugin.ocx
2013-04-27 10:17 . 2013-04-27 10:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FarmFrenzy3
2013-04-27 10:04 . 2013-04-27 10:04 -------- d-----w- c:\documents and settings\TheSpirit\Impostazioni locali\Dati applicazioni\AlawarWrapper
2013-04-27 10:04 . 2013-04-27 10:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AlawarWrapper
2013-04-27 10:03 . 2013-04-28 10:22 -------- d-----w- c:\programmi\Alawar
2013-04-27 10:00 . 2013-04-27 10:00 -------- d-----w- c:\documents and settings\TheSpirit\Dati applicazioni\freshgames
2013-04-26 18:07 . 2013-04-26 18:07 -------- d-----w- c:\documents and settings\TheSpirit\Dati applicazioni\NevoSoft Games
2013-04-26 17:44 . 2006-12-28 10:12 1933312 ----a-w- c:\windows\system32\Tropix.scr
2013-04-26 16:21 . 2013-04-26 16:21 -------- d-----w- c:\documents and settings\TheSpirit\Dati applicazioni\Jane s Hotel Family Hero
2013-04-06 19:34 . 2013-04-06 19:37 -------- d-----w- c:\windows\system32\tmp0000165e
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-28 12:53 . 2002-08-29 00:01 138112 ----a-w- c:\windows\system32\drivers\afd.sys
2013-03-17 13:07 . 2013-03-17 13:07 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2013-03-13 17:04 . 2012-05-09 16:51 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 17:04 . 2012-01-24 16:28 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-18 22:49 . 2013-02-18 22:49 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-02-18 22:49 . 2013-02-18 22:49 625128 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-02-18 22:48 . 2013-02-18 22:48 482928 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-04-13 18:47 . 2013-04-13 18:47 263064 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\svchost.exe"="c:\windows\system32\svchost.exe" [2008-04-13 14336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\programmi\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"Bip Imola ModemListener"="c:\programmi\HSPA USB Modem\BackgroundService\ModemListener.exe" [2012-06-27 126056]
"Bdagent"="c:\programmi\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-03-25 1614856]
"PPMemCheck"="c:\programmi\PestPatrol\PPMemCheck.exe" [2003-04-19 148480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
APC UPS Status.lnk - c:\programmi\APC\APC PowerChute Personal Edition\Display.exe [2012-4-29 221247]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido HP Photosmart Premier.lnk]
backup=c:\windows\pss\Avvio rapido HP Photosmart Premier.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Acrobat.lnk]
backup=c:\windows\pss\Avvio veloce di Adobe Acrobat.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Server4PC.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^VIA RAID TOOL.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Hardware\VIA\RAID\VIA RAID TOOL.lnk
backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^TheSpirit^Menu Avvio^Programmi^Esecuzione automatica^AP Launch.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^TheSpirit^Menu Avvio^Programmi^Esecuzione automatica^PowerReg Scheduler V3.exe]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-08-09 04:03 221184 ----a-w- c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
2009-08-17 14:05 916304 -c--a-w- c:\programmi\RegistryFirstAid\rfagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher]
2009-03-13 11:13 911192 ----a-w- c:\programmi\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MagicTuneEngine"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"wuauserv"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"avast! Firewall"=2 (0x2)
"NMIndexingService"=3 (0x3)
"SharedAccess"=2 (0x2)
"Schedule"=2 (0x2)
"MAGIX StartUp Analyze Service"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"Bip Imola Modem Device Helper"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 DiskSec;Magix Volume Filter Driver;c:\windows\system32\drivers\disksec.sys [14/09/2011 19.15.33 14208]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [18/10/2012 20.05.34 161312]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [21/06/2007 19.58.28 77312]
R2 AAMWService;Ashampoo Anti-Malware Service;c:\programmi\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe [01/05/2013 12.48.31 1309528]
R2 TabletServicePen;TabletServicePen;c:\programmi\Tablet\Pen\Pen_Tablet.exe [19/01/2011 13.42.24 6076272]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\programmi\Tablet\Pen\Pen_TouchService.exe [19/01/2011 13.43.30 616816]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\programmi\Bitdefender\Bitdefender 2013\updatesrv.exe [18/10/2012 20.07.28 55544]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [20/07/2008 23.46.06 1310720]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [22/01/2011 18.07.13 11520]
S2 AAMW_WSC_Service_XP;Ashampoo Anti-Malware WSC Service;c:\programmi\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe [01/05/2013 12.48.00 53248]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;i:\programmi installati\Bamboo\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [09/10/2009 5.45.56 169312]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [19/02/2013 0.49.54 66392]
S3 bsusbser;PHD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\bsusbser.sys [06/09/2008 19.04.10 94848]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17/03/2013 15.07.33 23456]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [02/03/2013 10.15.38 106112]
S3 RSUSBCCID;Realtek Smartcard Reader Driver;c:\windows\system32\drivers\RtsUCcid.sys [27/12/2012 1.50.47 44032]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [27/12/2012 1.50.47 173056]
S3 RtsUIr;Realtek IR Driver;c:\windows\system32\drivers\RtsUIr.sys [27/12/2012 1.50.47 17536]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [14/03/2006 3.22.40 349184]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [19/01/2011 13.42.31 16240]
S4 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [29/08/2011 1.03.34 101976]
S4 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [02/10/2011 21.34.33 12112]
S4 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [29/08/2011 1.02.48 192728]
S4 avast! Firewall;avast! Firewall; [x]
S4 Bip Imola Modem Device Helper;Bip Imola Modem Device Helper;c:\programmi\HSPA USB Modem\BackgroundService\ServiceManager.exe -start --> c:\programmi\HSPA USB Modem\BackgroundService\ServiceManager.exe -start [?]
S4 MAGIX StartUp Analyze Service;MAGIX StartUp Analyze Service;i:\programmi installati\PC_Check_Tuning_2011\MXSAS.exe [01/06/2012 19.00.47 186368]
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 17:04]
.
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm
IE: Aggiungi a PDF esistente - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti destinazione link in Adobe PDF - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in Adobe PDF - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - i:\programmi installati\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Scarica con Mipony - file://c:\programmi\MiPony\Browser\IEContext.htm
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\TheSpirit\Dati applicazioni\Mozilla\Firefox\Profiles\9r76t12s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59111
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-25 21:18;
client@anonymox.net; c:\documents and settings\TheSpirit\Dati applicazioni\Mozilla\Firefox\Profiles\9r76t12s.default\extensions\client@anonymox.net.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-01 20:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2013-05-01 20:56:47
ComboFix-quarantined-files.txt 2013-05-01 18:56
ComboFix2.txt 2013-04-30 21:42
ComboFix3.txt 2013-04-30 20:35
ComboFix4.txt 2013-04-30 19:53
ComboFix5.txt 2013-05-01 18:36
.
Pre-Run: 8.218.480.640 byte disponibili
Post-Run: 8.213.921.792 byte disponibili
.
- - End Of File - - 824F602BC675FE25DEEC8D9CC6D2597E
"""
Ha lavorato, riavviato, fatto i suoi 50 e passa stage, e a quel punto mi è venuto il timore che mi avesse nuovamente modificato qualche parametro per le connessioni. Ed invece no: adesso sono riconnesso, ma il virus c'è ancora, anche se TDSS non trova più nulla.
