Ti allego il log aggiornato, ma temo di aver sabagliato qualcosa; non avevo l'icona di ComboFix sul desktop, ho dovuto quindi copiarla e incollarla ............ E' il caso che rifaccio tutto dall'inizio?

Ciao e grazie

ComboFix 12-04-07.02 - Utente 07/04/2012 14.36.39.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1977.1391 [GMT 2:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Utente\Desktop\CFscript.txt
AV: AntiVir Desktop *Disabled/Updated* {7698207D-3A40-003E-AC1D-9876381E9876}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5C49-7C92-0300-000000000000}
AV: Avira Desktop *Enabled/Updated* {00000000-0715-0000-08F2-12003094807C}
FW: Outpost Firewall *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
FILE ::
"c:\programmi\Ask.com\UpdateTask.exe"
"c:\programmi\Lavasoft\Ad-Aware\KernExplorer.sys"
"c:\windows\system32\drivers\gtkdrv.sys"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Utente\Dati applicazioni\AskToolbar
c:\documents and settings\Utente\Dati applicazioni\AskToolbar\Avira.install-bubble.config
c:\documents and settings\Utente\Dati applicazioni\AskToolbar\Avira.status.config
c:\documents and settings\Utente\Dati applicazioni\AskToolbar\IDW.status.config
c:\documents and settings\Utente\Dati applicazioni\Uniblue
c:\documents and settings\Utente\Dati applicazioni\Uniblue\RegistryBooster\history\latest_scan_results.html
c:\documents and settings\Utente\Dati applicazioni\Uniblue\RegistryBooster\last_scan.dat
c:\documents and settings\Utente\Dati applicazioni\Uniblue\RegistryBooster\settings.dat
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\AskToolbar
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\AskToolbar\almost.xml
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\AskToolbar\APNU\config.xml
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\AskToolbar\avira.cab
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\AskToolbar\cache.dat
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\AskToolbar\config.xml
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\AskToolbar\Downloaded Program Files\avira.inf
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\AskToolbar\Downloaded Program Files\AviraWidget.dll
c:\programmi\Ask.com
c:\programmi\Ask.com\assets\oobe\b.png
c:\programmi\Ask.com\assets\oobe\bl.png
c:\programmi\Ask.com\assets\oobe\br.png
c:\programmi\Ask.com\assets\oobe\l.png
c:\programmi\Ask.com\assets\oobe\pointer.png
c:\programmi\Ask.com\assets\oobe\r.png
c:\programmi\Ask.com\assets\oobe\t.png
c:\programmi\Ask.com\assets\oobe\tl.png
c:\programmi\Ask.com\assets\oobe\tr.png
c:\programmi\Ask.com\cb_23.ico
c:\programmi\Ask.com\cobrand.ico
c:\programmi\Ask.com\config.xml
c:\programmi\Ask.com\favicon.ico
c:\programmi\Ask.com\fv_22.ico
c:\programmi\Ask.com\mupcfg.xml
c:\programmi\Ask.com\precache.exe
c:\programmi\Ask.com\SaUpdate.exe
c:\programmi\Ask.com\Updater\config.xml
c:\programmi\Ask.com\Updater\Updater.exe
c:\programmi\Ask.com\UpdateTask.exe
c:\programmi\GridinSoft Trojan Killer
c:\programmi\GridinSoft Trojan Killer\acprotect.z
c:\programmi\GridinSoft Trojan Killer\activex.a
c:\programmi\GridinSoft Trojan Killer\amd.c
c:\programmi\GridinSoft Trojan Killer\armadillo.z
c:\programmi\GridinSoft Trojan Killer\ascrypt.z
c:\programmi\GridinSoft Trojan Killer\asmd.c
c:\programmi\GridinSoft Trojan Killer\aspack.z
c:\programmi\GridinSoft Trojan Killer\aspr.z
c:\programmi\GridinSoft Trojan Killer\avs.c
c:\programmi\GridinSoft Trojan Killer\bho.a
c:\programmi\GridinSoft Trojan Killer\Driver\gtkdrv.cat
c:\programmi\GridinSoft Trojan Killer\Driver\gtkdrv.inf
c:\programmi\GridinSoft Trojan Killer\Driver\gtkdrv.sys
c:\programmi\GridinSoft Trojan Killer\english.lng
c:\programmi\GridinSoft Trojan Killer\execrypt.z
c:\programmi\GridinSoft Trojan Killer\heur.b
c:\programmi\GridinSoft Trojan Killer\ieb.a
c:\programmi\GridinSoft Trojan Killer\logs\scan-2012-03-28 [12-17-14].log
c:\programmi\GridinSoft Trojan Killer\logs\scan-2012-03-29 [21-20-08].log
c:\programmi\GridinSoft Trojan Killer\logs\scan-2012-03-29 [21-40-30].log
c:\programmi\GridinSoft Trojan Killer\logs\scan-2012-04-01 [12-29-24].log
c:\programmi\GridinSoft Trojan Killer\md.c
c:\programmi\GridinSoft Trojan Killer\mew.z
c:\programmi\GridinSoft Trojan Killer\mslrh.z
c:\programmi\GridinSoft Trojan Killer\naco.c
c:\programmi\GridinSoft Trojan Killer\npack.z
c:\programmi\GridinSoft Trojan Killer\pk.z
c:\programmi\GridinSoft Trojan Killer\pl.a
c:\programmi\GridinSoft Trojan Killer\ps.z
c:\programmi\GridinSoft Trojan Killer\psign.z
c:\programmi\GridinSoft Trojan Killer\restore.exe
c:\programmi\GridinSoft Trojan Killer\rico.c
c:\programmi\GridinSoft Trojan Killer\rlpack.z
c:\programmi\GridinSoft Trojan Killer\service.a
c:\programmi\GridinSoft Trojan Killer\sesi.a
c:\programmi\GridinSoft Trojan Killer\smd.c
c:\programmi\GridinSoft Trojan Killer\spl.a
c:\programmi\GridinSoft Trojan Killer\startup.a
c:\programmi\GridinSoft Trojan Killer\storage\409979043511227.info
c:\programmi\GridinSoft Trojan Killer\storage\409979043511227.zip
c:\programmi\GridinSoft Trojan Killer\swl.c
c:\programmi\GridinSoft Trojan Killer\trojankiller.chm
c:\programmi\GridinSoft Trojan Killer\trojankiller.exe
c:\programmi\GridinSoft Trojan Killer\unhider.exe
c:\programmi\GridinSoft Trojan Killer\UnHookLib.dll
c:\programmi\GridinSoft Trojan Killer\uninst.exe
c:\programmi\GridinSoft Trojan Killer\upack.z
c:\programmi\GridinSoft Trojan Killer\upx.z
c:\programmi\GridinSoft Trojan Killer\vs.c
c:\programmi\GridinSoft Trojan Killer\wl.c
c:\programmi\GridinSoft Trojan Killer\xpack.z
c:\programmi\GridinSoft Trojan Killer\yoda.z
C:\TDSSKiller_Quarantine
c:\tdsskiller_quarantine\27.03.2012_23.03.13\rtkt0000\object.ini
c:\tdsskiller_quarantine\27.03.2012_23.03.13\rtkt0000\svc0000\object.ini
c:\tdsskiller_quarantine\27.03.2012_23.03.13\rtkt0000\svc0000\tsk0000.ini
c:\tdsskiller_quarantine\27.03.2012_23.03.13\rtkt0000\svc0000\tsk0001.dta
c:\tdsskiller_quarantine\27.03.2012_23.03.13\rtkt0000\svc0000\tsk0001.ini
c:\tdsskiller_quarantine\28.03.2012_13.56.33\susp0000\object.ini
c:\tdsskiller_quarantine\28.03.2012_13.56.33\susp0000\svc0000\object.ini
c:\tdsskiller_quarantine\28.03.2012_13.56.33\susp0000\svc0000\tsk0000.dta
c:\tdsskiller_quarantine\28.03.2012_13.56.33\susp0000\svc0000\tsk0000.ini
c:\tdsskiller_quarantine\28.03.2012_13.56.33\susp0001\object.ini
c:\tdsskiller_quarantine\28.03.2012_13.56.33\susp0001\svc0000\object.ini
c:\tdsskiller_quarantine\28.03.2012_13.56.33\susp0001\svc0000\tsk0000.dta
c:\tdsskiller_quarantine\28.03.2012_13.56.33\susp0001\svc0000\tsk0000.ini
c:\tdsskiller_quarantine\28.03.2012_13.56.33\susp0002\object.ini
c:\tdsskiller_quarantine\28.03.2012_13.56.33\susp0002\svc0000\object.ini
c:\tdsskiller_quarantine\28.03.2012_13.56.33\susp0002\svc0000\tsk0000.dta
c:\tdsskiller_quarantine\28.03.2012_13.56.33\susp0002\svc0000\tsk0000.ini
c:\tdsskiller_quarantine\28.03.2012_13.56.33\susp0003\object.ini
c:\tdsskiller_quarantine\28.03.2012_13.56.33\susp0003\svc0000\object.ini
c:\tdsskiller_quarantine\28.03.2012_13.56.33\susp0003\svc0000\tsk0000.dta
c:\tdsskiller_quarantine\28.03.2012_13.56.33\susp0003\svc0000\tsk0000.ini
c:\tdsskiller_quarantine\28.03.2012_13.56.33\susp0004\object.ini
c:\tdsskiller_quarantine\28.03.2012_13.56.33\susp0004\svc0000\object.ini
c:\tdsskiller_quarantine\28.03.2012_13.56.33\susp0004\svc0000\tsk0000.dta
c:\tdsskiller_quarantine\28.03.2012_13.56.33\susp0004\svc0000\tsk0000.ini
c:\windows\system32\drivers\gtkdrv.sys
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LAVASOFT_KERNEXPLORER
-------\Legacy_POWEROFFER_SERVICE
-------\Legacy_TROJANKILLERDRIVER
-------\Service_Lavasoft Kernexplorer
-------\Service_PowerOffer Service
-------\Service_TrojanKillerDriver
.
.
((((((((((((((((((((((((( Files Creati Da 2012-03-07 al 2012-04-07 )))))))))))))))))))))))))))))))))))
.
.
2012-04-06 21:50 . 2012-04-06 21:50 -------- d-----w- c:\programmi\Microsoft Silverlight
2012-04-06 15:40 . 2012-04-06 15:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\F4D55F3B0004B2F1000B5ECFD151FC4E
2012-04-01 09:37 . 2012-04-07 12:36 -------- d-----w- c:\windows\system32\CatRoot2
