Un po' in ritardo ma ho fatto......
Primo log: Avenger txt:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" deleted successfully.
File "C:\WINDOWS\System32\drivers\aswSnx.sys" deleted successfully.
File "C:\WINDOWS\System32\drivers\aswSP.sys" deleted successfully.
File "C:\WINDOWS\System32\drivers\aswRdr.sys" deleted successfully.
File "C:\WINDOWS\System32\drivers\aswTdi.sys" deleted successfully.
File "C:\WINDOWS\System32\drivers\aswmon2.sys" deleted successfully.
File "C:\WINDOWS\System32\drivers\aavmker4.sys" deleted successfully.
File "C:\WINDOWS\System32\aswBoot.exe" deleted successfully.
Folder "C:\Documents and Settings\All Users\Application Data\AVAST Software" deleted successfully.
Folder "C:\Program Files\AVAST Software\Avast" deleted successfully.
Folder "C:\Program Files\AVAST Software" deleted successfully.

Error: folder "C:\Program Files\SweetIM" not found!
Deletion of folder "C:\Program Files\SweetIM" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "C:\Program Files\PC Tools Security" deleted successfully.
Folder "C:\Program Files\Common Files\PC Tools" deleted successfully.
Folder "C:\Documents and Settings\All Users\Application Data\PC Tools" deleted successfully.
Folder "C:\Documents and Settings\Administrator\Application Data\Ysru" deleted successfully.

Completed script processing.

*******************

Finished! Terminate

Ecco il log di OTL



OTL logfile created on: 01/03/2012 19.18.53 - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 79,50% Memory free
3,84 Gb Paging File | 3,62 Gb Available in Paging File | 94,38% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 34,74 Gb Free Space | 35,58% Space Free | Partition Type: NTFS
Drive D: | 185,55 Gb Total Space | 185,25 Gb Free Space | 99,84% Space Free | Partition Type: NTFS
Drive E: | 182,55 Gb Total Space | 176,63 Gb Free Space | 96,76% Space Free | Partition Type: NTFS

Computer Name: 2F624F151C58483 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\dgdersvc.exe (Devguru Co., Ltd.)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\WINDOWS\system32\UAService7.exe ()
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe ()
PRC - C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe ()


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\UAService7.exe ()
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.ITA ()
MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\Program Files\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe ()
MOD - C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe ()


========== Win32 Services (SafeList) ==========

SRV - (Sony Ericsson PCCompanion) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (dgdersvc) -- C:\WINDOWS\system32\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (UserAccess7) SecuROM User Access Service (V7) -- C:\WINDOWS\system32\UAService7.exe ()
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (Network WanMiniport First Position) -- C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe ()


========== Driver Services (SafeList) ==========

DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (sscemdm) -- C:\WINDOWS\system32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\WINDOWS\system32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\WINDOWS\system32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (jrdusbser) -- C:\WINDOWS\system32\drivers\jrdusbser.sys (TCT International Mobile Ltd)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\WINDOWS\system32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\WINDOWS\system32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\WINDOWS\system32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\WINDOWS\system32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\WINDOWS\system32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\WINDOWS\system32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (WIBUKEY) -- C:\WINDOWS\system32\drivers\WibuKey.sys (WIBU-SYSTEMS AG)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?barid={61E0045C-A43B-45EF-9714-A01E78F66DF6}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\InprocServer32 File not found
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm IT Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com/?barid={61E0045C-A43B-45EF-9714-A01E78F66DF6}"
FF - prefs.js..browser.startup.homepage: "http://it.ask.com/?l=dis&o=APN10023&gct=hp"
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ZoneAlarm IT Customized Web Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3045718&SearchSource=3&q={searchTerms}"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@research.microsoft.com/HDView: C:\Program Files\Microsoft Research\HD View\nphdview.dll (Microsoft Research)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/08 11.22.08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Documents and Settings\Administrator\Application Data\NetAssistant\ [2011/05/18 17.23.56 | 000,000,000 | ---D | M]