Ecco il LOG che mi ha richiesto:
"""
21:25:00.0640 2808 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:25:00.0640 2808 ============================================================
21:25:00.0640 2808 Current date / time: 2013/05/01 21:25:00.0640
21:25:00.0640 2808 SystemInfo:
21:25:00.0640 2808
21:25:00.0640 2808 OS Version: 5.1.2600 ServicePack: 3.0
21:25:00.0640 2808 Product type: Workstation
21:25:00.0640 2808 ComputerName: ROSANERO
21:25:00.0640 2808 UserName: TheSpirit
21:25:00.0640 2808 Windows directory: C:\WINDOWS
21:25:00.0640 2808 System windows directory: C:\WINDOWS
21:25:00.0640 2808 Processor architecture: Intel x86
21:25:00.0640 2808 Number of processors: 2
21:25:00.0640 2808 Page size: 0x1000
21:25:00.0640 2808 Boot type: Normal boot
21:25:00.0640 2808 ============================================================
21:25:02.0062 2808 Drive \Device\Harddisk0\DR0 - Size: 0x4C8BF2E00 (19.14 Gb), SectorSize: 0x200, Cylinders: 0x9C2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:25:02.0078 2808 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:25:02.0093 2808 Drive \Device\Harddisk3\DR7 - Size: 0x7446E00000 (465.11 Gb), SectorSize: 0x200, Cylinders: 0xED2B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:25:02.0093 2808 ============================================================
21:25:02.0093 2808 \Device\Harddisk0\DR0:
21:25:02.0093 2808 MBR partitions:
21:25:02.0093 2808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2645703
21:25:02.0093 2808 \Device\Harddisk1\DR1:
21:25:02.0093 2808 MBR partitions:
21:25:02.0093 2808 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1869E559
21:25:02.0093 2808 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x1869E598, BlocksNum 0x109A1B3A
21:25:02.0093 2808 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x290400D2, BlocksNum 0x11344B6F
21:25:02.0093 2808 \Device\Harddisk3\DR7:
21:25:02.0109 2808 MBR partitions:
21:25:02.0109 2808 \Device\Harddisk3\DR7\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C13870A
21:25:02.0109 2808 \Device\Harddisk3\DR7\Partition2: MBR, Type 0x7, StartLBA 0x1C138749, BlocksNum 0x1E0FB022
21:25:02.0109 2808 ============================================================
21:25:02.0125 2808 C: <-> \Device\Harddisk0\DR0\Partition1
21:25:02.0140 2808 G: <-> \Device\Harddisk1\DR1\Partition1
21:25:02.0171 2808 H: <-> \Device\Harddisk1\DR1\Partition2
21:25:02.0203 2808 I: <-> \Device\Harddisk1\DR1\Partition3
21:25:02.0234 2808 L: <-> \Device\Harddisk3\DR7\Partition1
21:25:02.0281 2808 M: <-> \Device\Harddisk3\DR7\Partition2
21:25:02.0281 2808 ============================================================
21:25:02.0281 2808 Initialize success
21:25:02.0281 2808 ============================================================
21:25:16.0062 3712 ============================================================
21:25:16.0062 3712 Scan started
21:25:16.0062 3712 Mode: Manual; TDLFS;
21:25:16.0062 3712 ============================================================
21:25:16.0234 3712 ================ Scan system memory ========================
21:25:16.0234 3712 System memory - ok
21:25:16.0234 3712 ================ Scan services =============================
21:25:16.0500 3712 [ 84EC82BFD573738C7417C9EA6DA478FA ] AAMWService C:\Programmi\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe
21:25:16.0531 3712 AAMWService - ok
21:25:16.0562 3712 [ 120689BEAED899EE5ED1A7B629F85C8B ] AAMW_WSC_Service_XP C:\Programmi\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe
21:25:16.0562 3712 AAMW_WSC_Service_XP - ok
21:25:16.0687 3712 Abiosdsk - ok
21:25:16.0687 3712 abp480n5 - ok
21:25:16.0734 3712 [ D766E636187B8F240BBFBABCD51EB2C6 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:25:16.0734 3712 ACPI - ok
21:25:16.0781 3712 [ 49AC5CD87FBDDA62F3E25190019E7627 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:25:16.0781 3712 ACPIEC - ok
21:25:16.0859 3712 [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 I:\Programmi Installati\Bamboo\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
21:25:16.0859 3712 AdobeActiveFileMonitor8.0 - ok
21:25:16.0953 3712 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:25:16.0953 3712 AdobeFlashPlayerUpdateSvc - ok
21:25:16.0953 3712 adpu160m - ok
21:25:17.0000 3712 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:25:17.0015 3712 aec - ok
21:25:17.0031 3712 [ 322D0E36693D6E24A2398BEE62A268CD ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:25:17.0046 3712 AFD - ok
21:25:17.0062 3712 Aha154x - ok
21:25:17.0062 3712 aic78u2 - ok
21:25:17.0109 3712 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:25:17.0109 3712 aic78xx - ok
21:25:17.0171 3712 [ BA88534A3CEB6161E7432438B9EA4F54 ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS
21:25:17.0203 3712 ALCXSENS - ok
21:25:17.0265 3712 [ 9A6A99F0D75B457E3A2267776EBE9F47 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:25:17.0312 3712 ALCXWDM - ok
21:25:17.0343 3712 [ 14A077AD0CF6116D1102631D8E1EDEE8 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:25:17.0343 3712 Alerter - ok
21:25:17.0375 3712 [ 79FE2E0D7859738225816658F0BB2A0D ] ALG C:\WINDOWS\System32\alg.exe
21:25:17.0375 3712 ALG - ok
21:25:17.0390 3712 AliIde - ok
21:25:17.0390 3712 amsint - ok
21:25:17.0484 3712 [ DC45AB27932447B598848B10650313C5 ] APC UPS Service C:\Programmi\APC\APC PowerChute Personal Edition\mainserv.exe
21:25:17.0484 3712 APC UPS Service - ok
21:25:17.0531 3712 [ 9062ED05B7519324FD7F0D6AFB9D1147 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:25:17.0562 3712 AppMgmt - ok
21:25:17.0593 3712 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:25:17.0609 3712 Arp1394 - ok
21:25:17.0609 3712 asc - ok
21:25:17.0609 3712 asc3350p - ok
21:25:17.0625 3712 asc3550 - ok
21:25:17.0656 3712 [ 71356A1370739E25375A1D17B6AE318F ] aslm75 C:\WINDOWS\system32\drivers\aslm75.sys
21:25:17.0656 3712 aslm75 - ok
21:25:17.0703 3712 [ 5B01AF89D16D562825C4DB4530F20CBB ] Aspi32 C:\WINDOWS\system32\drivers\aspi32.sys
21:25:17.0703 3712 Aspi32 - ok
21:25:17.0781 3712 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:25:17.0796 3712 aspnet_state - ok
21:25:17.0843 3712 [ 1AD83BFEC454D43992A5B4333ABC8769 ] aswFW C:\WINDOWS\system32\drivers\aswFW.sys
21:25:17.0843 3712 aswFW - ok
21:25:17.0875 3712 [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis C:\WINDOWS\system32\DRIVERS\aswNdis.sys