2012-03-31 11:36 . 2012-03-31 11:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2012-03-29 20:25 . 2012-03-29 20:25 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Mozilla
2012-03-29 15:46 . 2012-03-29 15:54 -------- d-----w- c:\programmi\Eusing Free Registry Cleaner
2012-03-29 15:40 . 2009-04-06 09:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2012-03-29 15:40 . 2009-02-10 14:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2012-03-29 15:39 . 2009-02-18 15:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2012-03-29 15:39 . 2012-03-29 15:39 -------- d-----w- c:\programmi\Agnitum
2012-03-29 15:38 . 2012-03-29 16:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Agnitum
2012-03-29 10:35 . 2012-03-29 10:35 -------- d-----w- c:\windows\Downloaded Program Files
2012-03-29 08:37 . 2012-03-29 08:38 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\LockHunter
2012-03-28 17:08 . 2012-03-28 17:08 388096 ----a-r- c:\documents and settings\Utente\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-28 17:00 . 2012-03-28 17:00 -------- d-----w- c:\programmi\Trend Micro
2012-03-28 10:30 . 2012-03-29 09:59 -------- d-sh--w- c:\documents and settings\Utente\UserData
2012-03-28 09:55 . 2012-03-28 09:55 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Avira
2012-03-28 09:49 . 2012-03-28 09:49 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\APN
2012-03-28 09:49 . 2012-02-03 13:26 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-28 09:49 . 2012-02-03 13:26 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-28 09:49 . 2012-02-03 13:26 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-28 09:49 . 2012-04-03 12:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2012-03-28 09:49 . 2012-03-28 09:49 -------- d-----w- c:\programmi\Avira
2012-03-27 20:23 . 2012-04-07 10:52 -------- d-----w- c:\windows\system32\wbem\Logs
2012-03-27 20:05 . 2012-03-27 20:05 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\DriverCure
2012-03-27 20:05 . 2012-03-27 20:05 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\SpeedyPC Software
2012-03-27 20:05 . 2012-03-27 20:05 -------- d-----w- c:\programmi\SpeedyPC Software
2012-03-27 20:05 . 2012-03-27 20:05 -------- d-----w- c:\programmi\File comuni\SpeedyPC Software
2012-03-27 20:05 . 2012-03-27 20:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SpeedyPC Software
2012-03-25 15:17 . 2012-03-29 12:10 -------- d-----w- c:\programmi\Sunbelt Software
2012-03-23 17:40 . 2012-03-23 17:40 1491 ----a-w- C:\user.js
2012-03-23 17:40 . 2012-03-23 17:40 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Babylon
2012-03-23 17:40 . 2012-03-23 17:40 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Babylon
2012-03-23 17:40 . 2012-03-23 17:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Babylon
2012-03-18 11:12 . 2012-03-18 11:12 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Malwarebytes
2012-03-18 11:12 . 2012-03-18 11:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2012-03-18 11:12 . 2012-03-18 11:12 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2012-03-18 11:12 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-18 10:53 . 2012-03-18 11:04 -------- d-----w- c:\programmi\CCleaner
2012-03-18 09:23 . 2012-03-18 09:23 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-18 08:33 . 2012-03-18 08:33 1409 ----a-w- c:\windows\QTFont.for
2012-03-16 19:37 . 2012-03-16 19:37 126976 --sha-r- c:\windows\system32\stdole2O.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-27 21:04 . 2008-04-14 12:00 188416 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-02-03 09:57 . 2008-04-14 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 18:20 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2010-07-29 00:40 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 04:38 . 2012-03-29 20:24 97208 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-07_10.53.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-07 12:44 . 2012-04-07 12:44 16384 c:\windows\temp\Perflib_Perfdata_628.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-08 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-08 142872]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2009-03-05 1434920]
"MobileConnect"="c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2008-03-21 08:21 91432 ----a-w- c:\programmi\CyberLink\Shared Files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 07:27 153136 ----a-w- c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 09:36 50472 ------w- c:\programmi\CyberLink\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 18:23 83240 ------w- c:\programmi\CyberLink\PowerDVD8\PDVD8Serv.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Halto\\Halto.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
"3931:TCP"= 3931:TCP:Windows Core Service
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [28/03/2012 11.49.21 36000]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [29/03/2012 17.40.44 704384]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\programmi\CyberLink\PowerDVD8\000.fcl [01/02/2008 17.24.04 41456]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [29/03/2012 17.39.13 1195008]
R2 AntiVirSchedulerService;Avira Pianificatore;c:\programmi\Avira\AntiVir Desktop\sched.exe [28/03/2012 11.49.21 86224]
R2 AntiVirWebService;Avira Web Protection;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [28/03/2012 11.49.21 463824]
R2 VMCService;Vodafone Mobile Connect Service;c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [04/07/2008 13.52.18 14336]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [29/03/2012 17.39.16 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [29/03/2012 17.40.38 257432]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [08/04/2009 4.04.00 39424]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [01/08/2010 13.26.41 135664]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [01/08/2010 13.26.41 135664]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [28/07/2010 22.41.18 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14/04/2008 14.00.00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-08-01 11:26]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-08-01 11:26]
.
2012-04-07 c:\windows\Tasks\QENLHE.job
- c:\windows\system32\stdole2O.dll [2012-03-16 19:37]
.
2012-03-27 c:\windows\Tasks\SpeedyPC Pro.job
- c:\programmi\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-03-27 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\programmi\File comuni\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17]
.
2012-04-07 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\programmi\File comuni\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
2012-04-07 c:\windows\Tasks\User_Feed_Synchronization-{178E7CA2-C96E-4B01-BA5A-25D4EBF220CE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{843962A3-82E9-4683-9EA3-B933DD1EACF3}: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\7p24sv4v.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-GridinSoft Trojan Killer - c:\programmi\GridinSoft Trojan Killer\uninst.exe
AddRemove-HijackThis - g:\varie\HijackThis.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\programmi\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-07 14:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD8\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'lsass.exe'(1208)
c:\programmi\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(744)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2012-04-07 14:55:24 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-04-07 12:55
ComboFix2.txt 2012-04-07 10:58
.
Pre-Run: 43.266.002.944 byte disponibili
Post-Run: 43.253.100.544 byte disponibili
.
- - End Of File - - 5934255EAF1EA7754A46D816CE5ABFD9

Mi scuso per il ritardo, ero fuotri casa. Si, il solito problema purtroppo. Dopo aver fatto una ricerca con google clicco su uno dei siti trovati per quella ricerca e o mi va su un altro sito (tipo secure-bidvertiser) o mi da una schermata bianca con in basso a sinistra la scritta "FINE" e sulls barra in alto mi scrive l'indirizzo della mia home (www.google.it).