[2010/12/11 10.03.38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/02/22 18.38.04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jxxl2anu.default\extensions
[2011/09/18 12.03.43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jxxl2anu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/17 19.23.22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jxxl2anu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/23 19.40.47 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jxxl2anu.default\extensions\ChoiceGuard@Microsoft
[2011/09/06 11.37.02 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jxxl2anu.default\searchplugins\bing.xml
[2011/10/24 11.15.40 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jxxl2anu.default\searchplugins\conduit.xml
[2012/02/22 18.38.13 | 000,003,974 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jxxl2anu.default\searchplugins\sweetim.xml
[2011/10/08 11.22.07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRA~1\AVASTS~1\AVAST\WEBREP\FF
[2011/09/29 08.23.42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/29 02.19.35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 02.59.20 | 000,000,744 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-it.xml
[2011/09/29 02.59.20 | 000,000,825 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\hoepli.xml
[2011/09/29 02.59.20 | 000,001,182 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-it.xml
[2011/09/29 02.59.20 | 000,000,953 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-it.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: HD View (Enabled) = C:\Program Files\Microsoft Research\HD View\nphdview.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1367_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/29 13.42.45 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: [ISW] File not found
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1658440-DDF2-4877-B55E-97CBB8BA52A5}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/17 07.53.37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2012/03/01 18.57.51 | 000,324,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswclear.exe
[2012/03/01 13.52.45 | 000,000,000 | ---D | C] -- C:\Avenger
[2012/03/01 13.50.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\avenger
[2012/02/29 13.56.45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/29 13.56.45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/29 13.56.45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/29 13.56.45 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/29 13.56.27 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/29 13.56.08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/29 13.55.15 | 004,422,703 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/02/29 13.38.59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/29 13.36.51 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/02/26 19.09.54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/26 19.07.58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/02/26 18.11.25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\HostsXpert
[2012/02/25 17.27.46 | 005,046,944 | ---- | C] (Check Point Software Technologies LTD) -- C:\Documents and Settings\Administrator\Desktop\clean.exe
[2012/02/23 09.43.21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/02/22 18.42.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/02/22 18.42.09 | 000,939,368 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\flash.ocx
[2012/02/22 12.16.52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/02/22 12.14.25 | 000,000,000 | ---D | C] -- C:\Program Files\WindowsUpdate
[2012/02/22 12.14.25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/02/19 18.17.21 | 000,000,000 | ---D | C] -- C:\ccleaner
[2012/02/19 11.15.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2012/02/19 11.15.04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/02/18 10.40.26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/02/18 10.39.46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/18 10.39.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/18 10.39.33 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/18 10.39.32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/17 19.25.45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/17 19.10.44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/02/15 10.00.34 | 000,632,320 | ---- | C] (HDE) -- C:\Documents and Settings\Administrator\Desktop\HardDriveEraser2.0.exe
[2012/01/26 13.56.02 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/01/26 13.56.02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/01/11 16.07.12 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmm.dll
[2012/01/11 16.07.12 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciseq.dll
[2012/01/11 16.07.08 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\packager.exe

========== Files - Modified Within 60 Days ==========

[2012/03/01 19.11.42 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/01 19.11.42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job
[2012/03/01 19.10.28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/01 19.10.27 | 2137,509,888 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/01 19.07.13 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/01 18.57.51 | 000,324,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswclear.exe
[2012/03/01 13.56.26 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/01 13.49.28 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\avenger.zip
[2012/02/29 15.02.12 | 087,765,048 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avira_free_antivirus_it.exe
[2012/02/29 13.55.36 | 004,422,703 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/02/29 13.42.45 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/29 13.36.51 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/02/29 13.33.37 | 001,438,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/29 09.29.58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/26 18.10.53 | 000,357,766 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HostsXpert.zip
[2012/02/25 17.27.46 | 005,046,944 | ---- | M] (Check Point Software Technologies LTD) -- C:\Documents and Settings\Administrator\Desktop\clean.exe
[2012/02/23 16.58.07 | 000,000,210 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Canon MP495 series Printer.lnk
[2012/02/22 20.07.39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/22 12.16.11 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/02/22 12.16.11 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/02/21 17.12.41 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2012/02/19 18.17.47 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/02/18 10.39.48 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/17 19.21.51 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PCTools_Safe_Install.exe
[2012/02/15 14.52.29 | 000,441,420 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120215-145308.backup
[2012/02/15 10.00.38 | 000,632,320 | ---- | M] (HDE) -- C:\Documents and Settings\Administrator\Desktop\HardDriveEraser2.0.exe
[2012/02/12 11.08.36 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/02/12 11.08.36 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/12 17.53.24 | 001,859,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/01/12 17.53.24 | 001,859,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2012/01/11 20.06.47 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/11 20.06.47 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/01/11 08.07.44 | 000,441,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/11 08.07.43 | 000,071,632 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/03/01 19.10.27 | 2137,509,888 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/01 13.49.25 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\avenger.zip
[2012/02/29 15.01.30 | 087,765,048 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avira_free_antivirus_it.exe
[2012/02/29 13.56.45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/29 13.56.45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/29 13.56.45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/29 13.56.45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/29 13.56.45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/26 18.10.50 | 000,357,766 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HostsXpert.zip
[2012/02/23 16.58.07 | 000,000,210 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Canon MP495 series Printer.lnk
[2012/02/22 18.27.05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/22 18.27.05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/21 18.56.37 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/02/19 11.15.05 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2012/02/18 10.39.48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/17 19.22.36 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PCTools_Safe_Install.exe
[2012/02/15 08.37.44 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/01/11 16.07.17 | 000,386,048 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2011/12/01 09.26.34 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/01 09.26.34 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/11/26 15.37.43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Filter
[2011/11/26 15.36.18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PageLibraries
[2011/11/25 19.39.31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2011/11/25 19.32.06 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Frameworks
[2011/11/25 19.32.06 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Generic
[2011/09/14 17.43.31 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll
[2011/03/01 09.54.47 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/12/19 18.25.21 | 000,000,406 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\quifoto.it_state.xml
[2010/12/11 10.03.08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/22 16.47.52 | 000,012,972 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/24 11.14.04 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/08/24 11.14.04 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/08/24 11.13.48 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2010/08/21 09.14.44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2010/08/21 09.08.47 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Graphics
[2010/08/21 09.08.47 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Grapher
[2010/08/21 09.08.47 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Grand Piano
[2010/08/21 09.08.47 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Gems
[2010/08/21 09.08.47 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Galaxy Swirl
[2010/08/21 09.08.47 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Galactic Static
[2010/08/21 09.08.47 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2010/08/21 09.08.47 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2010/08/21 09.08.47 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2010/08/21 09.08.47 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Hybrid Morph
[2010/08/21 09.08.47 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Hybrid Basic
[2010/08/21 09.08.47 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Horn Section
[2010/07/30 10.54.29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/07/26 14.18.38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2010/07/26 14.18.38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2010/07/26 14.18.38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2010/07/26 14.18.38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010/07/23 10.24.48 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Funk Animals
[2010/07/23 10.24.48 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Fonts
[2010/07/23 10.24.48 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/07/23 10.24.48 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Guides
[2010/05/20 15.44.07 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wintab32.dll
[2010/05/18 12.32.05 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\UAService7.exe
[2010/05/08 18.53.31 | 000,057,552 | ---- | C] () -- C:\WINDOWS\System32\WkDos.exe