21:25:17.0875 3712 aswNdis - ok
21:25:17.0937 3712 [ 892E24024F23B9FDEFFEDDDDFFBAF1EA ] aswNdis2 C:\WINDOWS\system32\drivers\aswNdis2.sys
21:25:17.0968 3712 aswNdis2 - ok
21:25:17.0984 3712 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:25:18.0000 3712 AsyncMac - ok
21:25:18.0046 3712 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:25:18.0046 3712 atapi - ok
21:25:18.0046 3712 Atdisk - ok
21:25:18.0140 3712 [ 9902DFEB0943B70B7358C7B598DE377D ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
21:25:18.0156 3712 Ati HotKey Poller - ok
21:25:18.0593 3712 [ 554E45746A2FF688AF87282C4D742255 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:25:18.0609 3712 ati2mtag - ok
21:25:18.0656 3712 [ 590724416C5A6AA6FBC1F8EE75131AFC ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
21:25:18.0671 3712 AtiHdmiService - ok
21:25:18.0687 3712 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:25:18.0703 3712 Atmarpc - ok
21:25:18.0734 3712 [ 1B58D118049304E88464BE614C6D0014 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:25:18.0734 3712 AudioSrv - ok
21:25:18.0765 3712 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:25:18.0781 3712 audstub - ok
21:25:18.0890 3712 [ F7D825F7E47D8A7865F5D2156B1B7A24 ] bdftdif C:\Programmi\File comuni\Bitdefender\Bitdefender Firewall\bdftdif.sys
21:25:18.0890 3712 bdftdif - ok
21:25:18.0921 3712 [ B6CBFC9D825BB2D955620CD4D8EF07F9 ] BDSandBox C:\WINDOWS\system32\drivers\bdsandbox.sys
21:25:18.0937 3712 BDSandBox - ok
21:25:19.0015 3712 [ A7478F77584F8DB6AD74B2BBE1144886 ] bdselfpr C:\Programmi\Bitdefender\Bitdefender 2013\bdselfpr.sys
21:25:19.0031 3712 bdselfpr - ok
21:25:19.0078 3712 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:25:19.0078 3712 Beep - ok
21:25:19.0125 3712 Bip Imola Modem Device Helper - ok
21:25:19.0203 3712 [ 48C4763A9C8990FB48B73445BEB15D6A ] BITS C:\WINDOWS\system32\qmgr.dll
21:25:19.0359 3712 BITS - ok
21:25:19.0406 3712 [ 534B95FBD867D0512DCB43E6CC1AA91E ] BlueletAudio C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
21:25:19.0406 3712 BlueletAudio - ok
21:25:19.0453 3712 [ 01D1832F2B13DFAF7384884F7C3E0124 ] BlueletSCOAudio C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
21:25:19.0453 3712 BlueletSCOAudio - ok
21:25:19.0515 3712 [ 55F24E6EC983FCC7510293B05A27CEEC ] BlueSoleil Hid Service C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
21:25:19.0515 3712 BlueSoleil Hid Service - ok
21:25:19.0562 3712 [ 4314623FD836E96A51343CE5C74B48A8 ] Browser C:\WINDOWS\System32\browser.dll
21:25:19.0562 3712 Browser - ok
21:25:19.0609 3712 [ 3ED6EAD26CA9FDA0AEACA8F6E822B634 ] bsusbser C:\WINDOWS\system32\DRIVERS\bsusbser.sys
21:25:19.0609 3712 bsusbser - ok
21:25:19.0640 3712 [ 98C84356B961D3C1C9AEC87E3A244338 ] BT C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
21:25:19.0656 3712 BT - ok
21:25:19.0671 3712 [ 8132B98EABA4A7CA474C53DDD6428091 ] Btcsrusb C:\WINDOWS\system32\Drivers\btcusb.sys
21:25:19.0687 3712 Btcsrusb - ok
21:25:19.0718 3712 [ E69D9E7854095A9C81ACEE40D766FE2D ] BTHidEnum C:\WINDOWS\system32\DRIVERS\vbtenum.sys
21:25:19.0718 3712 BTHidEnum - ok
21:25:19.0734 3712 [ A9164C2A39BD917B9F42AE087560AC3D ] BTHidMgr C:\WINDOWS\system32\Drivers\BTHidMgr.sys
21:25:19.0750 3712 BTHidMgr - ok
21:25:19.0781 3712 [ 6B05FDC0CFC3753B520D2D4176CC32D0 ] BTNetFilter C:\WINDOWS\system32\drivers\BTNetFilter.sys
21:25:19.0781 3712 BTNetFilter - ok
21:25:20.0031 3712 [ A4087DA0990727DCA1FF4EDE4940D382 ] c65013264 C:\WINDOWS\system32\drivers\c6501.sys
21:25:20.0031 3712 c65013264 - ok
21:25:20.0062 3712 catchme - ok
21:25:20.0093 3712 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:25:20.0093 3712 cbidf2k - ok
21:25:20.0125 3712 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:25:20.0140 3712 CCDECODE - ok
21:25:20.0140 3712 cd20xrnt - ok
21:25:20.0171 3712 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:25:20.0171 3712 Cdaudio - ok
21:25:20.0203 3712 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:25:20.0203 3712 Cdfs - ok
21:25:20.0234 3712 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:25:20.0250 3712 Cdrom - ok
21:25:20.0281 3712 [ D04F2BEB5EA63D0766E12E44AEF7C38D ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:25:20.0281 3712 CiSvc - ok
21:25:20.0296 3712 [ 48CB1DEFA1A6506C3CF09E4950F82EF6 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:25:20.0296 3712 ClipSrv - ok
21:25:20.0328 3712 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:25:20.0421 3712 clr_optimization_v2.0.50727_32 - ok
21:25:20.0421 3712 CmdIde - ok
21:25:20.0453 3712 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:25:20.0453 3712 Compbatt - ok
21:25:20.0453 3712 COMSysApp - ok
21:25:20.0468 3712 Cpqarray - ok
21:25:20.0468 3712 Crypkey License - ok
21:25:20.0500 3712 [ B6FCBB157E9C8ABDCA4134C535535A8B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:25:20.0515 3712 CryptSvc - ok
21:25:20.0515 3712 dac2w2k - ok
21:25:20.0515 3712 dac960nt - ok
21:25:20.0593 3712 [ DB0C9517C2374D86A18DBFA12B35B129 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:25:20.0640 3712 DcomLaunch - ok
21:25:20.0687 3712 [ 699EE7F752A25180AEB92C3A0EAEE440 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:25:20.0687 3712 Dhcp - ok
21:25:20.0703 3712 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:25:20.0718 3712 Disk - ok
21:25:20.0750 3712 [ F6010162368D9BEF934F1647F2430446 ] DiskSec C:\WINDOWS\system32\drivers\DiskSec.sys
21:25:20.0750 3712 DiskSec - ok
21:25:20.0750 3712 dmadmin - ok
21:25:20.0937 3712 [ 82BC125A8ED33F5F0E75F2AAC1065323 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:25:21.0031 3712 dmboot - ok
21:25:21.0062 3712 [ E959DDC0EA7AC11EE5E5602E2A364310 ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
21:25:21.0078 3712 dmio - ok
21:25:21.0093 3712 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:25:21.0093 3712 dmload - ok
21:25:21.0125 3712 [ A01858C50704B2D2EDEEBBF6BBBCED2A ] dmserver C:\WINDOWS\System32\dmserver.dll
21:25:21.0140 3712 dmserver - ok
21:25:21.0171 3712 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:25:21.0171 3712 DMusic - ok
21:25:21.0187 3712 [ 5A4DAC2ED68EDF6FDD78529D78CB994E ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:25:21.0187 3712 Dnscache - ok