Ciao e grazie per il tuo interessamento

Prima avevo IE ora ho installato anche Firefox. Con IE il problema è quello esposto in precedenza. Con firefox il problema è meno frequente e non mi da la schermata bianca ma di solito mi manda al sito www.rocketnews.com

Ho lanciato nuovamente MBAM in modalità provvisoria; ha trovato di nuovo 2 problemi. questo è il log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Versione database: v2012.04.08.05

Windows XP Service Pack 3 x86 NTFS (Modalità provvisoria)
Internet Explorer 8.0.6001.18702
Utente :: OEM-FULL [amministratore]

08/04/2012 19.56.20
mbam-log-2012-04-08 (19-56-20).txt

Tipo di scansione: Scansione completa
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 285598
Tempo impiegato: 21 minuti, 18 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Fortress 2012 (Trojan.FakeAlert) -> Spostato in quarantena ed eliminato con successo.

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 1
C:\Documents and Settings\All Users\Dati applicazioni\F4D55F3B0004B2F1000B5ECFD151FC4E\F4D55F3B0004B2F1000B5ECFD151FC4E.exe (Trojan.FakeAlert) -> Spostato in quarantena ed eliminato con successo.

(fine)

Si ancora persiste. Ho reimpostato IE come da te suggerito (lo avevo già fatto un paio di giorni fa) ma senza successo; il problema è ancora presente. Grazie R16 per i tuoi suggerimenti.

Fatto (non ho riavviato, dovevo farlo?) ecco i tre log:

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Utente [Admin rights]
Mode: Scan -- Date: 04/08/2012 22:07:37

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[25] : NtClose @ 0x805BC530 -> HOOKED (Unknown @ 0x99A24F1C)
SSDT[41] : NtCreateKey @ 0x806240F0 -> HOOKED (Unknown @ 0x99A24ED6)
SSDT[50] : NtCreateSection @ 0x805AB3C8 -> HOOKED (Unknown @ 0x99A24F26)
SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (Unknown @ 0x99A24ECC)
SSDT[63] : NtDeleteKey @ 0x8062458C -> HOOKED (Unknown @ 0x99A24EDB)
SSDT[65] : NtDeleteValueKey @ 0x8062475C -> HOOKED (Unknown @ 0x99A24EE5)
SSDT[68] : NtDuplicateObject @ 0x805BE008 -> HOOKED (Unknown @ 0x99A24F17)
SSDT[98] : NtLoadKey @ 0x80626314 -> HOOKED (Unknown @ 0x99A24EEA)
SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (Unknown @ 0x99A24EB8)
SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (Unknown @ 0x99A24EBD)
SSDT[177] : NtQueryValueKey @ 0x80622314 -> HOOKED (Unknown @ 0x99A24F3F)
SSDT[193] : NtReplaceKey @ 0x806261C4 -> HOOKED (Unknown @ 0x99A24EF4)
SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D76 -> HOOKED (Unknown @ 0x99A24F30)
SSDT[204] : NtRestoreKey @ 0x80625AD0 -> HOOKED (Unknown @ 0x99A24EEF)
SSDT[213] : NtSetContextThread @ 0x805D173A -> HOOKED (Unknown @ 0x99A24F2B)
SSDT[237] : NtSetSecurityObject @ 0x805C062E -> HOOKED (Unknown @ 0x99A24F35)
SSDT[247] : NtSetValueKey @ 0x80622662 -> HOOKED (Unknown @ 0x99A24EE0)
SSDT[255] : NtSystemDebugControl @ 0x806180BA -> HOOKED (Unknown @ 0x99A24F3A)
SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (Unknown @ 0x99A24EC7)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0x99A24F4E)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0x99A24F53)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600BEVT-22ZCT0 +++++
--- User ---
[MBR] 0bbd42a9e375cbc56714ed3ca969157b
[BSP] 9dec3e4546a14396072deb91a711e34c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 72614 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 148713705 | Size: 80011 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Utente [Admin rights]
Mode: Remove -- Date: 04/08/2012 22:08:34

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[25] : NtClose @ 0x805BC530 -> HOOKED (Unknown @ 0x99A24F1C)
SSDT[41] : NtCreateKey @ 0x806240F0 -> HOOKED (Unknown @ 0x99A24ED6)
SSDT[50] : NtCreateSection @ 0x805AB3C8 -> HOOKED (Unknown @ 0x99A24F26)
SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (Unknown @ 0x99A24ECC)
SSDT[63] : NtDeleteKey @ 0x8062458C -> HOOKED (Unknown @ 0x99A24EDB)
SSDT[65] : NtDeleteValueKey @ 0x8062475C -> HOOKED (Unknown @ 0x99A24EE5)
SSDT[68] : NtDuplicateObject @ 0x805BE008 -> HOOKED (Unknown @ 0x99A24F17)
SSDT[98] : NtLoadKey @ 0x80626314 -> HOOKED (Unknown @ 0x99A24EEA)
SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (Unknown @ 0x99A24EB8)
SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (Unknown @ 0x99A24EBD)
SSDT[177] : NtQueryValueKey @ 0x80622314 -> HOOKED (Unknown @ 0x99A24F3F)
SSDT[193] : NtReplaceKey @ 0x806261C4 -> HOOKED (Unknown @ 0x99A24EF4)
SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D76 -> HOOKED (Unknown @ 0x99A24F30)
SSDT[204] : NtRestoreKey @ 0x80625AD0 -> HOOKED (Unknown @ 0x99A24EEF)
SSDT[213] : NtSetContextThread @ 0x805D173A -> HOOKED (Unknown @ 0x99A24F2B)
SSDT[237] : NtSetSecurityObject @ 0x805C062E -> HOOKED (Unknown @ 0x99A24F35)
SSDT[247] : NtSetValueKey @ 0x80622662 -> HOOKED (Unknown @ 0x99A24EE0)
SSDT[255] : NtSystemDebugControl @ 0x806180BA -> HOOKED (Unknown @ 0x99A24F3A)
SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (Unknown @ 0x99A24EC7)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0x99A24F4E)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0x99A24F53)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600BEVT-22ZCT0 +++++
--- User ---
[MBR] 0bbd42a9e375cbc56714ed3ca969157b
[BSP] 9dec3e4546a14396072deb91a711e34c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 72614 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 148713705 | Size: 80011 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Utente [Admin rights]
Mode: Remove -- Date: 04/08/2012 22:08:34

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[25] : NtClose @ 0x805BC530 -> HOOKED (Unknown @ 0x99A24F1C)
SSDT[41] : NtCreateKey @ 0x806240F0 -> HOOKED (Unknown @ 0x99A24ED6)
SSDT[50] : NtCreateSection @ 0x805AB3C8 -> HOOKED (Unknown @ 0x99A24F26)
SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (Unknown @ 0x99A24ECC)
SSDT[63] : NtDeleteKey @ 0x8062458C -> HOOKED (Unknown @ 0x99A24EDB)
SSDT[65] : NtDeleteValueKey @ 0x8062475C -> HOOKED (Unknown @ 0x99A24EE5)
SSDT[68] : NtDuplicateObject @ 0x805BE008 -> HOOKED (Unknown @ 0x99A24F17)
SSDT[98] : NtLoadKey @ 0x80626314 -> HOOKED (Unknown @ 0x99A24EEA)
SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (Unknown @ 0x99A24EB8)
SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (Unknown @ 0x99A24EBD)
SSDT[177] : NtQueryValueKey @ 0x80622314 -> HOOKED (Unknown @ 0x99A24F3F)
SSDT[193] : NtReplaceKey @ 0x806261C4 -> HOOKED (Unknown @ 0x99A24EF4)
SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D76 -> HOOKED (Unknown @ 0x99A24F30)
SSDT[204] : NtRestoreKey @ 0x80625AD0 -> HOOKED (Unknown @ 0x99A24EEF)
SSDT[213] : NtSetContextThread @ 0x805D173A -> HOOKED (Unknown @ 0x99A24F2B)
SSDT[237] : NtSetSecurityObject @ 0x805C062E -> HOOKED (Unknown @ 0x99A24F35)
SSDT[247] : NtSetValueKey @ 0x80622662 -> HOOKED (Unknown @ 0x99A24EE0)
SSDT[255] : NtSystemDebugControl @ 0x806180BA -> HOOKED (Unknown @ 0x99A24F3A)
SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (Unknown @ 0x99A24EC7)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0x99A24F4E)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0x99A24F53)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600BEVT-22ZCT0 +++++
--- User ---
[MBR] 0bbd42a9e375cbc56714ed3ca969157b
[BSP] 9dec3e4546a14396072deb91a711e34c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 72614 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 148713705 | Size: 80011 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Utente [Admin rights]
Mode: Shortcuts HJfix -- Date: 04/08/2012 22:10:34

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 13 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 67 / Fail 0
My documents: Success 8 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 653 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Il Reboot non mi è stato richiesto.
Ti posto sia il log che ho trovato in c:\ che quello da me salvato dopo aver fatto "report":

(ho letto in un sito che il problema potrebbe essere il file HOSTS, ti risulta?)