========== LOP Check ==========

[2009/07/27 12.38.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Activision
[2012/02/23 17.27.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2009/05/17 15.12.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe_Limited
[2012/01/18 14.25.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2011/05/08 11.12.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon Easy-WebPrint EX
[2010/07/02 19.02.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CheckPoint
[2010/09/10 16.36.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CMW
[2012/02/19 17.49.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DNA
[2010/08/04 18.54.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\eTeks
[2011/05/19 13.03.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FinalMediaPlayer
[2011/08/27 17.57.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\go
[2010/08/15 15.20.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Graphisoft
[2010/07/25 11.26.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2010/07/08 17.06.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009/09/01 16.13.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LG Electronics
[2010/12/28 09.34.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2011/05/18 17.23.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NetAssistant
[2010/08/21 09.13.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nikon
[2010/05/20 15.47.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\progeSOFT
[2010/11/22 16.41.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\quifoto.it.AD8D60F8E4A090C6E6ED2EA5F019293CE7B5FB4D.1
[2010/08/24 11.13.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Samsung
[2011/10/26 18.13.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vopa
[2010/04/11 11.28.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\widestream
[2010/05/25 19.07.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zylom
[2010/02/11 19.13.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/05/08 11.07.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/05/08 11.16.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2011/09/11 17.56.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/05/08 11.16.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2011/05/08 11.12.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2011/05/23 18.39.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/05/08 11.10.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012/02/25 17.26.49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011/11/23 12.02.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/29 13.50.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy Driver Pro
[2011/06/19 18.45.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2011/11/25 19.39.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/09/19 14.50.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011/10/26 18.22.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/11/27 19.41.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/05/25 19.08.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2011/11/25 19.23.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/08/24 11.14.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/02/19 16.50.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/23 18.52.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TmForever
[2010/08/21 09.08.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/11/13 13.19.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZA_PreservedFiles
[2010/05/25 19.07.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/09/16 13.14.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/03/21 12.38.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/02/23 09.16.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2009/06/20 16.26.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/03/01 19.11.42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\Final Media Player Update Checker.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Spero di aver fatto tutto bene!
ma perchè è così lento ad avviarsi?
Problemi di età?????!!!!!:-)))
Buona serata!

Eccomi al qutidiano postaggio dei log da te richiesti!

TDSSKiller.exe, ecco il log.