21:25:21.0234 3712 [ D580D77DFF316BD8C9D73B38695DE8DC ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:25:21.0250 3712 Dot3svc - ok
21:25:21.0250 3712 dpti2o - ok
21:25:21.0281 3712 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:25:21.0281 3712 drmkaud - ok
21:25:21.0312 3712 [ 651554E483712B708EDE864D0CA1AA73 ] DrvAgent32 C:\WINDOWS\system32\Drivers\DrvAgent32.sys
21:25:21.0312 3712 DrvAgent32 - ok
21:25:21.0328 3712 [ 86B1F123BACD444E81960B339BAE3FF2 ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:25:21.0359 3712 EapHost - ok
21:25:21.0390 3712 [ 0DAF3544804650526751C478AECCCE63 ] EIO_XP C:\WINDOWS\system32\drivers\EIO_XP.sys
21:25:21.0390 3712 EIO_XP - ok
21:25:21.0406 3712 [ B6599EDA9F3EBEF064504EE35BBECA1C ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:25:21.0406 3712 ERSvc - ok
21:25:21.0453 3712 [ DAC0440C89B1EA4E35684896D5BF856E ] Eventlog C:\WINDOWS\system32\services.exe
21:25:21.0453 3712 Eventlog - ok
21:25:21.0484 3712 [ FF8566499E5A781DA69342D3D76FF246 ] EventSystem C:\WINDOWS\system32\es.dll
21:25:21.0484 3712 EventSystem - ok
21:25:21.0531 3712 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:25:21.0546 3712 Fastfat - ok
21:25:21.0578 3712 [ A982208204830A213D7963BF2A215E56 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:25:21.0578 3712 FastUserSwitchingCompatibility - ok
21:25:21.0593 3712 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:25:21.0609 3712 Fdc - ok
21:25:21.0640 3712 [ B73EC688C29F81F9DA0FCF63682B3ECB ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
21:25:21.0640 3712 FilterService - ok
21:25:21.0671 3712 [ 2CFEA3326981A18C6BAF2BD9BE76225B ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:25:21.0671 3712 Fips - ok
21:25:21.0796 3712 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:25:21.0937 3712 FLEXnet Licensing Service - ok
21:25:21.0968 3712 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:25:21.0968 3712 Flpydisk - ok
21:25:22.0015 3712 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:25:22.0031 3712 FltMgr - ok
21:25:22.0046 3712 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:25:22.0046 3712 Fs_Rec - ok
21:25:22.0078 3712 [ F3269A6EE547EA87B949A1CEA4816B38 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:25:22.0093 3712 Ftdisk - ok
21:25:22.0109 3712 [ 3A74C423CF6BCCA6982715878F450A3B ] gagp30kx C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
21:25:22.0109 3712 gagp30kx - ok
21:25:22.0140 3712 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:25:22.0140 3712 Gpc - ok
21:25:22.0203 3712 [ 479664FA3E1BD3E0B828971A0D500D4E ] gzflt C:\WINDOWS\system32\DRIVERS\gzflt.sys
21:25:22.0218 3712 gzflt - ok
21:25:22.0250 3712 [ 56BF27D7A539F9E6BBC1DE201ABA0EDF ] HdAudAddService C:\WINDOWS\system32\drivers\AtiHdAud.sys
21:25:22.0265 3712 HdAudAddService - ok
21:25:22.0296 3712 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:25:22.0296 3712 HDAudBus - ok
21:25:22.0359 3712 [ 6CE66B51B4EB23D9D073F92698C55C8D ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:25:22.0359 3712 helpsvc - ok
21:25:22.0390 3712 [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
21:25:22.0390 3712 HidBatt - ok
21:25:22.0437 3712 [ 43D985A9A51E0295091B6EBE84C96B78 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:25:22.0437 3712 HidServ - ok
21:25:22.0453 3712 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:25:22.0453 3712 HidUsb - ok
21:25:22.0500 3712 [ 00CAD842F48947887A972828ACA665F7 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:25:22.0500 3712 hkmsvc - ok
21:25:22.0515 3712 hpn - ok
21:25:22.0531 3712 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:25:22.0546 3712 HPZid412 - ok
21:25:22.0546 3712 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:25:22.0546 3712 HPZipr12 - ok
21:25:22.0593 3712 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:25:22.0593 3712 HPZius12 - ok
21:25:22.0625 3712 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:25:22.0640 3712 HTTP - ok
21:25:22.0671 3712 [ 450091AEBFCD08E5858533EAB5B9A436 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:25:22.0671 3712 HTTPFilter - ok
21:25:22.0687 3712 i2omp - ok
21:25:22.0703 3712 [ 610726E28AF55B95043C5C35A727E320 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:25:22.0718 3712 i8042prt - ok
21:25:22.0781 3712 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:25:22.0796 3712 IDriverT - ok
21:25:22.0828 3712 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:25:22.0828 3712 Imapi - ok
21:25:22.0906 3712 [ DB491237445F172FDDDF00541DE1A51D ] ImapiService C:\WINDOWS\system32\imapi.exe
21:25:22.0906 3712 ImapiService - ok
21:25:22.0906 3712 ini910u - ok
21:25:22.0921 3712 IntelIde - ok
21:25:22.0968 3712 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:25:22.0984 3712 ip6fw - ok
21:25:23.0031 3712 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:25:23.0031 3712 IpFilterDriver - ok
21:25:23.0046 3712 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:25:23.0046 3712 IpInIp - ok
21:25:23.0093 3712 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:25:23.0093 3712 IpNat - ok
21:25:23.0125 3712 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:25:23.0125 3712 IPSec - ok
21:25:23.0140 3712 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:25:23.0140 3712 IRENUM - ok
21:25:23.0187 3712 [ 0953594BEB81CC72FCC62D37921B25A6 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:25:23.0187 3712 isapnp - ok
21:25:23.0312 3712 [ 890369AED0DDE1A98F09F7DC239CA2BD ] JavaQuickStarterService C:\Programmi\Java\jre6\bin\jqs.exe
21:25:23.0328 3712 JavaQuickStarterService - ok
21:25:23.0359 3712 [ AE2200BA12EB181FD512B38B19953F4F ] jrdusbser C:\WINDOWS\system32\DRIVERS\jrdusbser.sys
21:25:23.0375 3712 jrdusbser - ok
21:25:23.0390 3712 [ 28B6EACE513CA7EABA3B809AD4BC274D ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:25:23.0390 3712 Kbdclass - ok
21:25:23.0421 3712 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:25:23.0453 3712 kmixer - ok
21:25:23.0468 3712 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:25:23.0484 3712 KSecDD - ok
21:25:23.0531 3712 [ CFCF4AEE4F81C6185EE663097F7189D3 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:25:23.0531 3712 lanmanserver - ok
21:25:23.0546 3712 [ 9071A3BEDCD40CCB221B98F230FDDE9A ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:25:23.0562 3712 lanmanworkstation - ok