22:31:00.0500 2096 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
22:31:16.0531 2096 Perform update action was selected
22:31:16.0546 1704 Deinitialize success


22:32:43.0906 3496 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
22:32:45.0343 3496 ============================================================
22:32:45.0343 3496 Current date / time: 2012/04/08 22:32:45.0343
22:32:45.0343 3496 SystemInfo:
22:32:45.0343 3496
22:32:45.0343 3496 OS Version: 5.1.2600 ServicePack: 3.0
22:32:45.0343 3496 Product type: Workstation
22:32:45.0343 3496 ComputerName: OEM-FULL
22:32:45.0343 3496 UserName: Utente
22:32:45.0343 3496 Windows directory: C:\WINDOWS
22:32:45.0343 3496 System windows directory: C:\WINDOWS
22:32:45.0343 3496 Processor architecture: Intel x86
22:32:45.0343 3496 Number of processors: 2
22:32:45.0343 3496 Page size: 0x1000
22:32:45.0343 3496 Boot type: Normal boot
22:32:45.0343 3496 ============================================================
22:32:46.0062 3496 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:32:46.0062 3496 \Device\Harddisk0\DR0:
22:32:46.0062 3496 MBR used
22:32:46.0062 3496 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8DD30AA
22:32:46.0062 3496 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x8DD30E9, BlocksNum 0x9C459D8
22:32:46.0140 3496 Initialize success
22:32:46.0140 3496 ============================================================
22:33:20.0171 2908 ============================================================
22:33:20.0171 2908 Scan started
22:33:20.0171 2908 Mode: Manual; SigCheck; TDLFS;
22:33:20.0171 2908 ============================================================
22:33:20.0406 2908 Abiosdsk - ok
22:33:20.0406 2908 abp480n5 - ok
22:33:20.0437 2908 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:33:21.0921 2908 ACPI - ok
22:33:22.0031 2908 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:33:22.0156 2908 ACPIEC - ok
22:33:22.0234 2908 acssrv (8e294acae2b6fb3c75f55913829b359e) C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
22:33:22.0281 2908 acssrv ( UnsignedFile.Multi.Generic ) - warning
22:33:22.0281 2908 acssrv - detected UnsignedFile.Multi.Generic (1)
22:33:22.0296 2908 adpu160m - ok
22:33:22.0328 2908 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:33:22.0421 2908 aec - ok
22:33:22.0453 2908 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:33:22.0484 2908 AFD - ok
22:33:22.0515 2908 afw (f85e257cae6133fcda85332fa52b455e) C:\WINDOWS\system32\DRIVERS\afw.sys
22:33:22.0640 2908 afw - ok
22:33:22.0671 2908 afwcore (90b57bf63271cd3df6bb264f91e0be35) C:\WINDOWS\system32\drivers\afwcore.sys
22:33:22.0687 2908 afwcore - ok
22:33:22.0687 2908 Aha154x - ok
22:33:22.0703 2908 aic78u2 - ok
22:33:22.0718 2908 aic78xx - ok
22:33:22.0750 2908 Alerter (14a077ad0cf6116d1102631d8e1edee8) C:\WINDOWS\system32\alrsvc.dll
22:33:22.0843 2908 Alerter - ok
22:33:22.0875 2908 ALG (79fe2e0d7859738225816658f0bb2a0d) C:\WINDOWS\System32\alg.exe
22:33:22.0921 2908 ALG - ok
22:33:22.0937 2908 AliIde - ok
22:33:22.0937 2908 amsint - ok
22:33:23.0015 2908 AntiVirSchedulerService (ffab08597accd27065f600d4ed747d83) C:\Programmi\Avira\AntiVir Desktop\sched.exe
22:33:23.0046 2908 AntiVirSchedulerService - ok
22:33:23.0078 2908 AntiVirService (a341d3b2442acbbcf9afbc801e2c8013) C:\Programmi\Avira\AntiVir Desktop\avguard.exe
22:33:23.0078 2908 AntiVirService - ok
22:33:23.0109 2908 AntiVirWebService (e3e4d3098aa58d5efdff692815261c7d) C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
22:33:23.0125 2908 AntiVirWebService - ok
22:33:23.0187 2908 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:33:23.0203 2908 Apple Mobile Device - ok
22:33:23.0234 2908 AppMgmt (9062ed05b7519324fd7f0d6afb9d1147) C:\WINDOWS\System32\appmgmts.dll
22:33:23.0296 2908 AppMgmt - ok
22:33:23.0375 2908 AR5416 (864160f5f4fbdd97b6a686854bfebd86) C:\WINDOWS\system32\DRIVERS\athw.sys
22:33:23.0468 2908 AR5416 - ok
22:33:23.0468 2908 asc - ok
22:33:23.0484 2908 asc3350p - ok
22:33:23.0484 2908 asc3550 - ok
22:33:23.0578 2908 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:33:23.0593 2908 aspnet_state - ok
22:33:23.0625 2908 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:33:23.0734 2908 AsyncMac - ok
22:33:23.0781 2908 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
22:33:23.0875 2908 atapi - ok
22:33:23.0875 2908 Atdisk - ok
22:33:23.0906 2908 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:33:24.0015 2908 Atmarpc - ok
22:33:24.0046 2908 AudioSrv (1b58d118049304e88464be614c6d0014) C:\WINDOWS\System32\audiosrv.dll
22:33:24.0156 2908 AudioSrv - ok
22:33:24.0187 2908 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:33:24.0296 2908 audstub - ok
22:33:24.0343 2908 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:33:24.0359 2908 avgntflt - ok
22:33:24.0375 2908 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:33:24.0390 2908 avipbb - ok
22:33:24.0406 2908 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:33:24.0421 2908 avkmgr - ok
22:33:24.0437 2908 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:33:24.0531 2908 Beep - ok
22:33:24.0578 2908 BITS (48c4763a9c8990fb48b73445beb15d6a) C:\WINDOWS\system32\qmgr.dll
22:33:24.0703 2908 BITS - ok
22:33:24.0718 2908 Browser (4314623fd836e96a51343ce5c74b48a8) C:\WINDOWS\System32\browser.dll
22:33:24.0812 2908 Browser - ok
22:33:24.0843 2908 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
22:33:24.0953 2908 BthEnum - ok
22:33:24.0968 2908 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
22:33:25.0062 2908 BTHMODEM - ok
22:33:25.0093 2908 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
22:33:25.0187 2908 BthPan - ok
22:33:25.0218 2908 BTHPORT (ad0da527dec931c85647cb265ceda13d) C:\WINDOWS\system32\Drivers\BTHport.sys
22:33:25.0250 2908 BTHPORT - ok
22:33:25.0281 2908 BthServ (2eeec087a3b3104667afe2c3111cdcb5) C:\WINDOWS\System32\bthserv.dll
22:33:25.0390 2908 BthServ - ok
22:33:25.0421 2908 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
22:33:25.0515 2908 BTHUSB - ok
22:33:25.0531 2908 catchme - ok
22:33:25.0562 2908 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:33:25.0656 2908 cbidf2k - ok
22:33:25.0703 2908 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:33:25.0796 2908 CCDECODE - ok
22:33:25.0812 2908 cd20xrnt - ok
22:33:25.0843 2908 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:33:25.0921 2908 Cdaudio - ok
22:33:25.0937 2908 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:33:26.0031 2908 Cdfs - ok
22:33:26.0078 2908 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:33:26.0187 2908 Cdrom - ok
22:33:26.0187 2908 Changer - ok
22:33:26.0218 2908 CiSvc (d04f2beb5ea63d0766e12e44aef7c38d) C:\WINDOWS\system32\cisvc.exe
22:33:26.0296 2908 CiSvc - ok
22:33:26.0328 2908 ClipSrv (48cb1defa1a6506c3cf09e4950f82ef6) C:\WINDOWS\system32\clipsrv.exe
22:33:26.0468 2908 ClipSrv - ok
22:33:26.0546 2908 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:33:26.0578 2908 clr_optimization_v2.0.50727_32 - ok
22:33:26.0609 2908 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:33:26.0703 2908 CmBatt - ok
22:33:26.0703 2908 CmdIde - ok
22:33:26.0765 2908 CnxtHdAudService (61175c2375a19725fc1b7ea38f9f5bb2) C:\WINDOWS\system32\drivers\CHDAU32.sys
22:33:26.0812 2908 CnxtHdAudService - ok
22:33:26.0828 2908 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:33:26.0921 2908 Compbatt - ok
22:33:26.0937 2908 COMSysApp - ok
22:33:26.0953 2908 Cpqarray - ok
22:33:26.0984 2908 CryptSvc (b6fcbb157e9c8abdca4134c535535a8b) C:\WINDOWS\System32\cryptsvc.dll
22:33:27.0078 2908 CryptSvc - ok
22:33:27.0078 2908 dac2w2k - ok
22:33:27.0093 2908 dac960nt - ok
22:33:27.0125 2908 DcomLaunch (bc4e0226341aaec1222336b3aed86bab) C:\WINDOWS\system32\rpcss.dll
22:33:27.0171 2908 DcomLaunch - ok
22:33:27.0187 2908 Dhcp (699ee7f752a25180aeb92c3a0eaee440) C:\WINDOWS\System32\dhcpcsvc.dll
22:33:27.0296 2908 Dhcp - ok
22:33:27.0328 2908 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:33:27.0468 2908 Disk - ok
22:33:27.0484 2908 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
22:33:27.0515 2908 DKbFltr - ok
22:33:27.0531 2908 dmadmin - ok
22:33:27.0578 2908 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
22:33:27.0687 2908 dmboot - ok
22:33:27.0703 2908 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
22:33:27.0828 2908 dmio - ok
22:33:27.0843 2908 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:33:27.0937 2908 dmload - ok
22:33:27.0968 2908 dmserver (a01858c50704b2d2edeebbf6bbbced2a) C:\WINDOWS\System32\dmserver.dll
22:33:28.0046 2908 dmserver - ok
22:33:28.0093 2908 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:33:28.0203 2908 DMusic - ok
22:33:28.0234 2908 Dnscache (b7a1162b1a26df7b60d5d9500006096c) C:\WINDOWS\System32\dnsrslvr.dll