14:31:08.0750 2920 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
14:31:09.0140 2920 ============================================================
14:31:09.0140 2920 Current date / time: 2012/03/02 14:31:09.0140
14:31:09.0140 2920 SystemInfo:
14:31:09.0140 2920
14:31:09.0140 2920 OS Version: 5.1.2600 ServicePack: 3.0
14:31:09.0140 2920 Product type: Workstation
14:31:09.0140 2920 ComputerName: 2F624F151C58483
14:31:09.0140 2920 UserName: Administrator
14:31:09.0140 2920 Windows directory: C:\WINDOWS
14:31:09.0140 2920 System windows directory: C:\WINDOWS
14:31:09.0140 2920 Processor architecture: Intel x86
14:31:09.0140 2920 Number of processors: 2
14:31:09.0140 2920 Page size: 0x1000
14:31:09.0140 2920 Boot type: Normal boot
14:31:09.0140 2920 ============================================================
14:31:11.0093 2920 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:31:11.0093 2920 \Device\Harddisk0\DR0:
14:31:11.0093 2920 MBR used
14:31:11.0093 2920 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
14:31:11.0109 2920 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x173198DF
14:31:11.0125 2920 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23668C29, BlocksNum 0x16D18157
14:31:11.0203 2920 Initialize success
14:31:11.0203 2920 ============================================================
14:31:13.0343 0652 ============================================================
14:31:13.0343 0652 Scan started
14:31:13.0343 0652 Mode: Manual;
14:31:13.0343 0652 ============================================================
14:31:14.0343 0652 Abiosdsk - ok
14:31:14.0578 0652 abp480n5 - ok
14:31:14.0890 0652 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:31:14.0937 0652 ACPI - ok
14:31:15.0187 0652 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:31:15.0203 0652 ACPIEC - ok
14:31:15.0421 0652 adpu160m - ok
14:31:15.0703 0652 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:31:15.0750 0652 aec - ok
14:31:16.0046 0652 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:31:16.0093 0652 AFD - ok
14:31:16.0312 0652 Aha154x - ok
14:31:16.0562 0652 aic78u2 - ok
14:31:16.0781 0652 aic78xx - ok
14:31:17.0015 0652 AliIde - ok
14:31:17.0234 0652 amsint - ok
14:31:17.0484 0652 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:31:17.0515 0652 Arp1394 - ok
14:31:17.0734 0652 asc - ok
14:31:17.0953 0652 asc3350p - ok
14:31:18.0187 0652 asc3550 - ok
14:31:18.0421 0652 Aspi32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\Aspi32.sys
14:31:18.0421 0652 Aspi32 - ok
14:31:18.0656 0652 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:31:18.0656 0652 AsyncMac - ok
14:31:18.0921 0652 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:31:18.0921 0652 atapi - ok
14:31:19.0156 0652 Atdisk - ok
14:31:19.0468 0652 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:31:19.0515 0652 Atmarpc - ok
14:31:19.0828 0652 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:31:19.0875 0652 audstub - ok
14:31:20.0234 0652 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
14:31:20.0281 0652 b57w2k - ok
14:31:20.0515 0652 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:31:20.0515 0652 Beep - ok
14:31:20.0593 0652 catchme - ok
14:31:20.0859 0652 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:31:20.0859 0652 cbidf2k - ok
14:31:21.0078 0652 cd20xrnt - ok
14:31:21.0343 0652 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:31:21.0343 0652 Cdaudio - ok
14:31:21.0609 0652 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:31:21.0609 0652 Cdfs - ok
14:31:21.0875 0652 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:31:21.0890 0652 Cdrom - ok
14:31:22.0109 0652 Changer - ok
14:31:22.0343 0652 CmdIde - ok
14:31:22.0578 0652 Cpqarray - ok
14:31:22.0828 0652 dac2w2k - ok
14:31:23.0062 0652 dac960nt - ok
14:31:23.0296 0652 dgderdrv (d0d4f3ca1d3a4400e1f40f36a800cd12) C:\WINDOWS\system32\drivers\dgderdrv.sys
14:31:23.0296 0652 dgderdrv - ok
14:31:23.0546 0652 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:31:23.0546 0652 Disk - ok
14:31:24.0046 0652 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:31:24.0312 0652 dmboot - ok
14:31:24.0593 0652 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:31:24.0625 0652 dmio - ok
14:31:24.0859 0652 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:31:24.0859 0652 dmload - ok
14:31:25.0109 0652 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:31:25.0125 0652 DMusic - ok
14:31:25.0359 0652 dpti2o - ok
14:31:25.0593 0652 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:31:25.0593 0652 drmkaud - ok
14:31:25.0890 0652 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:31:25.0937 0652 Fastfat - ok
14:31:26.0171 0652 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:31:26.0187 0652 Fdc - ok
14:31:26.0421 0652 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:31:26.0437 0652 Fips - ok
14:31:26.0687 0652 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:31:26.0703 0652 Flpydisk - ok
14:31:26.0968 0652 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:31:26.0984 0652 FltMgr - ok
14:31:27.0250 0652 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\WINDOWS\system32\FsUsbExDisk.SYS
14:31:27.0265 0652 FsUsbExDisk - ok
14:31:27.0515 0652 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:31:27.0515 0652 Fs_Rec - ok
14:31:27.0796 0652 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:31:27.0812 0652 Ftdisk - ok
14:31:28.0062 0652 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:31:28.0062 0652 GEARAspiWDM - ok
14:31:28.0296 0652 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
14:31:28.0296 0652 ggflt - ok
14:31:28.0531 0652 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
14:31:28.0546 0652 ggsemc - ok
14:31:28.0781 0652 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:31:28.0796 0652 Gpc - ok
14:31:29.0109 0652 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:31:29.0109 0652 HDAudBus - ok
14:31:29.0343 0652 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:31:29.0359 0652 hidusb - ok
14:31:29.0593 0652 hpn - ok
14:31:29.0937 0652 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:31:30.0015 0652 HTTP - ok
14:31:30.0250 0652 i2omgmt - ok
14:31:30.0468 0652 i2omp - ok
14:31:30.0718 0652 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
14:31:30.0734 0652 i8042prt - ok
14:31:31.0437 0652 ialm (da91f5385cfc8ba0f110f2fde112b563) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:31:31.0921 0652 ialm - ok
14:31:32.0171 0652 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:31:32.0187 0652 Imapi - ok
14:31:32.0406 0652 ini910u - ok
14:31:34.0046 0652 IntcAzAudAddService (64be56b8858ca0153c725c720ffd194f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:31:34.0078 0652 IntcAzAudAddService - ok
14:31:34.0296 0652 IntelIde - ok