21:25:23.0593 3712 [ E01255727D0B158538D7C2B469B533A8 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:25:23.0593 3712 LmHosts - ok
21:25:23.0640 3712 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
21:25:23.0640 3712 LVPr2Mon - ok
21:25:23.0703 3712 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
21:25:23.0718 3712 LVPrcSrv - ok
21:25:23.0765 3712 [ 37072EC9299E825F4335CC554B6FAC6A ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
21:25:23.0781 3712 LVRS - ok
21:25:23.0812 3712 [ 5F987FC1AAD215EC2C60CF07719B1CCE ] LVUSBSta C:\WINDOWS\system32\drivers\LVUSBSta.sys
21:25:23.0812 3712 LVUSBSta - ok
21:25:24.0359 3712 [ A240E42A7402E927A71B6E8AA4629B13 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
21:25:24.0890 3712 LVUVC - ok
21:25:24.0937 3712 [ 18DBB919072F813ADC0490D2B5D711EE ] MAGIX StartUp Analyze Service I:\Programmi Installati\PC_Check_Tuning_2011\MXSAS.exe
21:25:24.0937 3712 MAGIX StartUp Analyze Service - ok
21:25:24.0968 3712 [ 3B32F662C8607E891F325E41F7EE225C ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:25:24.0968 3712 Messenger - ok
21:25:25.0000 3712 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:25:25.0015 3712 mnmdd - ok
21:25:25.0046 3712 [ 514A299EC926BAADA3C718B171476AA4 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
21:25:25.0046 3712 mnmsrvc - ok
21:25:25.0093 3712 [ 8CB6636806D76B85FAFAEE94D75F5129 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:25:25.0093 3712 Modem - ok
21:25:25.0140 3712 [ E904EBED608055A2BFB824C07F59766C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:25:25.0140 3712 Mouclass - ok
21:25:25.0187 3712 [ D7662F0CF5B77BBBE3202716F5BD5318 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:25:25.0203 3712 mouhid - ok
21:25:25.0218 3712 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:25:25.0218 3712 MountMgr - ok
21:25:25.0281 3712 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
21:25:25.0281 3712 MozillaMaintenance - ok
21:25:25.0296 3712 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
21:25:25.0296 3712 MPE - ok
21:25:25.0296 3712 mraid35x - ok
21:25:25.0343 3712 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:25:25.0359 3712 MRxDAV - ok
21:25:25.0421 3712 [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:25:25.0468 3712 MRxSmb - ok
21:25:25.0500 3712 [ 01F77E9E473235C31796ADE46107B0AD ] MSDTC C:\WINDOWS\System32\msdtc.exe
21:25:25.0500 3712 MSDTC - ok
21:25:25.0515 3712 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:25:25.0515 3712 Msfs - ok
21:25:25.0531 3712 MSIServer - ok
21:25:25.0546 3712 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:25:25.0546 3712 MSKSSRV - ok
21:25:25.0625 3712 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:25:25.0671 3712 MSPCLOCK - ok
21:25:25.0703 3712 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:25:25.0703 3712 MSPQM - ok
21:25:25.0734 3712 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:25:25.0734 3712 mssmbios - ok
21:25:25.0750 3712 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:25:25.0750 3712 MSTEE - ok
21:25:25.0796 3712 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
21:25:25.0796 3712 MTsensor - ok
21:25:25.0859 3712 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:25:25.0875 3712 Mup - ok
21:25:25.0890 3712 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:25:25.0921 3712 NABTSFEC - ok
21:25:25.0984 3712 [ 911587FD303C9690A428BB4B04732B61 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:25:26.0015 3712 napagent - ok
21:25:26.0062 3712 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:25:26.0078 3712 NDIS - ok
21:25:26.0093 3712 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:25:26.0109 3712 NdisIP - ok
21:25:26.0125 3712 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:25:26.0125 3712 NdisTapi - ok
21:25:26.0156 3712 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:25:26.0171 3712 Ndisuio - ok
21:25:26.0187 3712 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:25:26.0203 3712 NdisWan - ok
21:25:26.0234 3712 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:25:26.0250 3712 NDProxy - ok
21:25:26.0250 3712 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:25:26.0250 3712 NetBIOS - ok
21:25:26.0296 3712 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:25:26.0312 3712 NetBT - ok
21:25:26.0343 3712 [ 1B09227E41F414A93DBC0BAF80C4D527 ] NetDDE C:\WINDOWS\system32\netdde.exe
21:25:26.0359 3712 NetDDE - ok
21:25:26.0375 3712 [ 1B09227E41F414A93DBC0BAF80C4D527 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:25:26.0375 3712 NetDDEdsdm - ok
21:25:26.0406 3712 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:25:26.0406 3712 Netlogon - ok
21:25:26.0453 3712 [ 02815B70FC4CA8611A926176F1C39FC2 ] Netman C:\WINDOWS\System32\netman.dll
21:25:26.0453 3712 Netman - ok
21:25:26.0500 3712 [ 800ABCBB9800CC35FF9F6787C8B197F8 ] NetworkX C:\WINDOWS\system32\ckldrv.sys
21:25:26.0500 3712 NetworkX - ok
21:25:26.0515 3712 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:25:26.0531 3712 NIC1394 - ok
21:25:26.0578 3712 [ 7E1CEE90214FA6DEF0E601CD7A9FC950 ] Nla C:\WINDOWS\System32\mswsock.dll
21:25:26.0593 3712 Nla - ok
21:25:26.0625 3712 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:25:26.0640 3712 Npfs - ok
21:25:26.0703 3712 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:25:26.0703 3712 Ntfs - ok
21:25:26.0718 3712 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
21:25:26.0718 3712 NtLmSsp - ok
21:25:26.0796 3712 [ 89DB90B5F35D2795D9FC56D933CC72B8 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:25:26.0859 3712 NtmsSvc - ok
21:25:26.0875 3712 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:25:26.0875 3712 Null - ok
21:25:26.0906 3712 [ C03E15101F6D9E82CD9B0E7D715F5DE3 ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
21:25:26.0906 3712 nvata - ok
21:25:26.0937 3712 [ 97724AFFDD7A5A47C3BC07CCD1B88745 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:25:26.0937 3712 NVENETFD - ok
21:25:26.0953 3712 [ 82C2B3A89B9EDFA6287C5ABA1A4E6A99 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:25:26.0953 3712 nvnetbus - ok
21:25:26.0984 3712 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:25:26.0984 3712 NwlnkFlt - ok
21:25:27.0000 3712 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:25:27.0015 3712 NwlnkFwd - ok