22:33:28.0265 2908 Dnscache - ok
22:33:28.0312 2908 Dot3svc (d580d77dff316bd8c9d73b38695de8dc) C:\WINDOWS\System32\dot3svc.dll
22:33:28.0406 2908 Dot3svc - ok
22:33:28.0421 2908 dpti2o - ok
22:33:28.0437 2908 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:33:28.0546 2908 drmkaud - ok
22:33:28.0578 2908 EapHost (86b1f123bacd444e81960b339bae3ff2) C:\WINDOWS\System32\eapsvc.dll
22:33:28.0687 2908 EapHost - ok
22:33:28.0718 2908 ERSvc (b6599eda9f3ebef064504ee35bbeca1c) C:\WINDOWS\System32\ersvc.dll
22:33:28.0828 2908 ERSvc - ok
22:33:28.0875 2908 Eventlog (26845f272435302e0f3322e660a24f7d) C:\WINDOWS\system32\services.exe
22:33:28.0890 2908 Eventlog - ok
22:33:28.0921 2908 EventSystem (8360cb9756e598a5c6214eacfb3677c3) C:\WINDOWS\system32\es.dll
22:33:28.0968 2908 EventSystem - ok
22:33:29.0000 2908 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:33:29.0093 2908 Fastfat - ok
22:33:29.0140 2908 FastUserSwitchingCompatibility (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
22:33:29.0171 2908 FastUserSwitchingCompatibility - ok
22:33:29.0218 2908 Fax (f8fb4ade197638af6f0af0df0d199742) C:\WINDOWS\system32\fxssvc.exe
22:33:29.0328 2908 Fax - ok
22:33:29.0343 2908 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:33:29.0453 2908 Fdc - ok
22:33:29.0468 2908 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
22:33:29.0562 2908 Fips - ok
22:33:29.0625 2908 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:33:29.0671 2908 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:33:29.0671 2908 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:33:29.0671 2908 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:33:29.0765 2908 Flpydisk - ok
22:33:29.0812 2908 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:33:29.0906 2908 FltMgr - ok
22:33:30.0000 2908 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:33:30.0015 2908 FontCache3.0.0.0 - ok
22:33:30.0062 2908 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:33:30.0156 2908 Fs_Rec - ok
22:33:30.0187 2908 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:33:30.0281 2908 Ftdisk - ok
22:33:30.0312 2908 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:33:30.0328 2908 GEARAspiWDM - ok
22:33:30.0359 2908 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:33:30.0453 2908 Gpc - ok
22:33:30.0515 2908 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Programmi\Google\Update\GoogleUpdate.exe
22:33:30.0531 2908 gupdate - ok
22:33:30.0531 2908 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Programmi\Google\Update\GoogleUpdate.exe
22:33:30.0546 2908 gupdatem - ok
22:33:30.0593 2908 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
22:33:30.0609 2908 gusvc - ok
22:33:30.0656 2908 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:33:30.0765 2908 HDAudBus - ok
22:33:30.0812 2908 helpsvc (6ce66b51b4eb23d9d073f92698c55c8d) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:33:30.0937 2908 helpsvc - ok
22:33:30.0953 2908 HidServ (43d985a9a51e0295091b6ebe84c96b78) C:\WINDOWS\System32\hidserv.dll
22:33:31.0062 2908 HidServ - ok
22:33:31.0078 2908 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:33:31.0187 2908 HidUsb - ok
22:33:31.0218 2908 hkmsvc (00cad842f48947887a972828aca665f7) C:\WINDOWS\System32\kmsvc.dll
22:33:31.0328 2908 hkmsvc - ok
22:33:31.0343 2908 hpn - ok
22:33:31.0375 2908 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:33:31.0406 2908 HTTP - ok
22:33:31.0468 2908 HTTPFilter (450091aebfcd08e5858533eab5b9a436) C:\WINDOWS\System32\w3ssl.dll
22:33:31.0546 2908 HTTPFilter - ok
22:33:31.0593 2908 hwdatacard (07853191b1bdee5b39be4cfcfe3b9ad4) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
22:33:31.0640 2908 hwdatacard - ok
22:33:31.0640 2908 i2omgmt - ok
22:33:31.0656 2908 i2omp - ok
22:33:31.0687 2908 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:33:31.0781 2908 i8042prt - ok
22:33:31.0953 2908 ialm (f339b2e3a3f63cc14077d614a56a967b) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:33:32.0156 2908 ialm - ok
22:33:32.0203 2908 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\DRIVERS\iaStor.sys
22:33:32.0218 2908 iaStor - ok
22:33:32.0343 2908 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:33:32.0437 2908 idsvc - ok
22:33:32.0453 2908 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:33:32.0562 2908 Imapi - ok
22:33:32.0578 2908 ImapiService (db491237445f172fdddf00541de1a51d) C:\WINDOWS\system32\imapi.exe
22:33:32.0687 2908 ImapiService - ok
22:33:32.0687 2908 ini910u - ok
22:33:32.0703 2908 IntelIde - ok
22:33:32.0734 2908 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:33:32.0843 2908 intelppm - ok
22:33:32.0859 2908 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:33:32.0937 2908 Ip6Fw - ok
22:33:32.0968 2908 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:33:33.0078 2908 IpFilterDriver - ok
22:33:33.0078 2908 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:33:33.0171 2908 IpInIp - ok
22:33:33.0203 2908 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:33:33.0296 2908 IpNat - ok
22:33:33.0390 2908 iPod Service (33642c17c232aa272c68e446a2619899) C:\Programmi\iPod\bin\iPodService.exe
22:33:33.0437 2908 iPod Service - ok
22:33:33.0468 2908 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:33:33.0562 2908 IPSec - ok
22:33:33.0609 2908 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:33:33.0656 2908 IRENUM - ok
22:33:33.0687 2908 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:33:33.0781 2908 isapnp - ok
22:33:33.0859 2908 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Programmi\Java\jre6\bin\jqs.exe
22:33:33.0859 2908 JavaQuickStarterService - ok
22:33:33.0890 2908 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:33:33.0984 2908 Kbdclass - ok
22:33:34.0015 2908 kbdhid (4c61c226bdda2ef1672b2c5f4e56625e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:33:34.0125 2908 kbdhid - ok
22:33:34.0156 2908 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:33:34.0265 2908 kmixer - ok
22:33:34.0281 2908 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:33:34.0312 2908 KSecDD - ok
22:33:34.0343 2908 L1c (140f9b777fa84e2f5eeea5cadc112e53) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
22:33:34.0390 2908 L1c - ok
22:33:34.0421 2908 LanmanServer (0f726d49c0b19e5a506a1cdfce0ee42f) C:\WINDOWS\System32\srvsvc.dll
22:33:34.0453 2908 LanmanServer - ok
22:33:34.0500 2908 lanmanworkstation (e13b0181dda60b93e3253eff52a79cbe) C:\WINDOWS\System32\wkssvc.dll
22:33:34.0531 2908 lanmanworkstation - ok
22:33:34.0546 2908 lbrtfdc - ok
22:33:34.0562 2908 LmHosts (e01255727d0b158538d7c2b469b533a8) C:\WINDOWS\System32\lmhsvc.dll
22:33:34.0656 2908 LmHosts - ok
22:33:34.0703 2908 MDM (11f714f85530a2bd134074dc30e99fca) C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
22:33:34.0718 2908 MDM - ok
22:33:34.0750 2908 Messenger (3b32f662c8607e891f325e41f7ee225c) C:\WINDOWS\System32\msgsvc.dll
22:33:34.0859 2908 Messenger - ok
22:33:34.0875 2908 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:33:34.0984 2908 mnmdd - ok
22:33:35.0015 2908 mnmsrvc (514a299ec926baada3c718b171476aa4) C:\WINDOWS\system32\mnmsrvc.exe
22:33:35.0109 2908 mnmsrvc - ok
22:33:35.0140 2908 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
22:33:35.0265 2908 Modem - ok
22:33:35.0296 2908 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:33:35.0390 2908 Mouclass - ok
22:33:35.0406 2908 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:33:35.0500 2908 mouhid - ok
22:33:35.0531 2908 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:33:35.0640 2908 MountMgr - ok
22:33:35.0656 2908 mraid35x - ok
22:33:35.0671 2908 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:33:35.0765 2908 MRxDAV - ok
22:33:35.0812 2908 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:33:35.0859 2908 MRxSmb - ok
22:33:35.0906 2908 MSDTC (01f77e9e473235c31796ade46107b0ad) C:\WINDOWS\system32\msdtc.exe
22:33:35.0984 2908 MSDTC - ok
22:33:36.0000 2908 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:33:36.0109 2908 Msfs - ok
22:33:36.0109 2908 MSIServer - ok
22:33:36.0156 2908 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:33:36.0250 2908 MSKSSRV - ok
22:33:36.0281 2908 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:33:36.0359 2908 MSPCLOCK - ok
22:33:36.0375 2908 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:33:36.0468 2908 MSPQM - ok
22:33:36.0500 2908 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:33:36.0609 2908 mssmbios - ok
22:33:36.0609 2908 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:33:36.0703 2908 MSTEE - ok
22:33:36.0718 2908 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:33:36.0750 2908 Mup - ok
22:33:36.0781 2908 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:33:36.0875 2908 NABTSFEC - ok