14:31:34.0531 0652 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:31:34.0546 0652 intelppm - ok
14:31:34.0812 0652 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:31:34.0828 0652 Ip6Fw - ok
14:31:35.0062 0652 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:31:35.0078 0652 IpFilterDriver - ok
14:31:35.0328 0652 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:31:35.0343 0652 IpInIp - ok
14:31:35.0625 0652 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:31:35.0671 0652 IpNat - ok
14:31:35.0921 0652 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:31:35.0953 0652 IPSec - ok
14:31:36.0187 0652 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:31:36.0187 0652 IRENUM - ok
14:31:36.0437 0652 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:31:36.0437 0652 isapnp - ok
14:31:36.0671 0652 iteraid (979836fc6dc05218b4e93e5ccea5654b) C:\WINDOWS\system32\DRIVERS\iteraid.sys
14:31:36.0671 0652 iteraid - ok
14:31:36.0968 0652 jrdusbser (119ab8740bacb9f1108f4dd02294569d) C:\WINDOWS\system32\DRIVERS\jrdusbser.sys
14:31:37.0000 0652 jrdusbser - ok
14:31:37.0250 0652 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:31:37.0250 0652 Kbdclass - ok
14:31:37.0484 0652 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:31:37.0500 0652 kbdhid - ok
14:31:37.0781 0652 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:31:37.0843 0652 kmixer - ok
14:31:38.0109 0652 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
14:31:38.0109 0652 KSecDD - ok
14:31:38.0140 0652 Lavasoft Kernexplorer - ok
14:31:38.0375 0652 lbrtfdc - ok
14:31:38.0625 0652 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:31:38.0625 0652 mnmdd - ok
14:31:38.0875 0652 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:31:38.0890 0652 Modem - ok
14:31:39.0125 0652 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:31:39.0140 0652 Mouclass - ok
14:31:39.0390 0652 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:31:39.0390 0652 mouhid - ok
14:31:39.0640 0652 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:31:39.0640 0652 MountMgr - ok
14:31:39.0859 0652 mraid35x - ok
14:31:39.0937 0652 MRENDIS5 - ok
14:31:40.0234 0652 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:31:40.0265 0652 MRxDAV - ok
14:31:40.0687 0652 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:31:40.0859 0652 MRxSmb - ok
14:31:41.0125 0652 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:31:41.0125 0652 Msfs - ok
14:31:41.0375 0652 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:31:41.0375 0652 MSKSSRV - ok
14:31:41.0609 0652 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:31:41.0625 0652 MSPCLOCK - ok
14:31:41.0890 0652 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:31:41.0906 0652 MSPQM - ok
14:31:42.0156 0652 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:31:42.0156 0652 mssmbios - ok
14:31:42.0437 0652 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:31:42.0453 0652 Mup - ok
14:31:42.0734 0652 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:31:42.0781 0652 NDIS - ok
14:31:43.0015 0652 NDISRD (1a18f436e4855572260580f4d42c69e8) C:\WINDOWS\system32\drivers\NDISRD.sys
14:31:43.0031 0652 NDISRD - ok
14:31:43.0265 0652 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:31:43.0265 0652 NdisTapi - ok
14:31:43.0515 0652 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:31:43.0515 0652 Ndisuio - ok
14:31:43.0781 0652 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:31:43.0812 0652 NdisWan - ok
14:31:44.0046 0652 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:31:44.0062 0652 NDProxy - ok
14:31:44.0312 0652 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:31:44.0312 0652 NetBIOS - ok
14:31:44.0609 0652 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:31:44.0656 0652 NetBT - ok
14:31:44.0921 0652 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:31:44.0937 0652 NIC1394 - ok
14:31:45.0203 0652 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:31:45.0203 0652 Npfs - ok
14:31:45.0609 0652 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:31:45.0781 0652 Ntfs - ok
14:31:46.0015 0652 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:31:46.0015 0652 Null - ok
14:31:46.0281 0652 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:31:46.0281 0652 NwlnkFlt - ok
14:31:46.0531 0652 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:31:46.0531 0652 NwlnkFwd - ok
14:31:46.0796 0652 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:31:46.0796 0652 ohci1394 - ok
14:31:47.0062 0652 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:31:47.0078 0652 Parport - ok
14:31:47.0328 0652 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:31:47.0328 0652 PartMgr - ok
14:31:47.0562 0652 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:31:47.0562 0652 ParVdm - ok
14:31:47.0812 0652 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:31:47.0812 0652 PCI - ok
14:31:48.0046 0652 PCIDump - ok
14:31:48.0281 0652 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:31:48.0281 0652 PCIIde - ok
14:31:48.0562 0652 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:31:48.0593 0652 Pcmcia - ok
14:31:48.0828 0652 PDCOMP - ok
14:31:49.0046 0652 PDFRAME - ok
14:31:49.0281 0652 PDRELI - ok
14:31:49.0500 0652 PDRFRAME - ok
14:31:49.0765 0652 perc2 - ok
14:31:50.0000 0652 perc2hib - ok
14:31:50.0265 0652 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:31:50.0281 0652 PptpMiniport - ok
14:31:50.0531 0652 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:31:50.0546 0652 PSched - ok
14:31:50.0796 0652 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:31:50.0796 0652 Ptilink - ok
14:31:51.0109 0652 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:31:51.0109 0652 PxHelp20 - ok
14:31:51.0343 0652 ql1080 - ok
14:31:51.0562 0652 Ql10wnt - ok
14:31:51.0796 0652 ql12160 - ok
14:31:52.0015 0652 ql1240 - ok
14:31:52.0250 0652 ql1280 - ok
14:31:52.0484 0652 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:31:52.0484 0652 RasAcd - ok
14:31:52.0734 0652 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:31:52.0765 0652 Rasl2tp - ok
14:31:53.0000 0652 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:31:53.0015 0652 RasPppoe - ok
14:31:53.0250 0652 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:31:53.0265 0652 Raspti - ok
14:31:53.0562 0652 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:31:53.0609 0652 Rdbss - ok
14:31:53.0828 0652 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:31:53.0843 0652 RDPCDD - ok
14:31:54.0125 0652 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:31:54.0203 0652 rdpdr - ok
14:31:54.0484 0652 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:31:54.0531 0652 RDPWD - ok
14:31:54.0781 0652 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:31:54.0812 0652 redbook - ok