21:25:27.0046 3712 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:25:27.0062 3712 ohci1394 - ok
21:25:27.0109 3712 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
21:25:27.0109 3712 ose - ok
21:25:27.0156 3712 [ 4E9408A178B2D955871C2CDD278DE3C3 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:25:27.0171 3712 Parport - ok
21:25:27.0187 3712 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:25:27.0187 3712 PartMgr - ok
21:25:27.0218 3712 [ 0DABEF655A444CB1E193626FB1D24B9F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:25:27.0234 3712 ParVdm - ok
21:25:27.0265 3712 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:25:27.0265 3712 pccsmcfd - ok
21:25:27.0296 3712 [ F40A46892AFEBB0314536B849D57C11E ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:25:27.0312 3712 PCI - ok
21:25:27.0312 3712 PCIDump - ok
21:25:27.0328 3712 [ B2DF00D650FD6C4EE781740ED3C8E67F ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:25:27.0328 3712 PCIIde - ok
21:25:27.0359 3712 [ 815C50F2B1D1562800BDCE8BE895000E ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:25:27.0375 3712 Pcmcia - ok
21:25:27.0375 3712 perc2 - ok
21:25:27.0390 3712 perc2hib - ok
21:25:27.0437 3712 [ DAC0440C89B1EA4E35684896D5BF856E ] PlugPlay C:\WINDOWS\system32\services.exe
21:25:27.0437 3712 PlugPlay - ok
21:25:27.0484 3712 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
21:25:27.0484 3712 Pml Driver HPZ12 - ok
21:25:27.0515 3712 [ 60A044879C4FA76314494F5FDDC43B93 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
21:25:27.0515 3712 Point32 - ok
21:25:27.0531 3712 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:25:27.0531 3712 PolicyAgent - ok
21:25:27.0578 3712 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:25:27.0578 3712 PptpMiniport - ok
21:25:27.0609 3712 [ B479F50E883B2297A5F7F212AAEE6F6C ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
21:25:27.0609 3712 Processor - ok
21:25:27.0625 3712 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:25:27.0625 3712 ProtectedStorage - ok
21:25:27.0671 3712 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe
21:25:27.0671 3712 ProtexisLicensing - ok
21:25:27.0718 3712 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:25:27.0718 3712 PSched - ok
21:25:27.0750 3712 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:25:27.0750 3712 Ptilink - ok
21:25:27.0781 3712 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:25:27.0781 3712 PxHelp20 - ok
21:25:27.0796 3712 ql1080 - ok
21:25:27.0796 3712 Ql10wnt - ok
21:25:27.0796 3712 ql12160 - ok
21:25:27.0812 3712 ql1240 - ok
21:25:27.0812 3712 ql1280 - ok
21:25:27.0828 3712 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:25:27.0828 3712 RasAcd - ok
21:25:27.0890 3712 [ 9839B418343D6E6E52659BDF3FF1FE67 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:25:27.0906 3712 RasAuto - ok
21:25:27.0937 3712 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:25:27.0937 3712 Rasl2tp - ok
21:25:27.0984 3712 [ 62AD41548E720DB4763B86F95E44F3FA ] RasMan C:\WINDOWS\System32\rasmans.dll
21:25:27.0984 3712 RasMan - ok
21:25:28.0015 3712 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:25:28.0015 3712 RasPppoe - ok
21:25:28.0062 3712 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:25:28.0062 3712 Raspti - ok
21:25:28.0109 3712 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:25:28.0125 3712 Rdbss - ok
21:25:28.0140 3712 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:25:28.0140 3712 RDPCDD - ok
21:25:28.0171 3712 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:25:28.0203 3712 rdpdr - ok
21:25:28.0250 3712 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:25:28.0265 3712 RDPWD - ok
21:25:28.0312 3712 [ CC72E6AE90245F0AE48BF1236A7E1F9C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:25:28.0312 3712 RDSessMgr - ok
21:25:28.0343 3712 [ 393FC252593323B624B230ECA6B85E63 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:25:28.0359 3712 redbook - ok
21:25:28.0390 3712 [ 7EBBF16FBD3E0E34F084FA635C1844E3 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:25:28.0406 3712 RemoteAccess - ok
21:25:28.0437 3712 [ F667A41BCED959988E53FEECC8BF5DA0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:25:28.0453 3712 RemoteRegistry - ok
21:25:28.0468 3712 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
21:25:28.0468 3712 ROOTMODEM - ok
21:25:28.0515 3712 [ DC97F6C8A94691834439872B9E8FF2B3 ] RpcLocator C:\WINDOWS\System32\locator.exe
21:25:28.0515 3712 RpcLocator - ok
21:25:28.0578 3712 [ DB0C9517C2374D86A18DBFA12B35B129 ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:25:28.0578 3712 RpcSs - ok
21:25:28.0609 3712 [ AEA02865B8FECD6FCAB10910A950D39A ] RSUSBCCID C:\WINDOWS\system32\DRIVERS\RtsUCcid.sys
21:25:28.0625 3712 RSUSBCCID - ok
21:25:28.0671 3712 [ 46B21ABEBABA664B363F368DB48D6FB8 ] RSUSBSTOR C:\WINDOWS\system32\Drivers\RtsUStor.sys
21:25:28.0703 3712 RSUSBSTOR - ok
21:25:28.0734 3712 [ DCE0D20F8FB66DF41D53734BFF9D66F0 ] RSVP C:\WINDOWS\System32\rsvp.exe
21:25:28.0734 3712 RSVP - ok
21:25:28.0765 3712 [ BD396A6C54EF003C5DF52812BA61BA1B ] RtsUIr C:\WINDOWS\system32\DRIVERS\RtsUIr.sys
21:25:28.0765 3712 RtsUIr - ok
21:25:28.0781 3712 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] SamSs C:\WINDOWS\system32\lsass.exe
21:25:28.0781 3712 SamSs - ok
21:25:28.0828 3712 [ 1D456F1CD76A80793C07BA52CF3A7455 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:25:28.0828 3712 SCardSvr - ok
21:25:28.0890 3712 [ 46B50C07ABFDA51D9B22212EAEB82D2B ] SCDEmu C:\WINDOWS\system32\drivers\SCDEmu.sys
21:25:28.0890 3712 SCDEmu - ok
21:25:28.0968 3712 [ 511886E5BD060046CCE8373E92E62EDF ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:25:28.0984 3712 Schedule - ok
21:25:29.0031 3712 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:25:29.0031 3712 Secdrv - ok
21:25:29.0046 3712 [ 17C6354CA08E7C7972E12C67478AE134 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:25:29.0046 3712 seclogon - ok
21:25:29.0078 3712 [ A0ECA1CE0FCCB29C5E4E1F416E95E73E ] SENS C:\WINDOWS\system32\sens.dll
21:25:29.0078 3712 SENS - ok
21:25:29.0109 3712 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:25:29.0109 3712 serenum - ok
21:25:29.0140 3712 [ FDBD9D64E2E03270021D424F0DCCF79D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:25:29.0140 3712 Serial - ok
21:25:29.0281 3712 [ 9BDE8F1F5D060E912FCF9FB58B71CBC1 ] ServiceLayer C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