22:33:36.0906 2908 napagent (911587fd303c9690a428bb4b04732b61) C:\WINDOWS\System32\qagentrt.dll
22:33:37.0031 2908 napagent - ok
22:33:37.0156 2908 NBService (6d8fcdd5bb3b676ef58fa234073492c6) C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
22:33:37.0203 2908 NBService - ok
22:33:37.0250 2908 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:33:37.0359 2908 NDIS - ok
22:33:37.0390 2908 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:33:37.0484 2908 NdisIP - ok
22:33:37.0515 2908 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:33:37.0562 2908 NdisTapi - ok
22:33:37.0593 2908 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:33:37.0687 2908 Ndisuio - ok
22:33:37.0718 2908 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:33:37.0812 2908 NdisWan - ok
22:33:37.0843 2908 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:33:37.0890 2908 NDProxy - ok
22:33:37.0906 2908 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:33:37.0984 2908 NetBIOS - ok
22:33:38.0015 2908 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:33:38.0109 2908 NetBT - ok
22:33:38.0140 2908 NetDDE (1b09227e41f414a93dbc0baf80c4d527) C:\WINDOWS\system32\netdde.exe
22:33:38.0265 2908 NetDDE - ok
22:33:38.0265 2908 NetDDEdsdm (1b09227e41f414a93dbc0baf80c4d527) C:\WINDOWS\system32\netdde.exe
22:33:38.0359 2908 NetDDEdsdm - ok
22:33:38.0375 2908 Netlogon (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
22:33:38.0468 2908 Netlogon - ok
22:33:38.0500 2908 Netman (02815b70fc4ca8611a926176f1c39fc2) C:\WINDOWS\System32\netman.dll
22:33:38.0593 2908 Netman - ok
22:33:38.0671 2908 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:33:38.0703 2908 NetTcpPortSharing - ok
22:33:38.0734 2908 Nla (c6b69a18d39744725fb73ac85e46032b) C:\WINDOWS\System32\mswsock.dll
22:33:38.0750 2908 Nla - ok
22:33:38.0843 2908 NMIndexingService (e32686b4e27d11f83e3f2844e104c66c) C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
22:33:38.0875 2908 NMIndexingService - ok
22:33:38.0906 2908 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:33:39.0000 2908 Npfs - ok
22:33:39.0031 2908 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:33:39.0140 2908 Ntfs - ok
22:33:39.0156 2908 NtLmSsp (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
22:33:39.0234 2908 NtLmSsp - ok
22:33:39.0281 2908 NtmsSvc (89db90b5f35d2795d9fc56d933cc72b8) C:\WINDOWS\system32\ntmssvc.dll
22:33:39.0390 2908 NtmsSvc - ok
22:33:39.0437 2908 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:33:39.0515 2908 Null - ok
22:33:39.0546 2908 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:33:39.0640 2908 NwlnkFlt - ok
22:33:39.0640 2908 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:33:39.0734 2908 NwlnkFwd - ok
22:33:39.0812 2908 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
22:33:39.0828 2908 ose - ok
22:33:39.0859 2908 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\drivers\Parport.sys
22:33:39.0953 2908 Parport - ok
22:33:39.0984 2908 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:33:40.0093 2908 PartMgr - ok
22:33:40.0109 2908 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
22:33:40.0203 2908 ParVdm - ok
22:33:40.0234 2908 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
22:33:40.0265 2908 pccsmcfd - ok
22:33:40.0281 2908 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
22:33:40.0375 2908 PCI - ok
22:33:40.0375 2908 PCIDump - ok
22:33:40.0390 2908 PCIIde - ok
22:33:40.0437 2908 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:33:40.0531 2908 Pcmcia - ok
22:33:40.0531 2908 PDCOMP - ok
22:33:40.0546 2908 PDFRAME - ok
22:33:40.0562 2908 PDRELI - ok
22:33:40.0562 2908 PDRFRAME - ok
22:33:40.0578 2908 perc2 - ok
22:33:40.0593 2908 perc2hib - ok
22:33:40.0625 2908 PlugPlay (26845f272435302e0f3322e660a24f7d) C:\WINDOWS\system32\services.exe
22:33:40.0640 2908 PlugPlay - ok
22:33:40.0671 2908 PolicyAgent (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
22:33:40.0765 2908 PolicyAgent - ok
22:33:40.0796 2908 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:33:40.0875 2908 PptpMiniport - ok
22:33:40.0890 2908 ProtectedStorage (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
22:33:40.0968 2908 ProtectedStorage - ok
22:33:40.0984 2908 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:33:41.0093 2908 PSched - ok
22:33:41.0109 2908 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:33:41.0203 2908 Ptilink - ok
22:33:41.0203 2908 ql1080 - ok
22:33:41.0218 2908 Ql10wnt - ok
22:33:41.0234 2908 ql12160 - ok
22:33:41.0234 2908 ql1240 - ok
22:33:41.0250 2908 ql1280 - ok
22:33:41.0265 2908 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:33:41.0359 2908 RasAcd - ok
22:33:41.0406 2908 RasAuto (9839b418343d6e6e52659bdf3ff1fe67) C:\WINDOWS\System32\rasauto.dll
22:33:41.0500 2908 RasAuto - ok
22:33:41.0531 2908 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:33:41.0625 2908 Rasl2tp - ok
22:33:41.0656 2908 RasMan (62ad41548e720db4763b86f95e44f3fa) C:\WINDOWS\System32\rasmans.dll
22:33:41.0765 2908 RasMan - ok
22:33:41.0781 2908 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:33:41.0859 2908 RasPppoe - ok
22:33:41.0890 2908 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:33:41.0968 2908 Raspti - ok
22:33:41.0984 2908 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:33:42.0093 2908 Rdbss - ok
22:33:42.0109 2908 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:33:42.0218 2908 RDPCDD - ok
22:33:42.0250 2908 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:33:42.0343 2908 rdpdr - ok
22:33:42.0375 2908 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:33:42.0421 2908 RDPWD - ok
22:33:42.0437 2908 RDSessMgr (cc72e6ae90245f0ae48bf1236a7e1f9c) C:\WINDOWS\system32\sessmgr.exe
22:33:42.0546 2908 RDSessMgr - ok
22:33:42.0578 2908 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:33:42.0671 2908 redbook - ok
22:33:42.0687 2908 RemoteAccess (7ebbf16fbd3e0e34f084fa635c1844e3) C:\WINDOWS\System32\mprdim.dll
22:33:42.0796 2908 RemoteAccess - ok
22:33:42.0843 2908 RemoteRegistry (f667a41bced959988e53feecc8bf5da0) C:\WINDOWS\system32\regsvc.dll
22:33:42.0937 2908 RemoteRegistry - ok
22:33:42.0968 2908 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
22:33:43.0046 2908 RFCOMM - ok
22:33:43.0093 2908 RpcLocator (dc97f6c8a94691834439872b9e8ff2b3) C:\WINDOWS\system32\locator.exe
22:33:43.0187 2908 RpcLocator - ok
22:33:43.0234 2908 RpcSs (bc4e0226341aaec1222336b3aed86bab) C:\WINDOWS\System32\rpcss.dll
22:33:43.0281 2908 RpcSs - ok
22:33:43.0328 2908 RSUSBSTOR (2ab66b8ccd92d4d8e33c98fea874325b) C:\WINDOWS\system32\Drivers\RtsUStor.sys
22:33:43.0359 2908 RSUSBSTOR - ok
22:33:43.0421 2908 RSVP (dce0d20f8fb66df41d53734bff9d66f0) C:\WINDOWS\system32\rsvp.exe
22:33:43.0515 2908 RSVP - ok
22:33:43.0515 2908 RtsUIR - ok
22:33:43.0562 2908 SamSs (0fba335727905de8e4cb5a2cf438abf5) C:\WINDOWS\system32\lsass.exe
22:33:43.0640 2908 SamSs - ok
22:33:43.0734 2908 SandBox (57ef0a92bada411c563384c08a4a25cd) C:\WINDOWS\system32\drivers\SandBox.sys
22:33:43.0765 2908 SandBox - ok
22:33:43.0812 2908 SCardSvr (1d456f1cd76a80793c07ba52cf3a7455) C:\WINDOWS\System32\SCardSvr.exe
22:33:43.0921 2908 SCardSvr - ok
22:33:43.0953 2908 Schedule (511886e5bd060046cce8373e92e62edf) C:\WINDOWS\system32\schedsvc.dll
22:33:44.0046 2908 Schedule - ok
22:33:44.0078 2908 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:33:44.0125 2908 Secdrv - ok
22:33:44.0156 2908 seclogon (17c6354ca08e7c7972e12c67478ae134) C:\WINDOWS\System32\seclogon.dll
22:33:44.0234 2908 seclogon - ok
22:33:44.0250 2908 SENS (a0eca1ce0fccb29c5e4e1f416e95e73e) C:\WINDOWS\system32\sens.dll
22:33:44.0343 2908 SENS - ok
22:33:44.0406 2908 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\drivers\Serial.sys
22:33:44.0500 2908 Serial - ok
22:33:44.0593 2908 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
22:33:44.0640 2908 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
22:33:44.0640 2908 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
22:33:44.0671 2908 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:33:44.0765 2908 Sfloppy - ok
22:33:44.0812 2908 SharedAccess (152c0555925dfe028e3148fd215146bb) C:\WINDOWS\System32\ipnathlp.dll
22:33:44.0906 2908 SharedAccess - ok
22:33:44.0937 2908 ShellHWDetection (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
22:33:44.0953 2908 ShellHWDetection - ok
22:33:44.0968 2908 Simbad - ok
22:33:45.0000 2908 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:33:45.0093 2908 SLIP - ok
22:33:45.0171 2908 SNP2UVC (0302bc619d4a723317e7f8eb0c362bd3) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
22:33:45.0281 2908 SNP2UVC - ok
22:33:45.0281 2908 Sparrow - ok
22:33:45.0312 2908 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:33:45.0406 2908 splitter - ok