14:31:55.0171 0652 RTL8187B (2890916eb8ded61cc2d8d057a9778e03) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
14:31:55.0281 0652 RTL8187B - ok
14:31:55.0562 0652 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\WINDOWS\system32\DRIVERS\s0016bus.sys
14:31:55.0593 0652 s0016bus - ok
14:31:55.0843 0652 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys
14:31:55.0843 0652 s0016mdfl - ok
14:31:56.0125 0652 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\WINDOWS\system32\DRIVERS\s0016mdm.sys
14:31:56.0156 0652 s0016mdm - ok
14:31:56.0437 0652 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys
14:31:56.0468 0652 s0016mgmt - ok
14:31:56.0718 0652 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\WINDOWS\system32\DRIVERS\s0016nd5.sys
14:31:56.0718 0652 s0016nd5 - ok
14:31:57.0015 0652 s0016obex (36792935847143e4a3cda0dc87248487) C:\WINDOWS\system32\DRIVERS\s0016obex.sys
14:31:57.0046 0652 s0016obex - ok
14:31:57.0328 0652 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\WINDOWS\system32\DRIVERS\s0016unic.sys
14:31:57.0359 0652 s0016unic - ok
14:31:57.0609 0652 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:31:57.0609 0652 Secdrv - ok
14:31:57.0875 0652 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
14:31:57.0906 0652 seehcri - ok
14:31:58.0140 0652 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:31:58.0140 0652 serenum - ok
14:31:58.0390 0652 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:31:58.0421 0652 Serial - ok
14:31:58.0671 0652 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:31:58.0687 0652 Sfloppy - ok
14:31:58.0937 0652 Simbad - ok
14:31:59.0171 0652 Sparrow - ok
14:31:59.0437 0652 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:31:59.0437 0652 splitter - ok
14:31:59.0718 0652 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:31:59.0718 0652 sr - ok
14:31:59.0921 0652 srescan - ok
14:32:00.0281 0652 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:32:00.0375 0652 Srv - ok
14:32:00.0640 0652 sscebus (b2063ce662af3ab20045121a5b716df6) C:\WINDOWS\system32\DRIVERS\sscebus.sys
14:32:00.0671 0652 sscebus - ok
14:32:00.0921 0652 sscemdfl (66799dc0afe3dcaf8368cae17394a762) C:\WINDOWS\system32\DRIVERS\sscemdfl.sys
14:32:00.0921 0652 sscemdfl - ok
14:32:01.0203 0652 sscemdm (cbf03ffc08f8db547bab2f79aa663d16) C:\WINDOWS\system32\DRIVERS\sscemdm.sys
14:32:01.0250 0652 sscemdm - ok
14:32:01.0468 0652 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:32:01.0484 0652 swenum - ok
14:32:01.0734 0652 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:32:01.0750 0652 swmidi - ok
14:32:01.0984 0652 symc810 - ok
14:32:02.0218 0652 symc8xx - ok
14:32:02.0437 0652 sym_hi - ok
14:32:02.0671 0652 sym_u3 - ok
14:32:02.0921 0652 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:32:02.0953 0652 sysaudio - ok
14:32:03.0312 0652 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:32:03.0437 0652 Tcpip - ok
14:32:03.0687 0652 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:32:03.0687 0652 TDPIPE - ok
14:32:03.0921 0652 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:32:03.0937 0652 TDTCP - ok
14:32:04.0187 0652 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:32:04.0203 0652 TermDD - ok
14:32:04.0437 0652 TosIde - ok
14:32:04.0687 0652 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:32:04.0718 0652 Udfs - ok
14:32:04.0937 0652 ultra - ok
14:32:05.0015 0652 UnlockerDriver5 (284e1596e6fd8b8bec3234420b47d8b2) C:\Program Files\Unlocker\UnlockerDriver5.sys
14:32:05.0015 0652 UnlockerDriver5 - ok
14:32:05.0421 0652 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:32:05.0546 0652 Update - ok
14:32:05.0812 0652 usbbus (0db70ed4715153233d65078d3d475866) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
14:32:05.0828 0652 usbbus - ok
14:32:06.0078 0652 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:32:06.0093 0652 usbccgp - ok
14:32:06.0359 0652 UsbDiag (2a60d599dbc756a2d805559929d38202) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
14:32:06.0375 0652 UsbDiag - ok
14:32:06.0609 0652 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:32:06.0625 0652 usbehci - ok
14:32:06.0937 0652 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:32:06.0953 0652 usbhub - ok
14:32:07.0234 0652 USBModem (e8eff7cd73941db998e7fa60d346dae4) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
14:32:07.0234 0652 USBModem - ok
14:32:07.0500 0652 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:32:07.0500 0652 usbprint - ok
14:32:07.0765 0652 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:32:07.0765 0652 usbscan - ok
14:32:08.0031 0652 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:32:08.0046 0652 USBSTOR - ok
14:32:08.0312 0652 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:32:08.0312 0652 usbuhci - ok
14:32:08.0546 0652 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:32:08.0562 0652 VgaSave - ok
14:32:08.0781 0652 ViaIde - ok
14:32:09.0062 0652 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:32:09.0062 0652 VolSnap - ok
14:32:09.0312 0652 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:32:09.0328 0652 Wanarp - ok
14:32:09.0750 0652 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
14:32:09.0921 0652 Wdf01000 - ok
14:32:10.0140 0652 WDICA - ok
14:32:10.0421 0652 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:32:10.0453 0652 wdmaud - ok
14:32:10.0734 0652 WIBUKEY (afcea7939925378f867dde6af76f3924) C:\WINDOWS\system32\DRIVERS\WibuKey.sys
14:32:10.0765 0652 WIBUKEY - ok
14:32:11.0046 0652 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:32:11.0062 0652 WpdUsb - ok
14:32:11.0312 0652 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:32:11.0312 0652 WS2IFSL - ok
14:32:11.0609 0652 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:32:11.0609 0652 WudfPf - ok
14:32:11.0890 0652 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:32:11.0921 0652 WudfRd - ok
14:32:11.0953 0652 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:32:12.0156 0652 \Device\Harddisk0\DR0 - ok
14:32:12.0156 0652 Boot (0x1200) (e1c840bc7f3f30ec54c4e4519a1c70a7) \Device\Harddisk0\DR0\Partition0
14:32:12.0156 0652 \Device\Harddisk0\DR0\Partition0 - ok
14:32:12.0171 0652 Boot (0x1200) (d005868cf6cad772ad1d48c4b4037f5b) \Device\Harddisk0\DR0\Partition1
14:32:12.0187 0652 \Device\Harddisk0\DR0\Partition1 - ok
14:32:12.0203 0652 Boot (0x1200) (3bf6c13e288e391c8c09930ffe484e76) \Device\Harddisk0\DR0\Partition2
14:32:12.0203 0652 \Device\Harddisk0\DR0\Partition2 - ok
14:32:12.0203 0652 ============================================================
14:32:12.0203 0652 Scan finished
14:32:12.0203 0652 ============================================================
14:32:12.0218 2056 Detected object count: 0
14:32:12.0218 2056 Actual detected object count: 0
14:36:17.0125 3916 Deinitialize success