21:25:29.0375 3712 ServiceLayer - ok
21:25:29.0390 3712 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:25:29.0390 3712 Sfloppy - ok
21:25:29.0453 3712 [ 152C0555925DFE028E3148FD215146BB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:25:29.0468 3712 SharedAccess - ok
21:25:29.0500 3712 [ A982208204830A213D7963BF2A215E56 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:25:29.0500 3712 ShellHWDetection - ok
21:25:29.0500 3712 Simbad - ok
21:25:29.0562 3712 [ 476BEFAE8C7C1BB9648954060B1EEC1F ] SKYNET C:\WINDOWS\system32\DRIVERS\SkyNET.SYS
21:25:29.0593 3712 SKYNET - ok
21:25:29.0625 3712 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:25:29.0625 3712 SLIP - ok
21:25:29.0625 3712 Sparrow - ok
21:25:29.0656 3712 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:25:29.0656 3712 splitter - ok
21:25:29.0703 3712 [ 60977C9BAE8F86F9075829325303D0C9 ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:25:29.0703 3712 Spooler - ok
21:25:29.0718 3712 [ 618718CAE288BF7CBD8FCBAB2577D932 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:25:29.0734 3712 sr - ok
21:25:29.0765 3712 [ B3E3DA70A7A76E69B872DE3D06D32C19 ] srservice C:\WINDOWS\system32\srsvc.dll
21:25:29.0765 3712 srservice - ok
21:25:29.0812 3712 [ 5252605079810904E31C332E241CD59B ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:25:29.0859 3712 Srv - ok
21:25:29.0875 3712 [ 5215569DD3A8FBC65A85E85F3C12258B ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:25:29.0890 3712 SSDPSRV - ok
21:25:29.0953 3712 [ 3B9263E137896E4D303494F116E00608 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:25:29.0953 3712 stisvc - ok
21:25:29.0984 3712 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:25:30.0000 3712 streamip - ok
21:25:30.0015 3712 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:25:30.0015 3712 swenum - ok
21:25:30.0031 3712 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:25:30.0046 3712 swmidi - ok
21:25:30.0046 3712 SwPrv - ok
21:25:30.0062 3712 symc810 - ok
21:25:30.0062 3712 symc8xx - ok
21:25:30.0062 3712 sym_hi - ok
21:25:30.0078 3712 sym_u3 - ok
21:25:30.0078 3712 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:25:30.0093 3712 sysaudio - ok
21:25:30.0125 3712 [ A34A9A872EEC4C026FD542AC7156FE0B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:25:30.0125 3712 SysmonLog - ok
21:25:31.0140 3712 [ 9F363B982C04392F248F4A5F4A154F06 ] TabletServicePen C:\Programmi\Tablet\Pen\Pen_Tablet.exe
21:25:31.0671 3712 TabletServicePen - ok
21:25:31.0734 3712 [ 6B85F1A9DCE45D45BFFAD3222C21F297 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:25:31.0750 3712 TapiSrv - ok
21:25:31.0828 3712 [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:25:31.0875 3712 Tcpip - ok
21:25:31.0890 3712 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:25:31.0890 3712 TDPIPE - ok
21:25:31.0921 3712 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:25:31.0937 3712 TDTCP - ok
21:25:31.0968 3712 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:25:31.0968 3712 TermDD - ok
21:25:32.0031 3712 [ FE5A5329CCFC33D645C33077FF04F052 ] TermService C:\WINDOWS\System32\termsrv.dll
21:25:32.0031 3712 TermService - ok
21:25:32.0062 3712 [ A982208204830A213D7963BF2A215E56 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:25:32.0062 3712 Themes - ok
21:25:32.0093 3712 [ 2FFF150EA4396956F10B66211687F335 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
21:25:32.0093 3712 TlntSvr - ok
21:25:32.0093 3712 TosIde - ok
21:25:32.0203 3712 [ CFCDF560EB5A804CD3493B4E03A928BA ] TouchServicePen C:\Programmi\Tablet\Pen\Pen_TouchService.exe
21:25:32.0203 3712 TouchServicePen - ok
21:25:32.0250 3712 [ 690294999DF1248FAF85D95B31955D0C ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:25:32.0250 3712 TrkWks - ok
21:25:32.0296 3712 [ F2AEE22231046CAD8D2F94D2C0F9BEFB ] trufos C:\WINDOWS\system32\DRIVERS\trufos.sys
21:25:32.0312 3712 trufos - ok
21:25:32.0343 3712 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:25:32.0359 3712 Udfs - ok
21:25:32.0359 3712 ultra - ok
21:25:32.0421 3712 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:25:32.0468 3712 Update - ok
21:25:32.0500 3712 [ 32BE9DFF9A8DFE2EACA30E0A63C523AE ] UPDATESRV C:\Programmi\Bitdefender\Bitdefender 2013\updatesrv.exe
21:25:32.0515 3712 UPDATESRV - ok
21:25:32.0562 3712 [ 8057B0744D9842A090E51D2845861D5F ] upnphost C:\WINDOWS\System32\upnphost.dll
21:25:32.0593 3712 upnphost - ok
21:25:32.0609 3712 [ F5E8B846EC10E1DF8DCA64119E2EB709 ] UPS C:\WINDOWS\System32\ups.exe
21:25:32.0609 3712 UPS - ok
21:25:32.0656 3712 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
21:25:32.0656 3712 usbaudio - ok
21:25:32.0687 3712 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:25:32.0703 3712 usbccgp - ok
21:25:32.0718 3712 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:25:32.0718 3712 usbehci - ok
21:25:32.0781 3712 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:25:32.0781 3712 usbhub - ok
21:25:32.0828 3712 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:25:32.0828 3712 usbohci - ok
21:25:32.0859 3712 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:25:32.0859 3712 usbprint - ok
21:25:32.0890 3712 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:25:32.0890 3712 usbscan - ok
21:25:32.0921 3712 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:25:32.0937 3712 USBSTOR - ok
21:25:32.0953 3712 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:25:32.0953 3712 usbuhci - ok
21:25:33.0000 3712 [ 9EBEE4A060C5364A31AEAA04EAC2AF1E ] VComm C:\WINDOWS\system32\DRIVERS\VComm.sys
21:25:33.0000 3712 VComm - ok
21:25:33.0031 3712 [ 630BBDBF5490F8F57ABE650DA63661A0 ] VcommMgr C:\WINDOWS\system32\Drivers\VcommMgr.sys
21:25:33.0046 3712 VcommMgr - ok
21:25:33.0062 3712 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:25:33.0062 3712 VgaSave - ok
21:25:33.0109 3712 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
21:25:33.0109 3712 ViaIde - ok
21:25:33.0125 3712 [ EBE101C01D80A42868F57B327BE1B564 ] viasraid C:\WINDOWS\system32\DRIVERS\viasraid.sys
21:25:33.0156 3712 viasraid - ok
21:25:33.0203 3712 [ E46C1B5A56DA7DA603D09DFCC79EC59E ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:25:33.0218 3712 VolSnap - ok
21:25:33.0281 3712 [ C2FE17125256102F5B44194D5DB0A799 ] VSS C:\WINDOWS\System32\vssvc.exe