22:33:45.0421 2908 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:33:45.0468 2908 Spooler - ok
22:33:45.0500 2908 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
22:33:45.0546 2908 sr - ok
22:33:45.0562 2908 srservice (b3e3da70a7a76e69b872de3d06d32c19) C:\WINDOWS\system32\srsvc.dll
22:33:45.0625 2908 srservice - ok
22:33:45.0656 2908 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:33:45.0703 2908 Srv - ok
22:33:45.0734 2908 SSDPSRV (5215569dd3a8fbc65a85e85f3c12258b) C:\WINDOWS\System32\ssdpsrv.dll
22:33:45.0781 2908 SSDPSRV - ok
22:33:45.0828 2908 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:33:45.0828 2908 ssmdrv - ok
22:33:45.0859 2908 stisvc (3b9263e137896e4d303494f116e00608) C:\WINDOWS\system32\wiaservc.dll
22:33:45.0953 2908 stisvc - ok
22:33:45.0984 2908 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:33:46.0093 2908 streamip - ok
22:33:46.0125 2908 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:33:46.0218 2908 swenum - ok
22:33:46.0250 2908 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:33:46.0343 2908 swmidi - ok
22:33:46.0359 2908 SwPrv - ok
22:33:46.0359 2908 symc810 - ok
22:33:46.0375 2908 symc8xx - ok
22:33:46.0390 2908 sym_hi - ok
22:33:46.0390 2908 sym_u3 - ok
22:33:46.0421 2908 SynTP (60cd166ae4261920b4008a1a114ae97c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:33:46.0437 2908 SynTP - ok
22:33:46.0484 2908 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:33:46.0562 2908 sysaudio - ok
22:33:46.0593 2908 SysmonLog (a34a9a872eec4c026fd542ac7156fe0b) C:\WINDOWS\system32\smlogsvc.exe
22:33:46.0703 2908 SysmonLog - ok
22:33:46.0734 2908 TapiSrv (6b85f1a9dce45d45bffad3222c21f297) C:\WINDOWS\System32\tapisrv.dll
22:33:46.0828 2908 TapiSrv - ok
22:33:46.0875 2908 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:33:46.0890 2908 Tcpip - ok
22:33:46.0921 2908 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:33:47.0031 2908 TDPIPE - ok
22:33:47.0046 2908 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:33:47.0125 2908 TDTCP - ok
22:33:47.0171 2908 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:33:47.0250 2908 TermDD - ok
22:33:47.0296 2908 TermService (fe5a5329ccfc33d645c33077ff04f052) C:\WINDOWS\System32\termsrv.dll
22:33:47.0406 2908 TermService - ok
22:33:47.0437 2908 Themes (dccc606fc144f6e44e497f9a906f1c30) C:\WINDOWS\System32\shsvcs.dll
22:33:47.0453 2908 Themes - ok
22:33:47.0484 2908 TlntSvr (2fff150ea4396956f10b66211687f335) C:\WINDOWS\system32\tlntsvr.exe
22:33:47.0546 2908 TlntSvr - ok
22:33:47.0546 2908 TosIde - ok
22:33:47.0578 2908 TrkWks (690294999df1248faf85d95b31955d0c) C:\WINDOWS\system32\trkwks.dll
22:33:47.0671 2908 TrkWks - ok
22:33:47.0703 2908 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:33:47.0796 2908 Udfs - ok
22:33:47.0796 2908 ultra - ok
22:33:47.0828 2908 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:33:47.0937 2908 Update - ok
22:33:47.0968 2908 upnphost (8057b0744d9842a090e51d2845861d5f) C:\WINDOWS\System32\upnphost.dll
22:33:48.0031 2908 upnphost - ok
22:33:48.0046 2908 UPS (f5e8b846ec10e1df8dca64119e2eb709) C:\WINDOWS\System32\ups.exe
22:33:48.0156 2908 UPS - ok
22:33:48.0187 2908 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:33:48.0218 2908 USBAAPL - ok
22:33:48.0265 2908 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:33:48.0343 2908 usbccgp - ok
22:33:48.0359 2908 USBCCID - ok
22:33:48.0406 2908 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:33:48.0484 2908 usbehci - ok
22:33:48.0515 2908 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:33:48.0609 2908 usbhub - ok
22:33:48.0656 2908 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:33:48.0765 2908 USBSTOR - ok
22:33:48.0781 2908 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:33:48.0875 2908 usbuhci - ok
22:33:48.0921 2908 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:33:49.0031 2908 usbvideo - ok
22:33:49.0062 2908 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:33:49.0156 2908 VgaSave - ok
22:33:49.0171 2908 ViaIde - ok
22:33:49.0250 2908 VMCService (6e021d6da429ad7288fe8322e2bba96b) C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
22:33:49.0265 2908 VMCService ( UnsignedFile.Multi.Generic ) - warning
22:33:49.0265 2908 VMCService - detected UnsignedFile.Multi.Generic (1)
22:33:49.0296 2908 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
22:33:49.0390 2908 VolSnap - ok
22:33:49.0421 2908 VSS (c2fe17125256102f5b44194d5db0a799) C:\WINDOWS\System32\vssvc.exe
22:33:49.0500 2908 VSS - ok
22:33:49.0531 2908 W32Time (2969dd84b584a6bb541a5273103957a3) C:\WINDOWS\system32\w32time.dll
22:33:49.0625 2908 W32Time - ok
22:33:49.0640 2908 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:33:49.0718 2908 Wanarp - ok
22:33:49.0765 2908 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:33:49.0781 2908 Wdf01000 - ok
22:33:49.0796 2908 WDICA - ok
22:33:49.0828 2908 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:33:49.0906 2908 wdmaud - ok
22:33:49.0953 2908 WebClient (2ec50ee79b65f60c8e8b4a03bbb3a42f) C:\WINDOWS\System32\webclnt.dll
22:33:50.0046 2908 WebClient - ok
22:33:50.0093 2908 winmgmt (40911e98d0f1cbb1015f2101982f1ddf) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:33:50.0187 2908 winmgmt - ok
22:33:50.0250 2908 WinRM (74d92d14580fe46fc5a57957c8cc038f) C:\WINDOWS\system32\WsmSvc.dll
22:33:50.0406 2908 WinRM - ok
22:33:50.0453 2908 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:33:50.0515 2908 WmdmPmSN - ok
22:33:50.0562 2908 Wmi (f63cb6dbe268ea0620c67a90cf43885e) C:\WINDOWS\System32\advapi32.dll
22:33:50.0609 2908 Wmi - ok
22:33:50.0656 2908 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:33:50.0750 2908 WmiAcpi - ok
22:33:50.0781 2908 WmiApSrv (81fd02839fdb10acf0ec40b809b9f8cc) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:33:50.0859 2908 WmiApSrv - ok
22:33:50.0953 2908 WMPNetworkSvc (f30dc8f80cf65a323e8b6a2db81561e3) C:\Programmi\Windows Media Player\WMPNetwk.exe
22:33:51.0046 2908 WMPNetworkSvc - ok
22:33:51.0093 2908 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:33:51.0187 2908 WS2IFSL - ok
22:33:51.0218 2908 wscsvc (926d921c93cff1e19ef4de3e4c8368ca) C:\WINDOWS\system32\wscsvc.dll
22:33:51.0328 2908 wscsvc - ok
22:33:51.0375 2908 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:33:51.0468 2908 WSTCODEC - ok
22:33:51.0484 2908 wuauserv (cc48415e6c7cbaa441a3d6a6dccbcfa6) C:\WINDOWS\system32\wuauserv.dll
22:33:51.0609 2908 wuauserv - ok
22:33:51.0625 2908 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:33:51.0656 2908 WudfPf - ok
22:33:51.0687 2908 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:33:51.0703 2908 WudfRd - ok
22:33:51.0734 2908 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:33:51.0765 2908 WudfSvc - ok
22:33:51.0812 2908 WZCSVC (053e0307a08cac60793e27e921b46b3e) C:\WINDOWS\System32\wzcsvc.dll
22:33:51.0937 2908 WZCSVC - ok
22:33:51.0953 2908 xmlprov (5526482dcba6047641b13bf9c75a74e0) C:\WINDOWS\System32\xmlprov.dll
22:33:52.0062 2908 xmlprov - ok
22:33:52.0125 2908 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (5867ce254625645345c833510d24f124) C:\Programmi\CyberLink\PowerDVD8\000.fcl
22:33:52.0140 2908 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
22:33:52.0156 2908 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
22:33:52.0437 2908 \Device\Harddisk0\DR0 - ok
22:33:52.0437 2908 Boot (0x1200) (df1a570626bf11d9f4b885c260618c06) \Device\Harddisk0\DR0\Partition0
22:33:52.0437 2908 \Device\Harddisk0\DR0\Partition0 - ok
22:33:52.0468 2908 Boot (0x1200) (026651b478d817c903841b9fc123cb0e) \Device\Harddisk0\DR0\Partition1
22:33:52.0468 2908 \Device\Harddisk0\DR0\Partition1 - ok
22:33:52.0468 2908 ============================================================
22:33:52.0468 2908 Scan finished
22:33:52.0468 2908 ============================================================
22:33:52.0578 2992 Detected object count: 4
22:33:52.0578 2992 Actual detected object count: 4
22:34:15.0515 2992 acssrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:15.0515 2992 acssrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:15.0515 2992 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:15.0515 2992 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:15.0515 2992 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:15.0515 2992 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:15.0515 2992 VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:15.0515 2992 VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Sto facendo sia Combofix che OTL (ovviamente ti sto scrivendo da un altro pc) ma vorrei chiederti maggiori dettagli sull'uso di wikisend (mai usato). Come devo fare per caricarli su wikisend e poi postarli sul forum?