Ora il log di MBRCheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0F8000 iteraid.sys
0xB9EF3000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xBA108000 disk.sys
0xBA118000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9ED3000 fltmgr.sys
0xB9EC1000 sr.sys
0xBA128000 PxHelp20.sys
0xB9EAA000 KSecDD.sys
0xB9E97000 WudfPf.sys
0xB9E0A000 Ntfs.sys
0xB9DDD000 NDIS.sys
0xB9DC3000 Mup.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB95E4000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xB95D0000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB95AB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA390000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9587000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA398000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA308000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB9564000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA318000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA594000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB9550000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA158000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA168000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA178000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB952D000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA6D1000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA188000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA59C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9516000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA198000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9505000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB94D5000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5D8000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB944F000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D8F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA208000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA8DB3000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA8D8F000 \SystemRoot\system32\drivers\portcls.sys
0xBA218000 \SystemRoot\system32\drivers\drmk.sys
0xA852D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5B2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA83FF000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA5C2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA756000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5C4000 \SystemRoot\System32\Drivers\Beep.SYS
0xA83EF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA83E7000 \SystemRoot\System32\drivers\vga.sys
0xBA5C6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5C8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA83DF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA83D7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA833B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA83CF000 \SystemRoot\System32\Drivers\NDISRD.SYS
0xA7997000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA793E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA7916000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA78F0000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA84DD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA832B000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA78CE000 \SystemRoot\System32\drivers\afd.sys
0xA84CD000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA78A3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA84BD000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA7833000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA84AD000 \SystemRoot\System32\Drivers\Fips.SYS
0xA83C7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA7DDF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA8005000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA7A82000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA7A7E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA7FE5000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA781B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5E0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA570000 \SystemRoot\System32\drivers\Dxapi.sys
0xA7B55000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7DF000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF021000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF043000 \SystemRoot\System32\ialmdev5.DLL
0xBF07C000 \SystemRoot\System32\ialmdd5.DLL
0xBF16B000 \SystemRoot\System32\ATMFD.DLL
0xA77BB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA769E000 \SystemRoot\system32\drivers\wdmaud.sys
0xA7FD5000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7322000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA60E000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA71B2000 \SystemRoot\system32\DRIVERS\srv.sys
0xA722A000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xA70D8000 \SystemRoot\SYSTEM32\DRIVERS\WibuKey.sys
0xA6E58000 \SystemRoot\System32\Drivers\HTTP.sys
0xA7059000 \SystemRoot\System32\drivers\dgderdrv.sys
0xA70EA000 \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
0xA68B5000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 29):
0 System Idle Process
4 SYSTEM
600 C:\WINDOWS\system32\smss.exe
672 csrss.exe
696 C:\WINDOWS\system32\winlogon.exe
740 C:\WINDOWS\system32\services.exe
752 C:\WINDOWS\system32\lsass.exe
988 C:\WINDOWS\system32\svchost.exe
1092 svchost.exe
1244 C:\WINDOWS\system32\svchost.exe
1280 C:\WINDOWS\system32\svchost.exe
1376 svchost.exe
1508 svchost.exe
1640 C:\WINDOWS\system32\spoolsv.exe
1868 C:\WINDOWS\explorer.exe
2036 svchost.exe
392 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
408 C:\WINDOWS\system32\dgdersvc.exe
472 C:\WINDOWS\system32\FsUsbExService.Exe
556 C:\Program Files\Java\jre6\bin\jqs.exe
1232 C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe
1364 C:\Program Files\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
1444 C:\Program Files\CDBurnerXP\NMSAccessU.exe
1812 C:\WINDOWS\system32\svchost.exe
1888 C:\WINDOWS\system32\UAService7.exe
948 C:\WINDOWS\system32\ctfmon.exe
1152 alg.exe
3476 C:\WINDOWS\system32\wuauclt.exe
3060 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000018`69e61600 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000046`cd185200 (NTFS)