21:25:33.0281 3712 VSS - ok
21:25:33.0453 3712 [ 3951CAE99EDAF72193EA0F4C8A857BB0 ] VSSERV C:\Programmi\Bitdefender\Bitdefender 2013\vsserv.exe
21:25:33.0562 3712 VSSERV - ok
21:25:33.0609 3712 [ 2969DD84B584A6BB541A5273103957A3 ] W32Time C:\WINDOWS\system32\w32time.dll
21:25:33.0640 3712 W32Time - ok
21:25:33.0671 3712 [ 026D58E9D7701F6B26B0B499F1705334 ] wacmoumonitor C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
21:25:33.0671 3712 wacmoumonitor - ok
21:25:33.0703 3712 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
21:25:33.0703 3712 wacommousefilter - ok
21:25:33.0718 3712 [ 846B58EA44BF8C92E4B59F4E2252C4C0 ] wacomvhid C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
21:25:33.0718 3712 wacomvhid - ok
21:25:33.0765 3712 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:25:33.0765 3712 Wanarp - ok
21:25:33.0812 3712 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
21:25:33.0812 3712 WDC_SAM - ok
21:25:33.0906 3712 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
21:25:33.0906 3712 Wdf01000 - ok
21:25:33.0953 3712 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:25:33.0953 3712 wdmaud - ok
21:25:34.0000 3712 [ 2EC50EE79B65F60C8E8B4A03BBB3A42F ] WebClient C:\WINDOWS\System32\webclnt.dll
21:25:34.0015 3712 WebClient - ok
21:25:34.0093 3712 [ 40911E98D0F1CBB1015F2101982F1DDF ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:25:34.0109 3712 winmgmt - ok
21:25:34.0203 3712 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Programmi\Windows Live\installer\WLSetupSvc.exe
21:25:34.0218 3712 WLSetupSvc - ok
21:25:34.0250 3712 [ 482069CDA24AA0E94B1351E30EB3D01F ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:25:34.0250 3712 WmdmPmSN - ok
21:25:34.0359 3712 [ 069D6BDF23EE96FCDE2ADF9FAB27AE0D ] Wmi C:\WINDOWS\System32\advapi32.dll
21:25:34.0406 3712 Wmi - ok
21:25:34.0453 3712 [ 81FD02839FDB10ACF0EC40B809B9F8CC ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
21:25:34.0453 3712 WmiApSrv - ok
21:25:34.0500 3712 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:25:34.0500 3712 WS2IFSL - ok
21:25:34.0531 3712 [ 926D921C93CFF1E19EF4DE3E4C8368CA ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:25:34.0546 3712 wscsvc - ok
21:25:34.0562 3712 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:25:34.0578 3712 WSTCODEC - ok
21:25:34.0593 3712 [ CC48415E6C7CBAA441A3D6A6DCCBCFA6 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:25:34.0609 3712 wuauserv - ok
21:25:34.0640 3712 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:25:34.0640 3712 WudfPf - ok
21:25:34.0671 3712 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:25:34.0687 3712 WudfRd - ok
21:25:34.0718 3712 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:25:34.0718 3712 WudfSvc - ok
21:25:34.0812 3712 [ 053E0307A08CAC60793E27E921B46B3E ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:25:34.0828 3712 WZCSVC - ok
21:25:34.0875 3712 [ 5526482DCBA6047641B13BF9C75A74E0 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:25:34.0921 3712 xmlprov - ok
21:25:34.0968 3712 [ DEE4899B4AC10A673B2DF0CDD135167E ] yukonwxp C:\WINDOWS\system32\DRIVERS\yukonwxp.sys
21:25:34.0984 3712 yukonwxp - ok
21:25:35.0000 3712 ================ Scan global ===============================
21:25:35.0031 3712 [ 17DDFE6A0B5404C5EF4C03AD996D0562 ] C:\WINDOWS\system32\basesrv.dll
21:25:35.0140 3712 [ 5764B5D964E0CF313DACBB69C8AA1B2B ] C:\WINDOWS\system32\winsrv.dll
21:25:35.0218 3712 [ 5764B5D964E0CF313DACBB69C8AA1B2B ] C:\WINDOWS\system32\winsrv.dll
21:25:35.0234 3712 [ DAC0440C89B1EA4E35684896D5BF856E ] C:\WINDOWS\system32\services.exe
21:25:35.0234 3712 [Global] - ok
21:25:35.0234 3712 ================ Scan MBR ==================================
21:25:35.0265 3712 [ 828E02D5C4A4FBE53441EE9DBEE51F43 ] \Device\Harddisk0\DR0
21:25:35.0484 3712 \Device\Harddisk0\DR0 - ok
21:25:35.0500 3712 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:25:35.0640 3712 \Device\Harddisk1\DR1 - ok
21:25:35.0640 3712 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR7
21:25:35.0765 3712 \Device\Harddisk3\DR7 - ok
21:25:35.0765 3712 ================ Scan VBR ==================================
21:25:35.0781 3712 [ 9B8C51C57A499E5122E6B865869B467A ] \Device\Harddisk0\DR0\Partition1
21:25:35.0781 3712 \Device\Harddisk0\DR0\Partition1 - ok
21:25:35.0781 3712 [ 383CF60AD9EB6B49C780C8768FAF5F86 ] \Device\Harddisk1\DR1\Partition1
21:25:35.0781 3712 \Device\Harddisk1\DR1\Partition1 - ok
21:25:35.0796 3712 [ 8C0F2EB766143912ED30E67245435B70 ] \Device\Harddisk1\DR1\Partition2
21:25:35.0796 3712 \Device\Harddisk1\DR1\Partition2 - ok
21:25:35.0812 3712 [ 7B0E4213C9D4280D192B53C0BB3709C8 ] \Device\Harddisk1\DR1\Partition3
21:25:35.0812 3712 \Device\Harddisk1\DR1\Partition3 - ok
21:25:35.0828 3712 [ 3A44D43B20C7F6D1894BC0F840ADAE90 ] \Device\Harddisk3\DR7\Partition1
21:25:35.0828 3712 \Device\Harddisk3\DR7\Partition1 - ok
21:25:35.0828 3712 [ DE691141766834E5C6502D9A66C48919 ] \Device\Harddisk3\DR7\Partition2
21:25:35.0828 3712 \Device\Harddisk3\DR7\Partition2 - ok
21:25:35.0828 3712 ============================================================
21:25:35.0828 3712 Scan finished
21:25:35.0828 3712 ============================================================
21:25:35.0843 3508 Detected object count: 0
21:25:35.0843 3508 Actual detected object count: 0
""""
A questo punto mi chiedo: che faccio? Devo imparare a convivere con Zero Access (che però mi consente l'accesso ad internet) o è Combofix che (unico fra tutti gli altri software) mi continua a comunicare la presenza del Rootkit?
E se davvero ci fosse ancora, quali sono i rischi che si corrono con questo "codice" malevolo presente in root?
Perchè fino ad oggi, oltre al fatto di non permettermi più di connettermi, NON faceva altro (o perlomeno, NON ho riscontrato nessun'altra problematica negativa sul computer).
Sinceramente, non sò cosa pensare: lascio a te le conclusioni ed eventuali consigli su come comportarmi.
Intanto, adesso, tengo BitDefender sempre aggiornato, Ashampoo Antimalwere con l'agent attivo al riavvio (ora lo avevo staccato per eseguire le prove con Combofix) e PestPatrol (che sinceramente non sò più che utilità possa avere).
Spero di essere stato esaustivo: perdona la prolissità, ma volevo darti un quadro abbastanza esauriente.
Buona serata e grazie per il tempo che mi stai dedicando.
TheS