Io suggerisco di seguire questi 6 semplici passi per la rimozione della tipologia di virus in argomento.

Fase1. Verificare le impostazioni DNS.:
Apri il Pannello di Controllo - Connessioni di rete "aperta", quindi fare clic destro su "Connessione alla rete locale" (Wireless. ..) e aprire l'icona "Proprietà".
Apri TCP \ IP Properties
Scegli "Ottieni automaticamente server DNS" e premere OK. (NOTA: Se si conosce il tuo indirizzo IP statico ISP e server DNS per certo - non cambiarlo)

Fase2. Kill (stop) i processi di dubbi
Controlla i processi di sistema e interrompi i processi sospetti (un nome simile a 234345.exe o hfshgf.exe) - se li trovi , prova ad eliminarli col taskmanager in modalità provvisoria.

Fase3. Controlla il tuo file hosts
Vai su Start - Esegui - digitare "C: \ WINDOWS \ system32 \ drivers \ etc \ hosts" e scegli di aprire questo file con il Blocco note.
Allegaci uno screenshot del tuo file host

Fase4. Controlla le impostazioni LAN
Vai su impostazioni LAN del tuo browser e disabilita i server proxy.

Fase5. Rimuovi nel browser tutti gli add-ons sospetti
In Internet Explorer vai su: Strumenti, Gestione componenti aggiuntivi. Disabilita gli add-ons sconosciuti. Si può fare lo stesso in qualsiasi altro browser (Add-ons, estensioni o tabulazioni Proprietà)

Fase6. Individua e rimuovi i rootkit
Scarica, installa ed esegui la scansione del PC con TDSSKiller (da Kaspersky Lab). Clicca qui per scaricare TDSSKiller.exe

Questa... non me la voglio perdere!!!

Salve carlito. Perchè è inutile? Secondo me potrebbe aver visto giusto. Soprattutto per quanto concerne L'HOSTS.

Quest'ultimo file, può essere un'arma a doppio taglio, nel senso che puoi inibire l'accesso a determinati siti a tua insaputa,

oppure lo si può modificare volutamente inibendo l'acceso ad alcuni siti, ad altri utenti che usano il PC condiviso.

---