PhysicalDrive0 Model Number: MAXTORSTM3500320AS, Rev: MX1A

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

ciao

Fatto. Ecco il log di HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20.19.15, on 02/03/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\dgdersvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe
C:\Program Files\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?barid={61E0045C-A43B-45EF-9714-A01E78F66DF6}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (file missing)
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\WINDOWS\system32\dgdersvc.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 5701 bytes

Ciao e grazie per l'aiuto

ok....eseguito tutto.
Il pc mi sembra decisamente in buone condizioni anchese dovrò fare un po' d'ordine.
Vorrei chiederti una cosa , se è possibile farla!
Quando si è installato System Chehk non capito al volo che si trattava di un virus e quindi ho installato un programma , di cui nn ricordo assolutamente il nome,
che mi ha fatto tabula rasa di tutti i documenti che avevo nelle cartelle in D che ora è "Blank", dato ke cclenear non eraa servito a nulla. Quindi un po' di danno penso di averlo causato anke io!
Secondo te non c'è nessun modo pr recuperare quei file cancellati? Si traata di unavalanga di foto...passione e lavoro!!!!
Per ora grazie di tutto!!!! Sei stato un aiuto preziosissimo
ciao

no , nn è un hard disk esterno, è solo una deframmentazione del'Hd.

paolo81grande, apri una tua discussione. NEW TOPIC.